https://www.bigcommerce.com/blog/ecommerce-fraud/#six-types-of-ecommerce-fraud
If you own or operate an online store,
you must protect yourself against fraudsters who steal from you, wreck
your online reputation, alienate your customers, damage your brand, and
hurt your profits.
Why Does E commerce Fraud Take Place?
Today, fraudsters have it much
easier. They simply visit a website on the dark web and buy as many
stolen credit cards as they need. During the first half of 2019, there were at least 23 million stolen credit cards for sale on the dark web.
2. Anonymity.
Payment fraud is also popular because
it is conducted unseen. The fraudsters don’t have to walk into a store,
say a word to anyone, or risk getting captured on store cameras. All
they need is a computer and an Internet connection. They can operate
from any location, at any time of day, unseen.
Online fraudsters typically create
fake email accounts and rent post office boxes using aliases that reveal
no personally identifiable information about themselves
3. Evasion.
E commerce fraudsters know that police
departments do not make eCommerce fraud a priority. For one thing, the
amounts of money involved in each fraudulent transaction are typically
small relative to other types of crimes. Plus, online fraud is
increasingly conducted across international borders, making it hard for
the police to locate and prosecute online criminals in other countries.
1. Credit card fraud.
2. Affiliate fraud.
Affiliate fraud is illegal activity intended to generate affiliate commissions.
A common form of affiliate fraud is
“typosquatting,”in which a criminal registers domain names that match
commonly mistyped versions of an online store’s legitimate URL. The
fraudster then redirects that domain name to the merchant’s website—but
with an affiliate link.
How to Identify Ecommerce Fraud Online
- Inconsistent order data: The zip code and city entered don’t match. Or the IP address of the shopper and their email address don’t match.
- Larger than average order: The
order is far larger than your customer typically spends. Other red
flags include multiple units of the same SKU in one order, and expedited
shipping (the crook wants to receive the order before getting caught).
- Unusual location: Your customer always purchases from an IP address in North America but suddenly makes a purchase from an IP address in an unusual location (Nigeria, for example).
- Multiple shipping addresses: The buyer makes multiple purchases under one billing address but ships the products to multiple addresses.
- Many transactions in a short timeframe: The fraudster makes multiple purchases back to back—and it’s not the holiday season.
- Multiple orders from many credit cards: Someone makes multiple purchases using multiple credit cards (either in one day or over a longer period.
- Multiple declined transactions in a row: The
purchaser makes not just one or two attempts (honest shoppers make
mistakes, after all), but four, five, six, seven, eight or more attempts
without getting the card number, expiry date, and card security code
correct.
- Strings of orders from a new country: You’ve
never received a single order from the Kingdom of Bhutan, and then you
suddenly receive 11 orders from that country in the space of a week.
11 Steps for Preventing Fraud on Your Ecommerce Store
Conduct regular site security audits.
Want to discover flaws in your
security before criminals and fraudsters do? Conduct security
audits—often. Ask yourself these questions:
- Are our shopping-cart software and plugins up-to-date?
- Is our SSL certificate current and working?
- Is our store PCI-DSS compliant (Payment Card Industry Data Security Standard)?
- Are we backing up our online store often enough?
- Are we using strong passwords for admin accounts, hosting dashboards, CMS, database, and FTP access?
- Are we scanning our website regularly for malware?
- Are we encrypting communication between our store and our customers and suppliers?
- Have we removed inactive plugins?
2. Make sure your store is PCI compliant.
If you operate an online store that
accepts credit card payments, you must be PCI compliant. PCI stands for
Payment Card Industry. PCI standards for compliance are developed and managed by the PCI Security Standards Council to ensure the security of credit card transactions in the payments industry. PCI compliance means your online store and your businesses processes meet these PCI standards. If you operate a SaaS-based ecommerce store, your platform will typically provide this compliance.
3. Monitor your site regularly for suspicious activity.
Bricks-and-mortar
stores hire fraud prevention officers to catch shoplifters. You can
protect your online store against fraudulent transactions by monitoring
your store for suspicious activity. Monitor your accounts and transactions for red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers. Use tools that track customer IP addresses and alert you to any addresses from countries known as a base for fraudsters.
4. Use an Address Verification Service (AVS).
Credit card processors and issuing
banks will usually offer an Address Verification Service to detect
suspicious credit card transactions in real-time and prevent credit card
fraud. The Address Verification Service checks the billing address
submitted by the card user (the customer) with the cardholder’s billing
address that’s on file with the issuing bank. This check takes place as
part of the merchant’s request to the payment processor for
authorization of the credit card transaction. When addresses don’t
match, the system either declines the transaction or flags it for
investigation.
5. Require Card Verification Value (CVV) numbers for all purchases.
The three-digit security code on the back of VISA®, MasterCard® and Discover®
credit and debit cards and the four-digit security code on the back of
American Express® credit and debit cards is called the Card Verification
Value (CVV) or Card Security Code (CSC). By requiring all purchasers to
supply this code for every transaction, you ensure that customers have
the physical credit card in their possession. This helps to keep you
safe and reduces fraud.
6. Use Hypertext Transfer Protocol Secure (HTTPS).
HTTPS is the secure version of HTTP,
which is the primary protocol used to send data between a customer’s
web browser (like google) and your online store. HTTPS encrypts this
data to protect sensitive information, such as customer names, addresses
and credit card numbers. Using HTTPS prevents your online store from
having its transactions broadcast in a way that’s easily viewed by
hackers, cybercriminals, and fraudsters. You use HTTPS by buying an SSL
certificate.
