March 26, 2020
Ecommerce fraud is evolving, is on the rise, and is impacting revenue. It is even more important to address it today with the recent increase in digital purchasing trends. A study by Juniper Research found that online payment fraud, including eCommerce fraud, is set to exceed $200B by 2024. And while eCommerce fraud increases are nothing new, fraud attacks are becoming more sophisticated. McKinsey researchers predict that the bulk of fraud will begin to evolve out of situations like account takeovers, and primary fraud challenges including identity theft and disputed charges will grow.
In response to these predictions, it is more important than ever for today’s eCommerce businesses to take proactive steps to mitigate fraud. Investing in the right eCommerce fraud prevention solution can make a big difference in customer safety and digital business’ financial results.
This guide will explore common types of eCommerce fraud and discuss strategies for detecting and preventing them.
Common Ecommerce Fraud Types
Ecommerce fraud comes in all shapes and sizes.
Individuals with malicious intent often use stolen or fake credit cards to pay for items. They may even take over customer accounts with unauthorized access. The following information lists the five main types of eCommerce fraud.
- Friendly Fraud
Friendly fraud has grown faster than criminal fraud and is up 41% over the last two years. This type of fraud occurs when a consumer makes an online purchase with their credit card and then disputes the charges with the issuing bank rather than requesting exchanges, refunds, or confirming unrecognized charges on their statements. In some cases, the customer has malicious intent to dispute the payment and keep the goods or services, but more often, consumers call their credit card companies to request more information about a purchase simply because they don’t recognize it.
Sometimes disputes are genuine, while in other instances, they’re filed deliberately with the intent to try to get a product or service for free. While friendly fraud isn’t usually the type that’s undertaken by criminal enterprises, it can still damage a business’ profits, especially as the disputes are often filed after the customer has received their goods.
To help businesses alleviate the impacts from friendly fraud, and isolate why and how it occurs, Kount has introduced a Friendly Fraud Prevention Solution that provides a complete platform to protect against both friendly and criminal fraud. The solution accurately identifies criminal fraud, friendly fraud, and legitimate disputes.
- Friendly Fraud
- Triangulation Fraud
Triangulation fraud occurs when individuals build fake online stores to sell items at cheaper prices. The fake store has a single purpose: to purge credit card data. After the credit card information is collected, the legitimate transaction is forwarded on to the real store, which ships the item. Here’s how the fraudster wins:
- The customer pays a cheaper price at the fake storefront
- The actual price of the order is sent to the real merchant, where the customer’s card is charged again
Occasionally, those who commit triangulation fraud will keep the stolen card information and make purchases elsewhere.
- Interception Fraud (stolen card)
Ecommerce businesses are defrauded by threat agents who attempt to intercept a customer’s order. This is done by:
- Contacting a vendor’s customer service partner and suggesting they change the order’s shipping address to their own
- Approaching the shipping company directly and asking them to reroute a delivery to an alternative address so they can intercept it at another location
This type of fraud requires hacking into a customer’s account so they can access order and shipping details to use when contacting these departments.
- Account Takeover Fraud
Account takeover fraud has emerged as an issue of major concern for online businesses and digital commerce. Part of the reason for the rise in this type of non-financial credentials fraud is due to the dark web demand to sell and distribute stolen email addresses, passwords, and other personal privacy details.When a threat agent discovers the right combination of username and password, they can access and exploit genuine customer accounts.
- Triangulation Fraud
- New Account Fraud
Otherwise known as online account origination (OAO), new account fraud occurs when a threat agent creates new accounts to take advantage of offers and services.The fraud occurs when a vendor is unable to tell if a new account is legitimate because stolen bits and pieces of real identity are used to create a new account. Without prevention methods, this can lead to identity fraud and illegitimate purchases taking place on eCommerce sites.
How to Detect Ecommerce Fraud
(13 Red Flags)
Online fraud prevention is an important ally in the interpretation of fraud signals. Manual review alone isn’t sustainable, particularly as online ordering increases in popularity. Here are a few of the risk signals that fraud prevention strategies identify.
- First-time shoppers
Commonly, threat agents like to hit websites they have not visited previously. Once they hit the site, they’ll move on. By disguising themselves as first-time shoppers, these threat agents don’t raise red flags. As a new customer, businesses lack a track record of whether or not their purchases are unusual. A network of data is essential to detect information about the purchase and the customer including location data, shipping addresses, and other indicators to give insight into the first-time shopper.
- Larger-than-average orders
If a customer places a larger-than-average order, fraud prevention strategies can determine whether or not that behavior is risky. Any order that’s significantly larger than the average purchase on a site can be cause for suspicion. Think about it this way: threat agents with stolen credit card details will want to spend “big” while they’ve got the chance, so the easiest way to do so is to buy as much as they can.
- Fast shipping
Threat agents like to expedite the shipment of their fraudulent purchases. As stolen card details have a short lifespan, a criminal knows time is against them. Because of this, they are more likely to pay for faster shipping, even if the rate is expensive. After all, it’s not their money they’re spending. So, if a customer places an order for $100 on a digital site, yet they’ve selected expedited shipping that costs an extreme amount, it could be a sign of fraud.
