E-commerse

https://www.bigcommerce.com/blog/ecommerce-fraud/#six-types-of-ecommerce-fraud

If you own or operate an online store, you must protect yourself against fraudsters who steal from you, wreck your online reputation, alienate your customers, damage your brand, and hurt your profits.

Why Does E commerce Fraud Take Place?

Today, fraudsters have it much easier. They simply visit a website on the dark web and buy as many stolen credit cards as they need. During the first half of 2019, there were at least 23 million stolen credit cards for sale on the dark web.

2. Anonymity. 

Payment fraud is also popular because it is conducted unseen. The fraudsters don’t have to walk into a store, say a word to anyone, or risk getting captured on store cameras. All they need is a computer and an Internet connection. They can operate from any location, at any time of day, unseen.

Online fraudsters typically create fake email accounts and rent post office boxes using aliases that reveal no personally identifiable information about themselves

3. Evasion.

E commerce fraudsters know that police departments do not make eCommerce fraud a priority. For one thing, the amounts of money involved in each fraudulent transaction are typically small relative to other types of crimes. Plus, online fraud is increasingly conducted across international borders, making it hard for the police to locate and prosecute online criminals in other countries.

1. Credit card fraud. 

2. Affiliate fraud. 

Affiliate fraud is illegal activity intended to generate affiliate commissions.

 A common form of affiliate fraud is “typosquatting,”in which a criminal registers domain names that match commonly mistyped versions of an online store’s legitimate URL. The fraudster then redirects that domain name to the merchant’s website—but with an affiliate link.

How to Identify Ecommerce Fraud Online

• Inconsistent order data: The zip code and city entered don’t match. Or the IP address of the shopper and their email address don’t match.
• Larger than average order: The order is far larger than your customer typically spends. Other red flags include multiple units of the same SKU in one order, and expedited shipping (the crook wants to receive the order before getting caught).
• Unusual location: Your customer always purchases from an IP address in North America but suddenly makes a purchase from an IP address in an unusual location (Nigeria, for example).
• Multiple shipping addresses: The buyer makes multiple purchases under one billing address but ships the products to multiple addresses.
• Many transactions in a short timeframe: The fraudster makes multiple purchases back to back—and it’s not the holiday season.
• Multiple orders from many credit cards: Someone makes multiple purchases using multiple credit cards (either in one day or over a longer period.
• Multiple declined transactions in a row: The purchaser makes not just one or two attempts (honest shoppers make mistakes, after all), but four, five, six, seven, eight or more attempts without getting the card number, expiry date, and card security code correct.
• Strings of orders from a new country: You’ve never received a single order from the Kingdom of Bhutan, and then you suddenly receive 11 orders from that country in the space of a week.

11 Steps for Preventing Fraud on Your Ecommerce Store

Conduct regular site security audits. 

Want to discover flaws in your security before criminals and fraudsters do? Conduct security audits—often. Ask yourself these questions:

• Are our shopping-cart software and plugins up-to-date?
• Is our SSL certificate current and working?
• Is our store PCI-DSS compliant (Payment Card Industry Data Security Standard)?
• Are we backing up our online store often enough?
• Are we using strong passwords for admin accounts, hosting dashboards, CMS, database, and FTP access?
• Are we scanning our website regularly for malware?
• Are we encrypting communication between our store and our customers and suppliers?
• Have we removed inactive plugins?

2. Make sure your store is PCI compliant. 

If you operate an online store that accepts credit card payments, you must be PCI compliant. PCI stands for Payment Card Industry. PCI standards for compliance are developed and managed by the PCI Security Standards Council to ensure the security of credit card transactions in the payments industry. PCI compliance means your online store and your businesses processes meet these PCI standards. If you operate a SaaS-based ecommerce store, your platform will typically provide this compliance.

3. Monitor your site regularly for suspicious activity.

Bricks-and-mortar stores hire fraud prevention officers to catch shoplifters. You can protect your online store against fraudulent transactions by monitoring your store for suspicious activity. Monitor your accounts and transactions for red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers. Use tools that track customer IP addresses and alert you to any addresses from countries known as a base for fraudsters.

4. Use an Address Verification Service (AVS).

Credit card processors and issuing banks will usually offer an Address Verification Service to detect suspicious credit card transactions in real-time and prevent credit card fraud. The Address Verification Service checks the billing address submitted by the card user (the customer) with the cardholder’s billing address that’s on file with the issuing bank. This check takes place as part of the merchant’s request to the payment processor for authorization of the credit card transaction. When addresses don’t match, the system either declines the transaction or flags it for investigation.

5. Require Card Verification Value (CVV) numbers for all purchases.

The three-digit security code on the back of VISA®, MasterCard® and Discover® credit and debit cards and the four-digit security code on the back of American Express® credit and debit cards is called the Card Verification Value (CVV) or Card Security Code (CSC). By requiring all purchasers to supply this code for every transaction, you ensure that customers have the physical credit card in their possession. This helps to keep you safe and reduces fraud.

6. Use Hypertext Transfer Protocol Secure (HTTPS). 

HTTPS is the secure version of HTTP, which is the primary protocol used to send data between a customer’s web browser (like google) and your online store.  HTTPS encrypts this data to protect sensitive information, such as customer names, addresses and credit card numbers. Using HTTPS prevents your online store from having its transactions broadcast in a way that’s easily viewed by hackers, cybercriminals, and fraudsters. You use HTTPS by buying an SSL certificate. 