7. Avoid collecting too much sensitive customer data.
One way to protect your store in the
event of a data breach or hack is to collect and store as little
customer data as possible. Hackers can’t steal what you don’t have. So
only collect the data you need to complete a transaction and ship the
product. Avoid collecting Social Security numbers, birth dates and other
unnecessary sensitive customer data.
8. Set limits on purchases.
Based on your order and revenue
trends, set limits for the number of purchases and total dollar value
you’ll accept from one account in a single day. This reduces your
exposure to a minimum should fraud occur.
9. Try an anti-fraud solution.
- Rudimentary anti-fraud tools perform a specific, single function. They are typically integrated into online shopping carts and ecommerce platforms.
These tools use machine learning algorithms to identify fraudulent
transactions through IP geolocation, validate email addresses, conduct
device fingerprinting, and verify addresses.
- Mid-level anti-fraud tools
offer a wider variety of functions, including chargeback guarantees,
auto declining of high-risk orders, protections against new account
fraud and account takeover protection.
- Top-level anti-fraud tools offer
everything the other tools offer plus outsourced case management,
expertise working with large merchants, loyalty fraud management, policy
abuse protection, automatic decisions, and manual review of suspicious
transactions, ensuring that no good order is mistakenly declined by the
software.
10. Double check that the IP address and credit card address match.
Every order placed on your online
store comes from a unique, public IP address (a string of numbers
separated by periods that identifies each computer using the Internet
Protocol to communicate over the Internet). From the IP address, you can
generally detect the city or region of the world where the purchaser is
making the purchase. If this city or region does not match the address
of the credit card being used, that’s a red flag.
11. Avoid non-physical shipping addresses.
Fraudsters commonly avoid detection
by protecting their physical address, preferring to use a PO box or
other anonymous location. After all, the police can’t come knocking if
there’s no door to knock on.
If you are an online merchant, and if
you want to prevent this type of fraud, never ship online orders to PO
boxes and other virtual addresses, such as those of freight forwarders.
You can spot addresses that belong to freight forwarders because they
have a container number in the address, such as 726 Dock Road Suite 300
#KXQ-582899328https://thegood.com/insights/ecommerce-fraud/
- Ecommerce fraud is sophisticated and ever-evolving, as fraudsters
leverage more advanced tactics with every passing year. Malicious actors
only need to be right once, whereas you need to be right every time.
- Personal and credit card information and the card doesn’t need to be
present for the transaction. In some cases, hackers steal personal and
financial information and sell it on the black market
- Friendly fraud, where the customer intentionally files a chargeback to gain a free product and avoid payment.
The best way to combat fraud is to identify why fraud is occurring in
the first place, and then develop strategies to prevent and protect
against these attacks, in order to secure your ecommerce site
1. Card Testing Fraud
Card testing fraud is when someone gains access to one or more stolen
credit card numbers, through theft or by purchasing card data on the
dark web. Even though they have the credit card numbers, they do not
know (1) whether the card numbers can be used to successfully complete a
transaction or (2) the limit associated with that credit card.
2. Friendly Fraud
Friendly fraud (also called chargeback fraud)
is when someone purchases an item or service online and then requests a
chargeback from the payment processor, claiming the transaction was
invalid. The credit card companies or bank returns the transaction value
to the customer, which must still be paid by the retailer.
The fraudster may purchase an item from your online store and argue that
the item was never delivered, they may tell their credit card issuer
that they returned the item to the merchant, but that a refund was never
processed, or they can even say that they canceled the order, but it
was still sent to them.
3. Refund Fraud
Refund fraud is when someone uses a stolen credit card to make a
purchase on an eCommerce website. The fraudster then contacts the eCommerce business and requests a reimbursement due to an accidental over payment.
4. Account Takeover Fraud
Account takeover fraud occurs when someone gains access to a user’s
account on an ecommerce store or website. This can be achieved through a
variety of methods, including purchasing stolen password, security
codes, or personal information on the dark web or successfully
implementing a phishing scheme against a particular customer.
5. Interception Fraud
Interception fraud is when fraudsters place orders on your eCommerce
website where the billing address and shipping address match the
information linked to a stolen credit card. Once the order is placed,
their goal is to intercept the package and take the goods for
themselves.
6. Triangulation Fraud
Setting up this storefront brings in a number of legitimate customers
who are looking to take advantage of an incredible bargain. Once these
customers place orders on the fraudsters website, the fraudster uses
stolen credit card numbers to purchase legitimate goods from your eCommerce website, and then send those goods to their customers.
Merchant fraud
Merchant fraud is another method which must be mentioned. It’s very
simple: goods are offered at cheap prices, but are never shipped. The
payments are, of course, kept. This method of fraud also exists in
wholesale. It is not specific to any particular payment method, but this
is, of course, where no-charge back payment methods (most of the push
payment types) come into their own.
1. Take Advantage of Fraud Detection Solutions
This is one of the most effective ways to fight back against all types of ecommerce fraud. A fraud detection solution
is essentially a third-party solution that specializes in identifying
red flag transactions and protecting ecommerce merchants from card
testing fraud, friendly fraud, and chargeback fraud.
A
fraud detection solution is helpful for ecommerce organizations of all
sizes, and is one of the best forms of fraud protection for ecommerce
businesses. That said, it can be especially valuable for smaller
companies who do not have the time, resources, or talent to implement
their own fraud solutions. While you will want to do your due diligence
to find the best vendor, a fraud detection solution can be a great way
to fight back against fraudsters.
2. Maintain PCI Compliance
The Payment Card Industry Data Security Standard (PCI DDS)
is a widely-respected set of requirements ensuring companies storing
and processing credit card information and cardholder information—like
ecommerce companies—maintain a secure environment. PCI compliance
results in basic security precautions, including things like creating a
firewall between your internet connection and any system storing credit
card numbers. Ultimately, PCI compliance is mandatory, so you must
ensure that you are abiding by relevant PCI guidelines to avoid any
sanctions or penalties.
