Discover the leading eCommerce fraud threats facing your business. We’ll explore how these schemes work, and look at some preventative steps you can take to reduce risk, protect your revenue, and keep your business secure.
Explore the eCommerce Fraud LibraryView article library
Even as online shopping becomes increasingly popular, online merchants face the growing threat posed by eCommerce fraud.
When fraud attacks occur, they have an immediate impact on your revenue. They can do additional long-term damage to your business, though. That’s why understanding eCommerce fraud, how it works, and how you can prevent it are all critical steps in mitigating risk and protecting your revenue.
In this resource, we’ll provide an overview of different types of eCommerce fraud threats. We’ll also explanation how they work, and talk about the preventative steps you can take to keep your business safe.
[noun]ēˌ• käm • ərs • frôd
eCommerce fraud refers to any type of false, illegal, or illegitimate commercial transaction conducted through the internet. The fraudster typically impersonates a legitimate user, making purchases without valid authorization to do so.
There are a variety of methods that criminals can employ. Most involve purchases made using stolen customer data. For example, a criminal might buy goods with a stolen credit card, or make a purchase by accessing a customer’s account and using stored payment information without permission.
Most fraud activity has moved online in the last decade, and it’s easy to see why. The anonymity offered by the internet lowers the fraudster’s risk of being caught. It’s also easier; there are no signatures to forge and no physical cards to inspect. Plus, you have no idea what the purchaser actually looks like. It’s always more difficult to verify buyers in a card-not-present environment.
So…what’s this mean for you as a merchant? Simply put, it means more chargebacks.
When a cardholder discovers an unauthorized charge on their statement, that individual calls their issuing bank and files a chargeback. If that happens, you lose the revenue from the sale, plus any goods shipped. You also get hit with a chargeback fees and increased overhead costs. It can also damage your reputation, and lead to other long-term struggles for your business.
In short: it’s big.
The volume of payment fraud has risen dramatically over the last decade, in tandem with the increasing acceptance of eCommerce. The Association for Financial Professionals’ annual fraud report shows that three out of four organizations were targets of fraud in 2020.
The problem continues to grow out of control with each year. Statistics from Juniper Research estimate that online sellers will have lost $130 billion to online fraud between 2018 and 2023.
Of course, that estimate still predates the Covid-19 pandemic. Considering that successful fraud attacks increased by 52% between 2020 and 2021, it’s clear that eCommerce fraud is not something you can afford to ignore.
These criminal fraud attacks present a serious threat to you as an individual merchant. The web not only facilitates anonymous fraudulent transactions, it also provides a way for criminals to obtain large amounts of customer data quickly and easily, which they can turn into future criminal attacks.
The technique used to acquire customer data can vary based on the fraudster’s goals. With identity theft or account takeover, for example, cybercriminals often use a tactic known as “phishing.”
Fraudsters contact potential victims by email, telephone, or text message, pretending to be a representative of a recognizable and reputable organization. Consumers who believe the sender is legitimate may willingly give up personally identifiable information, including account details and passwords.
That works for individual, small-scale actors. For large-scale attacks, though, the easiest route is to buy cardholder information.
Over 14 billion personal records have been compromised since 2013. Many of these stolen records will end up on the deep web, which is an area of the internet not readily accessible by normal browsers. Within the deep web is a subset called the “dark web,” which is deliberately hidden and only accessible with not readily accessible browsers like Tor, which anonymize users.
Criminals can buy and sell information on the dark web with little risk of being traced. Because of the volume of information available, fraudsters can often buy card data and other personal records in bulk for pennies each. Some of these records are inactive, but fraudsters can use software programs that test the information by making small transactions (a practice called card testing). If the purchase goes through, they know the card is good.
With most eCommerce fraud tactics, the cardholder is the fraudster’s point of attack. A criminal steals personal data, such as a social security number or bank account information, then uses the data to either make purchases or attempt to access other accounts by impersonating the cardholder.
But, although the consumer may be the primary target of a payment fraud scheme, these eCommerce fraud attacks will still impact your business in a big way. With that in mind, let’s look at some of the most common eCommerce fraud tactics, strategies, and threat sources:
Friendly fraud, also known as chargeback fraud, occurs when a cardholder uses a credit card to make a legitimate purchase, then files a chargeback with their issuing bank. This can happen unintentionally, but it can also result from consumers abusing the chargeback system to gain unwarranted “refunds.”
Friendly fraud is a form of eCommerce fraud. It’s distinct from the tactics outlined above, though, as it doesn’t come from crooks using stolen card data. It originates with the actual cardholder. Another important difference is that friendly fraud happens post-transaction. It’s almost impossible to prevent because you won’t know it’s fraud until after the fact.
While friendly fraud doesn’t work like typical eCommerce fraud, it’s still worth mentioning. In reality, as many as 60% of all chargebacks may be cases of friendly fraud. If your chargebacks are coming from friendly fraud, a management strategy focused on stopping eCommerce fraud will be inefficient, at best.
Learn More Simple Ways to
Save time and protect your revenue with more insider tips and strategies for chargeback prevention. This FREE guide details 50 techniques for shutting down chargebacks before they happen.
So, with these and many other fraud sources to worry about, here’s the key question: what can you do to detect eCommerce fraud?
There’s no single tool that will accomplish this job on its own. eCommerce fraud detection is a complex matter demanding a variety of indicators to identify abuse without generating runaway false positives. Think about eCommerce fraud detection like a net; the finer the mesh, the more you’ll catch.
Here are just a few tools you should consider as part of your strategy:
Again, this is not an exhaustive list. There are many different criminal fraud prevention tools you can deploy to gauge the risk behind each transaction. You should then subject each purchase to fraud scoring, which will let you assess fraud indicators using machine learning. Fraud scoring then provides simple up-or-down decisioning as to whether you should accept or reject the purchase, or subject that transaction to manual review.
Many service providers offer their technology as all-inclusive risk management platform to let you offload this process entirely, including (in no particular order):
You don’t need a fortune teller to see the future when it comes to eCommerce fraud. Careful examination of current fraud and chargeback data, coupled with careful research on new and developing fraud trends, puts the power of eCommerce fraud prevention in your hands. You must have the right practices in place, though.
Payment fraud can be difficult to eliminate, as fraudsters are always looking for new angles and technologies to exploit. Keeping up with them is a difficult costly process; it’s no surprise, then, that the average eCommerce merchant invested roughly 10% of their annual revenue in fraud management in 2021.
Deploying a few best practices can help decrease fraud occurrences and keep your costs manageable. For example, you can:
However, the most important part of all is data. You can look at past transaction data to try and identify recurring patterns, pinpoint weaknesses, and identify opportunities.
We said that eCommerce fraud prevention is possible. We never said it would be easy, though.
Unfortunately, online fraud is a moving target. The more we shop, connect, and transact online, the more the danger grows. Meanwhile, criminals get more sophisticated all the time.
Implementing the above steps will help stop eCommerce fraud. That said, it won’t be enough to combat all online fraud, especially in the long term. There are simply too many different tactics that criminals can use, with new threats appearing daily. Staying up-to-date on the latest threats can be a full-time job on its own.
Chargebacks911® offers the most comprehensive chargeback management services and products available on the market today. Our experts are constantly uncovering new fraud threats and developing innovative strategies and technologies to fight back. This applies not only to eCommerce fraud prevention, but even to hard-to-fight challenges like friendly fraud.
Whatever you need to prevent chargebacks, we can help. Contact us today for a free demo.