Whether it’s a new sofa for your living room or a life-sized cardboard cutout of David Hasselhoff, you can now purchase almost anything online. In fact, online shopping has become so widespread and so popular that retail e-commerce sales alone are projected to reach almost $5 trillion by the end of 2021.
The COVID-19 pandemic is in part responsible for this. People switched to shopping online as worldwide lockdowns loomed, and as online shopping became more popular, the opportunities for fraudsters grew. Seeing that merchants are hit by over 200,000 web attacks a month, it’s no wonder that e-commerce fraud is becoming a huge concern for online businesses.
What is E-Commerce Fraud?
E-commerce fraud is any type of fraud that happens on an e-commerce platform. This includes using fake accounts, breaking into existing accounts, and trying to pay for items with stolen credit cards—to name just a few.
Within the e-commerce industry, payment-related attacks are still by far the most popular due to the money involved. But other types of e-commerce fraud such as promo abuse and card testing fraud, which are explained below, are on the rise.
Why is Fraud So Prevalent on E-commerce Apps and Websites?
Simply put, the e-commerce industry is a treasure trove of fraud opportunities. For example, fraudsters can commit fraud at the checkout screen by using stolen credit card details. They can also take advantage of a promo code meant for new visitors by creating lots of fake accounts, each with different email addresses and personal information. Or they can falsely claim their purchase was never delivered in order to get their money back, which is known as refund fraud.
Since e-commerce transactions often involve cross-border transactions, it is not only difficult for police to find an appropriate punishment, but also tricky for them to identify the bad actors overseas. It’s also fairly easy to stay anonymous by using fake accounts and PO boxes instead of regular addresses. It’s no wonder e-commerce fraud is expected to exceed $20 billion in 2021.
Types of E-Commerce Fraud
There are several types of fraud that can be conducted on e-commerce apps and websites. Let’s dive into some of them.
1. Payment fraud
Payment fraud takes place when stolen credit card information is used to carry out a transaction online. It’s usually conducted in one of two ways—card-not-present (CNP) fraud or card-present fraud. In CNP fraud, credit card information is obtained through avenues such as buying card details on the dark web. Credit card details can also be acquired by a process known as phishing, which involves tricking victims into clicking on a malicious link to reveal sensitive information such as their credit card details. Card-present fraud requires the stealing or cloning of a credit card.
2. Friendly fraud
This type of online fraud happens when an individual makes claims that seem to be genuine and honest, but actually aren’t. For example, fraudsters can try to get a refund by claiming a product was never delivered or that it didn’t match the product description.
3. Promo & referral abuse
Promotional and referral campaigns are a great way to get new customers and keep existing customers happy. Unfortunately, fraudsters will often abuse these over and over again by creating lots of fake accounts to use the same promo code many times. For example, ‘invite a friend and get $10 off your first purchase’. A fraudster can create multiple fake accounts and invite themselves several times.
4. Triangulation fraud
Triangulation fraud takes place when a fraudster creates an online store that offers high-demand goods at unusually low prices. It involves a fair few moving parts, so is best explained with an example.
A fraudster creates an online store selling heavily discounted items. When a customer places an order on the fraudster’s store, the fraudster orders the same item from a legitimate e-commerce business using stolen credit card information and sends it to the customer. The customer receives their item for cheap and the fraudster makes a profit because they have used a stolen credit card. In the end, the legitimate e-commerce business loses money because the actual owner of the stolen credit card will ask for a refund, while the fraudster receives the customer’s original payment.
What makes this so hard to detect is that if it’s done well, no one will realize that a fraudster has been involved. The fraudster’s customer receives a real item from a website they think is legitimate, the credit card owner blames the legitimate e-commerce business that the fraudster bought the item from, and the e-commerce business blames either the credit card owner or the postal system.
5. Gift card fraud
Using stolen credit card information, fraudsters can buy and resell eGift cards for cash. Similar to triangulation fraud, the credit card owner may notice this fraudulent transaction and ask the e-commerce platform for a refund, leading to losses for the merchant.
6. Card testing fraud
This takes place when a fraudster gains access to credit card information through the dark web but isn’t sure if the card will work. They may also be uncertain of any limitations on the card such as spending limits. To see if it works, the fraudster can make small test purchases on an e-commerce app before moving on to make larger purchases. This not only causes the merchant to lose inventory but can also lead to lost revenue and tarnished brand reputation if the original card owner notices and disputes the fraudulent transactions.
7. Flash sales abuse
E-commerce businesses often hold flash sales during seasonal periods, or to get rid of excess stock. These items sell out instantly, sometimes within seconds. To take advantage of this, fraudsters will use bots to buy these items in bulk and resell them on other platforms at higher prices.