The
holiday months can be some of the most critical months for your
business, as more people buy using ecommerce stores for Black Friday,
Cyber Monday, and various December holidays. Customers are also
preoccupied and busy during these times, and often adhere to fewer
safety precautions.
The simple fact is
that many fraudsters rely on merchants being too busy or preoccupied to
spot potential fraud during these months. During the holiday months, be
extra careful when receiving a significant number of foreign orders,
rush orders, or many small-dollar purchases. These behaviors can be
evidence of fraudsters testing out schemes like card testing fraud.
4. Create Blacklists
If you pay for a fraud detection solution (or do it yourself), you may
start to notice that particular customers have tested credit cards with
your ecommerce business. Once you find these customers, put them on an
internal blacklist. A blacklist isn’t a complete solution, since fraudsters can keep using
new stolen customer identities. However, a blacklist can help you flag
potential fraudulent transactions before they occur based on past
behavior.
Some Future Trends in E commerce Fraud
https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/
In order to commit identity theft or appropriate someone’s identity,
fraudsters target personal information, such as names, addresses and
email addresses, as well as credit card or account information.
This enables them, for example, to order items online under a false
name and pay using someone else’s credit card information or by debiting
another person’s account.
Phishing, on the other hand, simply involves
using fraudulent websites, emails or text messages to access personal
data.
Another technical method is known as pharming, in which manipulated
browsers direct unsuspecting customers to fraudulent websites. Often,
all that is required to appropriate someone’s identity is a stolen
password. This can be used to take over an existing account with an
online shop – in most cases, the payment data is already stored in the
account.
Of course, hacker attacks on e-commerce providers and stealing customer
data also fall under this type of e-commerce fraud, as does using
malware on computers to commit identity theft by spying out sensitive
data.
‘Man-in-the-middle attacks’ are even more sophisticated. These involve
hackers muscling in on communications between customers and merchants
(or between customers and banks) in order to siphon off login data.
Friendly fraud
In fourth place is what the merchants surveyed refer to as ‘friendly
fraud’. This sounds friendlier than it really is: using this method,
customers order goods or services and pay for them – preferably using a
“pull” payment method like a credit card or direct debit.
Then, however, they deliberately initiate a charge-back, claiming
that their credit card or account details were stolen. They are
reimbursed – but they keep the goods or services. This fraud method is
particularly prevalent with services, such as those in the gambling or
adult milieus. Friendly fraud also tends to be combined with
re-shipping.
This is where criminals who use stolen payment data to pay for their
purchases don’t want to have them sent to their home addresses. Instead,
they use middlemen whose details are used to make the purchases and who
then forward the goods.
Clean fraud
The basic principle of clean fraud is that a stolen credit card is
used to make a purchase, but the transaction is then manipulated in such
a way that fraud detection functions are circumvented.
Much more know-how is required here than with friendly fraud, where
the only goal is to cancel the payment once a purchase has been made. In
clean fraud, criminals use sound analyses of the fraud detection
systems deployed, plus a great deal of knowledge about the rightful
owners of their stolen credit cards.
A great deal of correct information is then entered during the
payment process so that the fraud detection solution is fooled. Before
clean fraud is committed, card testing is often carried out. This
involves making cheap test purchases online to check that the stolen
credit card data works.
Merchant fraud
Merchant fraud is another method which must be mentioned. It’s very
simple: goods are offered at cheap prices, but are never shipped. The
payments are, of course, kept. This method of fraud also exists in
wholesale. It is not specific to any particular payment method, but this
is, of course, where no-chargeback payment methods (most of the push
payment types) come into their own.
Affiliate fraud
There are two variations of affiliate fraud, both of which have the
same aim: to glean more money from an affiliate program by manipulating
traffic or signup statistics. This can be done either using a fully
automated process or by getting real people to log into merchants’ sites
using fake accounts. This type of fraud is payment-method-neutral, but
extremely widely distributed.
Triangulation fraud
During triangulation fraud, the fraud is carried out via three
points. The first is a fake online storefront, which offers high-demand
goods at extremely low prices. In most cases, additional bait is added,
like the information that the goods will only be shipped immediately if
the goods are paid for using a credit card. The falsified shop collects
address and credit card data – this is its only purpose.
The second corner of the fraud triangle involves using other stolen
credit card data and the name collected to order goods at a real store
and ship them to the original customer.
The third point in the fraud triangle involves using the stolen credit
card data to make additional purchases. The order data and credit card
numbers are now almost impossible to connect, so the fraud usually
remains undiscovered for a longer period of time, resulting in greater
damages.
More international fraud
On average, the merchants who participated in the study do business
in 14 countries. According to 58% of those surveyed, the major challenge
in e-commerce fraud prevention is a lack of system integration to
provide a unified view of all their transactions across all markets.
Different devices
Fraud methods vary depending on the sales channel, and the fact that
most merchants aim to achieve multi-channel sales does not make the
situation any easier. According to 69% of merchants surveyed, sales via
third-party websites like Amazon, Alibaba or eBay are particularly
susceptible to fraud. These are followed by mobile sales (mentioned by
64%) and sales via their own online shops (55%).
https://spd.group/machine-learning/e-commerce-fraud-detection/
There are two major classes of Machine Learning algorithms —
supervised and unsupervised. Both can be used for fraud detection and
prevention, but each has its pros and cons.