7. Avoid collecting too much sensitive customer data.

One way to protect your store in the event of a data breach or hack is to collect and store as little customer data as possible. Hackers can’t steal what you don’t have. So only collect the data you need to complete a transaction and ship the product. Avoid collecting Social Security numbers, birth dates and other unnecessary sensitive customer data.

8. Set limits on purchases. 

Based on your order and revenue trends, set limits for the number of purchases and total dollar value you’ll accept from one account in a single day. This reduces your exposure to a minimum should fraud occur.

9. Try an anti-fraud solution.

• Rudimentary anti-fraud tools perform a specific, single function. They are typically integrated into online shopping carts and ecommerce platforms. These tools use machine learning algorithms to identify fraudulent transactions through IP geolocation, validate email addresses, conduct device fingerprinting, and verify addresses.
• Mid-level anti-fraud tools offer a wider variety of functions, including chargeback guarantees, auto declining of high-risk orders, protections against new account fraud and account takeover protection.
• Top-level anti-fraud tools offer everything the other tools offer plus outsourced case management, expertise working with large merchants, loyalty fraud management, policy abuse protection, automatic decisions, and manual review of suspicious transactions, ensuring that no good order is mistakenly declined by the software.

10. Double check that the IP address and credit card address match. 

Every order placed on your online store comes from a unique, public IP address (a string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over the Internet). From the IP address, you can generally detect the city or region of the world where the purchaser is making the purchase. If this city or region does not match the address of the credit card being used, that’s a red flag.

11. Avoid non-physical shipping addresses.  

Fraudsters commonly avoid detection by protecting their physical address, preferring to use a PO box or other anonymous location. After all, the police can’t come knocking if there’s no door to knock on.  

If you are an online merchant, and if you want to prevent this type of fraud, never ship online orders to PO boxes and other virtual addresses, such as those of freight forwarders. You can spot addresses that belong to freight forwarders because they have a container number in the address, such as 726 Dock Road Suite 300 #KXQ-582899328

https://thegood.com/insights/ecommerce-fraud/

• Ecommerce fraud is sophisticated and ever-evolving, as fraudsters leverage more advanced tactics with every passing year. Malicious actors only need to be right once, whereas you need to be right every time.
  
• Personal and credit card information and the card doesn’t need to be present for the transaction. In some cases, hackers steal personal and financial information and sell it on the black market
  
• Friendly fraud, where the customer intentionally files a chargeback to gain a free product and avoid payment.

The best way to combat fraud is to identify why fraud is occurring in the first place, and then develop strategies to prevent and protect against these attacks, in order to secure your ecommerce site

1. Card Testing Fraud

Card testing fraud is when someone gains access to one or more stolen credit card numbers, through theft or by purchasing card data on the dark web. Even though they have the credit card numbers, they do not know (1) whether the card numbers can be used to successfully complete a transaction or (2) the limit associated with that credit card. 

2. Friendly Fraud

Friendly fraud (also called chargeback fraud) is when someone purchases an item or service online and then requests a chargeback from the payment processor, claiming the transaction was invalid. The credit card companies or bank returns the transaction value to the customer, which must still be paid by the retailer.

The fraudster may purchase an item from your online store and argue that the item was never delivered, they may tell their credit card issuer that they returned the item to the merchant, but that a refund was never processed, or they can even say that they canceled the order, but it was still sent to them.

3. Refund Fraud

Refund fraud is when someone uses a stolen credit card to make a purchase on an eCommerce website. The fraudster then contacts the eCommerce business and requests a reimbursement due to an accidental over payment.

4. Account Takeover Fraud

Account takeover fraud occurs when someone gains access to a user’s account on an ecommerce store or website. This can be achieved through a variety of methods, including purchasing stolen password, security codes, or personal information on the dark web or successfully implementing a phishing scheme against a particular customer.

5. Interception Fraud

Interception fraud is when fraudsters place orders on your eCommerce website where the billing address and shipping address match the information linked to a stolen credit card. Once the order is placed, their goal is to intercept the package and take the goods for themselves.

6. Triangulation Fraud

Setting up this storefront brings in a number of legitimate customers who are looking to take advantage of an incredible bargain. Once these customers place orders on the fraudsters website, the fraudster uses stolen credit card numbers to purchase legitimate goods from your eCommerce website, and then send those goods to their customers.  

Merchant fraud

Merchant fraud is another method which must be mentioned. It’s very simple: goods are offered at cheap prices, but are never shipped. The payments are, of course, kept. This method of fraud also exists in wholesale. It is not specific to any particular payment method, but this is, of course, where no-charge back payment methods (most of the push payment types) come into their own.

 

1. Take Advantage of Fraud Detection Solutions

This is one of the most effective ways to fight back against all types of ecommerce fraud. A fraud detection solution is essentially a third-party solution that specializes in identifying red flag transactions and protecting ecommerce merchants from card testing fraud, friendly fraud, and chargeback fraud.

A fraud detection solution is helpful for ecommerce organizations of all sizes, and is one of the best forms of fraud protection for ecommerce businesses. That said, it can be especially valuable for smaller companies who do not have the time, resources, or talent to implement their own fraud solutions. While you will want to do your due diligence to find the best vendor, a fraud detection solution can be a great way to fight back against fraudsters.

