Wednesday, 8 September 2021

REST API specification & Management - Swagger

Swagger

Swagger specification is also known as Open api specification
It can be authored in Json or Yml

Saturday, 21 August 2021

Systems Integration

System integration is the process of joining software and hardware modules into one cohesive infrastructure, enabling all pieces to work as a whole.

Advantages

Increased productivity. Integrated systems allow for centralized control over the daily processes which adds to the efficiency of the entire workflow.
More accurate and trustworthy data. Data is updated across all components of the system simultaneously, keeping all departments on the same page.
Faster decision-making. Data is no longer scattered across siloed storages. So, to perform analytics, you don’t need to manually download and export it to the centralized repository. Instead, with a holistic view of all information, you can extract useful business insights to make good decisions more rapidly.
Cost-effectiveness. More often than not, system integration comes at a lower cost than replacing all disjointed parts with a new single system. Not to mention the tricky process of implementing new computer infrastructures.

Common types of system integration that meet different business needs.

Legacy system integration

Goal: integration of modern applications into existing outdated systems

Many organizations use outdated software to perform their core business functions. It cannot be removed and replaced with more modern technology as it is critical to a company’s day-to-day workflow. Instead, legacy systems can be modernized by establishing a communication channel with newer information systems and technology solutions.

Example: connecting a legacy CRM system to a data warehouse or a transportation management system (TMS).

Enterprise application integration (EAI)

Goal: unification of different subsystems inside one business environment

While growing, companies incorporate more and more enterprise applications to streamline their front- and back-office processes. These applications often share no points of convergence and accumulate huge volumes of data separately. Enterprise application integration (EAI) brings all functions into one business chain and automates real-time data exchange between different applications.

Example: creating one ecosystem for accounting, human resources information, inventory management, enterprise resource planning (ERP), and CRM systems of a company.

Third-party system integration

Goal: expanding functionality of the existing system

Integration of third-party tools is a great option when your business needs new functionality but can’t afford custom software development or just has no time to wait for features to be built from scratch.

Example: integrating an existing application with online payment systems (PayPal, WebMoney), social media (Facebook, LinkedIn), online video streaming services (YouTube), etc.

Business-to-business integration

Goal: connecting systems of two or more organizations

Business-to-business or B2B integration automates transactions and document exchange across companies. It leads to more efficient cooperation and trade with suppliers, customers, and partners.

Example: connecting a retailer’s purchasing system to a supplier’s ERP system.

Whatever the situation, the main objective of system integration is always the same — to put the fragmented and divided pieces together by means of building a coherent network. Let’s look at existing technologies and architecture models that make the integration magic happen.

Ways to connect systems

Application programming interfaces (APIs) provide the most common and straightforward way to connect two systems. Sitting between applications and web services, they enable the transmission of data and functionality in a standardized format. Most online service providers — from social media to travel platforms — build external APIs so that clients can easily link to their products.

Middleware is the hidden software layer that glues together distributed systems, applications, services, and devices. It handles different tasks such as data management, messaging, API management, or authentication. Cloud middleware can be accessed via APIs. In turn, an API gateway can be considered a type of middleware between a collection of services and systems using them.

Webhooks, also known as HTTP callbacks are real-time messages, sent by one system to another when a certain event happens. Say, accounting software may receive webhook notifications about transactions from payment gateways or online banking systems.

EDI — the abbreviation for electronic data interchange — is the exchange of business information in a standard electronic format, that replaces paper documents. EDI generally happens in two ways: via a value-added network (VAN), in which a third-party network is in charge of data transmission, or direct connections through the Internet.

How to approach system integration

System integration is multifaceted and can be approached through different architectural models, depending on the number and nature of components that need to be connected.

Point-to-point model

Point-to-point integration (P2P) is the architectural pattern in which every system is directly connected to all other systems and apps it needs to work in tandem and share information with. This model can be realized via APIs, webhooks, or custom code.

With a point-to-point connection, data is extracted from one system, modified or formatted, and then sent to another system. Each application implements all the logic for data translation, transformation, and routing, taking into account the protocols and supported data models of other integrated components.

Pros and cons: Among the main advantages of point-to-point integration is the ability of an IT team to build a small-scale integrated system quite quickly. On the flip side, the model is hard to scale and the management of all the integrations gets very demanding when the number of applications grows. Say, to interconnect six modules you need to perform 15 integrations. This results in the so-called star/spaghetti integration.

When to use it: This approach suits companies that don’t have complex business logic and run their operations on just a few software modules. It is also a perfect option for businesses aiming at connecting to SaaS applications.

Hub-and-spoke model

The hub-and-spoke model is a more advanced type of integration architecture that addresses the issues of point-to-point and helps to avoid the star/spaghetti mess. The connections between all subsystems are handled by a central hub (message broker), so they don’t communicate with each other directly.

The hub serves as a message-oriented middleware with a centralized integration engine to translate operations into a single canonical language and route messages to the right destinations. The spokes (adapters) connecting the hub to the subsystems are managed individually.

Pros and cons: As opposed to P2P, the model brings quite a few benefits to the table including higher scalability. Since every system has only one connection to the central hub, things get better in terms of security and architecture simplicity. However, the centralization of the hub can be a weakness in such a model. The whole infrastructure is dependent on the single integration engine which can become the key bottleneck as the workload increases.

When to use it: The hub-and-spoke model is widely-used in e-commerce, financial operations, and payment processing. Besides, it’s a preferable architecture for highly regulated industries that face significant security risks.

Enterprise Service Bus (ESB) model

The ESB architecture involves the creation of a separate specialized subsystem — an enterprise service bus — that serves as a common user interface layer connecting other subsystems.

The ESB can be described as a set of middleware services that glue multiple systems, serving as a messaging backbone. In contrast to hub-and-spoke with a single centralized integration engine, in ESB, each system is supplied with a separate integration engine and an adapter that translates a message into the canonical format and back into the destination supported format. Initially designed to bridge complex internal systems of large enterprises, ESBs can work with cloud services too.

Pros and cons: One of the best things about ESBs is that each subsystem is decoupled by a “messaging bus,” so it can be replaced or changed without affecting the functionality of other subsystems. This plays in favor of high scalability. Also, such projects are reliable and quite easy to design. As far as the cons, maintenance and troubleshooting get more complex with the spreading of integration tasks across the systems.

When to use it: An ESB model is an optimal way to implement large projects such as enterprise application integration (EAI), allowing them to scale when needed. It’s a good fit if a company needs to bring it together on-premises.

Deployment options for integrated systems

Though we’ve described the three most common architectures, the reality is more complicated than that. A single integration approach may not be sufficient anymore — especially when speaking of enterprises leveraging a wide range of technologies. Often, companies have to combine all three patterns within one ecosystem, using various types of middleware and API layers between IT components. Luckily, the growing number of cloud platforms offer their services to handle complex integrations. Below are two popular deployment options to consider.

Integration platform as a Service (iPaaS)

Integration Platform as a Service is a set of cloud-based integration solutions mostly used for building and deploying integrations in the cloud.

As an all-inclusive service, iPaaS couples systems, processes, and data, making them accessible via a single user interface. It presents a library of pre-built connectors that enable disjointed applications to communicate with one another despite where they are hosted. iPaaS handles data transformation and shipping from and to applications.

Pros and cons: iPaaS is advantageous in tons of ways. It’s flexible, multi-functional, and scalable. With iPaaS, integration activities are automated, facilitating the connection of systems and databases deployed in any environment and enabling faster project delivery. As far as the shortcomings, there might be security concerns as with any public cloud.

When to use it: iPaaS is great for real-time applications and it enables a variety of integration scenarios including enterprise application integration (EAI), data integration, cloud integration, B2B integration, API management, Internet of Things integration, and many more.

Hybrid integration platform (HIP)

A hybrid integration platform or HIP is a more universal version of what iPaaS offers. It is an array of integration software providing built-in capabilities to make on-premises and cloud-based solutions work as a single unit.

Integration platforms act as the middleware between legacy systems that run on physical hardware, applications and databases in a private cloud and systems running in a public cloud. Such platforms require minimum configuration. They interface and integrate with any systems by using two main components — protocol connectors to handle communication protocols such as HTTP, TCP, JMS, etc., and message formatter to handle various data formats such as JSON, XML, etc

Pros and cons:

Companies can count on high security and the reduction of integration costs and time as well as maintenance efforts.
At the same time, integration platforms haven’t reached the maturity phase, which is why it may be difficult to pick a suitable out-of-the-box solution.