- Unusual location
Businesses must pay close attention to the location where orders are placed. For example, if a store predominantly sells nationally, and all of a sudden, orders are pouring in from a location halfway across the world, it could be a sign of fraudulent behavior.
- A large quantity of the same product
If businesses receive an order that has a large amount of the same items, this could also signal fraud. As other circumstances on this list highlight, threat agents tend to make large orders and expedite orders, since stolen cards can be cancelled at any time. If a large order of the same product comes through a store, it may be wise to follow-up with the customer who placed it in order to confirm and clarify purchase details.
- Multiple shipping addresses
Fraudsters sometimes make orders to multiple shipping addresses with several stolen cards, each placed under a different name. If a customer’s account has multiple shipping addresses attached to it, this is a red flag.
- Shipping/billing address doesn’t match IP address
The benefit of eCommerce stores is that businesses can track the finer details of a customer’s order: from their billing and shipping addresses, right down to their IP address. If all of these don’t match up, it should raise a red flag. For example, if an IP and shipping address is different to an order’s billing address, this could be a sign that the transaction requires more scrutiny.
- Multiple cards from a single IP address
If orders are being placed from the same IP address, but from several different cards, this could be a problem. Although it’s not unusual for customers to have more than one card, several different cards — especially if they’re placed at the same time — should be considered suspicious.
- Odd use of punctuation or letter capitalization
Individuals who commit fraud sometimes use unusual spelling, punctuation, and letter capitalization when they commit eCommerce fraud — also red flags.
- Multiple transactions in a short amount of time
We’ve highlighted that fraudsters are usually on a short time limit when they’re committing eCommerce fraud. If businesses detect a series of orders being placed in a short period of time, this could cause issues.
- Multiple orders to the same address with different cards
This is a lazy sign of eCommerce fraud, yet it exists. Often, fraudsters won’t steal information from a single card, rather they will use multiple cards. Therefore, they attempt to place fraudulent orders with different cards and ship them to the same address. If multiple orders are placed with different cards, whether over a single transaction or several, then this could signal fraud.
- Email First Seen
Many digital businesses see a correlation between the age of an email address and the risk of fraud related to that email address. For example, most consumers have used the same email address for some time, while bad actors often create new email addresses for every transaction in an attempt to circumvent basic velocity checks and link analysis. As a result, new email addresses are often high indicators of low trust levels.
- First-time shoppers
- Linking multiple fraud signals
Sometimes, a single “red flag” purchase isn’t enough to indicate fraud. By linking a customer identity to more than one of the risk factors listed above, multiple data points can provide a robust story that helps analysts determine if a purchase is realistic or if there is a suspicious clue in the scenario.
9 Best Practices for eCommerce Fraud Prevention
A recommended best practice for fighting eCommerce fraud and the costs that accompany it, is to rely on the following tactics simultaneously or in conjunction with certain behavior indicators.
- Card Security Codes
There is certain eCommerce activity that is considered a higher risk for fraudulent activities, like “card-not-present” (CNP) orders.These occur because it’s difficult for vendors to verify a cardholder’s identity. To make sure this doesn’t happen, businesses should implement card security code requirements. These three-or four-digit codes can reduce the probability of the transaction being fraudulent.Although requiring card security codes won’t counteract certain types of fraud such as chargebacks, lost or stolen cards, it can give an extra safeguard in an anti-fraud toolkit.
- Address Verification Service (AVS)
A common occurrence with eCommerce fraudsters is shipping to a different address or adding a different billing address to an order.Implementing an Address Verification Service (AVS) can reduce the risk of this happening. The technology cross-checks a customer’s billing address with the billing address their card issuer has on record. The check uses two data points, a house/flat number and the customer’s ZIP code, to confirm the check.
An example of an AVS check. Image Source
AVS reduces the likelihood of fraud by accepting, flagging, or rejecting the transaction based on the results of the check.
- Reliable Third-Party Payment Processor
Outsourcing checks to a third-party payment processor is one of the easiest and safest ways to counteract eCommerce fraud.Third-party payment processors often take care of situations like customer chargebacks and security compliance, as well as data storage. Keeping customer data safe should be a top priority, especially if card details are saved in customer accounts. A third-party payment processor can keep customers’ confidential data secure, which can cut the amount of e-commerce fraud attempts against a store.
- Password Requirements
Implementing strong password requirements on your customer’s account profiles can reduce fraudulent activity against them.Passwords that don’t include capitalizations, numbers or special characters are easier for fraudsters to hack. Instead, you should implement requirements for your customer’s passwords, such as a minimum amount of characters, including at least one capitalization and also special characters. A password such as “Afr*che8” is a lot harder to hack than “password”.
- Follow PCI Standards
Payment Card Industry (PCI) standards are a set of regulations created for businesses to help protect their business (and their customers) from fraudsters online.The standards were created by financial corporations, including MasterCard, American Express, and Visa to safeguard consumer data. The rules are mandatory for online retailers and are rigorously enforced.The good news? Most major payment processors already comply with PCI standards. Make sure a selected payment processor adheres to these standards before using it on an eCommerce site.