2. Maintain PCI Compliance

The Payment Card Industry Data Security Standard (PCI DDS) is a widely-respected set of requirements ensuring companies storing and processing credit card information and cardholder information—like ecommerce companies—maintain a secure environment. PCI compliance results in basic security precautions, including things like creating a firewall between your internet connection and any system storing credit card numbers. Ultimately, PCI compliance is mandatory, so you must ensure that you are abiding by relevant PCI guidelines to avoid any sanctions or penalties.

3. Be Extra Vigilant During the Holidays

The holiday months can be some of the most critical months for your business, as more people buy using ecommerce stores for Black Friday, Cyber Monday, and various December holidays. Customers are also preoccupied and busy during these times, and often adhere to fewer safety precautions.

The simple fact is that many fraudsters rely on merchants being too busy or preoccupied to spot potential fraud during these months. During the holiday months, be extra careful when receiving a significant number of foreign orders, rush orders, or many small-dollar purchases. These behaviors can be evidence of fraudsters testing out schemes like card testing fraud.

4. Create Blacklists

If you pay for a fraud detection solution (or do it yourself), you may start to notice that particular customers have tested credit cards with your ecommerce business. Once you find these customers, put them on an internal blacklist. A blacklist isn’t a complete solution, since fraudsters can keep using new stolen customer identities. However, a blacklist can help you flag potential fraudulent transactions before they occur based on past behavior.

Some Future Trends in E commerce Fraud

 https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/

In order to commit identity theft or appropriate someone’s identity, fraudsters target personal information, such as names, addresses and email addresses, as well as credit card or account information.

This enables them, for example, to order items online under a false name and pay using someone else’s credit card information or by debiting another person’s account. 

Phishing, on the other hand, simply involves using fraudulent websites, emails or text messages to access personal data.

Another technical method is known as pharming, in which manipulated browsers direct unsuspecting customers to fraudulent websites. Often, all that is required to appropriate someone’s identity is a stolen password. This can be used to take over an existing account with an online shop – in most cases, the payment data is already stored in the account.

Of course, hacker attacks on e-commerce providers and stealing customer data also fall under this type of e-commerce fraud, as does using malware on computers to commit identity theft by spying out sensitive data.

 ‘Man-in-the-middle attacks’ are even more sophisticated. These involve hackers muscling in on communications between customers and merchants (or between customers and banks) in order to siphon off login data.

Friendly fraud

In fourth place is what the merchants surveyed refer to as ‘friendly fraud’. This sounds friendlier than it really is: using this method, customers order goods or services and pay for them – preferably using a “pull” payment method like a credit card or direct debit.

Then, however, they deliberately initiate a charge-back, claiming that their credit card or account details were stolen. They are reimbursed – but they keep the goods or services. This fraud method is particularly prevalent with services, such as those in the gambling or adult milieus. Friendly fraud also tends to be combined with re-shipping.

This is where criminals who use stolen payment data to pay for their purchases don’t want to have them sent to their home addresses. Instead, they use middlemen whose details are used to make the purchases and who then forward the goods.

Clean fraud

The basic principle of clean fraud is that a stolen credit card is used to make a purchase, but the transaction is then manipulated in such a way that fraud detection functions are circumvented.

Much more know-how is required here than with friendly fraud, where the only goal is to cancel the payment once a purchase has been made. In clean fraud, criminals use sound analyses of the fraud detection systems deployed, plus a great deal of knowledge about the rightful owners of their stolen credit cards.

A great deal of correct information is then entered during the payment process so that the fraud detection solution is fooled. Before clean fraud is committed, card testing is often carried out. This involves making cheap test purchases online to check that the stolen credit card data works.

Merchant fraud

Merchant fraud is another method which must be mentioned. It’s very simple: goods are offered at cheap prices, but are never shipped. The payments are, of course, kept. This method of fraud also exists in wholesale. It is not specific to any particular payment method, but this is, of course, where no-chargeback payment methods (most of the push payment types) come into their own.

Affiliate fraud

There are two variations of affiliate fraud, both of which have the same aim: to glean more money from an affiliate program by manipulating traffic or signup statistics. This can be done either using a fully automated process or by getting real people to log into merchants’ sites using fake accounts. This type of fraud is payment-method-neutral, but extremely widely distributed.

Triangulation fraud

During triangulation fraud, the fraud is carried out via three points. The first is a fake online storefront, which offers high-demand goods at extremely low prices. In most cases, additional bait is added, like the information that the goods will only be shipped immediately if the goods are paid for using a credit card. The falsified shop collects address and credit card data – this is its only purpose.

The second corner of the fraud triangle involves using other stolen credit card data and the name collected to order goods at a real store and ship them to the original customer.

The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.

More international fraud

On average, the merchants who participated in the study do business in 14 countries. According to 58% of those surveyed, the major challenge in e-commerce fraud prevention is a lack of system integration to provide a unified view of all their transactions across all markets.

Different devices

Fraud methods vary depending on the sales channel, and the fact that most merchants aim to achieve multi-channel sales does not make the situation any easier. According to 69% of merchants surveyed, sales via third-party websites like Amazon, Alibaba or eBay are particularly susceptible to fraud. These are followed by mobile sales (mentioned by 64%) and sales via their own online shops (55%).

 

https://spd.group/machine-learning/e-commerce-fraud-detection/

There are two major classes of Machine Learning algorithms — supervised and unsupervised. Both can be used for fraud detection and prevention, but each has its pros and cons.