OBN(Oracle Business Network)

All trading partners register on this network
One time setup on OBN
Onetime setup in CMK
Service delivery channel setup on OBN
Enable messaging on every supplier site that requires messagin

CMK

Framework that supports transformation of B2B document such as PO, between Oracle applns cloud format and external message format supported by trading partner.
It supports messaging with trading partners using service providers like OBN
Uses SOA B2B for messaging with OBN

SOA-B2B

OIC-B2B

Tuesday, 10 August 2021

JUnit, Mockito, Hamcrest, Powermock & Jacoco, SonarQube

Challenges with UI/Service testing

Complete application setup required along with external dependencies
Root cause analysis takes more time as the analysis require from UI, BD & Code

Junits

Method/group of methods
Easy to debug
Fast

Java 8 - Junit5

Junit

Assert an Exception

@Test(expected = IllegalArgumentException.class)

Vocabulary

SUT - SystemUnderTest is the code to write unit tests for
Stub

Maintenance overhead when ever we add new methods to original class
Useful for simple scenarios only

Mock

Mockito

<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</dependency>
Key classes
Mockito
BDDMockito
Matchers
CoreMatchers
Mock()

Dynamic Stub & provides much more functionality than Stubs
Stubbing a method

when(mock.method("param")).thenReturn(value);

Return multiple values with Method stubbing

when(mock.method("param")).thenReturn(1).thenReturn(3);

Argument Matchers

when(mock.method(anyInt())).thenReturn(1).thenReturn(3)
any()

Exception

when(mock.method(anyInt())).thenThrow(new RuntimeException("asdf"))

BDD Style(Behavior Driven Development)

Given-When-Then(Setup-actual method call-assert
given(mock.method(anyInt())).willReturn(1)

Verify Calls

verify(mock).deleteTodo("param")

Verify method is not called

verify(mock, never()).deleteTodo("param")

#times called

verify(mock, times(1)).deleteTodo("param")
verify(mock, atLeast(1)).deleteTodo("param")

Capture an argument passed

then(mock).should().deleteTodo("param")
Declare an argument Captor
ArugumentCaptor<String> stringArgumentCaptor = ArgumentCaptor.forClass(String.class);
Declare an argument Captor on specific method call
then(mock).should().deleteTodo(stringArgumentCaptor)
Capture the argument
assertThat(stringArgumentCaptor.getValue(),is("Learn to Dance"));
assertThat(stringArgumentCaptor.getAllValues().size(),is(2));

Hamcrest

Readable assers

assertThat(scores, hasSize(4))
assertThat("", isEmptyString)

Mockito Annotations

@Mock

Similar to Autowire annotations that creates mock for the Class type
This requires specific kind of runner to autowire it. -> RunWith(MockitoJUnitRunner.class)

@InjectMocks

Automatically inject the dependencies that constructor dependencies

@RunWith(MockitoJUnitRunner.class)
@Captor

Argument Captor eg: ArgumentCaptor<String> stringArgumentCaptor
Creates captor of particular type

Rules

2 Junit runners is not possible
Rules is alternative to multiple runners
Rule is run before and after the test
@Rule
public MockitoRule mockitoRule MockitoJUnit.rule()
We an remove the RunWith annotation

Spy

It creates a new copy of the class with all functionality where one can override specific methods
eg: List arrayListSpy = spy(ArrayList.class);
stub(arrayListSpy.size()).toReturn(5);
Verify that a method is called or not called
verify(arrayListSpy).add("Dummy");

PowerMock

Mock Limitations

Final classes
Static methods
final methods
equals & hashcode

Mock Static methods & Constructors

Specify runner

@RunWith(PowerMockRunner.class)
@PrepareForTest(UtilityClass.class)

Initiatlize the utilityclass that has Static method

PowerMockito.mockStatic(UtilityClass.class)
when (UtilityClass.staticmethod(anyInt)).thenReturn(100);

Mock Private methods

int i = Whitebox.invokeMethod(systemUnderTest,"private method to be invoked");

Mock Constructor

@RunWith(PowerMockRunner.class)
@PrepareForTest(UtilityClass.class)
PowerMockito.whenNew(ArrayList.class).withAnyArguments().thenReturn(mockList)
int size = systemUnderTest.methodUsingAnArrayListConstructor();

Testing a method or group of methods
assertEquals("","");

SonarQube

Facilitates continuous code inspection
Components

Webserver
Searchserver

Compute engine

SonarScanner

Standalone progra that scans the code and submits report to server

Monday, 9 August 2021

Spring Boot Actuator

It is set of tools provided by Spring team to monitor applications
Exposes endpoints to monitor and manage your application
Easily give Devops functionality outofbox
/actuator

end points available under actuator

Default exposed endpoints are /health & /info
/health

status of appln

/info

Info about application- name/description/version

To expose all actuator endpoints

management.endpoints.web.exposure.include=health,info
management.endpoints.web.exposure.include=*

/auditinfo
/beans
/mappings
/autoconfig
/beans
/configprops
/dump
/env
/flyway
/health
/info
/loggers
/liquibase
/metrics
/mappings
/shutdown
/trace
/docs
/heapdump
/jolokia
/logfile

Custom Endpoints

Create class extending AbstractEndpoint<List<String>> {
create constructor
implment Invoke() returning values of List<String> object
Create another calls extending EndpointMvcAdapter
returning object of AbstractEndpoint

Sunday, 1 August 2021

Kibana

Kibana open source user interface used to visualize and analyze elastic search data.
UI Accessible from browser
Comes with builtin webserver
Kibana stores its data in elastic search indices

Elastic Cloud with Google account

Username

elastic

Password

KJLUCKwJiBJhhZtWLoA7RZxI

Kibana has multiple apps

Analysis

Discoverer

playground for running adhoc query

Visualization
Dashboards
Canvas
Maps
Machine Learning
Graph

Enterprise Search
Observability

Metrics
Logs
APM(Application performance management)

Security
Management

Stack Monitoring
Stack Management
Dev tools
Ingest manager

Wednesday, 28 July 2021

Management Strategies

Campus Hires- Grooming for Success

Aspirations

Skill development

to be relevant

Individual Expression

Value independence (not isolation)

Career development

measurable feedback, frequent feedback,

Work-life balance

flexible hours, freedom of choose

Team/Community

Diverse community at outside & work

Growth/Development

Career development
skill development
learning
Constant feedback
Giving a big picture and how they are contributing
Allowing them to present their contribution and learnings in Team meeting
Balance between aspirations & team objectives(trainings on non-work related)
Overview of techstack of the product
From HR

Mentoring

job shadowing, constructive feedback
Quality mentoring can advanced their growth
Appreciate to boot confidence

Feedback
Lattice Career Path
Learning at work

Impactful/Meaningful work

Make a difference
individual expression
Communication
Enabling processes
Keep them excited about work
From HR

Conversation at work

Working out loud-> ask more questions

Complex adaptive systems

ask opinions, ideas,

Audacious goals

Extend conversations for Innovation, inclusion, Quality

Access -> Engage -> Curate
Associate them with SME
Purpose of team to overall organization goals

Remote Environment

going unnoticed
work-life balance
Process?
Chairs/decks/environment
Buddy/recordings
How to Procure

headphones
broadband
Monitor

Community to share information on pain points- rediscovered by every one
Home office setup as part of induction process
Work life balance

Expectations?
when to unplug from work
Getting help from others
Peer pressure on how many hrs to work- and get noticed
Expectations-

Self-service culture on policy, procurement,
Reach out
Team Mind-set

Emotional need

- breakup, loss of friend

capable but not concentrating

behavior pattern is not polished

try for attention

be close to manager, do work and go with out any social attachments

show off people - make team restless

Sensible people - good followers, learner- nurture such people.