Signs of E-Commerce Fraud
Online merchants should monitor their websites and apps for fraudulent activity. For example, online retailers should be wary of different credit cards being used from the same IP address. They should also keep an eye out for shipping and billing addresses not lining up with the customer’s IP address.
Other telltale signs are people ordering large quantities of the same product or completing multiple transactions in a short period of time. Numerous declined transactions in a row are also something to look out for as these might mean a fraudster is testing a credit card.
New customers buying large quantities of expensive items are something to pay close attention to. This may be a sign of a fraudster trying to make the most out of a stolen credit card. Additionally, merchants should ensure order data is consistent. For example, if the zip code and city don’t line up, or the shipping and billing address differ, this might be considered risky behaviour. Online merchants should also be wary when they suddenly start receiving several orders from a new country, especially if it’s a country they don’t have a particularly large presence in.
How to Stop E-Commerce Fraud
Although e-commerce fraud is on the rise, there are still methods merchants can implement to stay one step ahead of fraudsters. Employing overly-strict fraud prevention methods could hurt the experience of good users, possibly harming company revenue and customer satisfaction. Implementing e-commerce fraud prevention strategies that strike a balance between a secure platform and satisfied customers is essential.
For example, regular audits to ensure all security measures are up to date helps make apps and websites less vulnerable to fraudulent activity. Closely monitoring the site for suspicious activity is another way to prevent fraud without drastically harming the experience of a trusted user.
While e-commerce businesses often collect personal information from their customers to help with their marketing efforts, only collecting necessary personal data helps make the app more secure and less prone to fraudulent activity. For example, collecting customer names and email addresses rather than sensitive information such as social security numbers.
Given that fraudsters can use PO boxes instead of regular shipping addresses, scrutinizing purchases ordered to non-physical addresses could help lower fraud rates as well.
How SHIELD Can Help With E-Commerce Fraud Prevention
SHIELD’s technology can help e-commerce companies build customer trust by detecting malicious devices and users on the platform in real time.
One of SHIELD’s key features that enables this is the SHIELD ID, which is a unique alphanumeric set of characters that functions as SHIELD’s ‘label’ for every device that accesses an e-commerce app or website. The usefulness of the SHIELD ID lies in the fact that it stays the same no matter how much fraudsters try to make an existing device look new. Fraudsters are constantly manipulating their devices in an attempt to convince their target app that they are a new user. The SHIELD ID also highlights any fraudster that uses the same device to create multiple user accounts. Whereas an e-commerce app would label each user account as belonging to an individual user, the SHIELD ID would show if user accounts are created using the same device—a sure sign of fraud.
Another key feature is the group of SHIELD Risk Indicators, which identify all and any tools in use that are typically associated with fraud. For example, if a fraudster was using an app cloner or emulator to conduct promo abuse, SHIELD’s technology will pick up on this and flag it in real time.
To try and get around fraud detection and prevention solutions, fraudsters also tend to turn on their fraud tools after they’ve opened the app they’re trying to defraud. This is because almost every fraud prevention solution will only check for risky behavior when an app is opened. SHIELD Sentinel is a feature unique to SHIELD that stops this once and for all. It works by profiling for risk continuously throughout the user session, so that the moment a fraudster turns on a malicious tool or tries to tamper with their device, SHIELD Sentinel catches them red handed.
Future E-Commerce Fraud Trends
As the e-commerce industry expands and more and more people turn to online shopping, online fraud will become an even bigger problem.
Account takeovers were common before the pandemic. Unfortunately, they will continue to be so after. During the pandemic, online retailers began offering even more discounts and promotions in an attempt to build customer loyalty and increase sales. Customers became more active on these apps and those that hadn’t used their accounts in months or years came back. This presented fraudsters with the perfect opportunity to take over accounts. The surge in customers coming to the business masked what might have been a red flag before - activity from a lapsed account. We expect account takeovers to continue being one of the most common fraud threats that e-commerce merchants will face.
We also expect e-commerce merchants to see a rise in promo abuse and return fraud. With merchants adopting more flexible returns policies and the introduction of contactless deliveries, tracking successful deliveries and genuine returns has become harder. Fraudsters may claim an item wasn’t delivered or was of poor quality in order to take advantage of these flexible policies.
Protect Your E-Commerce Business from Fraud and Abuse
The pandemic has driven up e-commerce revenue worldwide, pushing the adoption of e-commerce platforms at an unprecedented rate. With this comes an increased opportunity for online fraud, amplifying the need for a real time fraud prevention solution to stay ahead of the competition.
