Ecommerce has not-so-slowly taken off over the years, with consumers in the US alone spending $791.1 billion online in 2020 (Digital Commerce 360). This is excellent news for eCommerce platforms because there’s more business to be done on there, whether that’s owning a store, providing a SaaS service, or even running a dropshipping business.
Unfortunately, this also means that e-commerce fraud will be on the up. Legitimate customers already lost $5.8 billion to online fraud in 2021 (CNBC), and that number is only going to rise. The good news is that even though the prevalence of fraud is growing, your business can sidestep the danger.
In this post, we’ll explore the various ways that eCommerce fraud can affect your business, go over the different types of frauds out there, and show you how you can protect your business.
What is eCommerce fraud?
Ecommerce fraud is a type of online payment fraud in which fraudsters target eCommerce stores or their customers and steal their money.
Ecommerce fraud can affect your business in a variety of ways, from losing direct revenue to losing customer data. A type of fraud can also have you absorbing the negative impact of chargebacks from stolen credit cards.
The bad news is that as eCommerce grows, it will become a bigger target for fraudsters, and at the same time, their tactics will grow in sophistication. All of this puts your online store in a precarious position unless you’re able to understand the risks and adequately mitigate them.
Let’s start with the common types of eCommerce fraud.
Five types of eCommerce fraud that affect businesses
1. Card testing fraud
With card testing eCommerce fraud, the fraudster is trying to see which stolen credit card can be used to make the most purchases. They start by obtaining multiple stolen credit card numbers either by stealing them or buying from an online black market.
Next, they visit your eCommerce store and start making small purchases to see which cards are valid. Once they find the working cards, they slowly move on to larger fraudulent transactions to see what they can get away with.
The problem with card testing fraud, or carding, is that your online store won’t realize it until it’s too late. By the time these purchases are flagged as suspicious, the fraudsters have made several large purchases through your platform.
Carding is often conducted by bots who can process hundreds of transactions per minute, so spotting and blocking these carding bots can make a huge difference to fraud on your site.
2. Chargeback credit card fraud
Chargeback fraud, also called friendly fraud, involves multiple chargebacks that can wreck your store’s financial standing, revenue, and even reputation.
Fraudsters take advantage of company policies by initiating a chargeback after making a purchase, knowing fully well that they’ll get the items, basically for free. The problem is that too many chargebacks in your online store cost you chargeback fees, penalty costs, banking fines, and of course, the cost of the actual goods.
It’s interesting that chargebacks can result from legitimate customers if they are unsatisfied with the purchase. However, too many of these and you can be certain it’s a case of chargeback fraud.
3. Interception fraud
Many eCommerce companies are smart enough to install safety measures that prevent fraudulent transactions, like checking shipping and billing addresses before confirming the purchase. But, fraudsters have found a way around this by providing legitimate addresses but then intercepting the package before it arrives.
This way, they use the victim’s address and information, but they get to keep the package. Fraudsters may intercept the package by stealing it from the victim’s house or contacting your company and changing the shipping address before delivery.
4. Account takeover fraud
These types of online fraud involve scammers hacking your customer accounts, changing their delivery addresses, and buying as many goods as they can.
Fraudsters may gain access to your customer accounts in several ways, including buying stolen passwords and usernames, deploying phishing sites, and even guessing the passwords.
The biggest problem with account takeover fraud is that customers may never trust your site again once they experience this. Even if you’re able to repair the damage, they’ll constantly wonder how fraudsters were able to gain access to their accounts on your website.
5. Refund fraud
Refund frauds are some of the most damaging types of e-commerce fraud because they place your business between two impossible situations. Here’s how these work: a fraudster uses stolen credit card information to make a purchase from your website. They then contact your customer care to request a reimbursement.
However, they want the money sent to a different destination/card/account because their credit card was “stolen.” In the end, your online store refunds the money to the fraudster but is still responsible to the original card owner of the stolen credit card.
Top fraud detection and prevention strategies
The best way to get your online store out of an eCommerce fraud scheme is to stay out in the first place. Here are some best eCommerce fraud detection and prevention strategies you need to implement right now.