Good listners - don't cutoff before others- tell outside of it

Build leaders

Good behavior more then talent

Behavior not good - distroys teams peace - Toxic people

Few people are good in speaking but not communication, overhipe, over look,

lacking confidence, communication

requires behavioral training

Define role vs Detailed role

Microaggressions

Criticize the microaggression not the aggressor
Start off with short conversation, and revisit it later
Speak for yourself and not for target
Do not be defensive and apologize

How to prepare for appraisal

Critical analysis

Diverse & Inclusive workspace

Preventing Discrimination and Harassment Global

Respectful behavior that oracle expects from employees. Treat every one with Respect and dignity. Discourage improper behavior in general.
Sexual harassment- unwanted conduct of a sexual nature that violates the dignity of a person

Unwelcome comments of a sexual nature, which violates dignity of a person
Do not be embrassed to report such incidents. It is not your fault
You are helping to stop it for others

Discrimination

Unjust or prejudicial treatment of a individual based solely on characteristic protected by law

Bystander

By simply changing the subject & mood of the situation, a bystander can disrupt the offensive behavior and provide support to colleague
By calling inappropriate behavior out, a bystander can put a stop the offensive behavior and provide support to colleague
Even without addressing the offender directly, a bystander can provide support by acknowledging that the comment was inappropriate, and making the target feel included.

Offensive behavior

Yelling
Taunting
Threatening
freezing out
Sabotage

Bullying
Retaliation against someone who filed a complaint

Don't take allegations personally

When You Start a New Job, Pay Attention to These 5 Aspects of Company Culture

When you join an organization, you have a short window of time to adapt to its culture.

five dimensions of culture that require your attention

Relationships

Companies differ in how they cultivate relationships, in how much they value collaboration, and in how much face time is required to get work done and make important decisions. In some organizations, the only way to influence others is by spending time with them in person. In others, emailing, texting, and video conferencing are preferred over in-person meetings. When you arrive in your new organization, ask insiders how you should approach relationships. For example, do you need to spend time building a relationship with someone before asking them for help or input on a project? Or is it acceptable to gather a list of “go-to” individuals whom you can simply email for assistance when you need them?

Observe where and how your colleagues get work done and make decisions. Do they spend much of their time meeting with one another, or do they tend to be at their desks or work from home? Are people friendly and open to meeting with you? Or do they appear to be nice but repeatedly cancel “meet and greets”? You may need others to help you make the necessary connections.

Communications

When you start a new job, look at how people tend to communicate with one another. Is it through formal channels, like meetings that are always set in advance, and to which everyone comes well-prepared? Or do individuals more often communicate spontaneously with little or no documentation? (Maybe your manager frequently stops by and says, “Can you come join this meeting now?”) You should start by asking your boss what the expectations are. Personal assistants and your teammates are other good sources of information.

Hierarchy often determines when and where it is acceptable to communicate with senior colleagues. For example, in more-hierarchical environments, you might have to “pre-clear” any communications upward in the hierarchy with your boss. In less hierarchical organizations, people may be encouraged to email senior leaders to chat with them. The best way to figure out these rules is to ask around. Your peers and direct reports may be well positioned to tell you how to proceed with your manager and those above. Ask about recent successful initiatives and how colleagues influenced senior leaders in their communications.

You should also note how information tends to be presented. For instance, do meetings revolve around formal presentations, or can individuals informally share issues, debate topics, and engage in real-time brainstorming without being judged? Some organizations and departments prefer 50-page presentations with reams of details and analyses, while others prefer to work from a simple emailed agenda with a bulleted list of topics. Pay attention to how information is typically packaged for meetings, the extent to which issues are debated versus “checked off,” and how deferential people are to those in positions of power. Observe how senior leaders in the room respond to formal decks and strong recommendations, versus informal discussions. Which style consistently results in a decision coming out of the meeting?

Decision-Making

How companies make decisions also varies in important ways. Some companies make real-time decisions in formal meetings, while others tend to finalize decisions offline. Even if formal meetings are the norm, you may find that the real decisions happen by the coffee station, in the hallway, or over lunch. Watch for whether the decisions made in the meetings get implemented. If you see people agreeing to some set of actions in a meeting, and then notice that other things happen afterward, that suggests there are strong informal decision-making mechanisms at play that you’ll need to uncover. For example, a decision to invest in a new product might ultimately rest in the hands of two pivotal individuals even when there is an entire senior leadership team reviewing the decision. You’d want to meet with these two key leaders far in advance of any formal meetings, and convince them of your point of view. Or perhaps everyone in the room appears to agree to invest in that product collectively, but you notice that several individuals chose not to voice their disagreements in public for political reasons. You will need to circle back and influence each of them after the fact to ensure they don’t derail your project.

Another aspect of decision-making to understand is whether your company culture has a bias for action or a bias for analysis and consensus. In organizations where the bias is for action, time and attention spans tend to be more limited, and decisions are made quickly. If you’re pushing for an initiative, you need to present your position clearly and give key stakeholders the information they need to make a decision. Other company cultures prefer a more protracted discussion of options, models, and strategies. More patience is required on your part, especially because this bias for consensus often means sending more supporting materials and analyses, and redoing the same presentation several times, before reaching a final decision. The question you want to ask is, what is your own bias for action, and how does it fit your new culture?

Individual Versus Group Perspectives

Some companies approach work as being largely the product of individuals, while in others it is the product of a collaborative orientation. If an organization is very individualistic in its approach, it will generally support a “hero mentality” that recognizes the ambitious individual. Rewards are often individually based, and performance management tends to be based on individual ratings where everyone’s unique contribution is justified to their peers.

Group-focused organizations provide more of a safety net in that risks and rewards are shared, but it may be harder to stand out as an individual and differentiate yourself. These organizations tend to be flatter and more focused on shared goals and results. If you are a highly ambitious individual who enjoys individual recognition, you may not get what you need fast enough in terms of career progression. One cue is to listen for how people discuss their work in meetings. If people generally talk about the group achievements, and you use “I” in your presentations, you will quickly be branded as someone who is not a team player. Once again, the key is in recognizing how individuals are recognized and rewarded.

Change Agents

Another cultural factor that can have a profound impact on your status and influence is the culture’s orientation toward change. Most places are resistant to outsiders bent on change. Typically, though, highly talented leaders brought in from the outside are told to “shake things up,” to challenge the status quo. Unfortunately, what happens to many of these folks is that they fail. Either they misread the cultural cues as to how disruptive they should really be (versus what they had been told) or they didn’t build the supportive relationships needed to back them up on key decisions — or both. Because they didn’t receive the proper onboarding advice, if any, they underestimated the cultural bounds they’d have to work within. So the challenge for any incoming leader is to determine what you can challenge in the culture, and when you should do so.

Pacing and buy-in are also critical factors. You need to ask: Can I be a highly assertive, fast-paced champion of change, or do I need to invest in engagement, dialogue, and consensus building first? Nobody will answer these questions for you — you need to figure it out by watching reactions to the initial recommendations you make. Start with a few trusted people to test your ideas. Ask them how others might respond before dropping your big idea in a formal setting with senior leaders. Know which leaders have your back before you propose major changes.

The main thing to keep in mind when you join a new company is that your previous achievements don’t allow you to act outside of the norms of the culture you’re in now. Most organizations will hire you for past experiences, but your future success there will be determined by your impact in your new environment — and depending on how well you understand and work within your new culture, your impact can be amplified or derailed.

Antitrust and Competition Laws

These laws promote vigorous competition and protect consumers from anti-competitive mergers and business practices.
When working with competitors, we avoid price fixing, bid rigging, market allocation, boycotting and exchanging competitively sensitive information.
Free and open competition

Saturday, 24 July 2021

E-commerse

https://www.bigcommerce.com/blog/ecommerce-fraud/#six-types-of-ecommerce-fraud

If you own or operate an online store, you must protect yourself against fraudsters who steal from you, wreck your online reputation, alienate your customers, damage your brand, and hurt your profits.

Why Does E commerce Fraud Take Place?

Today, fraudsters have it much easier. They simply visit a website on the dark web and buy as many stolen credit cards as they need. During the first half of 2019, there were at least 23 million stolen credit cards for sale on the dark web.

2. Anonymity.

Payment fraud is also popular because it is conducted unseen. The fraudsters don’t have to walk into a store, say a word to anyone, or risk getting captured on store cameras. All they need is a computer and an Internet connection. They can operate from any location, at any time of day, unseen.

Online fraudsters typically create fake email accounts and rent post office boxes using aliases that reveal no personally identifiable information about themselves

3. Evasion.

E commerce fraudsters know that police departments do not make eCommerce fraud a priority. For one thing, the amounts of money involved in each fraudulent transaction are typically small relative to other types of crimes. Plus, online fraud is increasingly conducted across international borders, making it hard for the police to locate and prosecute online criminals in other countries.

