Here’s the scary truth – Internet payment fraud is constantly increasing. In fact, it seems to be unstoppable. Just to emphasize exactly how scary it is, imagine this: according to the Nilson Report, there has been more ecommerce fraud every year since 1993. That’s 23 years of annual increase.
The numbers are getting higher every year and it places online retailers at a greater risk of fraud. All of a sudden it’s not just something you hear about, but actually, are faced with yourself. Being equipped with the necessary tools is key in everyday fraud management, but it’s even more important around the holidays.
There are two major peaks for ecommerce fraud in the holiday season – Black Friday / Cyber Monday and Christmas / New Year’s. Fraudsters are like Santa Claus – they’re active when everyone else is sleeping. A major date is New Year’s Eve. So, when it comes to holiday shopping, ecommerce fraud is certainly in the spotlight.
This blog post explains what ecommerce fraud is, the different types of it and gives you tips on how to prevent and manage it.
What is ecommerce fraud?
First, it should be pointed out that no system is 100 percent fraud proof and yours will not be an exception. Even your best efforts will not protect you from processing a fraudulent sale or two on occasion.
Let’s start with the basics:
Ecommerce fraud is also known as purchase fraud. Regardless of what you want to call it, in order to understand this new animal that is so scary to all of us, we need to go back to the beginning. Fraud has always been around in one form or another, so the concept itself is nothing new. It used to be limited to the physical stealing of the credit card and although it still happens, online fraud is definitely gaining more popularity. So with the rise of new technologies, payment methods and data processing systems, we keep opening doors for new forms of fraud every year.
The term ecommerce fraud is pretty self-explanatory and it occurs when a criminal (fraudster) approaches a merchant and proposes a business transaction, and then uses fraudulent means such as a stolen or fake credit card to pay for it. Leaving the merchant without getting paid for the sale that was just made.
Merchants who accept credit cards may receive a chargeback for the transaction and in the process, lose money. In a nutshell, a chargeback is a transaction in which an issuing bank pulls funds from a merchant back to a consumer. This most often happens because the consumer escalated a dispute about a purchase to their bank for resolution.
The image below shows that in the most common fraud in the US takes place using credit cards, however, alternative payment methods such as pre-paid gift cards are attracting more criminals.
What types of ecommerce fraud are there?
Every online retailer dreams of being a successful and well-recognized brand. However, the more popular your brand is, the more likely it is to attract some unwanted fraudsters’ attention. According to CyberSource Corp.’s Online Fraud report, $3.5 billion of online retailers’ revenue was lost to online fraud in 2013. It’s a growing trend and the numbers are getting higher each year.
In order to know how to prevent or manage fraud for your brand, you need to know the types of fraud you might have to deal with. Familiarize yourself with the whole list, but here we’ll be looking at two of the most popular fraud types known to retail ecommerce.
The Friendly Fraud
Contrary to what the name suggests, there’s nothing friendly about this type of fraud. Essentially, a customer issues a chargeback (in some cases deliberately), claiming an item was never received or that they never made the charge.
If you think about the most commonly asked questions you receive from your customers, you’ll quickly realize that they’re all in some way or form a distant relative of the friendly fraud. “My order never arrived although the tracking information states it did” might be the most popular of them all. Turns out you’ve been dealing with this type of fraud on a daily basis.
What can you do?
The key here is making sure you are protected when friendly fraud happens to you. Make sure your company’s policies are clear on reshipping, refunds, and returns. Find some store policy inspiration and free templates here.
Additionally, if you can, only use shipping with tracking. It’s the best evidence you can provide in case of a chargeback that proves you have successfully done your part and delivered the ordered goods to your customer.
The Clean Fraud
Again, the name is misleading – there’s nothing clean about it. The basic principle here is that a stolen credit card is used to make a purchase, but then the transaction is manipulated in a way that finds a way around the fraud detection functions.
This type of fraud has definitely graduated to the adult table because it takes some actual skill to pull it off. Basically, clean fraud is the ultimate doppelgänger because it looks like a legitimate transaction with good shipping, billing, and IP addresses as well as complete and verified card data. It’s not driven by good customers suddenly gone bad, but by thieves with stolen consumer data that’s complete enough not to raise flags.