Machine Learning grounded detection solutions scan transactions and evaluate their threat score, such as between 0 and 1. The score is then compared to a pre-established threshold that will mark the transaction as fraudulent or not. Let’s take a closer look at the nature of some of these algorithms:

Supervised Decision Tree

After being fed data on fraudulent and normal transactions, a supervised Decision Tree will then make a classification (a prediction). The fraudulence score computation starts from the root node of the tree when it is split into child nodes; other nodes are also split into child nodes with binary or multi-fashion conditions. This is done depending on the value of the input variable.

When the tree is built, a new data input (a transaction) is classified by going through the root of the tree starting from the root node according to the feature values of the input.

Supervised Support Vector Machine (SVM)

A Support Vector Machine (SVM) works in another way — it separates transaction data samples into two classes on a plane graph in such an order that the formula needed for it shows the smallest error as compared to the ground truth dataset (real transactions labeled). The main idea behind an SVM is to draw a line between classes that will leave the biggest margins between fraudulent and non-fraudulent transactions to achieve a high level of detection

Anomaly Detection Using Auto encoder

In the event that a customer has a very few examples of fraudulent transactions, it is better to use Autoencoder — where fraudulent samples are excluded on the step of model training, but are still used for testing. All anomaly detection techniques are aimed at denoting unusual or unexpected events in the data.

A neural autoencoder is a type of architecture that is trained on one class of events and used to notify us about unusual events. The process of training implies an equal number of input and output units that have a certain number of layers in between. The final decision on whether a transaction is fraudulent or not is based on the threshold value and the distance between the input and its reproduced output layer.

Anomaly Detection Using Autoencoder

In the event that a customer has a very few examples of fraudulent transactions, it is better to use Autoencoder — where fraudulent samples are excluded on the step of model training, but are still used for testing. All anomaly detection techniques are aimed at denoting unusual or unexpected events in the data.

A neural autoencoder is a type of architecture that is trained on one class of events and used to notify us about unusual events. The process of training implies an equal number of input and output units that have a certain number of layers in between. The final decision on whether a transaction is fraudulent or not is based on the threshold value and the distance between the input and its reproduced output layer.

Outlier Detection: Isolation Forest

The other technique that tackles cases where there are very few or no fraudulent transactions in a dataset is Isolation Forest, which belongs to the outlier techniques class. The idea behind the Isolation Forest is that the outlier can be defined through making less random splits than a data point that belongs to the normal class; outliers happen much more rarely than normal samples and have values that are not typical for the average values of a data set.

The algorithm chooses a split value out of a randomly selected value range of a randomly selected feature. As a result of the selections, a tree is grown. The tree depth is measured with the number of required random splits (called mean length). When a forest consisting of such trees is grown, the mean length number is measured over all trees and becomes a measure of normality, or in the other words, the function we use to trace outliers.

Random splits have significantly shorter tree depth in cases with outliers than in cases with normal data samples. This helps us identify which data points are likely to be outliers.

 

Why Does Machine Learning for E-Commerce Fraud Detection Work So Well?

We have described the inner workings of the technological approach, now let’s highlight the main benefits of the ML in combating E-Commerce fraud.

Real-Time Data Processing

Traditional detection systems can only work with scenarios that have happened previously and prevent the types of fraud that have occurred in the past. Only when an attempt is successful will the system be able to make a correct conclusion. With Machine Learning it is different because algorithms can consider changes in real time and act on a fraudulent attempt, in some cases, even before the attack.

Finding Hidden Patterns

A ML-based system is constantly learning. Not only it is good at finding hidden correlations beyond human capabilities, but also with every discovered threat, it becomes better at finding new scenarios and preventing them.

Proxy and VPN Detection

An honest client doesn’t need a VPN while attempting a purchase, right? Of course, there are some people concerned about the security of their personal data, but it is safe to assume that proxy users might be suspicious clients worthy of further investigation.

Behavior Analytics

When the system knows the typical behavioral patterns of each client, it can easily pick up on deviations and spot suspicious behavior. Sometimes it can be an easy way to detect a criminal breaking into a customer’s account.

Quick and Accurate Verifications

Automated verification can speed up the whole purchase process for the client and operate on defined rules, eliminating the mistakes human employees might make.

Leveraging Big Data

An ML-based system can work with an enormous amount of data, saving the money required to have a large team of analysts. If you have a large-scale business with consistently added layers of information, this could be a key component in fighting and preventing fraud.

Consistent Results

People make mistakes that accurately programmed algorithms don’t ever make. With a properly installed automated system, you will get consistent security without occasional breakdowns because of human error.

 

How to Stop E-commerce Fraud? Some Advice for Retailers to Stay Safe and Proven Fraud Detection Methods

Customer Support Should be Guided with E-commerce Fraud Prevention Tips

Your E-commerce customer service undoubtedly plays a critical role in ensuring that the troubles and inconveniences your customers face are taken care of, while it also can contribute to your fraud prevention strategy.

To prevent situations where your customer support team lets fraudsters get away with illegal purchases, you should organize the training process in order for them to learn to be careful and pay attention to signs of fraud. Also, think of adding more employees during peak sales periods. The faster your customer support treats customers’ requests, the more customers will be satisfied.

Customize your Legal Policies

Your E-commerce business needs customized fraud prevention legal policies, rather than simply using the policies of popular E-commerce stores. Consider wisely as to what practices you should and should not use.

Usually, criminals carefully consider the niche and location of an online store that they are going to compromise. So, it is necessary to adjust existing policies to your particular case. Be true to your policies and protect their necessity — even if some of your customers find it troublesome to follow some of the rules.