1. Credit card fraud.

2. Affiliate fraud.

Affiliate fraud is illegal activity intended to generate affiliate commissions.

A common form of affiliate fraud is “typosquatting,”in which a criminal registers domain names that match commonly mistyped versions of an online store’s legitimate URL. The fraudster then redirects that domain name to the merchant’s website—but with an affiliate link.

How to Identify Ecommerce Fraud Online

Inconsistent order data: The zip code and city entered don’t match. Or the IP address of the shopper and their email address don’t match.
Larger than average order: The order is far larger than your customer typically spends. Other red flags include multiple units of the same SKU in one order, and expedited shipping (the crook wants to receive the order before getting caught).
Unusual location: Your customer always purchases from an IP address in North America but suddenly makes a purchase from an IP address in an unusual location (Nigeria, for example).
Multiple shipping addresses: The buyer makes multiple purchases under one billing address but ships the products to multiple addresses.
Many transactions in a short timeframe: The fraudster makes multiple purchases back to back—and it’s not the holiday season.
Multiple orders from many credit cards: Someone makes multiple purchases using multiple credit cards (either in one day or over a longer period.
Multiple declined transactions in a row: The purchaser makes not just one or two attempts (honest shoppers make mistakes, after all), but four, five, six, seven, eight or more attempts without getting the card number, expiry date, and card security code correct.
Strings of orders from a new country: You’ve never received a single order from the Kingdom of Bhutan, and then you suddenly receive 11 orders from that country in the space of a week.

11 Steps for Preventing Fraud on Your Ecommerce Store

Conduct regular site security audits.

Want to discover flaws in your security before criminals and fraudsters do? Conduct security audits—often. Ask yourself these questions:

Are our shopping-cart software and plugins up-to-date?
Is our SSL certificate current and working?
Is our store PCI-DSS compliant (Payment Card Industry Data Security Standard)?
Are we backing up our online store often enough?
Are we using strong passwords for admin accounts, hosting dashboards, CMS, database, and FTP access?
Are we scanning our website regularly for malware?
Are we encrypting communication between our store and our customers and suppliers?
Have we removed inactive plugins?

2. Make sure your store is PCI compliant.

If you operate an online store that accepts credit card payments, you must be PCI compliant. PCI stands for Payment Card Industry. PCI standards for compliance are developed and managed by the PCI Security Standards Council to ensure the security of credit card transactions in the payments industry. PCI compliance means your online store and your businesses processes meet these PCI standards. If you operate a SaaS-based ecommerce store, your platform will typically provide this compliance.

3. Monitor your site regularly for suspicious activity.

Bricks-and-mortar stores hire fraud prevention officers to catch shoplifters. You can protect your online store against fraudulent transactions by monitoring your store for suspicious activity. Monitor your accounts and transactions for red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers. Use tools that track customer IP addresses and alert you to any addresses from countries known as a base for fraudsters.

4. Use an Address Verification Service (AVS).

Credit card processors and issuing banks will usually offer an Address Verification Service to detect suspicious credit card transactions in real-time and prevent credit card fraud. The Address Verification Service checks the billing address submitted by the card user (the customer) with the cardholder’s billing address that’s on file with the issuing bank. This check takes place as part of the merchant’s request to the payment processor for authorization of the credit card transaction. When addresses don’t match, the system either declines the transaction or flags it for investigation.

5. Require Card Verification Value (CVV) numbers for all purchases.

The three-digit security code on the back of VISA®, MasterCard® and Discover® credit and debit cards and the four-digit security code on the back of American Express® credit and debit cards is called the Card Verification Value (CVV) or Card Security Code (CSC). By requiring all purchasers to supply this code for every transaction, you ensure that customers have the physical credit card in their possession. This helps to keep you safe and reduces fraud.

6. Use Hypertext Transfer Protocol Secure (HTTPS).

HTTPS is the secure version of HTTP, which is the primary protocol used to send data between a customer’s web browser (like google) and your online store. HTTPS encrypts this data to protect sensitive information, such as customer names, addresses and credit card numbers. Using HTTPS prevents your online store from having its transactions broadcast in a way that’s easily viewed by hackers, cybercriminals, and fraudsters. You use HTTPS by buying an SSL certificate.

7. Avoid collecting too much sensitive customer data.

One way to protect your store in the event of a data breach or hack is to collect and store as little customer data as possible. Hackers can’t steal what you don’t have. So only collect the data you need to complete a transaction and ship the product. Avoid collecting Social Security numbers, birth dates and other unnecessary sensitive customer data.

8. Set limits on purchases.

Based on your order and revenue trends, set limits for the number of purchases and total dollar value you’ll accept from one account in a single day. This reduces your exposure to a minimum should fraud occur.

9. Try an anti-fraud solution.

Rudimentary anti-fraud tools perform a specific, single function. They are typically integrated into online shopping carts and ecommerce platforms. These tools use machine learning algorithms to identify fraudulent transactions through IP geolocation, validate email addresses, conduct device fingerprinting, and verify addresses.
Mid-level anti-fraud tools offer a wider variety of functions, including chargeback guarantees, auto declining of high-risk orders, protections against new account fraud and account takeover protection.
Top-level anti-fraud tools offer everything the other tools offer plus outsourced case management, expertise working with large merchants, loyalty fraud management, policy abuse protection, automatic decisions, and manual review of suspicious transactions, ensuring that no good order is mistakenly declined by the software.

10. Double check that the IP address and credit card address match.

Every order placed on your online store comes from a unique, public IP address (a string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over the Internet). From the IP address, you can generally detect the city or region of the world where the purchaser is making the purchase. If this city or region does not match the address of the credit card being used, that’s a red flag.

11. Avoid non-physical shipping addresses.

Fraudsters commonly avoid detection by protecting their physical address, preferring to use a PO box or other anonymous location. After all, the police can’t come knocking if there’s no door to knock on.

If you are an online merchant, and if you want to prevent this type of fraud, never ship online orders to PO boxes and other virtual addresses, such as those of freight forwarders. You can spot addresses that belong to freight forwarders because they have a container number in the address, such as 726 Dock Road Suite 300 #KXQ-582899328

https://thegood.com/insights/ecommerce-fraud/

Ecommerce fraud is sophisticated and ever-evolving, as fraudsters leverage more advanced tactics with every passing year. Malicious actors only need to be right once, whereas you need to be right every time.
Personal and credit card information and the card doesn’t need to be present for the transaction. In some cases, hackers steal personal and financial information and sell it on the black market
Friendly fraud, where the customer intentionally files a chargeback to gain a free product and avoid payment.

The best way to combat fraud is to identify why fraud is occurring in the first place, and then develop strategies to prevent and protect against these attacks, in order to secure your ecommerce site

1. Card Testing Fraud

Card testing fraud is when someone gains access to one or more stolen credit card numbers, through theft or by purchasing card data on the dark web. Even though they have the credit card numbers, they do not know (1) whether the card numbers can be used to successfully complete a transaction or (2) the limit associated with that credit card.

2. Friendly Fraud

Friendly fraud (also called chargeback fraud) is when someone purchases an item or service online and then requests a chargeback from the payment processor, claiming the transaction was invalid. The credit card companies or bank returns the transaction value to the customer, which must still be paid by the retailer.

The fraudster may purchase an item from your online store and argue that the item was never delivered, they may tell their credit card issuer that they returned the item to the merchant, but that a refund was never processed, or they can even say that they canceled the order, but it was still sent to them.

3. Refund Fraud

Refund fraud is when someone uses a stolen credit card to make a purchase on an eCommerce website. The fraudster then contacts the eCommerce business and requests a reimbursement due to an accidental over payment.

4. Account Takeover Fraud

Account takeover fraud occurs when someone gains access to a user’s account on an ecommerce store or website. This can be achieved through a variety of methods, including purchasing stolen password, security codes, or personal information on the dark web or successfully implementing a phishing scheme against a particular customer.

5. Interception Fraud

Interception fraud is when fraudsters place orders on your eCommerce website where the billing address and shipping address match the information linked to a stolen credit card. Once the order is placed, their goal is to intercept the package and take the goods for themselves.

