đź“Ś Get the latest strategies to protect your revenue in your inbox

How to protect your ecommerce site from fraud
6 mins

How to protect your ecommerce site from fraud

Table of Contents:

    While ecommerce companies can celebrate the year-on-year increase in online shoppers, they also need to be wary of the dangers associated with such an increase. In 2021, ecommerce sites suffered staggering losses of €20 billion to fraud – an 18% rise from the previous year. Unless precautionary measures are taken, ecommerce businesses can lose control of their finances and brand reputation due to a few malicious actors. 

    In most cases, much of the fraud that takes place online doesn’t require high levels of technological sophistication. All that’s needed is the knowledge of a few tricks, access to the dark web, and an understanding of human psychology. No longer do thieves need to put themselves in physical danger if they want to ransack an individual or business’s bank account; they can hide behind the anonymity enabled by the internet. 

    In this article, you will learn about:

    • The most common types of ecommerce fraud,
    • Why ecommerce fraud is so prevalent,
    • And how to prevent it from happening to your business.

    What is ecommerce fraud?

    Ecommerce fraud refers to any type of illegal or false commercial transaction conducted across the web. The problem is a hugely costly one, and appears to be getting increasingly out of control: Juniper Research estimated that, between 2018 and 2023, ecommerce businesses will have lost €130 billion to online fraud. 

    In many cases (though not all), the fraudster will impersonate a legitimate user, a tactic significantly enabled by CNP (card-not-present) transactions. Sometimes the fraud is enacted by customers (called “friendly fraud”), whereby customers file for a chargeback. A chargeback is when a bank returns the money to the credit card owner. When that happens, not only does the business lose the money from the sale and the goods that they have shipped, but they also get hit with a chargeback fee from the bank. 

    Finally, the more sophisticated ecommerce frauds include scaling the dark web for credit card details, the creation of copycat websites, affiliate fraud, and triangulation – all of which you can read more about below.  

    Why does ecommerce fraud happen?

    • It’s easy

    Pre-internet, stealing someone’s money involved high risk. You had to pickpocket their cards or cash – which involved a certain degree of skill in order not to be caught red-handed -and you had to be capable of forging credit card signatures. Nowadays, cybercrime is a relatively low-risk business. 

    With identity theft, physical cards are no longer needed to make a purchase. All criminals need to do is take a trip to the dark web where they will find millions of credit card details for sale. For other kinds of online fraud, bad actors just need to know a few technological basics – such as how to set up a fake social media profile or website – and they can get started.

    • Conducted anonymously

    If ever you or your business has fallen victim to cybercrime, the likelihood is, you never knew what the criminal or criminals looked like, what their names were, or even what country they’re operating from. The digital world enables malicious entities to hide behind their laptops, wherever in the world they are. If they’re particularly skilled, they will be able to cover their digital tracks.

    • Evades the law

    Police departments do not prioritize ecommerce fraud. This is down to several factors. Often, the amount of money involved in a fraudulent transaction is not high enough to warrant significant attention, and it is famously difficult to track fraudsters. Many fraudsters operate across international borders, meaning different legal systems apply and the prosecution process is convoluted. 

    Red Points' business impersonation removal

    Types of ecommerce fraud

    Card testing fraud

    Fraudsters use stolen credit card details to buy products online. They don’t even have to harvest those credit card details themselves; they can simply head to the dark web where they can buy them. In 2019, the number of credit cards available on the dark web was at least 23 million

    Before the fraudster can make a large purchase (which could alert the owner of the card to suspicious activity), they need to test the card details to make sure they work. Usually, they begin by making several low-cost purchases. Once these transactions have successfully gone through, the fraudster will make bigger, more expensive purchases. 

    By the time the legitimate card owner is aware that their finances have been compromised, large amounts of money may have disappeared from their account. This hits businesses significantly, since not only will the business lose the product, but they will get hit with chargebacks once the cardholder alerts the bank to fraudulent activity. 

    Friendly fraud

    Friendly fraud – also known as chargeback fraud – is labeled as such because it is enacted by genuine customers. It involves customers making a purchase (usually with a credit card), then contacting their bank to dispute the purchase (perhaps they complain the product never arrived, or that they didn’t make the purchase). The bank returns their money, hits the ecommerce company with a fee, and the ecommerce company meanwhile has also lost the product. 

    This kind of fraud accounts for huge losses in the world of ecommerce. According to this report by Associate Certified Fraud Examiners, companies lose roughly 5% of their revenue to fraud each year, an amount that factors in chargebacks, lost inventory, operational costs, and false declines.