Acknowledge the Importance of PCI Compliance

We have already mentioned PCI Compliance in this article, but it is hard to overestimate the impact of it on your security status. In fact, what we didn’t mention is the fact that PCI compliance is mandatory for E-Commerce retailers working with financial transactions. Failure to adhere to such compliance may result in an up to $100,000 fine for the business owner. However, you don’t always need to handle this aspect, because some payment gateway providers guarantee PCI security on their side. These standards are super important in maintaining the security of all financial information.

Protect Your Website

The most vulnerable spot in every E-Commerce store is the payment mechanism, PCI compliance gives you a good chance of protecting this area. But what about the website in general? It makes sense to give as much attention to every element of your website as you do to protecting the checkout process. Here are some tips that will help you improve the security of your website:

1. Use an SSL certificate for encryption that will protect the data coming from the browsers of your customers. Additionally, Google ranks HTTPS-sites very highly, so you will achieve an SEO advantage.
2. Consider adding a security auditor to your team who will try to find the weak spots of your E-Commerce website.
3. Leverage the OSSEC and other monitoring tools to get fraud prevention in real-time.

Delivery Tracking is a Must

Implement tracking numbers and signature upon delivery to your E-Commerce platform, if you haven’t done that. This type of chargeback fraud is called “friendly,” but there is nothing friendly about being vulnerable to criminals disguised as your customers or a significant financial loss due to the mistakes of the real customers.

Store As Little Customer Data As Possible

Avoid storing credit card data and personal information on your website if you can. The less information you will have, the less there is to steal. Let the payment gateway be responsible for all the sensitive information that might get you in trouble in the event of a data breach. For the recurring payments option, if you choose to have one, you need to be PCI compliant and follow strict storage guidelines; there is no other alternative.

Keep Track of Every Fraud Attempt

If you don’t have an automated solution at the moment, you need to save all historical data manually. When you have a database of every fraudulent attempt, successful or not, it is much easier to prevent future possible situations and feed this information to the ML algorithm (once you have it). Keep your enemies close by keeping a detailed notebook with all hacker attack information to build your future defense strategy upon. You can spot certain patterns by yourself and be aware of certain countries or regions as potentially dangerous.

Use Up-to-Date Software

The hackers are very inventive, especially in the COVID-19 era. Don’t give them a chance to find a vulnerability in your system due to dated software. It is a good idea to use protection tools and regularly scan your website for malware. Formjacking attacks can be a problem even if you have SSL protection. So, additional tools are required. Skimmers are targeting the websites of merchants of any size. Therefore, unfortunately, even small businesses are not safe.

Summary

What Are the Services and Software Solutions that Can Help Solve Problems in E-commerce Transactions?

There are a number of services and software solutions such as Subuno or Riskified that claim to help solve the problem of E-commerce fraud, but not all of them rely on innovative methods such as AI-driven solutions. SPD-Group develops custom software that can be grounded on Machine Learning to achieve high accuracy in the detection of E-commerce fraud.

How Can We Minimize Losses from E-commerce Fraud with Modern Tools?

Modern tools are more efficient in minimizing fraud losses because they can learn new fraudulent patterns from transactions that happen over time; also, modern tools are quicker than old tools. Paired with E-commerce fraud detection best practices like PCI standards, AVS, CVV, and others, a potent fraud detection system for a business can be created.

Why Machine Learning? What’s the Difference Between Old School Methods Like Rule-based Detection for E-commerce Fraud Prevention?

The first and the main difference between classical methods and machine learning for E-commerce fraud prevention is that the latter is a learning system, meaning that it is programmed in order to learn to perform a task — while rule-based methods do not react to any new patterns.

What Types of Fraudulent Scenarios Can We Detect Using ML?

We can detect cases of E-commerce frauds related to online purchases, transactions, and chargebacks. In general, we can detect which activity happens from a compromised user account or when a compromised credit card is being used.

What Are the Best Machine Learning Methods to Efficiently Detect Fraud?

Machine learning for E-commerce uses supervised and unsupervised anomaly detection methods that find fraudulent patterns in online transactions information or user behavior patterns.

What are the measures that can lead to the reduction of online fraud?

Keep your software up-to-date, follow a strict set of security protocols, keep your passwords strong, inform your employees about adherence to the legal policies and the importance of data security. Leverage the latest technology and tools to be one step ahead of the most skilled hackers!

Final Word

Looking at the world’s rising trend for E-commerce businesses, the amount of online purchases and transactions is booming as well the rise of fraudulent activity. A business should carefully consider the opportunities offered by relevant companies in the field of fraud detection and prevention and choose the best option — such as machine learning based algorithms that can improve over time and find new fraudulent patterns. Also, common security policies and PCI standards should not be overlooked while making your business more secure and reliable for your customers.

https://kount.com/blog/ecommerce-fraud-prevention-detection-best-practices/

10 eCommerce fraud types

1. Payments fraud
2. Friendly fraud
3. Account takeover (ATO) fraud
4. Retail arbitrage fraud
5. New account opening (NAO) fraud
6. eGift card fraud
7. Refund fraud
8. Promotion or coupon fraud
9. Triangulation fraud
10. Interception fraud

1. Payments fraud

Payments fraud occurs when bad actors use stolen credit cards to purchase goods and profit by reselling items. Card-not-present (CNP) transactions are most at risk for this type of fraud because the bad actor doesn’t have to present the card at the point of purchase. Businesses that don’t proactively prevent payments fraud risk losing money to chargebacks, false positives, and operational inefficiencies.

