Recognizing Ecommerce Fraud Through the Customer Journey
Over the past decade, the rate of growth for eCommerce has risen drastically. With so many transactions going online, it’s not surprising that eCommerce fraud has also risen. In fact, it’s eCommerce’s explosive growth that attracts so much fraud.
As such, it’s important for any business planning to transition online, to fortify themselves against some of the most common cases of fraud. This means understanding the customer’s journey and protecting users at every step – whether it’s on your site or through a payment processor. Let’s explore some common types of fraud and how you can identify and prevent them.
One of the most common types of eCommerce fraud is account fraud, and that generally falls into two categories: Account Takeover Fraud (ATO) and New Account Opening Fraud (NAO).
ATO occurs when either a malicious human or bot manages to take over a customer’s account and then uses it to carry out things against the customer’s wishes, such as draining their bank account or stealing loyalty points. Not only is this terrible for your customers, but it also damages your reputation and trust.
ATO is becoming an increasingly common occurrence, either in the form of look-alike domain scams or through the rising number of dark web markets where people can purchase hacked email and password combinations. The best solution here is to make sure your customers use a strong passphrase rather than a simple password that might end in them using one they’ve already used before.
NAO, on the other hand, only affects you as a company. The goal with NAO is to constantly open new accounts to take advantage of one-time deals and offers. These attacks use some details that may seem real and make it hard to tell if it’s fake. This hits especially hard for eCommerce businesses operating on a tight budget, who can’t really afford the time to go through accounts, nor the cost of lost revenue.
Direct financial fraud
Another common type of fraud is direct financial fraud. The truth is, financial fraud is always hard to detect and prevent, and it costs companies billions every year in lost revenue.
Probably the most common in this category is payment fraud when stolen credit cards and banking information is used to purchase items. In fact, card-not-present (CNP) attacks tend to be the ones most malicious actors choose. This is why it’s important to maintain PCI compliance; otherwise, you risk losing revenue to chargebacks and time lost to deal with the fraud.
Another common type of related fraud is eGift card fraud, where a malicious person uses stolen information to purchase a gift card. This is one of the most difficult forms of fraud to deal with, as there’s no physical address for the eGift cards to ship to, and it’s therefore nearly impossible to trace.
Refund fraud is another common form, especially since it hides within legitimate processes and is hard to detect. Generally, this is done by claiming that a package didn’t arrive, that it was a partial fulfillment or any other variation where the seller would have to send a replacement or a refund.
Other types of ecommerce fraud
There are a variety of different other fraudulent eCommerce activities that don’t neatly fall into these two previously discussed categories. One example is friendly fraud, which isn’t fully a form of malicious fraud. Friendly fraud is when a customer receives a charge and then disputes the charge with their bank, rather than with their merchant. Often, this isn’t malicious in nature because the customer may not necessarily recognize or remember the charge. That being said, it does often lead to chargebacks to the merchant.
Finally, one type of fraud that seems to put a lot of effort into malicious intent is triangulation fraud. This is where a fraudster will completely fake a legitimate online store with cheaper products listed in the hopes of tricking a customer to purchase there. In doing so, not only do they gain the credit card information of the customer, but they charge them and then also send the transaction to the legitimate store, thereby charging the customer a second time. Unless the customer catches it, the malicious actor can use that credit card information somewhere else, making the situation even worse.
Another form of fraud is retail arbitrage fraud, more commonly known as scalping. This is generally when a bot enables a malicious person to purchase large quantities of stock and then resell them at a much higher price. Scalpers made the news recently with a release of a computer graphics card, having scalped 50,000 Nvidia RTX 3000s and brought the price of an already expensive card even higher.
While there isn’t a clear and easy way to deal with this, especially as bots get better and better, there is a way to fight fire with fire. Sending verification emails, double-checking against a list of known scammers, and even making sure that those who sign up aren’t using similar email addresses and information are all good preventative measures.
Also, have a strategy in place to help provide a financial safety net should you become the victim of any of the above kinds of fraudulent activities. In this regard, it’s a wise idea for business owners to protect their assets with a comprehensive insurance plan in the event of a major financial disaster stemming from fraud.
There’s a strong hope that somebody, preferably regulators, will step in and try and stem the tide. Alternatively, maybe even banks and financial networks like Visa and Mastercard can step up their fraud detection programs. Until then, the best thing you can do as a business is to educate yourself so you can avoid disaster and secure yourself and your customers as best you can.