Top 3 ecommerce frauds and how to tackle them
Tyler Mullen is director of marketing at Kensium.
Amazon founder Jeff Bezos once said:
“We see our customers as invited guests to a party, and we are the hosts. It’s our job every day to make every important aspect of the customer experience a little bit better.”
This quote couldn’t be more true when considering you want to make each customer’s experience as exceptional as possible, especially when it comes to security. Customers want to know that their personal and financial information is secure and won’t fall into the hands of bad actors on the internet.
In a world where so much communication happens over the internet and the virtual environment is chock full of advertisements with products and services to buy, the role of online marketplaces cannot be underestimated. The impact of communication via the internet attracts criminals to take advantage of security weaknesses, as well as use scams and malware to compromise your customer’s data.
How Bad Is It?
Ecommerce fraud permeates the market. An estimated $630 billion in sales transactions occurred in 2020, and an estimated $16 billion is forecast to be lost because of fraud. When it comes to preventing fraud, every business must stay vigilant to mitigate the significant impact it can have on their revenue. Outdated legacy fraud detection and prevention methods are insufficient to match the technical abilities of today’s fraudsters.
As the holiday season quickly approaches, it’s critical to your business to protect yourself against fraud. This means following security best practices, using security tools that leverage advanced technologies like two-factor authentication and machine learning, as well as automated chargeback management. These tools are at your disposal to fight back against hackers and there are multiple solutions that provide dynamic end-to-end payment protection that follows the customer through the payment lifecycle. Let’s take a look at the top three ecommerce frauds and how you can tackle them.
Start Preparing In Advance
Creating and implementing a successful anti-fraud strategy should start six months in advance of the busy holiday sales season. This way, you are ready and able to mitigate fraud risk. The first way to prevent fraud is by performing upgrades on all the platforms you use to run your ecommerce business. This means upgrading and updating your ecommerce platform, hosting platform, and ERP service. These upgrades ensure that you have the most recent installations that contain upgrades to security patches and potential bugs found in previous releases.
Next, take a good hard look at your current fraud detection policies and capabilities. Ask yourself if it is time to update these policies as well. Start with the most common fraud and research the technology available that is best suited to address that specific threat. For example, machine learning-based fraud detection systems analyze customer data to identify unusual user behavior that fits the profile of known fraudulent activity. Alerts are sent to the merchant so they can take steps to shut it down. This type of fraud prevention is especially useful when it comes to “friendly fraud.”
Friendly Fraud is anything but friendly. According to Chargeback.com, it comprises over 70% of ecommerce fraud losses. This type of fraud happens when a cardholder disputes a legitimate purchase. The tricky part is figuring out if it’s an innocent mistake or a malicious attempt to steal money.
One of the most common ways this scam is accomplished is when a buyer falsely claims that they did not receive their item, also known as INR. There is no hacking here, after the buyer files an INR claim, they are given the benefit of the doubt and are given a full refund or a replacement item. When this happens, they get two items for the price of one.
Another way of performing Friendly Fraud is using chargeback fraud. This is when they contact their credit card company and ask for a chargeback due to the missing package. If the bank issues a chargeback, it’s up to the merchant to prove that it was fraudulent in order to recoup their loss.
How To Prevent Friendly Fraud
Friendly fraud is extremely tricky to prevent because accusing a customer of fraud, and if it really isn’t, you risk losing a customer. Here are a few best practices to follow to prevent Friendly Fraud:
- Keep Detailed Transaction Records: Store purchase history information such as the details of when, where, and how a purchase was delivered or activated. Merchants can offer customers the necessary information to jog memories regarding the legitimacy of a transaction.
- Create Household Profiles: Using historical data, merchants can create “household” profiles that include customer purchasing habits, preferred devices for shopping, and even device IP addresses. This data increases the likelihood of winning a chargeback dispute.
- Return and Refund Policies Should Be Clear and Easy to Find: Include links to easy-to-understand return and refund policies on your website. Customers are less likely to initiate disputes when you ensure these policies get seen in prominent locations. It also protects you when you conflict with your payment processor over a chargeback.
Account Takeover Fraud
Account Takeover Fraud happens when a fraudster uses a piece of someone else’s identity, like a Social Security number, email address, or credit card number to take over the identity of a genuine customer and gain access to their accounts. Any online login can be taken over by fraudsters, including but not limited to ecommerce accounts, subscriptions, banks, credit cards, and emails. Depending on the attack, their account details may be changed and the account is used to order goods or the fraudster sells the account data elsewhere.
Preventing Account Takeover Fraud
The best way to avoid Account Takeover Fraud is to recognize the signs that an account has been taken over by a fraudster. Look for multiple failed login attempts or multiple logins from unrecognized devices. The following recommendations can help you fend off this type of fraud.
- Unique Transaction Signatures: Create unique transaction signatures using data such as account numbers, transaction amounts, and time stamps. These signatures are difficult to fake, and they create digital trails for fraud investigators to follow.
- Enable Two-Factor Authentication (2FA): This increases the safety of online accounts by requiring two types of personal information from the user before they can log in. Many companies stand by 2FA as the best defense against most hackers, with good reason. According to a 2020 Google security study, 2FA prevents 100% of account takeovers by bots and is 96% effective at shutting down phishing attacks.
- Risk Analytics: During an account takeover, risk analytics can pinpoint atypical account behavior and trigger an emergency authentication process that will immediately put a stop to flagged transactions.
Our partner, Webscale, offers the ecommerce industry’s most comprehensive security platform. Webscale’s real-time Traffic Viewer, which provides deep visibility into login pages, tracking both successful and failed logins, and Rate Limiting, make it easier to detect brute force attacks or repeated failed logins, shutting down, or limiting access, to login pages.
Hijacked Shipping Accounts
Determined thieves can steal shipping account numbers to divert large shipments from merchants to wherever they want. Once these account numbers can be accessed, they are often used in the same manner as stolen credit cards and resold on the dark web. Hackers target all sizes of businesses. They’re looking for vulnerabilities and seeing how diligently the shipping accounts are monitored. Hackers also use fake shipping invoices to trick recipients into wiring money to the fraudster.
What You Can Do to Address It
A dependable way to prevent hijacked shipping account numbers is to implement a central shipping management system that includes these features:
- The ability to make account numbers accessible only to specific and trustworthy employees.
- A reporting system that allows these users to schedule pickups and track packages regularly.
- A tracking system that cross-references user activity with shipping order activity to determine any suspicious behavior.
No matter how you track down evidence of fraud, it takes time and effort. These scams are a legitimate threat to merchants both big and small, their customers, reputation, and most of all, their customers. To prevent these and other ecommerce fraud, it’s critical to prepare as soon as possible.
If you need help with securing your web application(s) in the cloud or urgent support due to an unfortunate security incident, write to us at email@example.com or reach Webscale’s global security response team at firstname.lastname@example.org.