As an online merchant, you will already be hyper aware that the bountiful opportunities offered by the world of Ecommerce come hand in hand with a constant and unavoidable exposure to fraudsters.
Ecommerce losses to online payment fraud hit $41bn worldwide in 2022, and they’re predicted to surpass $48bn in 2023. North America is responsible for 42% of that value, followed by Europe at 26%, and Latin America at 20%.
As you can see, the global nature of the online world means there’s nowhere to hide from Ecommerce criminals, but there are plenty of measures you can take to detect and prevent it.
In this article, we explain what Ecommerce fraud looks like in its many forms, take a look at the impact of failing to prevent it, and give you our top tips for how to stop it.
Ecommerce fraud is any type of cybercrime that seeks to exploit vulnerabilities in online payments or shopping activity in order to steal money or data.
For fraudsters, the very aspects of Ecommerce that make it an enticing prospect for consumers - speed, convenience, anonymity - also work in the criminals’ favor. All they need to commit crime is an internet-enabled device, which gives them access to a world of opportunities and next to no chance of being caught.
Ecommerce fraud can take many forms, from criminals using stolen credit card numbers to make purchases to customers deliberately initiating chargebacks on genuine purchases.
The diverse and complex nature of Ecommerce fraud is also what makes it so challenging for online merchants to prevent. But it’s not just the initial financial loss that merchants need to be concerned about. No matter how big your business, falling victim to Ecommerce fraud can have a knock on effect for customer trust, the integrity of your security systems, and your reputation.
That’s why Ecommerce fraud prevention must be at the heart of your operations. And the best prevention strategy is to understand your enemy.
Security is a top priority for the global online payments industry. Nevertheless, because there are so many systems, people, and parties involved in the Ecommerce ecosystem - including the retailer, the customer, the processor, and the networks - fraudsters have many potential access points that they can exploit to commit crimes.
Usually, fraudsters will start by stealing sensitive data, or buying stolen data on the black market, that they can use to perpetrate fraud. Phishing - where fraudsters trick their victims into willingly handing over personal information through scam emails, calls or texts - is the most common method for stealing this data, which 43% of online merchants surveyed by Statista had experienced in 2022. This was followed by friendly fraud, which 34% of respondents had fallen victim to.
Now we know what Ecommerce fraud is and how it can take place, let’s look at some specific examples:
Card-not-present (CNP) fraud is one of the most common types of Ecommerce fraud. Once a criminal has access to stolen card details, they can use that card to make fraudulent purchases until the card is canceled. While the immediate financial loss is experienced by the cardholder, they are within their rights to initiate chargebacks for genuinely fraudulent purchases, meaning you’ll both lose the sale and have to pay chargeback fees to the bank. You also face losing the trust of that cardholder for failing to prevent fraud using their stolen card, as well as any resulting reputational damage.
Often, after buying stolen card details, criminals will use card testing to establish which details are still active. They do this by making small, low value payments, which helps to avoid suspicion. Any cards that are successfully authorized can then be used to make larger purchases.
Refund fraud involves a criminal requesting a refund for a product or service that they never actually purchased. They can do this by creating fake order details or by stealing the account details of a legitimate customer. The result of this is that you end up refunding money that you never earned in the first place.
Fraudsters can even exploit affiliate marketing programs to commit crimes. An affiliate program is where online merchants provide a commercial partner with a trackable link that they can use on their website. Whenever someone clicks on that link and is redirected to the merchant’s website, they’ll pay the partner a commission.
Fraudsters can game this system in a number of ways. For example, they could generate fake traffic or sales in order to steal unearned commissions, or they could make purchases using stolen cards and then collect the commission for the sale.
After stealing details in a hacking or phishing attack, criminals can log into legitimate customer accounts, change the details, and then use their saved cards to make unauthorized purchases.
As well as having to refund the unauthorized purchases, this can cause serious damage to your relationships with your customers. Even if they’re the one who fell victim to the initial phishing attack, they may hold you responsible for allowing the fraudster to gain access to your systems.
Fraudsters can also use stolen customer details to set up entirely new accounts in their name. Known as identity fraud, they can use these fake accounts to make fraudulent purchases using customer card details or to commit other types of crime like refund fraud under the guise of a legitimate customer, making it very difficult for them to be discovered.
Chargeback fraud happens when a customer buys something and then falsely claims not to recognize the transaction, or that they didn’t receive the product. This can be done either accidentally or maliciously. Either way, if the claim is successful, the end result is the same for the merchant: a lost sale and payment of chargeback fees.
Ecommerce fraud can have a devastating impact on both consumers and online merchants. For merchants the main effects are:
The good news is that there are many highly advanced fraud detection systems available to you that identify fraudsters at the first sign of suspicious activity.
Fraud detection software relies on a powerful combination of machine learning and customized rules. Machine learning trains itself to spot typical and emerging fraud threats by analyzing data from across the payments network. You can then create flexible rules, which work in tandem with the machine learning function to decide how different transactions are routed based on their perceived fraud threat.
The great thing about these systems is that they can analyze and make decisions about a far greater volume of transactions and customer behavior data points than a human agent ever could. This vastly scales up your fraud detection capabilities while automatically sending legitimate customers down a more frictionless route to complete their purchase.
Of course, it’s not just enough to detect fraud, you also have to prevent it. As outlined in the previous section, once your fraud system has identified suspicious activity, such as a high number of identical transactions, it can block further payment attempts from the associated card, flag it for review, or route it for further authentication.
However, you also need to implement measures to prevent friendly fraud, which cannot necessarily be achieved via software. As friendly fraud can occur after a perfectly legitimate transaction, and can be either malicious or accidental, you need to put measures in place that proactively reduce the chance that your customer will try to initiate a chargeback with their bank.
This starts with ensuring your customer service and customer communications are top notch, which limits that chance of a complaint that could escalate to a chargeback. You should also clearly display your refund and returns policy on your website, so that there’s no chance of confusion. Finally, Strong Customer Authentication rules, which ensure customers are legitimate through multi-factor authentication, can help to prevent malicious actors.
Checkout.com’s Fraud Detection Pro has all the tools you need to take payments and grow your online store while fighting all kinds of fraud.
Our flexible solution employs machine learning and fully customizable rules, allowing you to tailor your fraud prevention measures to your risk appetite. What’s more, you can also choose to go live immediately with our preset configurations, and, as Fraud Detection Pro is built into our modular payments platform, there’s no additional integration needed.
Get started with Checkout.com’s Fraud Detection solution today or speak to a member of our sales team.