2. Friendly fraud

Friendly fraud occurs when a consumer makes an online purchase and then disputes the charge with their bank. These disputes often end in chargebacks for the merchant. In some cases, the consumer has malicious intent to dispute the payment and keep the goods or services. But more often, consumers call their credit card companies or banks to dispute charges they don’t recognize.

Usually, friendly fraud isn’t attributed to criminal enterprises, but it can still damage profits and affect inventory. However, businesses and merchants can prevent friendly fraud, resolve disputes, and avoid chargebacks with a real-time chargeback prevention solution.

3. Account takeover (ATO) fraud

Account takeover fraud occurs when a human, bot, or botnet uses stolen credentials to access customer accounts. Once they have access, bad actors can drain monetary funds or loyalty points, steal customer data, or purchase goods or services. Beyond lost revenue, account takeover fraud damages brand reputations and can permanently erode the trust of good customers.

The rise in this type of non-financial credentials fraud is due to the dark web demand for stolen email addresses, passwords, and other private personal information. When a bad actor discovers the right combination of username and password, they can access and exploit genuine customer accounts.

4. Retail arbitrage fraud

Retail arbitrage fraud occurs when malicious bots allow a single buyer to purchase large quantities of discounted items for resale on a different marketplace. This type of fraud can quickly undercut revenue and profits, drain inventory, and steal discount-conscious customers away. Retail arbitrage fraud can result in dramatic price differences across marketplaces and poor customer experiences that can reflect poorly on brands.

Bots are evolving, so malicious bots are becoming harder to detect and block with perimeter security, web application firewalls, and content delivery networks. The latest generation of bot protection solutions can accurately identify and classify even the most sophisticated bots. They can block malicious bot activity, allow good bot activity, and verify questionable bot activity with step-up authentication.

5. New account opening (NAO) fraud

New account opening fraud occurs when a bad actor creates new accounts to take advantage of offers and services. The bad actor creates the account using bits and pieces of real identity data. This makes it hard for the merchant to determine if the account belongs to a legitimate customer. Without eCommerce fraud detection methods, this can lead to identity fraud and illegitimate purchases online.

6. eGift card fraud

With eGift card fraud, a bad actor steals a consumer’s payment information and buys an eGift card. From there, the bad actor may resell the eGift card online. When another consumer buys it, the bad actor pockets the consumer’s money and payment information. Meanwhile, the original consumer whose payment information the bad actor used to buy the eGift card calls their credit card company to dispute the charge. The dispute ends in a chargeback for the merchant.

eGift card fraud is difficult to trace because bad actors don’t have to ship cards to an address. So when it comes to resolving eGift card fraud, merchants take a significant financial hit. Luckily, there are several ways businesses and merchants can avoid eGift card fraud.

7. Refund fraud

Refund fraud is a big problem for any company that ships goods or accepts returns. Essentially, refund fraud happens when bad actors exploit gaps in logistics or fulfillment processes to turn a profit or get goods for free. There are several kinds of refund fraud, including did-not-arrive (DNA), empty box or partially empty box, fake tracking ID (FTID), and refund as a service. Some bad actors are part of larger, more organized groups abusing refund policies.

But not all bad actors are in those bigger groups. Some are opportunistic customers. And, unfortunately, refund fraud happens without a chargeback or a traditional dispute to alert the merchant, which makes it hard to detect.

8. Promotion or coupon fraud

Businesses depend on promotional sales and lead-generating promotional campaigns to acquire new customers and keep loyal customers happy. In promotion or coupon fraud, a bad actor abuses a business’s coupon or promotional policies. Bad actors may attempt to defraud a business by using promotional codes multiple times or abusing coupon policies to obtain goods for free. Referral programs and sale-saving tactics like cart-abandonment and apology vouchers are most at risk for this type of fraud.

9. Triangulation fraud

Triangulation fraud occurs when bad actors build fake online stores to sell items at cheaper prices. The fake store has a single purpose: to steal credit card data. After the bad actor collects a consumer’s credit card information, they forward the legitimate transaction to the real merchant. The real merchant charges the customer a second time, which leads to chargebacks. If the consumer doesn’t realize their credit card information was compromised, the bad actor may keep the stolen information and make purchases elsewhere.

10. Interception fraud

With interception fraud, bad actors attempt to intercept a customer’s order and obtain goods for resale. To do this, the bad actor will contact a vendor’s customer service partner to have the order’s shipping address changed to their own. Bad actors may also approach the shipping company directly and ask them to reroute a delivery to an alternative address so they can intercept it. Interception fraud requires taking over a customer’s account to access order and shipping details.

---

10 signs of eCommerce fraud

Establishing identity trust is the best way to prevent eCommerce fraud. Manual reviews alone will be unsustainable when online orders increase. But there are 10 signs of eCommerce fraud all businesses and merchants can watch for:

1. Customers create new email addresses to make purchases.
2. Customers place higher- or lower-than-average orders.
3. Customers place multiple orders in quick succession.
4. Customers pay more for expedited shipping.
5. Customers ship items to unusual locations.
6. Customers order a product in large quantities.
7. Customers use multiple shipping addresses.
8. Customers use shipping or billing addresses that don’t match their IP address.
9. Customers use multiple cards from a single IP address.
10. Customers ship multiple orders to the same address using different cards.

