The term fraud is used in the business world to refer to any act of criminal deception with the intention of achieving financial gains.
ECommerce fraud occurs when an individual conducts a business transaction on an eCommerce site using fraudulent means such as fake credit cards. This leaves the store without the payment for sales made.
With the increase in the number of eCommerce stores, it is a no-brainer to expect that eCommerce transactions will increase in volume. Unfortunately, this resultant increase in volume creates more chances for successful eCommerce fraud attempts. Statista reports eCommerce frauds resulting in losses of up to $20 billion in 2021. Meanwhile, credit card chargebacks reportedly increase every year.
There are various eCommerce frauds, but in this article, we will focus on the following four.
1. Account takeover fraud
This online fraud occurs when a hacker gains access to a legitimate online account and uses the account to carry out malicious commercial activities.
Account takeover (ATO) fraud can help attackers impersonate legitimate customers by gaining access to their accounts. As a result, the hacker gains access to monitor official activities and the chance to carry out financial attacks.
The image below shows the stages of the ATO fraud attack.
The steps above show how an impersonator can attack an eCommerce site by shopping online from a hacked account. This is a form of identity theft where the hacker is shopping with the personal details of a genuine user.
Data exfiltration can also result from ATO attacks. In this case, the scammer gains access to sensitive organizational information and uses the information acquired to direct company purchases to another billing address.
First, set password requirements and apply app updates to reduce the chances of ATO attack success. Next, use two-step verifications where possible such as confirming logins with One Time Passwords (OTP). Using different passwords for different accounts and using password management tools are also highly recommended.
Finally, eCommerce brands should also ensure potential employees have a working knowledge of this fraud to easily identify and avoid it. The best way to do this is to have a strategic recruitment plan that helps hire the right talent. Couple this with continuous training to ensure your team is continually updated with the latest threats.
2. Clean fraud
Clean frauds are fraudulent transactions that appear legitimate and are very difficult to detect. It is especially challenging for retailers because it uses legitimate cardholder details. For example, imagine your regular customer makes a purchase, and you deliver the items; weeks later, they dispute the transaction as an unauthorized charge debit.
These fraudsters analyze your brand’s fraud detection system and find a variety of methods to navigate around them. For instance, they can upload spyware and malware that steal customers’ card security details when they’re carrying out transactions from a compromised platform. The image below shows the stages of a clean fraud.
First, these online criminals acquire cardholder information which they use to make online purchases resulting in loss of merchandise and cash through chargeback for the merchant.
Ecommerce websites should be wary of this kind of online payment fraud, especially on special offer days such as Black Friday and Cyber Monday. There are greater chances of eCommerce frauds occurring on such occasions due to the sheer volume of transactions which may be more challenging to authenticate on a one-on-one basis.
3. Friendly fraud
Friendly fraud can be credit card fraud resulting from clean fraud: where the cardholder doesn’t recognize the transaction on their debit card and initiates a chargeback. For example, the regular buyer in the clean fraud example above could initiate a chargeback process when they discover a fraudulent transaction.
It can also be first-party fraud: when a house member of the cardholder uses the physical card or the card user’s login details to make purchases. The actual cardholder might then report it as billing fraud. So when the cardholder initiates a chargeback, it will result in friendly fraud where the eCommerce store loses the goods.
The image below shows some chargeback claims and what businesses can do to reduce these frauds.
Friendly fraud can appear in various forms, such as when a buyer claims not to have made a purchase or never received the goods. Asking for refunds for false claims can also be an avenue to carry out friendly fraud.
But how do you protect yourself from friendly eCommerce fraud? First, you can use a B2B or B2C marketplace with blockchain technology to fraud-proof your transactions as an online store.
Online merchants should also communicate in plain language with their customers. This is because friendly fraud can also result from cardholders initiating a chargeback simply because they failed to recognize the transactions on their statement.
Finally, make it mandatory for users to fill in details such as email address, delivery address, and the IP address of the user’s transaction where possible.
Besides that, here is a process your eCommerce company can follow to resolve friendly fraud.
You stand a better chance as an online store if you can provide compelling evidence of the transaction. So use the company’s associated logos, and include all transaction details in the transaction report. You should also insist that buyers sign upon delivery to ensure concise documentation.
4. Triangulation fraud
Triangulation fraud, as the name implies, involves three parties—the fraudster, eCommerce sites, and the legitimate buyer.
The fraudster, fronting as the seller on third-party eCommerce sites like eBay or Amazon, hijacks the buying process on an eCommerce site. So when legitimate buyers make purchases in their stores, they receive the money and then use stolen card details to purchase the product for the legitimate buyer.
But once the original cardholder initiates a chargeback, both the online store and the cardholder lose money. However, the online store loses money twice.
As you can see from the image below, the legitimate eCommerce store loses money for the goods sold, and the money paid as a refund for cashback.
To protect yourself from triangulation fraud, you can follow the complete guide to Shopware 6 to update your stores to the latest eCommerce ecosystem. With the latest eCommerce ecosystem, purchases go through various verified platforms such as DHL shipping, Google shopping extension, and secure payment channels. Hence, it becomes more difficult for a fraudulent seller to bridge your system.
In closing
Ecommerce Fraud can exist in various forms. Therefore, retailers should be aware of the multiple forms in which it can occur to be well prepared to deal with it. As discussed above, there are four main types of ecommerce fraud, Account Takeover Fraud, Clean Fraud, Friendly Fraud, and Triangulation Fraud.
Though the risks of these eCommerce frauds cannot be 100% eliminated from the ecosystem, you can reduce them with prudent security practices. For instance, ATO fraud can be prevented by a user being extra careful in managing their password.
In addition, companies should verify third-party websites before they purchase any product from large eCommerce sites. This is especially helpful against triangulation fraud. Finally, a clear and understandable policy will also help protect your store from clean and friendly fraud, especially when it results from a buyer’s carelessness.
Follow these security practices today and keep your eCommerce business safe.
David Pagotto is the Founder and Managing Director of SIXGUN, a digital marketing agency based in Melbourne. He has been involved in digital marketing for over 10 years, helping organizations get more customers, more reach, and more impact.