Where the money goes, the fraud follows. It is especially true for eCommerce, as due to the COVID-19 pandemic, eCommerce fraud is on the rise nowadays. According to JuniperResearch, eCommerce retailers risk losing up to $20 billion due to fraud in 2021, which would be 18% more than in 2020. Obviously, preventing fraud in eCommerce is one of the top priorities for online merchants, now more than ever.
Fraud prevention in eCommerce is one of the main specialties of Covery. We provide fraud protection service since 2016 and have accumulated quite significant expertise in detecting and fighting fraud in online shopping. This article will briefly outline the reasons behind fraud occurring, the ways of merchant fraud detection, and 10 strategies to improve your eCommerce fraud prevention efficiency.
Why does the fraud occur?
The reasons are multiple, and the perceived anonymity on the web is the main one. Fraudsters think they can hide behind the VPNs and other anonymizers and fool people, making easy money. In addition, the police do not treat eCommerce thefts as harsh as common crimes and can pretty much never arrest scammers. A combination of these factors makes committing fraud quite common, as you well know.
The main types of fraud in eCommerce are as follows:
- Card-not-present fraud, where scammers use stolen credit card details to purchase goods online. In a typical scenario, fraudsters purchase stolen CC details on the dark web and test them out with plenty of minimal purchases to see which cards are still active. They then buy as much as possible and hope the original cardholder does not issue a chargeback before they obtain the illicitly purchased goods.
The key sign of an ongoing CNP fraud is lots of orders for small items in quick succession with different credit cards from one account. This way the fraudsters test their base for valid CC details before making the main purchases. Thus, if you spot such activity, it’s best to block such transactions till additional investigation to avoid future chargebacks.
- Affiliate fraud. As online store owners surely know, not all affiliate traffic brings sales. Affiliate networks want to earn their commissions, so they can defraud you in a variety of ways to increase the number of your website visitors, who do not actually convert into leads and customers.
- Chargeback (friendly) fraud. It is a form of CNP fraud, where scammers use stolen credit card details to purchase your products before rightful owners understand what is going on, block their cards and demand their banks to return the money, because the owners did not authorize the transaction. As banks always take the customer’s side, merchants usually lose both the product and the money paid for it.
The key difference with CNP fraud here is that it is performed by scammers quickly to avoid being spotted, while chargebacks can be issued even weeks after the purchase, by legitimate card owners willing to defraud the merchant and get their items for free.
But even losing up to 11% revenue due to chargebacks is not the worst part of the problem. As you should know, exceeding chargeback thresholds will lead to increased payment processing rates, chargeback dispute resolution fees, Visa/Mastercard redemption program fines (up to $50,000 for two PSPs).
- Interception fraud, a case of account takeover fraud where impostors gain access to your actual customers’ account details with phishing, order goods to the shipping address on file but then contact your customer service and change the delivery address for some plausible reason.
- Triangulation fraud, one of the more elaborate fraud schemes, where scammers create phishing sites that copy your eCommerce website and lead your users there with ads. Once the users log into a fake site and shop there, scammers log into your actual site and order the same purchases to be delivered where expected.
Why the hassle then, if you get the money and your customers get the goods? The fraudsters gain access to customers’ accounts and after waiting some time to avoid raising suspicions they use this access to perform one of the other types of fraud.
There are many more types and kinds of fraud but they are usually derivatives of these 5 main types or are so rare that cannot be distinctly categorized. Thus said, even the most common fraud types can pose a significant threat to your business, which must be spotted early in order to be efficiently mitigated.
Below are the warning signs to look for as a part of eCommerce fraud detection.
eCommerce fraud distinctive features
While fraudsters can be quite inventive, there are certain signs showing that some illicit activities take place:
- Strange order data. For example, an address on file is in the US, but the order was made from a Nigerian IP address.
- Fast and or/big orders. An order sum is much larger than the average for this account, or expedited delivery is ordered to an unusual location.