1. Customers create new email addresses to make purchases

It’s not uncommon for consumers to use the same email addresses for many years, so customers registering new email addresses may indicate fraud. Knowing an email address’s date first seen, for example, can help establish identity trust, especially for businesses that use eCommerce fraud prevention tools like Email Insights. If an email address has an age of zero, it may indicate that a bad actor created the email address on the day for fraud.

Meanwhile, the email address’s date last seen can indicate how long it’s been since a customer used that email address. An email address that hasn’t been seen in several years, for example, may have been accessed through account takeover fraud.

2. Customers place higher- or lower-than-average orders

If a good customer suddenly places an order that’s significantly higher than average, they may be a victim of fraud. The same goes for good customers who place lower-than-average orders, as they may be the victims of account takeover fraud. A business’s products, services, or industry standards may determine what behavior is normal or risky. But, generally, purchases that are too high or too low may be cause for suspicion.

3. Customers place multiple orders in quick succession

If a business finds that customers place multiple orders in rapid succession in small denominations, a bad actor may be card testing. Bad actors use card testing to validate stolen credit cards. Once they confirm which credit card numbers are live, they can make larger fraudulent purchases. With card testing, a bad actor may place multiple small orders at once or within a short time frame on one or many credit cards.

Essentially, they’re weeding out canceled or invalid numbers. Quick-service restaurants, in particular, are prime targets for card testing because they offer low-dollar-value items. It’s not atypical to fulfill a series of inexpensive purchases.

4. Customers pay more for expedited shipping

Bad actors may expedite shipping on fraudulent purchases to decrease the chances that a merchant will manually review the order. They know stolen cards have a short lifespan, so they’re more likely to pay for faster, more expensive shipping. After all, it’s not their money the bad actor is spending. This sign of eCommerce fraud goes hand in hand with orders that are significantly higher than average. Expedited shipping isn’t a red flag on its own. But it may be a strong indicator if merchants see it with other items on this list.

5. Customers ship items to unusual locations

Mismatched shipping and billing addresses may be an indicator of fraud, especially if the discrepancy is several states or countries apart and not marked as gifts. If a business predominantly sells domestically, an unexpected uptick in international orders may also indicate fraud.

6. Customers order a product in large quantities

If a business receives orders for higher-than-average quantities of one product, the orders might be fraudulent. As other circumstances on this list highlight, bad actors tend to expedite large orders, knowing victims can cancel stolen cards at any time. If a large order for the same product comes through, consider following up with the customer to confirm and clarify purchase details.

7. Customers use multiple shipping addresses

Sometimes bad actors place orders to multiple shipping addresses with several stolen cards, each placed under different names. If a customer’s account has multiple shipping addresses attached to it, this is a red flag.

8. Customers use shipping or billing addresses that don’t match their IP address

The benefit of eCommerce stores is that businesses can track the most granular details of a customer’s order: from their billing and shipping addresses to their IP address at checkout. If these don’t match, it should raise a red flag. For example, if an IP address and a shipping address are different from an order’s billing address, the transaction may require more scrutiny.

9. Customers use multiple cards from a single IP address

If customers place orders from the same IP address but several cards, this could indicate a problem. Although it’s not unusual for customers to have more than one card, several cards — especially used at the same time — should be considered suspicious.

10. Customers ship multiple orders to the same address using different cards

This is a sign of lazy eCommerce fraud, yet it happens. Often, bad actors won’t steal information from a single card but will use multiple cards. Then they’ll attempt to place fraudulent orders with different cards and ship them to the same address. If a customer ships multiple orders with different cards to the same address, whether over one transaction or several, it could be fraud.

---

9 industry best practices for eCommerce fraud detection

The following industry best practices can help prevent eCommerce fraud, whether used individually or in conjunction with other behavioral indicators.

1. Implement AI and machine learning.
2. Link fraud signals from a data network that’s larger than your own.
3. Implement risk-based or step-up authentication.
4. Implement card security code requirements.
5. Invest in Address Verification Services (AVS).
6. Partner with a reliable third-party payment processor.
7. Follow PCI standards.
8. Train customer service reps on fraud.
9. Keep fraud prevention software updated.

1. Implement AI and machine learning

The best way to detect and prevent eCommerce fraud is to not rely on human decisions alone. AI fraud prevention simulates the work of experienced fraud analysts but without human error. It weighs the risk of fraud against the customer’s value on a faster and more scalable basis than a human.

AI can weigh fraud risks with the help of supervised and unsupervised machine learning. Supervised machine learning detects emerging fraud attacks, and unsupervised machine learning accounts for past decisions. eCommerce businesses that use AI don’t just detect and prevent fraud. They accept more good orders, reduce manual reviews, and have more control over business outcomes.

2. Link fraud signals from a data network that’s larger than your own

A single sign of fraud or purchase-related red flag isn’t enough to indicate fraud. Businesses and fraud analysts should link identity elements from the fraud signals listed to better establish identity trust. And leveraging a robust data network can help them do it.

A data network that accounts for billions of digital interactions from industries across the globe can help analysts determine if a purchase is legitimate or suspicious. The more data an eCommerce business has, the faster and more accurately it can detect fraud.

3. Implement risk-based or step-up authentication

Implementing strong password requirements on your customer accounts can reduce fraudulent activity. The better the password, the harder it will be for a bad actor to break into a customer’s account. But safety isn’t guaranteed.

With risk-based authentication (RBA) or step-up authentication, issuing banks apply varying levels of scrutiny to authentication processes based on the interaction’s level of risk. The higher the risk, the more rigorous the authentication process. Step-up authentication challenges experiences that present a higher likelihood of fraud.

