Ecommerce is fast-paced, competitive, and at times challenging. The last thing you want to worry about is how to deploy a RiskOps or fraud prevention system.
And yet, as we’ve seen time and time again, every online store owner soon realizes that they must protect themselves against fraudsters. In fact, the COVID-19 pandemic has greatly accelerated this need, as fraud rates skyrocketed by 70% during the health crisis.
This is why, in this article, we’ll go through the most common attacks on online stores, and we’ll give you pointers on how to defend yourself.
Now let’s get started with some basic definitions.
What Is Ecommerce Fraud?
Ecommerce fraud includes any kind of malicious action designed to exploit online stores. The most common attacks are related to fraudulent transactions, made with stolen credit card numbers. However, ecommerce fraud increasingly takes the form of account takeover or return fraud, among other methods.
What Is Ecommerce Fraud Detection and Prevention?
Ecommerce fraud detection and prevention covers all the tools and processes an online store can put in place to reduce the costs and resources lost to fraud. This includes blocking transactions with stolen credit card numbers and preventing and mitigating chargebacks and friendly fraud, among others.
How to Detect Ecommerce Fraud
Fraudsters try their best not to tie their online activities to their real-life identities. This is why identifying customers before they reach the checkout stage can help reduce fraud rates. Methods a merchant can deploy to get a good picture of their customers include:
- Comparing data points such as their IP address geolocation and shipping address, for instance.
- Checking for a social footprint. Failing to confirm the cardholder’s identity using public data from social media can also let fraudulent payments slip through the cracks.
- Identifying card testing attempts: For most online stores, transaction fraud will appear as low-value transactions that fraudsters use to see if the card can work. Keep a watchful eye for transactions under $1, especially when they all come from the same account.
Finally, understanding how users connect to your site can help point to risk. For instance, customers using VPNs, proxies or emulators are very likely trying to spoof data. You should be extra vigilant with their transactions.
SEON offers a complete set of fraud fighting tools that grow with your business
Book a Demo
5 Types of Ecommerce Fraud to Watch Out for in 2022
There was once a time when only stores dealing in luxury items or high-value electronics were targets for fraudsters.
In 2021, it’s anyone’s game. It barely matters if you deal in physical or digital goods and whether you sell items worth hundreds of thousands or merely inexpensive merchandise. Fraudsters attack – and will continue to attack – every business that accepts payments.
Here are five examples of how ecommerce fraud is likely to affect you:
1. Transaction Fraud
While payment gateways like Stripe and PayPal have made it easier than ever to accept credit card payments, what goes on behind the scenes is surprisingly complex. This is what a payment looks like in diagram form:
Problems begin to arise when a fraudster makes a purchase with a stolen credit card number. This is the definition of transaction fraud, also known as credit card fraud, or CNP (card not present) fraud – when they do it online rather than in person.
Here’s how transaction fraud typically works, step by step:
- A fraudster acquires a credit card number and uses it to pay at an online store.
- The store processes the payment.
- The real cardholder notices a strange transaction.
- They contact their bank and initiate a chargeback to get their money back.
So far, so good. The chargeback process is designed to refund the legitimate cardholder, and it works. However, it’s expensive to process, and the responsibility falls on the online store.
That’s right; when a fraudster buys something on your site, you – the merchant – have to:
- refund the payment
- accept that you lost a sale
- pay an expensive admin fee to the card network.
To make matters worse, if too many chargebacks are requested on your site, the card network may put you in a high fraud target category, where the fee you pay for processing each payment will increase.
Of course, you can dispute the chargeback. But this is a time-consuming process, which requires in-depth knowledge of the kind of evidence you need to provide.
2. Friendly Fraud
Not all transaction fraud is caused by bad agents or professional fraudsters. Sometimes, a chargeback is initiated by someone whose card was not stolen. It’s called friendly fraud or first-party fraud, and it tends to fall into three categories:
- Innocent or accidental requests: The refund request is made by customers who do not recognize a purchase made with their own credit card. It is also known as friendly or first-party fraud because the card is indeed in the right cardholder’s possession at the time.
- Opportunistic friendly fraud: Refunds are increasingly weaponized by opportunistic and dissatisfied customers. This could be because of a store policy they disapprove of (e.g. offering travel credit instead of refund), or simply because they feel buyer’s remorse. Wardrobing, which we’ll go into more detail below, in the return fraud section, also falls under this umbrella.
- Malicious friendly fraud or chargeback fraud: At first glance, there seems to be a contradiction here, but the fact is that some buyers know in advance that they’re going to request a chargeback. These bad customers have every intention to have their cake and eat it, by receiving an item, claiming it never arrived, and asking for their money back. As a result, they both get their money back and keep the item, which they have claimed never reached them. This type of fraud is friendly, because it is conducted by legitimate customers, but also malicious, because they intend to harm your business.
These attacks also result in chargeback fees, so the problems are essentially the same as with standard transaction fraud – with the added challenge of having to prove the cardholder’s bad intention when disputing the chargeback.
