Many businesses look for fraud protection tips in 2021, as the wave of fraud grows in scale.
With the COVID-19 pandemic on the loose, Ecommerce volumes soared. People started buying everything online to minimize contact with potential sources of infection. The bold $6.5 trillion of Ecommerce revenue in 2023 forecast by eMarketer back in 2019 seems trivial now.
Really, with global retail revenues surpassing $5 trillion in 2020 and the market growth in two-digit numbers, there is not much chance people will start favoring brick-and-mortar shopping over Ecommerce any time soon. Thus, more than 53% of retail sales will happen online this year.
However, where the money goes, crooks follow. Fraud was pretty significant before the pandemic, with online retailers having faced more than 200,000 monthly attacks on their stores in 2019. These numbers grew many times through 2020, as the influx of new customers resulted in the growth of opportunities for fraudsters.
However, you must not remain idle in the face of this adversary. Online retailers can develop a strategy and use the tools required to combat fraud in Ecommerce. This article explains how to prevent fraud for your business, as well as providing the most widespread fraud list and a 10-step strategy for preventing fraud. These 10 minutes of reading will be worth your while, so let’s get started!
Fraud in Ecommerce 101: what, how and why
What is fraud in Ecommerce, first of all? As we talk about online retail, we mean the exchange of money for goods or services that happens in online stores, where the customers are not present physically and pay for their purchases with banking cards online.
Fraud is a malevolent attempt to deceive customers, merchants, or both during online transactions to ensure personal gain. Fraud damages your bottom line, wrecks your reputation, hurts your standing with the banks and payments gateways, and shrinks your customer base, depleting your revenue streams.
How fraudsters do that? Using a wide variety of methods we will describe below, from issuing false chargebacks to using sophisticated hardware and software to fool merchants and pass as law-abiding customers. The key two characteristics of fraud are that it is targeted at an online merchant and the fraudsters try to remain undetected.
There are several reasons why people indulge in fraudulent actions:
- Simplicity. The Internet made vast volumes of Personally Identifiable Information or PII easily accessible to fraudsters. There are huge databases of social security numbers. stolen credit cards, valid email addresses, etc. As a matter of fact, more than 23 million credit card numbers can be bought on the Dark Web.
- Anonymity. There is nothing easier than creating a fake persona, registering an email address with one of the hundreds of email services, and renting a postbox for your billing/shipping address. Doing fraud online lets culprits remain in the shadows.
- Elusiveness. Online fraud is not the most important thing for police detectives, as the chances of catching a criminal are slim, and the sums of every single transaction are usually small. Besides, people from Russia, Nigeria, or Uruguay can easily perform fraudulent activities against a shop registered in the US or the UK. This allows them to remain under the radar.
But how can merchants detect fraud after all? By knowing their signs, effects, and results.
6 main types of Ecommerce fraud
Card-not-present fraud, where culprits use stolen credit cards to order products or services online is merely one of the fraud types. We list 6 main kinds of fraudulent actions below.
- CNP fraud. While being quite simple to describe, this type of fraud is quite hard to block. Criminals buy stolen credit card details on the Dark Web and use them to order goods or services online before the owner blocks the card. While every individual transaction might be small, they are performed in numbers and can affect the merchant’s bottom line quite heavily.
- Affiliate fraud. The staple form of defrauding online merchants, the bread and butter of the fraudsters. Online retailers need more traffic to their stores, so they agree to pay commissions for every order brought to them by affiliate networks. To track this traffic as coming from a certain affiliate network, merchants issue unique referral links. Shady affiliates register domain names that sound like the real store, pour traffic to them, and redirect such names to the real store using the link they were given, thus forcing the merchant to pay them for the “leads”. Schemes might vary, the result is the same — wasted money.
- Chargeback fraud (friendly fraud). When a fraudster does not want to pay for goods delivered, he/she claims they were not delivered and starts a chargeback dispute through the card issuer bank. The bank always assumes the customer tells the truth and charges the money from the merchant’s account without ever checking if the customer actually got the goods. While being brutally simple, this type of fraud is very hard to combat.
- Phishing (account takeover). By using fake websites and emails to deceive people into revealing their social media account logins and passwords, fraudsters gather keys to their profiles with online retailers. Then they log into these accounts, change passwords and use all the money they can from the credit card on file to order goods before the fraud is discovered. The warning sign here is the change of shipping address, or trying to purchase lots of goods at once, or lots of small orders in quick succession.
- Interception fraud. One of the frequent cases with online retailers that deliver physical parcels. The fraudsters use the stolen card details to purchase something but ask the delivery service to change the pickup point, or simply steal the package once it is delivered to the shipping address on file.
- Triangulation fraud. This is a simple, yet efficient 3-step scheme. Fraudsters create fake online stores where customers can buy goods at dirt-cheap prices. Their only goal is to collect customer names, emails and credit card details there. They then use these details to buy the goods the customer requested for full price at a legitimate store and ship them to the victim’s address. Their gain here is the CC details, and in a week or two, they start making purchases for themselves.
