Competition forces legitimate businesses around the world to constantly improve and grow. The online marketplace, in particular, has become saturated with new products and services. While shoppers have more convenience and choice than ever, small businesses have more competition and obstacles than ever.
The innovation that comes from steep competition is a great thing: companies are forced to be more efficient, waste less, and provide superior products. Unfortunately, fraudsters have followed suit. The rise of eCommerce shopping has opened new doors for fraud and theft. There are more types of eCommerce fraud now than ever, and online retailers face a daily threat to their business.
So it’s important for any business owner to find ways to combat this new threat. The first step to protecting yourself is to understand where the risks lie. Take a look at the 7 most common types of eCommerce fraud that most web-based businesses need to defend against.
- Online Refund Fraud
- Chargeback Fraud in eCommerce
- Card Testing
- Fraud Against the Merchant
- Triangulation Schemes
- Shipping Fraud
Riskiest Touchpoints for eCommerce Fraud
First, consider the areas in your webstore that must be protected. Every customer trusts that merchants keep their personal data safe, but they often don’t realize how many points of risk they come across while shopping online.
To be fair, they shouldn’t have to; that’s the job of you, your eCommerce platform, and your credit card processing service. So it’s helpful to know at which points shoppers are most easily compromised by fraud. Below are a handful of the riskiest touchpoints:
- Opens an Account
- Enters Payment Information
- Login to Account
- Completes a Purchase
- Reorders a Product
- Uses Loyalty Account
- Edits Account Information
- Downloads a Business App
- Leaves a Review
- Buys a Gift Card
1. Online Refund Fraud
Refund fraud is one of the most common types you’ll find. And it’s growing quickly. In this scenario, the thief makes a payment for a group of products online with a stolen credit card. They then contact the business saying that they accidentally ordered a few items and would like a refund. They will claim that the account is closed or frozen and ask for the return to be made through a different method. If successful, the criminal gets the money and the retailer is left having to compensate the cardholder for the stolen amount.
How to Protect Yourself: Always flag such requests, even if they seem honest and legitimate. Ask for more proof or to speak with their bank to learn more about the original purchase. Stay polite and don’t accuse them of anything, but explain that you need to take proper precautions.
2. Chargeback Fraud in eCommerce
If the example above, the thief was making a purchase they didn’t actually want in order to get a cash refund for it. Here, the thief uses a stolen credit card to buy something that they actually want.
Also known as clean fraud because of its simplicity, this most often results in the thief getting the product while the owner of the card requests their money returned. This leaves merchants with stolen product and costly fees and fines for issuing a chargeback.
How to Protect Yourself: To avoid chargebacks, require shoppers to enter a matching billing and mailing address. Or have them add a CVV code on the card or another extra proof of authentication. You don’t want to make the shopping experience inconvenient or tedious, but you must protect each shopper.
3. Card Testing
In this instance, a criminal will test the authenticity of a credit card number to determine if they can use it for making a purchase elsewhere. They will use it on eCommerce stores that specifically mention the reason for the card being declined. For example, you might manually input all card information but if the expiration date is wrong, the payment page will notify you of exactly what the issue is. If a thief is trying to learn more about the card info, they can keep trying dates until it matches.
How to Protect Yourself: Set your payment portal page to not give definite feedback on incorrect card information. Instead, just give a less revealing, “card not accepted” message.
4. Fraud Against the Merchant
There are many online consignment shop platforms that host individual sellers, but take a cut of each sale for bringing the shopper to the seller. Sites like Amazon and eBay are the most popular, of course, but there are many different types.
In this case, fraudsters can create fake stores. They will accept payment for items that they have no intention of ever shipping. They typically get shut down very quickly, but they can be wildly profitable for the time that they are active. Of course, the marketplace will be responsible for refunding each shopper that feel victim.
How to Protect Yourself: This applies least to our average retailer reading this, but if you do offer third-party sellers on your site, be careful to validate their business and make sure they are legitimate merchants.
Still surprisingly common, phishing fraud coaxes personal information out of shoppers. Typically, they’ll send the shopper an email asking for user identification, password, credit card info, security questions, date or birth, etc. Successful schemes are very good at making the email seem urgent and legitimate.
Once they have the stolen card, they will make a series of fraudulent purchases, leaving the merchant on the hook again for redeeming any stolen payments.
How to Protect Yourself: Again, add steps for authentication. Password and ID requirements such as minimum character length, special characters, or capitalization are all ways of making it harder for criminals to steal personal information. Remember, most people have no idea how compromised their personal information is at all times. So to protect your business, you need to force your shoppers to be smarter about their online finances.
6. Triangulation Schemes
More uncommon than others on the list, triangulation fraud is more rare because of its complexity. Still, it’s likely that you’ve seen it. A thief sets up a fake online store, often selling products at extreme discount prices. Once a shopper makes a purchase, they will do one of two things:
- Keep the card data (credit card farming) and use it to make future fraudulent purchases or sell to other criminals.
- Purchase the actual product that was ordered but with the customer’s card, thereby charging them twice. They keep the original amount, even if it was a heavily discounted price.
How to Protect Yourself: If you’re a shopper beware of deals that are too good to be true. Best case, they are simply inferior in quality. If you’re a merchant who allows other online sellers on your website, again be sure to validate them beforehand.
7. Shipping Fraud
Another more intricate scheme, shipping fraud starts with basic credit card fraud. Someone steals a shoppers card info and makes a card-not-present (CNP) purchase on an eCommerce store.
But then a second criminal is brought into the scenario. To reduce their risk, the original criminal hires another person to accept the package at a different address and then reship it to them. This means that if anyone is caught, it’s likely to be the middleman rather than the orchestrator.
How to Protect Yourself: Require matching billing and shipping addresses. More and more eCommerce stores are doing it, and very few shoppers have mismatched information. It adds no extra steps during the point of purchase and will turn away minimal potential customers.
Types of eCommerce Fraud That You Can Avoid
Small businesses can avoid almost all risks of online fraud by following basic best practices. One of the easiest ways to protect your business is by using a trusted online platform, POS system, and credit card processor.
KORONA is a powerful and reliable point of sale software that integrates with the top eCommerce platforms and payment gateways. To learn more about our solution and how it can protect against fraud and improve your store, click below.