6. Triangulation Fraud

Setting up this storefront brings in a number of legitimate customers who are looking to take advantage of an incredible bargain. Once these customers place orders on the fraudsters website, the fraudster uses stolen credit card numbers to purchase legitimate goods from your eCommerce website, and then send those goods to their customers.

Merchant fraud

Merchant fraud is another method which must be mentioned. It’s very simple: goods are offered at cheap prices, but are never shipped. The payments are, of course, kept. This method of fraud also exists in wholesale. It is not specific to any particular payment method, but this is, of course, where no-charge back payment methods (most of the push payment types) come into their own.

1. Take Advantage of Fraud Detection Solutions

This is one of the most effective ways to fight back against all types of ecommerce fraud. A fraud detection solution is essentially a third-party solution that specializes in identifying red flag transactions and protecting ecommerce merchants from card testing fraud, friendly fraud, and chargeback fraud.

A fraud detection solution is helpful for ecommerce organizations of all sizes, and is one of the best forms of fraud protection for ecommerce businesses. That said, it can be especially valuable for smaller companies who do not have the time, resources, or talent to implement their own fraud solutions. While you will want to do your due diligence to find the best vendor, a fraud detection solution can be a great way to fight back against fraudsters.

2. Maintain PCI Compliance

The Payment Card Industry Data Security Standard (PCI DDS) is a widely-respected set of requirements ensuring companies storing and processing credit card information and cardholder information—like ecommerce companies—maintain a secure environment. PCI compliance results in basic security precautions, including things like creating a firewall between your internet connection and any system storing credit card numbers. Ultimately, PCI compliance is mandatory, so you must ensure that you are abiding by relevant PCI guidelines to avoid any sanctions or penalties.

3. Be Extra Vigilant During the Holidays

The holiday months can be some of the most critical months for your business, as more people buy using ecommerce stores for Black Friday, Cyber Monday, and various December holidays. Customers are also preoccupied and busy during these times, and often adhere to fewer safety precautions.

The simple fact is that many fraudsters rely on merchants being too busy or preoccupied to spot potential fraud during these months. During the holiday months, be extra careful when receiving a significant number of foreign orders, rush orders, or many small-dollar purchases. These behaviors can be evidence of fraudsters testing out schemes like card testing fraud.

4. Create Blacklists

If you pay for a fraud detection solution (or do it yourself), you may start to notice that particular customers have tested credit cards with your ecommerce business. Once you find these customers, put them on an internal blacklist. A blacklist isn’t a complete solution, since fraudsters can keep using new stolen customer identities. However, a blacklist can help you flag potential fraudulent transactions before they occur based on past behavior.

Some Future Trends in E commerce Fraud

https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/

In order to commit identity theft or appropriate someone’s identity, fraudsters target personal information, such as names, addresses and email addresses, as well as credit card or account information.

This enables them, for example, to order items online under a false name and pay using someone else’s credit card information or by debiting another person’s account.

Phishing, on the other hand, simply involves using fraudulent websites, emails or text messages to access personal data.

Another technical method is known as pharming, in which manipulated browsers direct unsuspecting customers to fraudulent websites. Often, all that is required to appropriate someone’s identity is a stolen password. This can be used to take over an existing account with an online shop – in most cases, the payment data is already stored in the account.

Of course, hacker attacks on e-commerce providers and stealing customer data also fall under this type of e-commerce fraud, as does using malware on computers to commit identity theft by spying out sensitive data.

‘Man-in-the-middle attacks’ are even more sophisticated. These involve hackers muscling in on communications between customers and merchants (or between customers and banks) in order to siphon off login data.

Friendly fraud

In fourth place is what the merchants surveyed refer to as ‘friendly fraud’. This sounds friendlier than it really is: using this method, customers order goods or services and pay for them – preferably using a “pull” payment method like a credit card or direct debit.

Then, however, they deliberately initiate a charge-back, claiming that their credit card or account details were stolen. They are reimbursed – but they keep the goods or services. This fraud method is particularly prevalent with services, such as those in the gambling or adult milieus. Friendly fraud also tends to be combined with re-shipping.

This is where criminals who use stolen payment data to pay for their purchases don’t want to have them sent to their home addresses. Instead, they use middlemen whose details are used to make the purchases and who then forward the goods.

Clean fraud

The basic principle of clean fraud is that a stolen credit card is used to make a purchase, but the transaction is then manipulated in such a way that fraud detection functions are circumvented.

Much more know-how is required here than with friendly fraud, where the only goal is to cancel the payment once a purchase has been made. In clean fraud, criminals use sound analyses of the fraud detection systems deployed, plus a great deal of knowledge about the rightful owners of their stolen credit cards.

A great deal of correct information is then entered during the payment process so that the fraud detection solution is fooled. Before clean fraud is committed, card testing is often carried out. This involves making cheap test purchases online to check that the stolen credit card data works.

Merchant fraud

Merchant fraud is another method which must be mentioned. It’s very simple: goods are offered at cheap prices, but are never shipped. The payments are, of course, kept. This method of fraud also exists in wholesale. It is not specific to any particular payment method, but this is, of course, where no-chargeback payment methods (most of the push payment types) come into their own.

Affiliate fraud

There are two variations of affiliate fraud, both of which have the same aim: to glean more money from an affiliate program by manipulating traffic or signup statistics. This can be done either using a fully automated process or by getting real people to log into merchants’ sites using fake accounts. This type of fraud is payment-method-neutral, but extremely widely distributed.

Triangulation fraud

During triangulation fraud, the fraud is carried out via three points. The first is a fake online storefront, which offers high-demand goods at extremely low prices. In most cases, additional bait is added, like the information that the goods will only be shipped immediately if the goods are paid for using a credit card. The falsified shop collects address and credit card data – this is its only purpose.

The second corner of the fraud triangle involves using other stolen credit card data and the name collected to order goods at a real store and ship them to the original customer.

The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.

More international fraud

On average, the merchants who participated in the study do business in 14 countries. According to 58% of those surveyed, the major challenge in e-commerce fraud prevention is a lack of system integration to provide a unified view of all their transactions across all markets.

Different devices

Fraud methods vary depending on the sales channel, and the fact that most merchants aim to achieve multi-channel sales does not make the situation any easier. According to 69% of merchants surveyed, sales via third-party websites like Amazon, Alibaba or eBay are particularly susceptible to fraud. These are followed by mobile sales (mentioned by 64%) and sales via their own online shops (55%).

https://spd.group/machine-learning/e-commerce-fraud-detection/

There are two major classes of Machine Learning algorithms — supervised and unsupervised. Both can be used for fraud detection and prevention, but each has its pros and cons.

Machine Learning grounded detection solutions scan transactions and evaluate their threat score, such as between 0 and 1. The score is then compared to a pre-established threshold that will mark the transaction as fraudulent or not. Let’s take a closer look at the nature of some of these algorithms:

Supervised Decision Tree

After being fed data on fraudulent and normal transactions, a supervised Decision Tree will then make a classification (a prediction). The fraudulence score computation starts from the root node of the tree when it is split into child nodes; other nodes are also split into child nodes with binary or multi-fashion conditions. This is done depending on the value of the input variable.

When the tree is built, a new data input (a transaction) is classified by going through the root of the tree starting from the root node according to the feature values of the input.

Supervised Support Vector Machine (SVM)

A Support Vector Machine (SVM) works in another way — it separates transaction data samples into two classes on a plane graph in such an order that the formula needed for it shows the smallest error as compared to the ground truth dataset (real transactions labeled). The main idea behind an SVM is to draw a line between classes that will leave the biggest margins between fraudulent and non-fraudulent transactions to achieve a high level of detection

Anomaly Detection Using Auto encoder

In the event that a customer has a very few examples of fraudulent transactions, it is better to use Autoencoder — where fraudulent samples are excluded on the step of model training, but are still used for testing. All anomaly detection techniques are aimed at denoting unusual or unexpected events in the data.

A neural autoencoder is a type of architecture that is trained on one class of events and used to notify us about unusual events. The process of training implies an equal number of input and output units that have a certain number of layers in between. The final decision on whether a transaction is fraudulent or not is based on the threshold value and the distance between the input and its reproduced output layer.