If these schemes are so effective, are there ways to avoid fraud at all? Naturally, this can be done by monitoring your transactions for several signs of suspicious activity.
How to control fraud in real-time?
No matter the skill of the wrongdoers, fraudulent transactions will always have some discrepancies that will allow to identify them as illegal. We briefly mentioned them above, but a more detailed list is here:
- Order data inconsistency. The order was made from an unusual location (the shipping area ZIP code does not match the one on file, or the IP address does not match the usual one for this email)
- Unusually large or fast order. The order sum exceeds what this customer is usually spending with you, or they order expedited shipping (to get the goods before the owner blocks the payment)
- Unusual geolocation. If a customer logged in from North Carolina yesterday but logged in from Makao today, it is highly likely to be a fraudulent transaction
- Inconsistent shipping. While paying for multiple goods with a single credit card, the order contains multiple shipping addresses.
- Rapidly repeating orders. When a customer that previously ordered once a month issues 12 orders in a day.
- Using many credit cards. When there is a series of orders paid for with different credit cards, shipped to the same address (which differs from the one on file)
- Multiple declines before payment. You might misspell the expiration date or CVV code once, but if it was done 5-6 times in a row, it is certainly a red flag
- An influx of orders from an unexpected location. If the majority of your customers are from the EU but you have received several dozens of orders from Brazil over the weekend, chances are these are fraudulent orders.
Naturally, there can be a perfectly legal order having one or more of these signs. Luckily, manually monitoring every transaction is not needed. Modern anti-fraud solutions like Covery perform such checks automatically and halt suspicious transactions before you approve or decline them, thus stopping the fraudsters in their tracks.
10 steps to prevent fraud for your Ecommerce store
There are several common sense, technical and procedural steps you cant take to mitigate the risk of fraud for your online retail store:
- Perform periodic penetration testing of your website. The best way to ensure there are no backdoors in your systems is to proactively find and seal them using ethical hackers to perform penetration testing.
- Instate and enforce strong security policies. Ensure you can positively state that:
– The software and plug-ins used are patched to the latest stable version
– The SSL certificate is active and is accepted without issues
– The store complies with PCI-DSS requirements
– There are regular automated backups
– There are strong passwords to hosting admin panel, system admin accounts, CMS, database, FTP access, and various dashboards
– Anti-malware protection is running at all times and regular scans are scheduled
– All the communication between the customers, suppliers, and store staff is encrypted, nothing is transmitted in cleartext
– There are no inactive plugins installed, all of them are removed, - Monitor your daily operations for suspicious activity. A shoplifter might try to steal some grocery or other items from a brick-and-mortar shop and get caught red-handed by security. Catching a fraudster online is much more difficult, but it can be done if you dedicate an employee to looking for the fraud signs we described above. Alternatively, you can use a SaaS product like Covery that enables automated transaction monitoring, alerting, and management according to pre-configured risk logic scenarios and based on device fingerprinting technology.
- Use AVS. Address Verification Service or AVS helps cut off most of the fraud cases stemming out from the discrepancies in the shipping and billing addresses. Luckily, many banks and payment processors do this check by default, flagging suspicious transactions for your further consideration.
- Demand CVV. Yes, if a fraudster has a stolen credit card on hand, he will know its CVV code — but hell, he can simply go to the ATM with it and withdraw the money. In all other cases, asking for the CVV code when filling in the card details during purchase cuts off a large portion of fraudsters and does not irritate valid customers.
- Use HTTPS for everything. While it might seem too costly, using SSL certificates for all pages of your website prevents fraudsters from inserting malicious scripts on your pages and reading sensitive information from your interactions with customers.
- Set limits on purchases. Just be real, it is highly unlikely that someone buys out all your stock in one order or even a significant portion of it. Set some limits on max order size to limit the potential chargeback sum. Covery has this option off-the-shelf.
- Ship to real addresses only. Fraudsters prefer to hide their identities using freight forwarders (addresses with a container number in them) or PO boxes. When you see such an order, halt it until there is a confirmation from a customer.
- Check the IP and address match. Every transaction is performed from some IP address that can be tracked at least to the subnet level. People might need to use VPN to hide their IP addresses and still need to perform perfectly legal online purchases — but double-checking with your customers if that were they making that order never hurts.
- Use anti-fraud solutions. Most of the steps described above are provided as default features of various anti-fraud solutions like Covery. This way, you get most of your fraud prevention needs covered with a single tool.
Conclusions: use these fraud protection tips daily
Fraudsters are always evolving and adjusting their approaches, coming up with new schemes and tricks. However, anti-fraud platforms like Covery also don’t sit idling and are consistently improving the ways to avoid fraud using their features. Nevertheless, not a single tool will protect your shop if you don’t follow the common-sense fraud prevention tips and rules described above. On the other hand, designing and implementing a strong anti-fraud strategy helps you to detect fraud on the go and significantly reduces the number of fraud cases and chargebacks you will have to face.
Should you have more questions on how Covery can help you prevent fraud for your Ecommerce store — contact us, we are always glad to assist!