Ecommerce fraud glossary
Card-not-present (CNP) fraud:
CNP fraud is an umbrella term for credit card scams that occur via online transactions, phone, or other virtual forms of payment in which a customer does not present a physical credit card and the transaction is conducted without the cardholder’s permission. It typically happens after credit card or payment information has been stolen or illegally purchased on the dark web. It’s often harder for merchants to catch or prevent CNP fraud because they can’t physically examine the payment method, such as a credit card or digital wallet.
Carding or card testing
Card testing enables fraudsters to check that their stolen credit card details are valid before attempting a big heist. When testing cards, fraudsters tend to place multiple low-value orders to fly under the radar and avoid the orders being flagged by fraud scoring tools. Card testing often takes place on the websites of businesses that provide a quick turnaround such as food delivery businesses, or even non-profit organizations. Non-profit sites are targeted because giving an online donation does not require a shipping address and fraudsters assume that non-profits do not have sophisticated fraud detection systems.
First-party fraud
First-party fraud happens when a cardholder intentionally disputes a transaction under false pretenses, in order to obtain a refund while keeping the goods or services. This can occur due to error, if the cardholder forgets they made the purchase or doesn’t recognize it on their billing statement. However, illegitimate actors also intentionally abuse the chargeback mechanism, claiming the transaction was unauthorized or the goods were never received/defective in order to defraud the merchant. This is also often linked to refund abuse – a common MO of professional fraudsters involves filing a false refund claim, and if it isn’t accepted, escalating to a chargeback.
Account takeover
Account Takeover (ATO) is the act of a bad actor gaining unauthorized access to a legitimate customer’s online account – usually as a result of a data breach – without the owner’s consent. When a bad actor obtains access to a customer’s online account, such as a bank account, email address, or social media profile, they can attempt several fraud schemes – from making purchases with stored payment methods to cashing in loyalty points or simply exploiting valuable personal information. To execute an ATO attack, a fraudster needs to get credentials: a legitimate customer’s username and password. Most commonly, these details are compromised through credential phishing or leaked in a data breach.
Q: How are merchants preventing ecommerce fraud?
Find outSocial engineering (SE):
Social engineering is the process of manipulating an individual into performing a specific action for illegitimate reasons. In the case of ecommerce fraud, bad actors may convince the customer to provide account details, personal details to enable linking or impersonating payment or billing details, or even persuading someone to pay you via iTunes.
Mcommerce fraud
Mcommerce fraud denotes fraudulent activities specifically targeting mobile commerce platforms and transactions. This can range from unauthorized purchases through stolen mobile devices to exploitation of mobile payment systems and apps. Such fraud exploits the vulnerabilities unique to mobile transactions, such as less stringent authentication processes
Fraud scoring system
In the context of CNP fraud management, a scoring system provides merchants with a ‘risk score’ for every order as an indication of the risk level of that specific order. Merchants relying on scoring systems often define rules to determine how to handle orders based on their score. For example, orders below a certain score threshold may be automatically approved, orders with a score above a certain threshold may be immediately declined, and orders with intermediary scores may be routed to manual fraud review. Merchants using scoring systems are still heavily dependent on manual teams, as they need to constantly evaluate the threshold for approval, and to make sure the score accurately represents the risk of evolving fraud methods, seeing they remain liable for fraud – meaning wrong approvals can generate costly chargebacks.
Payment fraud
Payment fraud occurs when someone intentionally uses false or stolen payment information (a legitimate cardholder’s credit card or account credentials) to make a purchase. This might include various methods, such as using stolen credit card details, manipulating account information, or falsifying transfers, to cheat the payment system and defraud merchants or financial institutions.
Evaluate and assess your fraud prevention strategy to ensure your investment delivers maximum ROI across the enterprise.
Essential information payments executives need to know
Hear how Riskified helps Buyatab maintain high approval rates as it brings on new brands