    Account takeover

    This occurs when a fraudster gains access to a user’s account on an ecommerce site. Once again, fraudsters may use the dark web to buy these details, or they could implement a phishing scheme

    Scammers send out phishing emails and texts that purport to be from well-reputed brands. The message may claim to offer a great deal or ask a customer to renew their membership, for example. In order to do so, the customer will be asked to provide their login information or card details. Once the scammer has these, they can then go to the legitimate site and make fraudulent purchases. 

    Interception fraud

    Once fraudsters have someone’s card details to hand – whether that’s through the dark web or phishing schemes – they can then buy a product online. They will input the same billing address as the shipping address. Once the purchase has been made, they will quickly change the shipping address, thereby redirecting the package to their home. 

    Triangulation fraud

    Triangulation fraud is generally enacted through a fake website. The fake ecommerce website may mimic a brand or be completely new. Either way, they will offer high-quality goods at comparatively low prices. Customers looking for a deal will buy the product off of the fake website. Meanwhile, fraudsters at the other end will be harvesting those card details. 

    Once the purchase has been made, the scammers will buy the product from the genuine site, and deliver it to the customer. The purchaser may not know for a long time that their credit card has, in fact, been used twice for the same purchase. 

    Affiliate fraud

    Affiliate marketing operates on a sales/commission-based model. Online affiliates will advertise products for a merchant together with a trackable link.  With every click on the affiliate link that leads to an eventual purchase, the affiliate makes money (usually this amounts to a percentage of each sale).

    There are several ways dishonest affiliates can abuse their power. One of the most common ways is through the combination of a fake website and typosquatting. They will register a mistyped version of the merchant’s domain name, and create a website that looks just like the original merchant’s. At the top of the website, the fraudulent affiliate may place a banner, which the customer has to click through to reach the legitimate site. This banner will contain the trackable link, which, if leads to a purchase, earns the affiliate money. 

    What would have constituted organic, non-affiliate traffic, therefore, the affiliate takes (financial) credit for.

    How to detect ecommerce fraud and protect your company

    Have clear policies

    There are ways companies can protect both themselves and their customers. One of them is by having a strong password policy. While customers may find it irritating having to come up with long passwords, it reduces the likelihood for fraudsters to hack into their accounts. To protect your business from chargebacks, operating a solid return policy – clearly stated on your website – always helps. Let customers know what qualifies as a return, the documentation they’ll need to show, and how the refund will be processed.

    Manually review risky orders

    There are a few red flags to note when it comes to card testing fraud. For example, a low-value order, or multiple low-value orders from unusual IP locations are red flags. VPN protected purchases are another. If you’re seeing red flags, reach out to the customer and ask for further verification. While manually checking orders during peak holiday times and for large companies may not be possible, for smaller enterprises this is a good, precautionary measure to counter fraud.

    User verification software

    A simple and popular fraud-prevention technique is to ask customers for their CVN (card verification number). This is because scammers generally use the details from a photo of the front of a credit card – not the back, which is what carries the CVN. An AVS (address verification system) is another way to authenticate a purchase. This links the customer’s billing address to the card the fraudster is using.

    Proof of delivery

    According to NRF, return fraud – when customers say they haven’t received their item and ask for a refund – is a €25.3 billion problem. By implementing a proof of delivery system, you avoid this possibility from arising. 

    PCI compliant

    PCI compliance is a standard that all ecommerce businesses need to adhere to inorder to process online transactions safely. These standards include encrypting cardholder data across public networks, regularly testing your cybersecurity system, restricting which employees can access customer data, and using antivirus software to prevent any malware or ransomware attacks.

    Detect online impersonation with automated software

    To avoid the problem of phishing via fake shopping websites, fake affiliate websites, and other account takeover mechanisms, businesses should download detections and automatic takedown software. Red Points Intellectual Property Software scans the web 24/7 for copyright and trademark infringements in the form of fake websites, copycat social media profiles, and look alike apps. Once found, it will automatically send a takedown request, so that you don’t have to worry about customers being duped by scammers.

    What’s next

    Parallel to the astronomical growth of the ecommerce market has been the increase in online fraud. Cybercriminals are the everpresent enemies of online businesses and shoppers, sucking away billions of dollars via phishing tactics, account takeover, untrustworthy affiliates, and triangulation. Most of these fraudulent practices involve some kind of impersonation of the original brand. Stop impersonators from exploiting your brand with Red Points Impersonation Removal, and start protecting your digital revenue.

    New call-to-action

    You may like...

    6 methods successful brands use to increase revenue in ecommerce
    Black Friday online scams: How to protect your digital revenue in 2023
    7 ways online retailers can prevent revenue loss