How to prevent ecommerce fraud

In this article, we explain what ecommerce fraud looks like in its many forms, take a look at the impact of failing to prevent it, and give you our top tips for how to stop it. 

Link to the author's page
Checkout.com
November 13, 2023
Link to the author's page
How to prevent ecommerce fraud

As an online merchant, you will already be hyper aware that the bountiful opportunities offered by the world of ecommerce come hand-in-hand with a constant and unavoidable exposure to fraudsters. 

Ecommerce losses to online payment fraud hit $41bn worldwide in 2022, and they’re predicted to surpass $48bn in 2023. North America is responsible for 42% of that value, followed by Europe at 26%, and Latin America at 20%. 

As you can see, the global nature of the online world means there’s nowhere to hide from ecommerce criminals, but there are plenty of measures you can take to detect and prevent it. 

In this article, we explain what ecommerce fraud looks like in its many forms, take a look at the impact of failing to prevent it, and give you our top tips for how to stop it. 

What is ecommerce fraud?

Ecommerce fraud is any type of cybercrime that seeks to exploit vulnerabilities in online payments or shopping activity in order to steal money or data. 

For fraudsters, the very aspects of ecommerce that make it an enticing prospect for consumers - speed, convenience, anonymity - also work in the criminals’ favor. All they need to commit crime is an internet-enabled device, which gives them access to a world of opportunities and next to no chance of being caught. 

Ecommerce fraud can take many forms, from criminals using stolen credit card numbers to make purchases to customers deliberately initiating chargebacks on genuine purchases.  

The diverse and complex nature of ecommerce fraud is also what makes it so challenging for online merchants to prevent. But it’s not just the initial financial loss that merchants need to be concerned about. Falling prey to ecommerce fraud can damage customer trust and your reputation (not to mention your company's finances). 

That’s why ecommerce fraud monitoring, detection and prevention must be at the heart of your operations. And the best prevention strategy is to understand your enemy. 

How does ecommerce fraud take place?

Security is a top priority for the global online payments industry. Nevertheless, because there are so many systems, people, and parties involved in the ecommerce ecosystem - including the retailer, the customer, the processor, and the networks - fraudsters have many potential access points that they can exploit to commit crimes. 

Usually, fraudsters will start by stealing sensitive data or buying stolen data on the black market. Phishing - where fraudsters trick their victims into willingly handing over personal information through scam emails, calls or texts - is the most common method for stealing this data, which 43% of online merchants surveyed by Statista had experienced in 2022. This was followed by friendly fraud, which 34% of respondents had fallen victim to. 

Types of ecommerce fraud

Now we know what ecommerce fraud is and how it can take place, let’s look at some specific examples: 

Credit card

Card-not-present (CNP) fraud is one of the most common types of ecommerce fraud. Once a criminal has access to stolen card details, they can use that card to make fraudulent purchases until the card is canceled. While the immediate financial loss is experienced by the cardholder, they are within their rights to initiate chargebacks for genuinely fraudulent purchases, meaning you’ll both lose the sale and have to pay chargeback fees to the bank. You also face losing the trust of that cardholder for failing to prevent fraud using their stolen card, as well as any resulting reputational damage. 

Often, after buying stolen card details, criminals will use card testing to establish which details are still active. They do this by making small, low-value payments, which helps to avoid suspicion. Any cards that are successfully authorized can then be used to make larger purchases.

Refund fraud

Refund fraud involves a criminal requesting a refund for a product or service that they never actually purchased. They can do this by creating fake order details or by stealing the account details of a legitimate customer. The result of this is that you end up refunding money that you never earned in the first place. 

Affiliate 

Fraudsters can even exploit affiliate marketing programs to commit crimes. An affiliate program is where online merchants provide a commercial partner with a trackable link that they can use on their website. Whenever someone clicks on that link and is redirected to the merchant’s website, they’ll pay the partner a commission.  

Fraudsters can game this system in a number of ways. For example, they could generate fake traffic or sales in order to steal unearned commissions, or they could make purchases using stolen cards and then collect the commission for the sale.

Account takeover

After stealing details in a hacking or phishing attack, criminals can log into legitimate customer accounts, change the details, and then use their saved cards to make unauthorized purchases. 