Anomaly Detection Using Autoencoder

Outlier Detection: Isolation Forest

The other technique that tackles cases where there are very few or no fraudulent transactions in a dataset is Isolation Forest, which belongs to the outlier techniques class. The idea behind the Isolation Forest is that the outlier can be defined through making less random splits than a data point that belongs to the normal class; outliers happen much more rarely than normal samples and have values that are not typical for the average values of a data set.

The algorithm chooses a split value out of a randomly selected value range of a randomly selected feature. As a result of the selections, a tree is grown. The tree depth is measured with the number of required random splits (called mean length). When a forest consisting of such trees is grown, the mean length number is measured over all trees and becomes a measure of normality, or in the other words, the function we use to trace outliers.

Random splits have significantly shorter tree depth in cases with outliers than in cases with normal data samples. This helps us identify which data points are likely to be outliers.

Why Does Machine Learning for E-Commerce Fraud Detection Work So Well?

We have described the inner workings of the technological approach, now let’s highlight the main benefits of the ML in combating E-Commerce fraud.

Real-Time Data Processing

Traditional detection systems can only work with scenarios that have happened previously and prevent the types of fraud that have occurred in the past. Only when an attempt is successful will the system be able to make a correct conclusion. With Machine Learning it is different because algorithms can consider changes in real time and act on a fraudulent attempt, in some cases, even before the attack.

Finding Hidden Patterns

A ML-based system is constantly learning. Not only it is good at finding hidden correlations beyond human capabilities, but also with every discovered threat, it becomes better at finding new scenarios and preventing them.

Proxy and VPN Detection

An honest client doesn’t need a VPN while attempting a purchase, right? Of course, there are some people concerned about the security of their personal data, but it is safe to assume that proxy users might be suspicious clients worthy of further investigation.

Behavior Analytics

When the system knows the typical behavioral patterns of each client, it can easily pick up on deviations and spot suspicious behavior. Sometimes it can be an easy way to detect a criminal breaking into a customer’s account.

Quick and Accurate Verifications

Automated verification can speed up the whole purchase process for the client and operate on defined rules, eliminating the mistakes human employees might make.

Leveraging Big Data

An ML-based system can work with an enormous amount of data, saving the money required to have a large team of analysts. If you have a large-scale business with consistently added layers of information, this could be a key component in fighting and preventing fraud.

Consistent Results

People make mistakes that accurately programmed algorithms don’t ever make. With a properly installed automated system, you will get consistent security without occasional breakdowns because of human error.

How to Stop E-commerce Fraud? Some Advice for Retailers to Stay Safe and Proven Fraud Detection Methods

Customer Support Should be Guided with E-commerce Fraud Prevention Tips

Your E-commerce customer service undoubtedly plays a critical role in ensuring that the troubles and inconveniences your customers face are taken care of, while it also can contribute to your fraud prevention strategy.

To prevent situations where your customer support team lets fraudsters get away with illegal purchases, you should organize the training process in order for them to learn to be careful and pay attention to signs of fraud. Also, think of adding more employees during peak sales periods. The faster your customer support treats customers’ requests, the more customers will be satisfied.

Customize your Legal Policies

Your E-commerce business needs customized fraud prevention legal policies, rather than simply using the policies of popular E-commerce stores. Consider wisely as to what practices you should and should not use.

Usually, criminals carefully consider the niche and location of an online store that they are going to compromise. So, it is necessary to adjust existing policies to your particular case. Be true to your policies and protect their necessity — even if some of your customers find it troublesome to follow some of the rules.

Acknowledge the Importance of PCI Compliance

We have already mentioned PCI Compliance in this article, but it is hard to overestimate the impact of it on your security status. In fact, what we didn’t mention is the fact that PCI compliance is mandatory for E-Commerce retailers working with financial transactions. Failure to adhere to such compliance may result in an up to $100,000 fine for the business owner. However, you don’t always need to handle this aspect, because some payment gateway providers guarantee PCI security on their side. These standards are super important in maintaining the security of all financial information.

Protect Your Website

The most vulnerable spot in every E-Commerce store is the payment mechanism, PCI compliance gives you a good chance of protecting this area. But what about the website in general? It makes sense to give as much attention to every element of your website as you do to protecting the checkout process. Here are some tips that will help you improve the security of your website:

Use an SSL certificate for encryption that will protect the data coming from the browsers of your customers. Additionally, Google ranks HTTPS-sites very highly, so you will achieve an SEO advantage.
Consider adding a security auditor to your team who will try to find the weak spots of your E-Commerce website.
Leverage the OSSEC and other monitoring tools to get fraud prevention in real-time.

Delivery Tracking is a Must

Implement tracking numbers and signature upon delivery to your E-Commerce platform, if you haven’t done that. This type of chargeback fraud is called “friendly,” but there is nothing friendly about being vulnerable to criminals disguised as your customers or a significant financial loss due to the mistakes of the real customers.

Store As Little Customer Data As Possible

Avoid storing credit card data and personal information on your website if you can. The less information you will have, the less there is to steal. Let the payment gateway be responsible for all the sensitive information that might get you in trouble in the event of a data breach. For the recurring payments option, if you choose to have one, you need to be PCI compliant and follow strict storage guidelines; there is no other alternative.

Keep Track of Every Fraud Attempt

If you don’t have an automated solution at the moment, you need to save all historical data manually. When you have a database of every fraudulent attempt, successful or not, it is much easier to prevent future possible situations and feed this information to the ML algorithm (once you have it). Keep your enemies close by keeping a detailed notebook with all hacker attack information to build your future defense strategy upon. You can spot certain patterns by yourself and be aware of certain countries or regions as potentially dangerous.

Use Up-to-Date Software

The hackers are very inventive, especially in the COVID-19 era. Don’t give them a chance to find a vulnerability in your system due to dated software. It is a good idea to use protection tools and regularly scan your website for malware. Formjacking attacks can be a problem even if you have SSL protection. So, additional tools are required. Skimmers are targeting the websites of merchants of any size. Therefore, unfortunately, even small businesses are not safe.

Summary

What Are the Services and Software Solutions that Can Help Solve Problems in E-commerce Transactions?

There are a number of services and software solutions such as Subuno or Riskified that claim to help solve the problem of E-commerce fraud, but not all of them rely on innovative methods such as AI-driven solutions. SPD-Group develops custom software that can be grounded on Machine Learning to achieve high accuracy in the detection of E-commerce fraud.

How Can We Minimize Losses from E-commerce Fraud with Modern Tools?

Modern tools are more efficient in minimizing fraud losses because they can learn new fraudulent patterns from transactions that happen over time; also, modern tools are quicker than old tools. Paired with E-commerce fraud detection best practices like PCI standards, AVS, CVV, and others, a potent fraud detection system for a business can be created.

Why Machine Learning? What’s the Difference Between Old School Methods Like Rule-based Detection for E-commerce Fraud Prevention?

The first and the main difference between classical methods and machine learning for E-commerce fraud prevention is that the latter is a learning system, meaning that it is programmed in order to learn to perform a task — while rule-based methods do not react to any new patterns.

What Types of Fraudulent Scenarios Can We Detect Using ML?

We can detect cases of E-commerce frauds related to online purchases, transactions, and chargebacks. In general, we can detect which activity happens from a compromised user account or when a compromised credit card is being used.

What Are the Best Machine Learning Methods to Efficiently Detect Fraud?

Machine learning for E-commerce uses supervised and unsupervised anomaly detection methods that find fraudulent patterns in online transactions information or user behavior patterns.

What are the measures that can lead to the reduction of online fraud?

Keep your software up-to-date, follow a strict set of security protocols, keep your passwords strong, inform your employees about adherence to the legal policies and the importance of data security. Leverage the latest technology and tools to be one step ahead of the most skilled hackers!

Final Word

Looking at the world’s rising trend for E-commerce businesses, the amount of online purchases and transactions is booming as well the rise of fraudulent activity. A business should carefully consider the opportunities offered by relevant companies in the field of fraud detection and prevention and choose the best option — such as machine learning based algorithms that can improve over time and find new fraudulent patterns. Also, common security policies and PCI standards should not be overlooked while making your business more secure and reliable for your customers.

https://kount.com/blog/ecommerce-fraud-prevention-detection-best-practices/

10 eCommerce fraud types

Payments fraud
Friendly fraud
Account takeover (ATO) fraud
Retail arbitrage fraud
New account opening (NAO) fraud
eGift card fraud
Refund fraud
Promotion or coupon fraud
Triangulation fraud
Interception fraud

1. Payments fraud

Payments fraud occurs when bad actors use stolen credit cards to purchase goods and profit by reselling items. Card-not-present (CNP) transactions are most at risk for this type of fraud because the bad actor doesn’t have to present the card at the point of purchase. Businesses that don’t proactively prevent payments fraud risk losing money to chargebacks, false positives, and operational inefficiencies.