Machine Learning
grounded detection solutions scan transactions and evaluate their
threat score, such as between 0 and 1. The score is then compared to a
pre-established threshold that will mark the transaction as fraudulent
or not. Let’s take a closer look at the nature of some of these
algorithms:
Supervised Decision Tree
After being fed data on fraudulent and normal transactions, a
supervised Decision Tree will then make a classification (a prediction).
The fraudulence score computation starts from the root node of the tree
when it is split into child nodes; other nodes are also split into
child nodes with binary or multi-fashion conditions. This is done
depending on the value of the input variable.
When the tree is built, a new data input (a transaction) is
classified by going through the root of the tree starting from the root
node according to the feature values of the input.
Supervised Support Vector Machine (SVM)
A Support Vector Machine (SVM) works in another way — it separates
transaction data samples into two classes on a plane graph in such an
order that the formula needed for it shows the smallest error as
compared to the ground truth dataset (real transactions labeled). The
main idea behind an SVM is to draw a line between classes that will
leave the biggest margins between fraudulent and non-fraudulent
transactions to achieve a high level of detection
Anomaly Detection Using Auto encoder
In the event that a customer has a very few examples of fraudulent
transactions, it is better to use Autoencoder — where fraudulent samples
are excluded on the step of model training, but are still used for
testing. All anomaly detection techniques are aimed at denoting unusual
or unexpected events in the data.
A neural autoencoder is a type of architecture that is trained on one
class of events and used to notify us about unusual events. The process
of training implies an equal number of input and output units that have
a certain number of layers in between. The final decision on whether a
transaction is fraudulent or not is based on the threshold value and the
distance between the input and its reproduced output layer.
Anomaly Detection Using Autoencoder
In the event that a customer has a very few examples of fraudulent
transactions, it is better to use Autoencoder — where fraudulent samples
are excluded on the step of model training, but are still used for
testing. All anomaly detection techniques are aimed at denoting unusual
or unexpected events in the data.
A neural autoencoder is a type of architecture that is trained on one
class of events and used to notify us about unusual events. The process
of training implies an equal number of input and output units that have
a certain number of layers in between. The final decision on whether a
transaction is fraudulent or not is based on the threshold value and the
distance between the input and its reproduced output layer.
Outlier Detection: Isolation Forest
The other technique that tackles cases where there are very few or no
fraudulent transactions in a dataset is Isolation Forest, which belongs
to the outlier techniques class. The idea behind the Isolation Forest
is that the outlier can be defined through making less random splits
than a data point that belongs to the normal class; outliers happen much
more rarely than normal samples and have values that are not typical
for the average values of a data set.
The algorithm chooses a split value out of a randomly selected value
range of a randomly selected feature. As a result of the selections, a
tree is grown. The tree depth is measured with the number of required
random splits (called mean length). When a forest consisting of such
trees is grown, the mean length number is measured over all trees and
becomes a measure of normality, or in the other words, the function we
use to trace outliers.
Random splits have significantly shorter tree depth in cases with
outliers than in cases with normal data samples. This helps us identify
which data points are likely to be outliers.
Why Does Machine Learning for E-Commerce Fraud Detection Work So Well?
We have described the inner workings of the technological approach,
now let’s highlight the main benefits of the ML in combating E-Commerce
fraud.
Real-Time Data Processing
Traditional detection systems can only work with scenarios that have
happened previously and prevent the types of fraud that have occurred in
the past. Only when an attempt is successful will the system be able to
make a correct conclusion. With Machine Learning it is different
because algorithms can consider changes in real time and act on a
fraudulent attempt, in some cases, even before the attack.
Finding Hidden Patterns
A ML-based system is constantly learning. Not only it is good at
finding hidden correlations beyond human capabilities, but also with
every discovered threat, it becomes better at finding new scenarios and
preventing them.
Proxy and VPN Detection
An honest client doesn’t need a VPN while attempting a purchase,
right? Of course, there are some people concerned about the security of
their personal data, but it is safe to assume that proxy users might be
suspicious clients worthy of further investigation.
Behavior Analytics
When the system knows the typical behavioral patterns of each client,
it can easily pick up on deviations and spot suspicious behavior.
Sometimes it can be an easy way to detect a criminal breaking into a
customer’s account.
Quick and Accurate Verifications
Automated verification can speed up the whole purchase process for
the client and operate on defined rules, eliminating the mistakes human
employees might make.
Leveraging Big Data
An ML-based system can work with an enormous amount of data, saving
the money required to have a large team of analysts. If you have a
large-scale business with consistently added layers of information, this
could be a key component in fighting and preventing fraud.
Consistent Results
People make mistakes that accurately programmed algorithms don’t ever
make. With a properly installed automated system, you will get
consistent security without occasional breakdowns because of human
error.
How to Stop E-commerce Fraud? Some Advice for Retailers to Stay Safe and Proven Fraud Detection Methods
Customer Support Should be Guided with E-commerce Fraud Prevention Tips
Your E-commerce customer service undoubtedly plays a critical role in
ensuring that the troubles and inconveniences your customers face are
taken care of, while it also can contribute to your fraud prevention
strategy.
To prevent situations where your customer support team lets
fraudsters get away with illegal purchases, you should organize the
training process in order for them to learn to be careful and pay
attention to signs of fraud. Also, think of adding more employees during
peak sales periods. The faster your customer support treats customers’
requests, the more customers will be satisfied.
Customize your Legal Policies
Your E-commerce business needs customized fraud prevention legal
policies, rather than simply using the policies of popular E-commerce
stores. Consider wisely as to what practices you should and should not
use.
Usually, criminals carefully consider the niche and location of an
online store that they are going to compromise. So, it is necessary to
adjust existing policies to your particular case. Be true to your
policies and protect their necessity — even if some of your customers
find it troublesome to follow some of the rules.