1. Ramp up your address verification
Fraudsters using a stolen credit card rarely submit the card’s registered address on checkout, and this is a fantastic opportunity to nip eCommerce fraud in the bud. Start by using an Address Verification Service.
An Address Verification Service can help your eCommerce store identify fraudulent transactions by double-checking to make sure the submitted address matches the billing address tied to the bank. If the addresses don’t match, the system declines the transactions and flags them as potential online payment fraud. This way, your online store sidesteps fraudulent credit card transactions.
Another strategy for address verification is to avoid accepting non-physical shipping addresses. These may be PO boxes, freight forwarders, or other locations. Customers of eCommerce stores have no problems providing an actual address unless they have something to hide. That’s one reason why you should flag these transactions.
2. Monitor your visitor IPs
Keeping known fraudster IP addresses from accessing your website is another effective eCommerce fraud prevention strategy. If you use any kind of fraud prevention, these will have a constantly updated list of known fraudulent IPs that you can blacklist from your site.
You may also start to notice specific IP addresses that test credit cards on your site. These will be tied to accounts that try multiple stolen credit cards before starting to make incremental purchases. Flagging these in your online store is a critical eCommerce fraud prevention strategy.
Finally, a final layer of protection with IP addresses would be to check that IP addresses match the card’s address. The principle is simple – if it’s a stolen credit card, the fraudster is probably accessing your website from a different location.
As a result, you can safely flag them as suspicious credit card transactions or at least request more verification, like the ones in the next points.
3. Ensure your store is PCI compliant
PCI stands for Payment Card Industry, and the PCI standards are managed by the PCI Security Standards Council. These ensure that all credit card transactions are secure, and complying with standards is not only good for fraud prevention in your eCommerce store, it’s mandatory.
These measures include everything from basic fraud protection to important steps like creating a firewall between your connection and the servers that store your credit card information.
The good news is that if your business is built on an eCommerce store service, they probably provide PCI compliance by default. But if you have an independent setup, it’s critical to ensure that your business is compliant and add this extra layer to your eCommerce fraud prevention system.
4. Create customer protection strategies
Your customers are the primary target of fraud schemes, so it’s important to protect their interests. Reduce your fraud risk by setting limits on purchases on your website. While it may not be the most lucrative decision, it can protect your customer accounts.
Use your order and purchase trends to set limits on the total dollar value any single account can make in a day. Flag all orders above this value and investigate them.
You can also avoid collecting sensitive customer data. This limits your customers’ exposure in the event of a hack or data breach. You may have to collect billing address and credit card information for a smoother shopping experience, but it’s a good idea to avoid collecting social security numbers, birth dates, and other unnecessary data.
5. Ensure customers submit CCV numbers for all purchases
This one measure can cut all credit card fraud instances on your site by 50% or more. Requesting for the Card Verification Value (CCV) is a failsafe that ensures customers have the physical card in their possession.
Credit cards that have been stolen and sold will not carry this information, which is why fraudsters often target online merchants that don’t request CCV. Take your store out of the mix by asking customers to provide it on every purchase that accepts credit card payments.
Protect your site from other fraudulent activity
Ecommerce fraud is only one type of fraud affecting online retailers, and it accounts for a very small part of the billions lost to fraud every year. In fact the most common form of online fraud affecting ecommerce businesses and any online marketer is advertising click fraud.
The same bots and fraudsters who perform ecommerce fraud such as carding and spam attacks are also after your ad revenue. And they do this by fraudulently hosting your paid ads, or intentionally clicking your paid search results to waste your ad budget.
Yes, click fraud is a real thing and costs digital marketers more than $40 billion every year.
Find out more in our complete guide to click fraud
ClickCease offers one of the best ecommerce fraud prevention packages for businesses operating online stores and anyone running paid ads.
Bot Zapping from ClickCease is designed to stop fraudulent bot activity from spam bots, carding or credit card fraud and account takeovers.
Additionally, ClickCease also offers the industry leading click fraud protection tool on the market.
Sign up for your FREE trial of ClickCease to try both of these tools out.