2. Friendly fraud

Friendly fraud occurs when a consumer makes an online purchase and then disputes the charge with their bank. These disputes often end in chargebacks for the merchant. In some cases, the consumer has malicious intent to dispute the payment and keep the goods or services. But more often, consumers call their credit card companies or banks to dispute charges they don’t recognize.

Usually, friendly fraud isn’t attributed to criminal enterprises, but it can still damage profits and affect inventory. However, businesses and merchants can prevent friendly fraud, resolve disputes, and avoid chargebacks with a real-time chargeback prevention solution.

3. Account takeover (ATO) fraud

Account takeover fraud occurs when a human, bot, or botnet uses stolen credentials to access customer accounts. Once they have access, bad actors can drain monetary funds or loyalty points, steal customer data, or purchase goods or services. Beyond lost revenue, account takeover fraud damages brand reputations and can permanently erode the trust of good customers.

The rise in this type of non-financial credentials fraud is due to the dark web demand for stolen email addresses, passwords, and other private personal information. When a bad actor discovers the right combination of username and password, they can access and exploit genuine customer accounts.

4. Retail arbitrage fraud

Retail arbitrage fraud occurs when malicious bots allow a single buyer to purchase large quantities of discounted items for resale on a different marketplace. This type of fraud can quickly undercut revenue and profits, drain inventory, and steal discount-conscious customers away. Retail arbitrage fraud can result in dramatic price differences across marketplaces and poor customer experiences that can reflect poorly on brands.

Bots are evolving, so malicious bots are becoming harder to detect and block with perimeter security, web application firewalls, and content delivery networks. The latest generation of bot protection solutions can accurately identify and classify even the most sophisticated bots. They can block malicious bot activity, allow good bot activity, and verify questionable bot activity with step-up authentication.

5. New account opening (NAO) fraud

New account opening fraud occurs when a bad actor creates new accounts to take advantage of offers and services. The bad actor creates the account using bits and pieces of real identity data. This makes it hard for the merchant to determine if the account belongs to a legitimate customer. Without eCommerce fraud detection methods, this can lead to identity fraud and illegitimate purchases online.

6. eGift card fraud

With eGift card fraud, a bad actor steals a consumer’s payment information and buys an eGift card. From there, the bad actor may resell the eGift card online. When another consumer buys it, the bad actor pockets the consumer’s money and payment information. Meanwhile, the original consumer whose payment information the bad actor used to buy the eGift card calls their credit card company to dispute the charge. The dispute ends in a chargeback for the merchant.

eGift card fraud is difficult to trace because bad actors don’t have to ship cards to an address. So when it comes to resolving eGift card fraud, merchants take a significant financial hit. Luckily, there are several ways businesses and merchants can avoid eGift card fraud.

7. Refund fraud

Refund fraud is a big problem for any company that ships goods or accepts returns. Essentially, refund fraud happens when bad actors exploit gaps in logistics or fulfillment processes to turn a profit or get goods for free. There are several kinds of refund fraud, including did-not-arrive (DNA), empty box or partially empty box, fake tracking ID (FTID), and refund as a service. Some bad actors are part of larger, more organized groups abusing refund policies.

But not all bad actors are in those bigger groups. Some are opportunistic customers. And, unfortunately, refund fraud happens without a chargeback or a traditional dispute to alert the merchant, which makes it hard to detect.

8. Promotion or coupon fraud

Businesses depend on promotional sales and lead-generating promotional campaigns to acquire new customers and keep loyal customers happy. In promotion or coupon fraud, a bad actor abuses a business’s coupon or promotional policies. Bad actors may attempt to defraud a business by using promotional codes multiple times or abusing coupon policies to obtain goods for free. Referral programs and sale-saving tactics like cart-abandonment and apology vouchers are most at risk for this type of fraud.

9. Triangulation fraud

Triangulation fraud occurs when bad actors build fake online stores to sell items at cheaper prices. The fake store has a single purpose: to steal credit card data. After the bad actor collects a consumer’s credit card information, they forward the legitimate transaction to the real merchant. The real merchant charges the customer a second time, which leads to chargebacks. If the consumer doesn’t realize their credit card information was compromised, the bad actor may keep the stolen information and make purchases elsewhere.

10. Interception fraud

With interception fraud, bad actors attempt to intercept a customer’s order and obtain goods for resale. To do this, the bad actor will contact a vendor’s customer service partner to have the order’s shipping address changed to their own. Bad actors may also approach the shipping company directly and ask them to reroute a delivery to an alternative address so they can intercept it. Interception fraud requires taking over a customer’s account to access order and shipping details.

10 signs of eCommerce fraud

Establishing identity trust is the best way to prevent eCommerce fraud. Manual reviews alone will be unsustainable when online orders increase. But there are 10 signs of eCommerce fraud all businesses and merchants can watch for:

Customers create new email addresses to make purchases.
Customers place higher- or lower-than-average orders.
Customers place multiple orders in quick succession.
Customers pay more for expedited shipping.
Customers ship items to unusual locations.
Customers order a product in large quantities.
Customers use multiple shipping addresses.
Customers use shipping or billing addresses that don’t match their IP address.
Customers use multiple cards from a single IP address.
Customers ship multiple orders to the same address using different cards.

1. Customers create new email addresses to make purchases

It’s not uncommon for consumers to use the same email addresses for many years, so customers registering new email addresses may indicate fraud. Knowing an email address’s date first seen, for example, can help establish identity trust, especially for businesses that use eCommerce fraud prevention tools like Email Insights. If an email address has an age of zero, it may indicate that a bad actor created the email address on the day for fraud.

Meanwhile, the email address’s date last seen can indicate how long it’s been since a customer used that email address. An email address that hasn’t been seen in several years, for example, may have been accessed through account takeover fraud.

2. Customers place higher- or lower-than-average orders

If a good customer suddenly places an order that’s significantly higher than average, they may be a victim of fraud. The same goes for good customers who place lower-than-average orders, as they may be the victims of account takeover fraud. A business’s products, services, or industry standards may determine what behavior is normal or risky. But, generally, purchases that are too high or too low may be cause for suspicion.

3. Customers place multiple orders in quick succession

If a business finds that customers place multiple orders in rapid succession in small denominations, a bad actor may be card testing. Bad actors use card testing to validate stolen credit cards. Once they confirm which credit card numbers are live, they can make larger fraudulent purchases. With card testing, a bad actor may place multiple small orders at once or within a short time frame on one or many credit cards.

Essentially, they’re weeding out canceled or invalid numbers. Quick-service restaurants, in particular, are prime targets for card testing because they offer low-dollar-value items. It’s not atypical to fulfill a series of inexpensive purchases.

4. Customers pay more for expedited shipping

Bad actors may expedite shipping on fraudulent purchases to decrease the chances that a merchant will manually review the order. They know stolen cards have a short lifespan, so they’re more likely to pay for faster, more expensive shipping. After all, it’s not their money the bad actor is spending. This sign of eCommerce fraud goes hand in hand with orders that are significantly higher than average. Expedited shipping isn’t a red flag on its own. But it may be a strong indicator if merchants see it with other items on this list.

5. Customers ship items to unusual locations

Mismatched shipping and billing addresses may be an indicator of fraud, especially if the discrepancy is several states or countries apart and not marked as gifts. If a business predominantly sells domestically, an unexpected uptick in international orders may also indicate fraud.

6. Customers order a product in large quantities

If a business receives orders for higher-than-average quantities of one product, the orders might be fraudulent. As other circumstances on this list highlight, bad actors tend to expedite large orders, knowing victims can cancel stolen cards at any time. If a large order for the same product comes through, consider following up with the customer to confirm and clarify purchase details.

7. Customers use multiple shipping addresses

Sometimes bad actors place orders to multiple shipping addresses with several stolen cards, each placed under different names. If a customer’s account has multiple shipping addresses attached to it, this is a red flag.