Acknowledge the Importance of PCI Compliance
We have already mentioned PCI Compliance in this article, but it is
hard to overestimate the impact of it on your security status. In fact,
what we didn’t mention is the fact that PCI compliance is mandatory for
E-Commerce retailers working with financial transactions. Failure to
adhere to such compliance may result in an up to $100,000 fine for the
business owner. However, you don’t always need to handle this aspect,
because some payment gateway providers guarantee PCI security on their
side. These standards are super important in maintaining the security of
all financial information.
Protect Your Website
The most vulnerable spot in every E-Commerce store is the payment
mechanism, PCI compliance gives you a good chance of protecting this
area. But what about the website in general? It makes sense to give as
much attention to every element of your website as you do to protecting
the checkout process. Here are some tips that will help you improve the
security of your website:
- Use an SSL certificate for encryption that will protect the data
coming from the browsers of your customers. Additionally, Google ranks
HTTPS-sites very highly, so you will achieve an SEO advantage.
- Consider adding a security auditor to your team who will try to find the weak spots of your E-Commerce website.
- Leverage the OSSEC and other monitoring tools to get fraud prevention in real-time.
Delivery Tracking is a Must
Implement tracking numbers and signature upon delivery to your
E-Commerce platform, if you haven’t done that. This type of chargeback
fraud is called “friendly,” but there is nothing friendly about being
vulnerable to criminals disguised as your customers or a significant
financial loss due to the mistakes of the real customers.
Store As Little Customer Data As Possible
Avoid storing credit card data and personal information on your
website if you can. The less information you will have, the less there
is to steal. Let the payment gateway be responsible for all the
sensitive information that might get you in trouble in the event of a
data breach. For the recurring payments option, if you choose to have
one, you need to be PCI compliant and follow strict storage guidelines;
there is no other alternative.
Keep Track of Every Fraud Attempt
If you don’t have an automated solution at the moment, you need to
save all historical data manually. When you have a database of every
fraudulent attempt, successful or not, it is much easier to prevent
future possible situations and feed this information to the ML algorithm
(once you have it). Keep your enemies close by keeping a detailed
notebook with all hacker attack information to build your future defense
strategy upon. You can spot certain patterns by yourself and be aware
of certain countries or regions as potentially dangerous.
Use Up-to-Date Software
The hackers are very inventive, especially in the COVID-19 era. Don’t
give them a chance to find a vulnerability in your system due to dated
software. It is a good idea to use protection tools and regularly scan
your website for malware. Formjacking attacks can be a problem even if
you have SSL protection. So, additional tools are required. Skimmers are
targeting the websites of merchants of any size. Therefore,
unfortunately, even small businesses are not safe.
Summary
What Are the Services and Software Solutions that Can Help Solve Problems in E-commerce Transactions?
There are a number of services and software solutions such as Subuno
or Riskified that claim to help solve the problem of E-commerce fraud,
but not all of them rely on innovative methods such as AI-driven
solutions. SPD-Group develops custom software that can be grounded on
Machine Learning to achieve high accuracy in the detection of E-commerce
fraud.
How Can We Minimize Losses from E-commerce Fraud with Modern Tools?
Modern tools are more efficient in minimizing fraud losses because
they can learn new fraudulent patterns from transactions that happen
over time; also, modern tools are quicker than old tools. Paired with
E-commerce fraud detection best practices like PCI standards, AVS, CVV,
and others, a potent fraud detection system for a business can be
created.
Why
Machine Learning? What’s the Difference Between Old School Methods Like
Rule-based Detection for E-commerce Fraud Prevention?
The first and the main difference between classical methods and
machine learning for E-commerce fraud prevention is that the latter is a
learning system, meaning that it is programmed in order to learn to
perform a task — while rule-based methods do not react to any new
patterns.
What Types of Fraudulent Scenarios Can We Detect Using ML?
We can detect cases of E-commerce frauds related to online purchases,
transactions, and chargebacks. In general, we can detect which activity
happens from a compromised user account or when a compromised credit
card is being used.
What Are the Best Machine Learning Methods to Efficiently Detect Fraud?
Machine learning for E-commerce uses supervised and unsupervised
anomaly detection methods that find fraudulent patterns in online
transactions information or user behavior patterns.
What are the measures that can lead to the reduction of online fraud?
Keep your software up-to-date, follow a strict set of security
protocols, keep your passwords strong, inform your employees about
adherence to the legal policies and the importance of data security.
Leverage the latest technology and tools to be one step ahead of the
most skilled hackers!
Final Word
Looking at the world’s rising trend for E-commerce businesses, the
amount of online purchases and transactions is booming as well the rise
of fraudulent activity. A business should carefully consider the
opportunities offered by relevant companies in the field of fraud
detection and prevention and choose the best option — such as machine
learning based algorithms that can improve over time and find new
fraudulent patterns. Also, common security policies and PCI standards
should not be overlooked while making your business more secure and
reliable for your customers.
https://kount.com/blog/ecommerce-fraud-prevention-detection-best-practices/
10 eCommerce fraud types
- Payments fraud
- Friendly fraud
- Account takeover (ATO) fraud
- Retail arbitrage fraud
- New account opening (NAO) fraud
- eGift card fraud
- Refund fraud
- Promotion or coupon fraud
- Triangulation fraud
- Interception fraud
1. Payments fraud
Payments fraud occurs when bad actors use stolen credit cards to
purchase goods and profit by reselling items. Card-not-present (CNP)
transactions are most at risk for this type of fraud because the bad
actor doesn’t have to present the card at the point of purchase.
