By 2025 the forecast is estimated to be $7.4Trillion in sales, and with the growth in sales, the fraud follows suit with a 14% increase in eCommerce fraud between 2020 and 2021 ($20B). With many new online stores, the opportunity for fraud has grown as many new online shop keepers have been caught off guard. Therefore this article will cover the basics of today's methods of fraud prevention, how to make it part of your online store setup, as well as checking that your settings are in a good place.
eCommerce Fraud
The definition is to anonymously obtain a product, service, or money from a merchant illegitimately. There are various methods used, such as stolen credit card databases being used, obtaining a list of "purchasing invoices" and engaging in fraudulent claims. A cyber criminal, obtains personal information from users or the business from an underground market (usually hacking), with credit card details such as the credit card number, expiration date, security code, and billing address which is then taken to an eCommerce website to transact a product or service. If the merchant allows shipping to a different address than the billing address, then the product theft has an open door.
Cause and Effect of fraud on the business
The obvious is the impact on profitability, reputation, and customer experiences will hit your business hard. Chargebacks "downgrade" your business credit score, and might even lose your payment gateway processor over it. The time it takes to figure out what is legitimate and what is "fraud", seeking out patterns, and avoiding future recurrence is a must. Much like a leaky ship, removing high risk is a must in keeping your business afloat and sailing in the right direction.
Types of eCommerce fraud
There are several types of eCommerce fraud, here are the key ones to look out for.
Credit card fraud - using a credit or debit card, using a card-not-present-fraud method. As previously mentioned, the details are in the open, and the merchant is vulnerable to this type of fraud. The impact of a chargeback when the product has left its destination cumulates negatively to the re-reimbursement of the initial charge back to the cardholder. Fraudsters usually do small purchases to see if the card is working for their purpose before making larger purchases. With the shipping address being the only clue to any investigation, most police authorities will only engage when the fraud reaches a certain threshold. Therefore distributed shipping locations have been known to be used so that they can get away with more before they are investigated. Restricting the billing address to the shipping address to be the same is the best way to add friction to this type of fraud.
Friendly fraud - aka Chargeback fraud, this is done by the actual card holder in genuine circumstances where they have purchased goods, and then claimed it wasn't theirs and the bank will issue chargebacks to the vendors. This is a particularly hard issue to avoid, given the legitimacy of the transactions. even with IP address verification, and manual review. The only giveaway when selling products can be a review of the products in the basket and see if anything is out of characters such as bulk buying, or all sizes out of one collection.
Account takeover fraud - aka Fishing fraud, through email marketing, faking a company to which you belong and interacting with the user to gain access to their credentials. In 2021, 7.6% of attacks were on eCommerce stores. With credentials in hand, they gain access to user accounts and then can wreak havoc on orders, purchases, and chargebacks.
Interception fraud - It is part of Credit card fraud, where the customer service team or the shipping carrier redirects the goods to a new location, bypassing the same address as the billing address. If the fraudster lives nearby to the victim of the fraud, they may intercept the package at the delivery to sign for them, or be a porch pirate and remove the package before the owner is aware of a delivery.
Triangulation fraud - there are 3 steps, a) fake online storefront typically selling low-cost products to attract buyers. b) Unsuspecting shopper making a purchase, revealing their credit card and personal details by transacting a capturing page. c) The fraudsters will purchase the items ordered to send them to the victim, giving them the confidence that it was a legitimate purchase. Then the fraudsters will continue to spend on the credit card with the victim will not know how the card details were obtained. It should be noted that this method goes as far as advertising on social media, and even doing a good job with SEO so that search engines and search results are well optimized.
Affiliate fraud - When an affiliate arrangement is made between a store owner and a leads generating entity, where the entity over-stuffs the leads counts by IP-spoofing, fake social media accounts, and various other methods leaving the online store owner with a large bill. The false-positive hits are difficult to separate from legitimate visitors without sophisticated analysis.
Refund fraud - It is when the fraudster makes a claim with customer service on an item that didn't arrive, or the parcel came empty (missing item), or had a similar damaged item and used it to show that the item received was damaged. Using customer satisfaction as the way to extort the vendor, even going as far as posting bad experiences on social networks, affects the reputation of the Shopify store owner.
5 Fraud Prevention methods to be considered
Make sure your settings in the payment gateway and Shopify are set correctly on fraud checks and set your conditions for accepting a purchase request.
Be suspicious on any purchases where the public IP address is not within the vicinity of the registered billing/shipping address.
Leverage Shopify's fraud prevention analysis tools, be familiar with how they work and make it a habit to check on them regularly.
Use a service that covers fraud-based chargebacks.
Set up workflows to handle fraud cases efficiently
Ensure PCI compliance
Double down on security during peak shopping seasons.
Conclusion
Unfortunately for all merchants, this is a painful side of doing business. With brick-and-mortar stores, most of these issues aren't present since the purchases are done in person. For Shopify store owners or any eCommerce setup that's being used to transact, this is a difficult reality. Being prepared and informed is a must to avoid being a target - since if a fraudster finds a vulnerability at your store, they will remember you and keep trying - so best to stonewall them right from the start. If you need to discuss security, feel free to reach out to us a wish@thegenielab.com