8. Customers use shipping or billing addresses that don’t match their IP address

The benefit of eCommerce stores is that businesses can track the most granular details of a customer’s order: from their billing and shipping addresses to their IP address at checkout. If these don’t match, it should raise a red flag. For example, if an IP address and a shipping address are different from an order’s billing address, the transaction may require more scrutiny.

9. Customers use multiple cards from a single IP address

If customers place orders from the same IP address but several cards, this could indicate a problem. Although it’s not unusual for customers to have more than one card, several cards — especially used at the same time — should be considered suspicious.

10. Customers ship multiple orders to the same address using different cards

This is a sign of lazy eCommerce fraud, yet it happens. Often, bad actors won’t steal information from a single card but will use multiple cards. Then they’ll attempt to place fraudulent orders with different cards and ship them to the same address. If a customer ships multiple orders with different cards to the same address, whether over one transaction or several, it could be fraud.

9 industry best practices for eCommerce fraud detection

The following industry best practices can help prevent eCommerce fraud, whether used individually or in conjunction with other behavioral indicators.

Implement AI and machine learning.
Link fraud signals from a data network that’s larger than your own.
Implement risk-based or step-up authentication.
Implement card security code requirements.
Invest in Address Verification Services (AVS).
Partner with a reliable third-party payment processor.
Follow PCI standards.
Train customer service reps on fraud.
Keep fraud prevention software updated.

1. Implement AI and machine learning

The best way to detect and prevent eCommerce fraud is to not rely on human decisions alone. AI fraud prevention simulates the work of experienced fraud analysts but without human error. It weighs the risk of fraud against the customer’s value on a faster and more scalable basis than a human.

AI can weigh fraud risks with the help of supervised and unsupervised machine learning. Supervised machine learning detects emerging fraud attacks, and unsupervised machine learning accounts for past decisions. eCommerce businesses that use AI don’t just detect and prevent fraud. They accept more good orders, reduce manual reviews, and have more control over business outcomes.

2. Link fraud signals from a data network that’s larger than your own

A single sign of fraud or purchase-related red flag isn’t enough to indicate fraud. Businesses and fraud analysts should link identity elements from the fraud signals listed to better establish identity trust. And leveraging a robust data network can help them do it.

A data network that accounts for billions of digital interactions from industries across the globe can help analysts determine if a purchase is legitimate or suspicious. The more data an eCommerce business has, the faster and more accurately it can detect fraud.

3. Implement risk-based or step-up authentication

Implementing strong password requirements on your customer accounts can reduce fraudulent activity. The better the password, the harder it will be for a bad actor to break into a customer’s account. But safety isn’t guaranteed.

With risk-based authentication (RBA) or step-up authentication, issuing banks apply varying levels of scrutiny to authentication processes based on the interaction’s level of risk. The higher the risk, the more rigorous the authentication process. Step-up authentication challenges experiences that present a higher likelihood of fraud.

4. Implement card security code requirements

Some eCommerce activities, like card-not-present (CNP) transactions, pose a higher risk of fraud. In a CNP transaction, a customer isn’t required to present a card to complete a purchase. CNP transactions are common when customers make purchases online, via mobile app, or over the phone.

These transactions pose a higher risk of fraud because businesses and merchants can’t verify a cardholder’s identity easily. Businesses should implement card security code requirements to prevent CNP fraud. Asking for each card’s three- or four-digit code can reduce the probability that a transaction is fraudulent.

5. Invest in Address Verification Services (AVS)

Bad actors regularly ship goods to different addresses. Investing in an Address Verification Service (AVS) can help businesses establish trust in their customers. Credit card companies provide AVS and compare the address a customer submits with their known address on file with their issuing bank. Then the issuing bank returns an AVS code to the business or merchant.

AVS codes indicate discrepancies like house or unit numbers that don’t match ZIP codes, for example. Credit card processors may charge a fee for each verification. But AVS can reduce the likelihood of fraud by helping businesses to decide to accept, reject, or flag transactions.

6. Partner with a reliable third-party payment processor

Outsourcing fraud checks to a third-party payment processor is one of the easiest and safest ways to prevent eCommerce fraud. Third-party payment processors often manage things like customer chargebacks, security compliance, and data storage.

Keeping customer data safe should be a top priority, especially if customers save their credit card details in their accounts. A third-party payment processor can keep customers’ private information secure, which can cut the number of eCommerce fraud attempts against a store.

7. Follow PCI standards

Payment Card Industry (PCI) standards help businesses protect themselves and their customers from eCommerce fraud. PCI standards include six major objectives, 12 key requirements, 78 base requirements, and over 400 test procedures. MasterCard, American Express, and Visa set PCI standards to safeguard consumer data.

The Payment Card Industry Security Standards Council enforces these standards, which are mandatory for online retailers. Most major payment processors comply with PCI standards. But businesses and merchants must do their research before choosing a third-party payment processor.

8. Train customer service reps on fraud

Training can play a crucial role in preventing fraudulent activity. With a well-trained customer support team and stringent security system, businesses are less likely to be victims of fraud. With sufficient anti-fraud training, customer service reps can identify and respond to potentially fraudulent inquiries more effectively.

9. Keep fraud prevention software updated

If a business uses software to prevent eCommerce fraud, keep that software updated. Bad actors are constantly finding ways to avoid getting caught, and anti-fraud software providers adjust to fight them every step of the way. But software that’s out of date can leave businesses vulnerable to new fraud patterns.

Anti-fraud software relies on security patches to prevent evolving fraud behaviors and protect against new viruses and malware. Without updates, businesses risk bad actors accessing data and sidestepping measures that reduce fraudulent activity.

eCommerce fraud detection is easier than ever

Relying on manual reviews alone is tedious, hard to scale, and prone to human error. Businesses should invest in powerful fraud prevention software to scale eCommerce fraud detection and prevention more efficiently and accurately.

With Kount’s AI-driven fraud prevention solution, businesses can prevent emerging fraud, accept more good orders, reduce manual reviews, and control business outcomes. Kount’s AI simulates an experienced fraud analyst by weighing the risk of fraud against the customer’s value. But it’s faster and more scalable. Plus, Kount protects the entire customer journey and creates friction-less experiences for good customers, which is essential for repeat business.

eCommerce fraud will continue to evolve, but the technology that prevents it has never been more advanced. eCommerce businesses need to know the red flags that indicate fraud so that they can reduce fraudulent activity. Kount’s AI-driven eCommerce fraud prevention solution can automatically identify those flags to help businesses determine risk levels for each interaction. By determining the right level of identity trust, businesses can protect revenue and customer data

https://www.cloudways.com/blog/ecommerce-fraud-prevention/

Basics of E commerce Fraud Prevention

1. Addressing Verification System

Use AVS (Address Verification System). It’s amazing. It helps you secure your eCommerce business by verifying the customer’s billing address, whether it’s the same as the credit card company has on the records or not.

2. Following PCI Standards

PCI or, Payment Card Industry (PCI) has security regulations for every eCommerce company to follow. These standards make your transactions more secure. If you don’t adhere to the PCI standards, you can easily become a victim to eCommerce frauds or might even expose yourself to a hefty lawsuit, especially if your eCommerce payment processing channels are exposed.

The bad guys hide behind international borders, and because your local authorities may have no jurisdiction over them, it can be problematic for you to recover your stolen money or data.

3. Setting Strong Password Requirements

Restrictive password requirements often frustrate us. But as a matter of fact, using a complicated password protects your customers as well as your business. It is a smart practice to insert different types of characters in your password to reduce the chances for hackers to attack you.

1. No Debit, Only Credit

You must use your credit card instead of your debit card to purchase online as it is more secure. If a fraudster gets his hands on your debit card, he can gain access to your bank account.

2. Be Careful when Clicking CTAs

Do not immediately click on the pop-ups, or purchase anything from pop-up deals. You must land on the product page and purchase the product from there. It is also recommended not to click on ‘buy now’ or similar CTAs when you receive promotional emails. Instead, visit and order from their website.

3. Make use of Password Manager

Most of the merchants offer ‘Save Your Payment Information’ to make it more convenient for the customers to purchase from them in the future. Therefore, if you are shopping from a lot of ecommerce websites, especially during Black Friday or Cyber Monday, you must use strong passwords.