As well as having to refund the unauthorized purchases, account takeover fraud can cause serious damage to your relationships with your customers. Even if they’re the one who fell victim to the initial phishing attack, they may hold you responsible for allowing the fraudster to gain access to your systems. 

Identity theft

Fraudsters can also use stolen customer details to set up entirely new accounts in their name. Known as identity fraud, they can use these fake accounts to make fraudulent purchases using customer card details or to commit other types of crime like refund fraud under the guise of a legitimate customer, making it very difficult for them to be discovered. 

Chargeback fraud

Chargeback fraud happens when a customer buys something and then falsely claims not to recognize the transaction, or that they didn’t receive the product. This can be done either accidentally or maliciously. Either way, if the claim is successful, the end result is the same for the merchant: a lost sale and payment of chargeback fees. 

What is the impact of ecommerce fraud?

Ecommerce fraud can have a devastating impact on both consumers and online merchants. For merchants, the main effects are:

  • Financial loss - as well as the financial loss you could experience from theft, you may have to refund the cost of any fraudulent purchases made on your site and pay fees for any refunds or chargebacks 
  • Reputational damage - as an online merchant, your success relies on maintaining an image as a secure website. Consumers are highly aware of the risks of ecommerce, and, if they do experience fraud while shopping on your online store, it’s never been easier for them to leave public reviews on consumer trust sites or search engines, which can have a big impact on public perception of your brand. Not only that, you might find that business clients or the third party providers that you rely on to process payments are hesitant to work with you if you fail to stop fraudsters
  • Security costs - after a security breach, you should assess the strength of your security protocols and systems and invest in making them more robust. You should also train your staff to be more vigilant about phishing and malware threats, so that they can actively prevent fraud when they see it. These measures will require investment, but you’ll save money in the long run by reducing the rate of successful ecommerce fraud attempts 
  • Legal consequences - if you fail to adequately protect customer data and prevent fraud, you may also face legal and regulatory consequences, which could include fines and lawsuits, as well as more onerous compliance requirements

How to detect ecommerce fraud online

The good news is that there are many highly advanced fraud detection systems available to you that identify fraudsters at the first sign of suspicious activity. 

Fraud detection software relies on a powerful combination of machine learning and customized rules. Machine learning trains itself to spot typical and emerging fraud threats by analyzing data from across the payments network. You can then create flexible rules, which work in tandem with the machine learning function to decide how different transactions are routed based on their perceived fraud threat. 

The great thing about these systems is that they can analyze and make decisions about a far greater volume of transactions and customer behavior data points than a human agent ever could. This vastly scales up your fraud detection capabilities while automatically sending legitimate customers down a more frictionless route to complete their purchase.   

Learn more: Protecting cardholders from rogue merchants

How to prevent ecommerce fraud

Of course, it’s not just enough to detect fraud, you also have to prevent it. As outlined in the previous section, once your fraud system has identified suspicious activity, such as a high number of identical transactions, it can block further payment attempts from the associated card, flag it for review, or route it for further authentication. 

However, you also need to implement measures to prevent friendly fraud, which cannot necessarily be achieved via software. As friendly fraud can occur after a perfectly legitimate transaction, and can be either malicious or accidental, you need to put measures in place that proactively reduce the chance that your customer will try to initiate a chargeback with their bank. 

This starts with ensuring your customer service and customer communications are top notch, which limits that chance of a complaint that could escalate to a chargeback. You should also clearly display your refund and returns policy on your website, so that there’s no chance of confusion. Finally, Strong Customer Authentication rules, which ensure customers are legitimate through multi-factor authentication, can help to prevent malicious actors. You may even want to look into encouraging users to pay with APMs to reduce fraud.

Prevent ecommerce fraud with Checkout.com

If you're interested in learning more about fraud, you can take the Fraud Essentials course with MRC. It covers the basics of recognizing various forms of ecommerce fraud.

Checkout.com’s Fraud Detection Pro has all the tools you need to take payments and grow your online store while fighting all kinds of fraud. Our flexible solution employs machine learning and fully customizable rules, allowing you to tailor your fraud prevention measures to your risk appetite. What’s more, you can also choose to go live immediately with our preset configurations, and, as Fraud Detection Pro is built into our modular payments platform, there’s no additional integration needed.

Get started with Checkout.com’s Fraud Detection solution today or speak to a member of our sales team. 

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
November 13, 2023 9:31
November 13, 2023 9:31