Contributed by Matt Shealy, president of ChamberofCommerce.com.
In 2019, the United States’ Federal Trade Commission (FTC) received more than 650,000 reports of identity fraud. Of these, 45 percent stemmed from credit card fraud: Scammers opening up accounts or taking over accounts to make fraudulent purchases online.
These are just the cases that were reported to the FTC. More than 14 million people in the US are victims of identity fraud each year. As we know, however, they aren’t the only victims. Merchants doing business online are losing billions each year to e-commerce fraud.
These stolen identities are used to open up new credit accounts in the victim’s name or to take over their accounts and buy goods from e-commerce sites. When customers dispute the charges, it’s the merchants that get left holding the proverbial bag. Often, merchants lose out on the cost of the item and the money from the sale. They may also get hit with additional fees from credit card issuers.
Online fraud affecting e-commerce retailers
Other methods scammers use to defraud e-commerce merchants are varied and often sophisticated. They include:
• Friendly fraud: This is one of the most common—and fastest-growing—types of fraud. This happens when a customer buys online and then disputes the charges with their financial institution or credit card issuer. They do this often without contacting the merchant or attempting to return items. They keep the item and demand a refund from their card issuer. Then, the card company tacks on fees to the merchant.
• Triangulation fraud: Fraudulent actors will build fake websites and offer to sell popular items for cheap prices. After they get the credit card data, they purchase the item from another seller. The consumer gets charged twice. Because they receive the merchandise, they may not notice the fraud if they don’t check their bill carefully. Armed with the credit card information and credentials, the scammers defraud other merchants.
• Interception fraud: Once threat actors have access to an account, they track orders as they are made. They contact the merchant and change the shipping address to their own, or contact the shipping company and ask to reroute the delivery.
Fighting e-commerce fraud
The only way to fight fraud is to stop it before it happens. It takes serious fraud-prevention tools, using intelligence and detection software to analyze orders before they are processed for fulfillment. Manual attempts to spot and control fraud aren’t sustainable.
You need a solution that will analyze every transaction for high-risk and flag those that need further fraud prevention analysis. The best solutions will use device fingerprinting to identify potential fraud and risk scoring to flag risky orders.
It should flag anything that displays one of the 10 warning signs for further scrutiny.
1. First-time shoppers and new customers
2. Large orders with no ordering history
3. Large quantities of the same product
4. Billing and shipping addresses that don’t match
5. Billing information that doesn’t match IP addresses
6. Multiple purchases on different cards from the same IP address
7. Rapid transactions in a short time
8. Multiple orders on different cards to the same address
9. Expedited shipping requests
10. Unusual online behavior
Proactive measures to fight e-commerce fraud
There are also best practices to proactively fight eCommerce fraud.
• Security codes: When someone presents a credit card at a physical location, there’s a person connected to the card. Online orders fall into the Card Not Present (CNP) categories. By their very nature, they are higher risk transactions. Requiring the three- or four-digit CVV codes can prevent some fraud.
• Address verification service (AVS): By cross-checking a customer’s billing address with a shipping address that’s tied to the card, scammers that are sending goods to alternate locations can often be detected.
• Require strong passwords: One of the best ways for consumers to protect their online information is by using strong passwords and two-factor authentication. Merchants can require strong passwords using capital letters, numbers, and special characters that are more difficult to hack.
• Automated scanning: Software that constantly scans incoming orders for potential flags and isolates potential fraud for a deeper review.
• Updated software: Some of the biggest data breaches in history have occurred because there was a known security flaw in software and a patch was available—but the company failed to install the patch. This left their site vulnerable and threat actors were able to steal customer information.
Protect yourself from e-commerce fraud
E-commerce entrepreneurs have many advantages compared to brick-and-mortar competitors. Higher margins, lower overhead and fewer barriers to entry are all competitive advantages of starting an e-commerce retail business. It comes with its downsides though. If you’re an e-commerce entrepreneur, it’s time to implement the security protocols and technology to protect yourself from cyber criminals.