- Rapid change of addresses. Ordering from Alabama half an hour ago, from Singapore 10 minutes ago, and from Beijing now? Definitely not conspicuous, yeah…
- Multiple delivery addresses. An order paid with a single credit card contains multiple items that have to be sent to various addresses.
- Multiple orders and CC cards. When a dormant account with rare purchases from one credit card suddenly bursts into activity and creates plenty of orders with many credit cards, you know something is off.
- A streak of declined orders. A person can mistype their credit card details once, but not 4+ times in a row. These were the fraudsters trying stolen credit card details.
Any of these cases can have perfectly valid reasons behind them, but a combination of several of them is definitely concerning. You cannot check every order for these, however — nor is it needed. There are modern eCommerce fraud prevention tools like Covery, which takes care of monitoring your transactions for the very first signs of eCommerce fraud.
But while investing in fraud detection solutions for eCommerce is one of the best choices you can make, it is by far not the only one.
Steps for preventing fraud in eCommerce
Here are 8 steps you can take to secure your bottom line from fraud. Some of them might seem pretty basic, but if you don’t score all the points in full — you run some serious risk of suffering from fraud in online shopping:
- From time to time, hire сybersecurity experts to check your online store for vulnerabilities — cross-site scripting, JS injections, compromised accounts, etc. Losing control over your website is the worse thing that can happen to an online merchant.
- Implement security best practices to safeguard your operations:
– Your store runs the latest stable version of all software and plugins
– Your website is protected by a reputed SSL-certificate
– Your payment process is compliant with PCI-DSS requirements
– Your business and customer data is backed up regularly
– You have strong (and different!) passwords to your hosting panel, CMS, store admin accounts, FTP access, database, and various dashboards
– You have a good anti-malware scanner running at all times
– All the customer and business data, as well as all chat conversation logs are encrypted.
- Have some tools for eCommerce fraud detection running 24/7. Every payment that has any of the signs depicted above can be a fraudulent one and can result in a chargeback. An ounce of prevention is worth a pound of cure, especially in eCommerce. But checking every transaction manually or having someone on the payroll doing this is not very efficient, especially when the orders come in the thousands.
This is where eCommerce fraud prevention tools like Covery lend you a hand. With the help of its device fingerprinting technology, Covery keeps track of every visitor session on your website and alerts you to every suspicious transaction — or handles them according to preconfigured business risk logic scenarios.
- Require CVVs at checkout. Yes, it adds an extra step, but law-abiding customers will do it anyways — and fraudsters will have a hard time providing that code, as all they’ve got is credit card numbers and PIN codes.
- Go for SSL certificates for all your store pages. Yes, protecting only the checkout page is cheaper, but you don’t want scammers contaminating your other pages with malicious code to steal any sensitive information.
- Implement hard caps on purchases. Analyze the average order size and set the limit to about twice as much to ensure you check such orders manually. It is not uncommon for huge legitimate orders to come through, but some high-volume orders can be fraudulent and it’s better to check them twice.
- Always double-check the address. If the customer wants to pick up the package from a freight forwarder, require additional confirmation.
- Ensure the IP addresses match. There might be perfectly valid reasons for your customer to hide their IP address when making a purchase, but it’s better to be safe than sorry. Track the IP addresses of every order and require additional confirmation when the IP address shows unusual geolocation.
As you can see while some of these points refer to procedures, some can be ensured only using a specific technology. Covery is an online fraud protection service that encompasses all of these features and more, so you get the most out of your investment.
There is no single watertight approach to fraud prevention in eCommerce. Scammers will forever try to defraud online merchants, and the best way to protect your bottom line is to invest in reliable technology that has all your bases covered.
Covery can be such a tool for you, and due to an already impressive set of features, ever-growing Trustchain reputational record knowledge base, device fingerprints, highly-configurable risk business logic engine and real-time transaction monitoring capabilities, Covery can become your solid tool for merchant fraud protection.
Should you want to know of all the ways Covery can provide value for your business — contact us, we are always ready to help!