Competition forces legitimate businesses around the world to constantly improve and grow. The online marketplace, in particular, has become saturated with new products and services. While shoppers have more convenience and choice than ever, small businesses have more competition and obstacles than ever.
The innovation that comes from steep competition is a great thing: companies are forced to be more efficient, waste less, and provide superior products. Unfortunately, fraudsters have followed suit. The rise of eCommerce shopping has opened new doors for fraud and theft. There are more types of eCommerce fraud now than ever, and online retailers face a daily threat to their business.
So it’s important for any business owner to find ways to combat this new threat. The first step to protecting yourself is to understand where the risks lie. Take a look at the 7 most common types of eCommerce fraud that most web-based businesses need to defend against.
Riskiest Touchpoints for eCommerce Fraud
First, consider the areas in your webstore that must be protected. Every customer trusts that merchants keep their personal data safe, but they often don’t realize how many points of risk they come across while shopping online.
To be fair, they shouldn’t have to; that’s the job of you, your eCommerce platform, and your credit card processing service. So it’s helpful to know at which points shoppers are most easily compromised by fraud. Below are a handful of the riskiest touchpoints:
- Opens an Account
- Enters Payment Information
- Login to Account
- Completes a Purchase
- Reorders a Product
- Uses Loyalty Account
- Edits Account Information
- Downloads a Business App
- Leaves a Review
- Buys a Gift Card
Refund fraud is one of the most common types you’ll find. And it’s growing quickly. In this scenario, the thief makes a payment for a group of products online with a stolen credit card. They then contact the business saying that they accidentally ordered a few items and would like a refund. They will claim that the account is closed or frozen and ask for the return to be made through a different method. If successful, the criminal gets the money and the retailer is left having to compensate the cardholder for the stolen amount.
How to Protect Yourself: Always flag such requests, even if they seem honest and legitimate. Ask for more proof or to speak with their bank to learn more about the original purchase. Stay polite and don’t accuse them of anything, but explain that you need to take proper precautions.
If the example above, the thief was making a purchase they didn’t actually want in order to get a cash refund for it. Here, the thief uses a stolen credit card to buy something that they actually want.
Also known as clean fraud because of its simplicity, this most often results in the thief getting the product while the owner of the card requests their money returned. This leaves merchants with stolen product and costly fees and fines for issuing a chargeback.
How to Protect Yourself: To avoid chargebacks, require shoppers to enter a matching billing and mailing address. Or have them add a CVV code on the card or another extra proof of authentication. You don’t want to make the shopping experience inconvenient or tedious, but you must protect each shopper.
In this instance, a criminal will test the authenticity of a credit card number to determine if they can use it for making a purchase elsewhere. They will use it on eCommerce stores that specifically mention the reason for the card being declined. For example, you might manually input all card information but if the expiration date is wrong, the payment page will notify you of exactly what the issue is. If a thief is trying to learn more about the card info, they can keep trying dates until it matches.
How to Protect Yourself: Set your payment portal page to not give definite feedback on incorrect card information. Instead, just give a less revealing, “card not accepted” message.
The biggest problem of the customer, during the placement of any order from any portal he has, pay the order amount, without getting any knowledge of their offer & policy.
Still surprisingly common, phishing fraud coaxes personal information out of shoppers. Typically, they’ll send the shopper an email asking for user identification, password, credit card info, security questions, date or birth, etc. Successful schemes are very good at making the email seem urgent and legitimate.
Once they have the stolen card, they will make a series of fraudulent purchases, leaving the merchant on the hook again for redeeming any stolen payments.
How to Protect Yourself: Again, add steps for authentication. Password and ID requirements such as minimum character length, special characters, or capitalization are all ways of making it harder for criminals to steal personal information. Remember, most people have no idea how compromised their personal information is at all times. So to protect your business, you need to force your shoppers to be smarter about their online finances.
How to Protect Yourself: If you’re a shopper beware of deals that are too good to be true. Best case, they are simply inferior in quality. If you’re a merchant who allows other online sellers on your website, again be sure to validate them beforehand.
Another more intricate scheme, shipping fraud starts with basic credit card fraud. Someone steals a shoppers card info and makes a card-not-present (CNP) purchase on an eCommerce store.
But then a second criminal is brought into the scenario. To reduce their risk, the original criminal hires another person to accept the package at a different address and then reship it to them. This means that if anyone is caught, it’s likely to be the middleman rather than the orchestrator.
How to Protect Yourself: Require matching billing and shipping addresses. More and more eCommerce stores are doing it, and very few shoppers have mismatched information. It adds no extra steps during the point of purchase and will turn away minimal potential customers.