Training can play a crucial role in preventing fraudulent activity on a site.With a well-trained customer support team and stringent security system, businesses are less likely to be subjected to fraudsters. For example, fraudsters may contact a customer service team during peak trading periods to enquire about transactions. If staff has been given sufficient anti-fraud training, it will be easier for them to know what to watch out for and how to respond to potentially fraudulent enquiries effectively.
- Monitor Transactions
A firm understanding of transactions and customer spending habits can give businesses an advantage in fighting eCommerce fraud.Tracking accounts and monitoring “red flags” such as large orders and inconsistent addresses and shipping information can help highlight fraudulent activity. Even with transaction software, manually monitoring suspicious orders is an excellent way to spot red flags in an order fulfilment process.
- Keep Software Updated
If a business is using software to fight the eCommerce fraud battle, it is important to make sure it is updated.Fraudsters are constantly finding ways to avoid getting caught, and anti-fraud software providers are fighting them every step of the way. However, if software isn’t updated, it can leave businesses vulnerable to new fraud patterns.Software relies on security patches to prevent fraud, as well as protecting against new viruses and malware. Without updates, businesses are at risk of hackers accessing data and sidestepping any measures in place to reduce fraudulent activity.
- Use a Renowned Ecommerce Solution
Finally, using an eCommerce solution that has a history of safe and secure transactions will ensure most fraud prevention measures will be addressed.Ecommerce solutions like WooCommerce, Magento, and Shopify have extensive features in place to protect vendors against fraudulent activity. For example, Magento has its own Fraud Order Detection System to ensure transactions are secure, while Shopify has built its own Fraud Protect for Shopify Payments system.In Shopify’s case, each transaction through a vendor storefront is processed and then classified as either “protected” or “not protected”, making it easier for vendors to spot fraudulent behavior.
An example of a transaction flagged as fraudulent using Shopify. Image Source
Add Another Layer of Protection with Fraud Prevention and Detection Solutions
Basic best practices will provide a level of eCommerce fraud protection. However, relying on manual review alone is tedious, hard to scale, and prone to human error. For companies to more efficiently and accurately scale eCommerce fraud detection and prevention, they will need to invest in a powerful fraud prevention solution. With Kount’s AI-driven online fraud prevention, businesses can prevent emerging fraud, accept more good orders, reduce manual reviews, and control business outcomes. Kount’s AI simulates an experienced fraud analyst by weighing the risk of fraud against the value of the customer, but on a faster and more scalable basis.
Kount’s AI-driven fraud prevention simultaneously helps good customers have a positive experience, essential for repeat business.
What value does a fraud prevention technology stack provide to eCommerce business? Kount has identified 4 aspects of fraud prevention that support growth:
Like any eCommerce business, dealing with transactions quickly can make all the difference to customer satisfaction. Reducing the length of time needed to detect fraud is critical. Kount has addressed this by checking transactions in milliseconds using:
- A blend of supervised and unsupervised machine learning models
- Advanced anomaly detection capabilities
- Deep data from 50+ payment processors and card networks, and decisions from thousands of fraud analysts
- Accuracy + Scale
Kount’s solution makes sure every activity, from checkout or account creation, is analyzed for accuracy. Kount’s Identity Trust Global Network cross-checks billions of data signals to establish real-time links between identity elements and makes a trust decision that provide the desired customer experience ranging from low friction to blocking fraud.
The technology uses advanced algorithms and models to detect transaction anomalies more accurately and on a larger scale than any human system possible. This level of accuracy increases the chances of detecting potential chargebacks before they can occur.
Fraud protection technology needs to be efficient and suitable for a company’s needs.With Kount, customers gain visibility into transactions with a streamlined Control Center that makes it easier for companies to build a fraud prevention system that works for them. The Control Center allows businesses to fine-tune fraud prevention decisions, conduct investigations, and monitor performance. Businesses can create policies depending on what type of fraud they’re tackling, and then customize their risk thresholds to prepare for other attack methods.
Unbiased tracking of accounts and transactions is an essential element to eliminating fraud. Putting technology in charge of the battle against fraud is one of the best ways to eliminate human bias from the equation. Kount’s technology detects fraud using highly predictive scores. The method relies upon decisioning orders without the reliance on manual review and reactive fraud rules. The decisions, which are made in a 250-millisecond response rate, result in less false positives and negatives — and more revenue.
It’s Easier Than Ever to Prevent Ecommerce Fraud
Although eCommerce fraud will continue to evolve, the technology to address it has never been as advanced. Ecommerce businesses need to know the red flags to look out for so that they can reduce fraudulent activity. If a customer is using several cards to purchase from a site, or their addresses don’t match up, it could be a sign of eCommerce fraud.
Kount’s AI-driven eCommerce Fraud Prevention Solution can help businesses determine the level of risk and they are willing to accept in each transaction. By determining the right level of identity trust, businesses can protect revenue and customer data.