4. Implement card security code requirements

Some eCommerce activities, like card-not-present (CNP) transactions, pose a higher risk of fraud. In a CNP transaction, a customer isn’t required to present a card to complete a purchase. CNP transactions are common when customers make purchases online, via mobile app, or over the phone.

These transactions pose a higher risk of fraud because businesses and merchants can’t verify a cardholder’s identity easily. Businesses should implement card security code requirements to prevent CNP fraud. Asking for each card’s three- or four-digit code can reduce the probability that a transaction is fraudulent.

5. Invest in Address Verification Services (AVS)

Bad actors regularly ship goods to different addresses. Investing in an Address Verification Service (AVS) can help businesses establish trust in their customers. Credit card companies provide AVS and compare the address a customer submits with their known address on file with their issuing bank. Then the issuing bank returns an AVS code to the business or merchant.

AVS codes indicate discrepancies like house or unit numbers that don’t match ZIP codes, for example. Credit card processors may charge a fee for each verification. But AVS can reduce the likelihood of fraud by helping businesses to decide to accept, reject, or flag transactions.

6. Partner with a reliable third-party payment processor

Outsourcing fraud checks to a third-party payment processor is one of the easiest and safest ways to prevent eCommerce fraud. Third-party payment processors often manage things like customer chargebacks, security compliance, and data storage.

Keeping customer data safe should be a top priority, especially if customers save their credit card details in their accounts. A third-party payment processor can keep customers’ private information secure, which can cut the number of eCommerce fraud attempts against a store.

7. Follow PCI standards

Payment Card Industry (PCI) standards help businesses protect themselves and their customers from eCommerce fraud. PCI standards include six major objectives, 12 key requirements, 78 base requirements, and over 400 test procedures. MasterCard, American Express, and Visa set PCI standards to safeguard consumer data.

The Payment Card Industry Security Standards Council enforces these standards, which are mandatory for online retailers. Most major payment processors comply with PCI standards. But businesses and merchants must do their research before choosing a third-party payment processor.

8. Train customer service reps on fraud

Training can play a crucial role in preventing fraudulent activity. With a well-trained customer support team and stringent security system, businesses are less likely to be victims of fraud. With sufficient anti-fraud training, customer service reps can identify and respond to potentially fraudulent inquiries more effectively.

9. Keep fraud prevention software updated

If a business uses software to prevent eCommerce fraud, keep that software updated. Bad actors are constantly finding ways to avoid getting caught, and anti-fraud software providers adjust to fight them every step of the way. But software that’s out of date can leave businesses vulnerable to new fraud patterns.

Anti-fraud software relies on security patches to prevent evolving fraud behaviors and protect against new viruses and malware. Without updates, businesses risk bad actors accessing data and sidestepping measures that reduce fraudulent activity.

---

eCommerce fraud detection is easier than ever

Relying on manual reviews alone is tedious, hard to scale, and prone to human error. Businesses should invest in powerful fraud prevention software to scale eCommerce fraud detection and prevention more efficiently and accurately.

With Kount’s AI-driven fraud prevention solution, businesses can prevent emerging fraud, accept more good orders, reduce manual reviews, and control business outcomes. Kount’s AI simulates an experienced fraud analyst by weighing the risk of fraud against the customer’s value. But it’s faster and more scalable. Plus, Kount protects the entire customer journey and creates friction-less experiences for good customers, which is essential for repeat business.

eCommerce fraud will continue to evolve, but the technology that prevents it has never been more advanced. eCommerce businesses need to know the red flags that indicate fraud so that they can reduce fraudulent activity. Kount’s AI-driven eCommerce fraud prevention solution can automatically identify those flags to help businesses determine risk levels for each interaction. By determining the right level of identity trust, businesses can protect revenue and customer data

https://www.cloudways.com/blog/ecommerce-fraud-prevention/

Basics of E commerce Fraud Prevention

1. Addressing Verification System

Use AVS (Address Verification System). It’s amazing. It helps you secure your eCommerce business by verifying the customer’s billing address, whether it’s the same as the credit card company has on the records or not.

2. Following PCI Standards

PCI or, Payment Card Industry (PCI) has security regulations for every eCommerce company to follow. These standards make your transactions more secure. If you don’t adhere to the PCI standards, you can easily become a victim to eCommerce frauds or might even expose yourself to a hefty lawsuit, especially if your eCommerce payment processing channels are exposed.

The bad guys hide behind international borders, and because your local authorities may have no jurisdiction over them, it can be problematic for you to recover your stolen money or data.

3. Setting Strong Password Requirements

Restrictive password requirements often frustrate us. But as a matter of fact, using a complicated password protects your customers as well as your business. It is a smart practice to insert different types of characters in your password to reduce the chances for hackers to attack you.

 

 

1. No Debit, Only Credit

You must use your credit card instead of your debit card to purchase online as it is more secure. If a fraudster gets his hands on your debit card, he can gain access to your bank account.

2.  Be Careful when Clicking CTAs

Do not immediately click on the pop-ups, or purchase anything from pop-up deals. You must land on the product page and purchase the product from there. It is also recommended not to click on ‘buy now’ or similar CTAs when you receive promotional emails. Instead, visit and order from their website.

3. Make use of Password Manager

Most of the merchants offer ‘Save Your Payment Information’ to make it more convenient for the customers to purchase from them in the future. Therefore, if you are shopping from a lot of ecommerce websites, especially during Black Friday or Cyber Monday, you must use strong passwords.