Businesses that don’t proactively prevent payments fraud risk losing money to chargebacks, false positives, and operational inefficiencies.
2. Friendly fraud
Friendly fraud
occurs when a consumer makes an online purchase and then disputes the
charge with their bank. These disputes often end in chargebacks for the
merchant. In some cases, the consumer has malicious intent to dispute
the payment and keep the goods or services. But more often, consumers
call their credit card companies or banks to dispute charges they don’t
recognize.
Usually, friendly fraud isn’t attributed to criminal enterprises, but
it can still damage profits and affect inventory. However, businesses
and merchants can prevent friendly fraud, resolve disputes, and avoid
chargebacks with a real-time chargeback prevention solution.
3. Account takeover (ATO) fraud
Account takeover fraud
occurs when a human, bot, or botnet uses stolen credentials to access
customer accounts. Once they have access, bad actors can drain monetary
funds or loyalty points, steal customer data, or purchase goods or
services. Beyond lost revenue, account takeover fraud damages brand
reputations and can permanently erode the trust of good customers.
The rise in this type of non-financial credentials fraud is due to
the dark web demand for stolen email addresses, passwords, and other
private personal information. When a bad actor discovers the right
combination of username and password, they can access and exploit
genuine customer accounts.
4. Retail arbitrage fraud
Retail arbitrage fraud occurs when malicious bots allow a single
buyer to purchase large quantities of discounted items for resale on a
different marketplace. This type of fraud can quickly undercut revenue
and profits, drain inventory, and steal discount-conscious customers
away. Retail arbitrage fraud can result in dramatic price differences
across marketplaces and poor customer experiences that can reflect
poorly on brands.
Bots are evolving, so malicious bots are becoming harder to detect
and block with perimeter security, web application firewalls, and
content delivery networks. The latest generation of bot protection solutions
can accurately identify and classify even the most sophisticated bots.
They can block malicious bot activity, allow good bot activity, and
verify questionable bot activity with step-up authentication.
5. New account opening (NAO) fraud
New account opening fraud
occurs when a bad actor creates new accounts to take advantage of
offers and services. The bad actor creates the account using bits and
pieces of real identity data. This makes it hard for the merchant to
determine if the account belongs to a legitimate customer. Without
eCommerce fraud detection methods, this can lead to identity fraud and
illegitimate purchases online.
6. eGift card fraud
With eGift card fraud, a bad actor steals a consumer’s payment
information and buys an eGift card. From there, the bad actor may resell
the eGift card online. When another consumer buys it, the bad actor
pockets the consumer’s money and payment information. Meanwhile, the
original consumer whose payment information the bad actor used to buy
the eGift card calls their credit card company to dispute the charge.
The dispute ends in a chargeback for the merchant.
eGift card fraud is difficult to trace because bad actors don’t have
to ship cards to an address. So when it comes to resolving eGift card
fraud, merchants take a significant financial hit. Luckily, there are
several ways businesses and merchants can avoid eGift card fraud.
7. Refund fraud
Refund fraud is a big problem for any company that ships goods or accepts returns. Essentially, refund fraud
happens when bad actors exploit gaps in logistics or fulfillment
processes to turn a profit or get goods for free. There are several
kinds of refund fraud, including did-not-arrive (DNA), empty box or
partially empty box, fake tracking ID (FTID), and refund as a service. Some bad actors are part of larger, more organized groups abusing refund policies.
But not all bad actors are in those bigger groups. Some are
opportunistic customers. And, unfortunately, refund fraud happens
without a chargeback or a traditional dispute to alert the merchant,
which makes it hard to detect.
8. Promotion or coupon fraud
Businesses depend on promotional sales and lead-generating
promotional campaigns to acquire new customers and keep loyal customers
happy. In promotion or coupon fraud, a bad actor abuses a business’s
coupon or promotional policies. Bad actors may attempt to defraud a
business by using promotional codes multiple times or abusing coupon
policies to obtain goods for free. Referral programs and sale-saving
tactics like cart-abandonment and apology vouchers are most at risk for
this type of fraud.
9. Triangulation fraud
Triangulation fraud occurs when bad actors build fake online stores
to sell items at cheaper prices. The fake store has a single purpose: to
steal credit card data. After the bad actor collects a consumer’s
credit card information, they forward the legitimate transaction to the
real merchant. The real merchant charges the customer a second time,
which leads to chargebacks. If the consumer doesn’t realize their credit
card information was compromised, the bad actor may keep the stolen
information and make purchases elsewhere.
10. Interception fraud
With interception fraud, bad actors attempt to intercept a customer’s
order and obtain goods for resale. To do this, the bad actor will
contact a vendor’s customer service partner to have the order’s shipping
address changed to their own. Bad actors may also approach the shipping
company directly and ask them to reroute a delivery to an alternative
address so they can intercept it. Interception fraud requires taking
over a customer’s account to access order and shipping details.
10 signs of eCommerce fraud
Establishing identity trust
is the best way to prevent eCommerce fraud. Manual reviews alone will
be unsustainable when online orders increase. But there are 10 signs of
eCommerce fraud all businesses and merchants can watch for:
- Customers create new email addresses to make purchases.
- Customers place higher- or lower-than-average orders.
- Customers place multiple orders in quick succession.
- Customers pay more for expedited shipping.
- Customers ship items to unusual locations.
- Customers order a product in large quantities.
- Customers use multiple shipping addresses.
- Customers use shipping or billing addresses that don’t match their IP address.
- Customers use multiple cards from a single IP address.
- Customers ship multiple orders to the same address using different cards.
1. Customers create new email addresses to make purchases
It’s not uncommon for consumers to use the same email addresses for many years, so customers registering new email addresses may indicate fraud.