The image below shows you the 4 steps of how exactly clean fraud works.
What can you do?
The bad news is that if you’re a smaller retailer, you’re more likely to experience clean fraud. Mainly because it is more difficult to deal with and it fools some of the fraud detections tools. The best fraud detection softwares are definitely more on the pricey side, but since fraudsters are the most active around the holidays, you should take advantage of the free trial plans these companies offer.
We recommend checking out SiftScience, Trustev, Signifyd. and Riskified. In addition, have someone check the more suspicious transactions manually. Keep reading to know what you need to look for. It takes a bit of extra time, but it can save you a lot of money and headaches!
What does a fraudulent order look like?
There are some giveaways to an ecommerce transaction that help you recognize it as possibly fraudulent. Listed below are 11 indicators that should alert you that a potentially fraudulent transaction is on its way. If just a couple of these signs are present, it might not be anything to worry about, but if several are present in a single transaction, it’s time to roll up the sleeves and start digging.
- First-time shoppers. With card testing, online criminals are looking for never before used sites. Once they commit fraud at one, they’ll quickly move on to the next one.
- Bigger than your average order. Stolen payment cards have a very short life span. The goal here for the online criminals is to maximize the spending in a single transaction.
- Fast shipping. Ain’t nobody got time to wait for standard shipping when they can get it overnight. Your trustworthy customers are more likely to select a less expensive shipping option. Since money isn’t the issue in fraudulent transactions, overnight shipping should alarm you.
- Unusual location. There’s a blacklist of countries that tend to have a higher fraud risk. Indonesia, Nigeria, and Algeria are just a few.Source: Most dangerous countries for e-commerce fraud
- Large quantity of the same product. Just as with bigger than your average order, buying multiple items of the same kind is a way of maxing out stolen cards as quickly as possible.
- Multiple shipping addresses. These orders might indicate that there is a batch of stolen cards. Each with a different name, yet the common denominator is the identical shipping address.
- Shipping / billing addresses don’t match. On its own this should not raise any red flags, however in combination with some of the other signs, it’s a serious indicator you should not ignore.
- Multiple cards from a single IP address. These transactions indicate that multiple orders have been placed from the same computer. They might have different names and shipping addresses.
- Payment info in CAPS LOCK. Perhaps fraudsters can’t be bothered to turn off the caps lock, but oddly, with no scientific explanation here, it is one of the signs to look out for.
- Multiple transactions in a short time. This one is a sign of a criminal attempting to run up a stolen card’s credit line as quickly as possible before the account is closed.
- Printful notifications. We use a fraud detection system and notify you about orders that look suspicious. Don’t ignore them – double check!
Source: The Printful support email
Tips for detecting and reducing fraud
So now that you have selected your site’s payment processing platform (our recommendations are PayPal, Braintree or Authorize.net), what’s next? Well, you might want to consider taking further steps to ensure that all personal and financial information is secure on your site. Here’s what you want to do:
- Check if all your URLs stay in the “https.” The encryption within HTTPS allows your information remain confidential from prying eyes because only your browser and the server can decrypt the traffic.
- Consider updating your site and server’s passwords (if that’s something you can do with the platform you use) on a pretty regular basis.
- Get an outsider’s perspective. Consider getting a professional’s opinion on how secure your site is.
- Get a program that will provide protection from fraud. Some of the ones we mentioned before include SiftScience, Trustev, Signifyd, and Riskified.
The average percentage of online orders that proved to be fraudulent was 0.8 percent in 2013, yet the annual LexisNexis True Cost of Fraud study shows that it increased to 1.47 percent in 2015. The number has alarmingly almost doubled in just a few years and it should jolt your business sense into realizing that ecommerce fraud is an issue and that you need to protect your business at all costs.
With the fast-approaching holiday season having the highest peak in fraud, you have to equip yourself with the right tools to stay protected this year. Now that you know how to recognize a fraudulent order and what tools to use to prevent it from happening to you, the ball’s in your court. What actions will you take to protect your business from online fraud? Be safe!