Ecommerce Fraud: 5 Kinds You Should Know About
What is eCommerce fraud?
Ecommerce fraud is considered any type of fraud that occurs on an online shopping platform. The rate of fraud has been at a constant increase since the rise of eCommerce and methods are becoming increasingly more complex.
For merchants, dealing with eCommerce fraud takes significant time and resources, and without proper fraud management systems in place, many merchants don’t have the capacity to block every single fraud attempt. Each attack takes a considerable bite out of their revenue and leads to risk-averseness, resulting in legitimate transactions being falsely declined.
Global eCommerce revenue is expected to surpass $4 billion by 2025. As eCommerce penetration increases, so does the scale and complexity of fraud—and merchants’ expenditure on fraud detection and prevention, to the tune of almost $70 billion yearly by 2025.
Below are five common types of eCommerce fraud to look out for.
5 Types of eCommerce fraud
- Card-not-present (CNP) fraud: CNP fraud is an umbrella term for credit card scams that occur via online transactions, phone, or other virtual forms of payment in which a customer does not present a physical credit card. They typically happen after credit card or payment information has been stolen or illegally purchased on the dark web. It’s often harder for merchants to catch or prevent CNP fraud because they can’t physically examine the credit card
- Card testing fraud: Often the first thing fraudsters do after acquiring stolen credit card information is run a “test” to make sure the card is functional and the details are correct. The most common method for card testing involves making small purchases with the hopes of going undetected by both fraud prevention systems and the original cardholder. By doing so, fraudsters gain the confidence to then make bigger fraudulent purchases. In many cases, fraudsters will later resell these now fully tested cards on the dark web to a larger pool of fraudsters
- Friendly Fraud: Also referred to as chargeback fraud, friendly fraud happens when a customer makes a legitimate purchase, and later issues a chargeback claiming the transaction was invalid. Oftentimes, this happens when someone close to the cardholder (a friend or family member) makes an unauthorized purchase with their card. In other cases, individuals fail to recognize a transaction they made in the past, they recognize the purchase but experience buyer’s remorse afterwards, or sometimes they intentionally take advantage of the chargeback process for their own benefit
- Account takeover (ATO) Fraud: An account takeover takes place when a bad actor gains access to a legitimate user’s online store account, and either makes illegitimate purchases or transfers loyalty points to a different account. This often starts with login credentials or other Personal Identifiable Information (PII) being phished through fake websites, emails, or SMS messages, and then sold on the dark web. Some customer accounts have stored payment methods, which makes purchases both easy for the fraudster and legitimate-looking to the merchant. Even when an account doesn’t have a stored payment method, a (fraudulent) purchase made from a legitimate customer account can oftentimes be enough to bypass basic fraud prevention measures
- Refund Fraud: A major player in policy abuse is refund fraud. Often, refund fraud is done by otherwise legitimate customers who dishonestly claim “item not received” (INR), “significantly not as described” (SNAD), or return items in used condition. But it can also be a systematic attack made by abusers – consumers who intentionally exploit a retailer’s refund policy to obtain items for free. Refund abuse methods are easily found on the dark web as part of a quickly evolving industry of fraud-supporting services
How eCommerce fraud affects merchants
Ecommerce fraud can seriously impact an eCommerce business. Alongside directly impacting the bottom line, it puts merchants in the position of having to tackle false declines and chargebacks, which include time-consuming processes and some steep processing fees. It can also hurt marketing and future promotion strategies by creating reports that misrepresent how many legitimate sales were made vs how many went to fraudsters. Customer acquisition and retention take a hit as well, as customers often don’t return to stores where they’ve been a victim of fraud.
Victims of eCommerce fraud will typically submit a chargeback to their credit card issuer, for which the merchant will then have to reimburse them. Aside from the associated fees, merchants can find themselves at risk of being forced into high-risk (and high-fee) programs with their acquiring bank, accompanied by more severe scrutiny and heavy fines.
Ecommerce fraud prevention
Rather than catch fraud after the fact and have to deal with the fallout, preventative measures can help mitigate eCommerce fraud. There are different approaches to eCommerce fraud prevention, including machine learning-based chargeback guarantee, rules-based solutions, scoring engines, and manual review. Legacy solutions, such as those based on rules, are inherently rigid by design, slow to adapt to the dynamic nature of fraud, making them inept and often unreliable. Other solutions introduce greater friction, or are at risk of being overzealous and falsely declining good customers. It’s important to learn what makes machine learning optimal for fraud prevention.