Knowing an email address’s date first seen, for example, can help
establish identity trust, especially for businesses that use eCommerce
fraud prevention tools like Email Insights. If an email address has an age of zero, it may indicate that a bad actor created the email address on the day for fraud.
Meanwhile, the email address’s date last seen can indicate how long
it’s been since a customer used that email address. An email address
that hasn’t been seen in several years, for example, may have been
accessed through account takeover fraud.
2. Customers place higher- or lower-than-average orders
If a good customer suddenly places an order that’s significantly
higher than average, they may be a victim of fraud. The same goes for
good customers who place lower-than-average orders, as they may be the
victims of account takeover fraud. A business’s products, services, or
industry standards may determine what behavior is normal or risky. But,
generally, purchases that are too high or too low may be cause for
suspicion.
3. Customers place multiple orders in quick succession
If a business finds that customers place multiple orders in rapid
succession in small denominations, a bad actor may be card testing. Bad
actors use card testing
to validate stolen credit cards. Once they confirm which credit card
numbers are live, they can make larger fraudulent purchases. With card
testing, a bad actor may place multiple small orders at once or within a
short time frame on one or many credit cards.
Essentially, they’re weeding out canceled or invalid numbers.
Quick-service restaurants, in particular, are prime targets for card
testing because they offer low-dollar-value items. It’s not atypical to
fulfill a series of inexpensive purchases.
4. Customers pay more for expedited shipping
Bad actors may expedite shipping on fraudulent purchases to decrease
the chances that a merchant will manually review the order. They know
stolen cards have a short lifespan, so they’re more likely to pay for
faster, more expensive shipping. After all, it’s not their money the bad
actor is spending. This sign of eCommerce fraud goes hand in hand with
orders that are significantly higher than average. Expedited shipping
isn’t a red flag on its own. But it may be a strong indicator if
merchants see it with other items on this list.
5. Customers ship items to unusual locations
Mismatched shipping and billing addresses may be an indicator of
fraud, especially if the discrepancy is several states or countries
apart and not marked as gifts. If a business predominantly sells
domestically, an unexpected uptick in international orders may also
indicate fraud.
6. Customers order a product in large quantities
If a business receives orders for higher-than-average quantities of
one product, the orders might be fraudulent. As other circumstances on
this list highlight, bad actors tend to expedite large orders, knowing
victims can cancel stolen cards at any time. If a large order for the
same product comes through, consider following up with the customer to
confirm and clarify purchase details.
7. Customers use multiple shipping addresses
Sometimes bad actors place orders to multiple shipping addresses with
several stolen cards, each placed under different names. If a
customer’s account has multiple shipping addresses attached to it, this
is a red flag.
8. Customers use shipping or billing addresses that don’t match their IP address
The benefit of eCommerce stores is that businesses can track the most
granular details of a customer’s order: from their billing and shipping
addresses to their IP address at checkout. If these don’t match, it
should raise a red flag. For example, if an IP address and a shipping
address are different from an order’s billing address, the transaction
may require more scrutiny.
9. Customers use multiple cards from a single IP address
If customers place orders from the same IP address but several cards,
this could indicate a problem. Although it’s not unusual for customers
to have more than one card, several cards — especially used at the same
time — should be considered suspicious.
10. Customers ship multiple orders to the same address using different cards
This is a sign of lazy eCommerce fraud, yet it happens. Often, bad
actors won’t steal information from a single card but will use multiple
cards. Then they’ll attempt to place fraudulent orders with different
cards and ship them to the same address. If a customer ships multiple
orders with different cards to the same address, whether over one
transaction or several, it could be fraud.
9 industry best practices for eCommerce fraud detection
The following industry best practices can help prevent eCommerce
fraud, whether used individually or in conjunction with other behavioral
indicators.
- Implement AI and machine learning.
- Link fraud signals from a data network that’s larger than your own.
- Implement risk-based or step-up authentication.
- Implement card security code requirements.
- Invest in Address Verification Services (AVS).
- Partner with a reliable third-party payment processor.
- Follow PCI standards.
- Train customer service reps on fraud.
- Keep fraud prevention software updated.
1. Implement AI and machine learning
The best way to detect and prevent eCommerce fraud is to not rely on human decisions alone. AI fraud prevention
simulates the work of experienced fraud analysts but without human
error. It weighs the risk of fraud against the customer’s value on a
faster and more scalable basis than a human.
AI can weigh fraud risks with the help of supervised and unsupervised
machine learning. Supervised machine learning detects emerging fraud
attacks, and unsupervised machine learning accounts for past decisions.
eCommerce businesses that use AI don’t just detect and prevent fraud.
They accept more good orders, reduce manual reviews, and have more
control over business outcomes.
2. Link fraud signals from a data network that’s larger than your own
A single sign of fraud or purchase-related red flag isn’t enough to
indicate fraud. Businesses and fraud analysts should link identity
elements from the fraud signals listed to better establish identity
trust. And leveraging a robust data network can help them do it.
A data network that accounts for billions of digital interactions
from industries across the globe can help analysts determine if a
purchase is legitimate or suspicious. The more data an eCommerce
business has, the faster and more accurately it can detect fraud.
3. Implement risk-based or step-up authentication
Implementing strong password requirements on your customer accounts
can reduce fraudulent activity. The better the password, the harder it
will be for a bad actor to break into a customer’s account. But safety
isn’t guaranteed.
With risk-based authentication (RBA) or step-up authentication,
issuing banks apply varying levels of scrutiny to authentication
processes based on the interaction’s level of risk. The higher the risk,
the more rigorous the authentication process. Step-up authentication
challenges experiences that present a higher likelihood of fraud.
4. Implement card security code requirements
Some eCommerce activities, like card-not-present (CNP) transactions,
pose a higher risk of fraud. In a CNP transaction, a customer isn’t
required to present a card to complete a purchase. CNP transactions are
common when customers make purchases online, via mobile app, or over the
phone.
These transactions pose a higher risk of fraud because businesses and
merchants can’t verify a cardholder’s identity easily. Businesses
should implement card security code requirements to prevent CNP fraud.
Asking for each card’s three- or four-digit code can reduce the
probability that a transaction is fraudulent.
5. Invest in Address Verification Services (AVS)
Bad actors regularly ship goods to different addresses. Investing in
an Address Verification Service (AVS) can help businesses establish
trust in their customers. Credit card companies provide AVS and compare
the address a customer submits with their known address on file with
their issuing bank. Then the issuing bank returns an AVS code to the
business or merchant.
AVS codes indicate discrepancies like house or unit numbers that
don’t match ZIP codes, for example. Credit card processors may charge a
fee for each verification. But AVS can reduce the likelihood of fraud by
helping businesses to decide to accept, reject, or flag transactions.
6. Partner with a reliable third-party payment processor
Outsourcing fraud checks to a third-party payment processor is one of
the easiest and safest ways to prevent eCommerce fraud. Third-party
payment processors often manage things like customer chargebacks,
security compliance, and data storage.
Keeping customer data safe should be a top priority, especially if
customers save their credit card details in their accounts. A
third-party payment processor can keep customers’ private information
secure, which can cut the number of eCommerce fraud attempts against a
store.
7. Follow PCI standards
Payment Card Industry (PCI) standards
help businesses protect themselves and their customers from eCommerce
fraud. PCI standards include six major objectives, 12 key requirements,
78 base requirements, and over 400 test procedures. MasterCard, American
Express, and Visa set PCI standards to safeguard consumer data.
The Payment Card Industry Security Standards Council enforces these
standards, which are mandatory for online retailers. Most major payment
processors comply with PCI standards. But businesses and merchants must
do their research before choosing a third-party payment processor.
8. Train customer service reps on fraud
Training can play a crucial role in preventing fraudulent activity.
With a well-trained customer support team and stringent security system,
businesses are less likely to be victims of fraud. With sufficient
anti-fraud training, customer service reps can identify and respond to
potentially fraudulent inquiries more effectively.
9. Keep fraud prevention software updated
If a business uses software to prevent eCommerce fraud, keep that
software updated. Bad actors are constantly finding ways to avoid
getting caught, and anti-fraud software providers adjust to fight them
every step of the way. But software that’s out of date can leave
businesses vulnerable to new fraud patterns.
Anti-fraud software relies on security patches to prevent evolving
fraud behaviors and protect against new viruses and malware. Without
updates, businesses risk bad actors accessing data and sidestepping
measures that reduce fraudulent activity.
eCommerce fraud detection is easier than ever
Relying on manual
reviews alone is tedious, hard to scale, and prone to human error.
Businesses should invest in powerful fraud prevention software to scale
eCommerce fraud detection and prevention more efficiently and
accurately.
With Kount’s AI-driven fraud prevention solution, businesses can
prevent emerging fraud, accept more good orders, reduce manual reviews,
and control business outcomes. Kount’s AI simulates an experienced fraud
analyst by weighing the risk of fraud against the customer’s value. But
it’s faster and more scalable. Plus, Kount protects the entire customer
journey and creates friction-less experiences for good customers, which
is essential for repeat business.
eCommerce fraud will continue to evolve, but the technology that
prevents it has never been more advanced. eCommerce businesses need to
know the red flags that indicate fraud so that they can reduce
fraudulent activity. Kount’s AI-driven eCommerce fraud prevention
solution can automatically identify those flags to help businesses
determine risk levels for each interaction. By determining the right
level of identity trust, businesses can protect revenue and customer
data
https://www.cloudways.com/blog/ecommerce-fraud-prevention/
Basics of E commerce Fraud Prevention
1. Addressing Verification System
Use AVS (Address Verification System). It’s amazing. It helps you
secure your eCommerce business by verifying the customer’s billing
address, whether it’s the same as the credit card company has on the
records or not.
2. Following PCI Standards
PCI or, Payment Card Industry (PCI) has security regulations for
every eCommerce company to follow. These standards make your
transactions more secure. If you don’t adhere to the PCI standards, you
can easily become a victim to eCommerce frauds or might even expose
yourself to a hefty lawsuit, especially if your eCommerce payment processing channels are exposed.
The bad guys hide behind international borders, and because your
local authorities may have no jurisdiction over them, it can be
problematic for you to recover your stolen money or data.
3. Setting Strong Password Requirements
Restrictive password requirements often frustrate us. But as a matter
of fact, using a complicated password protects your customers as well
as your business. It is a smart practice to insert different types of
characters in your password to reduce the chances for hackers to attack
you.
1. No Debit, Only Credit
You must use your credit card instead of your debit card to purchase
online as it is more secure. If a fraudster gets his hands on your debit
card, he can gain access to your bank account.
2. Be Careful when Clicking CTAs
Do not immediately click on the pop-ups, or purchase anything from
pop-up deals. You must land on the product page and purchase the product
from there. It is also recommended not to click on ‘buy now’ or similar
CTAs when you receive promotional emails. Instead, visit and order from
their website.
3. Make use of Password Manager
Most of the merchants offer ‘Save Your Payment Information’ to make
it more convenient for the customers to purchase from them in the
future. Therefore, if you are shopping from a lot of ecommerce websites,
especially during Black Friday or Cyber Monday, you must use strong
passwords.