3. Chargeback Guarantee Fraud
In recent years, a growing number of ecommerce fraud solutions have popped up, offering a chargeback guarantee pricing model. The idea is that they will block all transactions and friendly fraud, and if you still get chargebacks, the anti-fraud vendor will pay the admin fee themselves.
In practice, this is an efficient model for smaller businesses. You get peace of mind and can focus on your sales, rather than worry about fighting fraudsters and card network operators all the time.
However, problems arise when you consider false positives. The term simply refers to cases that are marked as fraudulent, though they are actually legitimate customers.
If you think about it, chargeback-guarantee solutions have a strong incentive to be extra careful with transactions. The more transactions they block, the better their fraud rates will look.
But they will also often block business from legitimate customers, choosing to err on the side of caution. False positive rates will increase – and customer dissatisfaction, too. Seeing how cut-throat the ecommerce world is, it makes little sense to send potential customers to competitors by blocking their payments on your site.
4. Return Fraud
Another booming trend sees fraudsters abuse online stores’ return policies, often in combination with transaction fraud. Here are ways in which they attempt to exploit online merchants:
- Receipt fraud: Using reused, stolen or falsified online receipts to return merchandise for profit. Alternatively, returning goods purchased on sale or from a different store at a lower price, with the intention of profiting from the difference.
- Price arbitrage: Purchasing differently priced but similar-looking merchandise and returning the cheaper item as the expensive one.
- Switch fraud: Purchasing a working item, and returning a damaged or defective identical item that was already owned or has been purchased with a stolen credit card for this purpose.
- Bricking: Purchasing a working electronic item and deliberately damaging or stripping it of valuable components, thus rendering it unusable, then returning the item for profit without informing the merchant that it no longer works.
- Cross-retailer return: Returning or exchanging an item purchased at one retailer (usually at a lower price) for cash, store credit or a similar, higher-priced item at another retailer.
- Open-box fraud: Purchasing an item from a store and returning it opened with the intent to re-purchase it at a lower price under the store’s open-box policies. A variation of price-switching.
- Inventory depletion: Purchasing an entire shop’s inventory so that consumers are more likely to buy the same items from the fraudster’s own store. The items are later returned for a refund, within the rights of the policy.
- Wardobing: One of the most common return fraud tactics in the world. It happens when users purchase an item of clothing with the intention of wearing it for a short period of time and returning it later. It is considered a form of friendly fraud.
5. Triangulation Fraud
A recent fraud technique has been making waves in the ecommerce world. It’s called triangulation fraud, and it involves a legitimate customer, a legitimate online store, and a fake online store operated by a fraudster who has access to stolen credit card details.
- A customer makes a purchase with a marketplace seller (e.g. on eBay or Amazon).
- The seller is secretly a fraudster – a fake seller. After they receive the order, they buy the same item from your legitimate online store.
- The fake seller uses a stolen credit card number to buy from you, and gives you their customer’s shipping address.
- You ship the item to the customer, who is none the wiser.
- The owner of the stolen credit card notices the payment and initiates a chargeback.
- You try to get in touch with the fake seller, but they ignore you.
- You, the legitimate store owner, have to pay the chargeback fee. The fake seller keeps the original customer’s money.
In this scenario, the initial seller receives the item they paid for. The marketplace seller appears legitimate to them.
But behind the scenes, someone’s money is stolen, and it’s you, the online store, that has to refund it, despite shipping an item.
This is a great example of how widespread and sophisticated fraud has become. Fraudsters are always looking for new avenues to exploit online stores, and they can take advantage of lax rules on marketplaces such as eBay and Amazon, as well as the need for online stores to accept payments as fast as possible.
Triangulation Fraud: Signs to Watch Out For
Note that while some platforms like Shopify or payment gateways like Stripe offer built-in ecommerce fraud detection and prevention, their tools will not be advanced enough to flag more complex attacks such as triangulation fraud.
Here are a few common data points to monitor, in order to be protected:
- New customer profiles: Keep a close watch on new accounts that immediately buy the same items regularly. They might look like loyal customers but this actually points to fraudulent sellers.
- Conflicting addresses: If the shipping address and billing address don’t match, it should increase your suspicions.
- Low-value transactions: Fraudulent sellers will try to stay under the radar by focusing on low-value goods or services.
- Invalid contact details: If you attempt to contact your customer and don’t hear anything from them, you could be dealing with a fraudster.
- Connections between users: This type of fraud tends to be committed by organized fraud rings, who rely on the same devices to connect to your store.
You have a few options here.
You can take all the above data points and perform an in-depth manual review, to confirm whether you are dealing with a legitimate customer or not. But because time is often of the essence when shipping products (especially digital goods), it’s worth combining all these data points together and feeding them through automated risk rules.
You can also perform behavior analysis, which will not just highlight suspicious data points but also flag risky customers over time.
What eCommerce Fraud Prevention Tools Should Merchants Deploy?
For better fraud protection, your strategy should include ecommerce fraud prevention tools such as:
- Data enrichment: You can use a single data point, such as an email address or a phone number, and build a complete profile of your customers based on it. For instance, you can check if the email address is valid, whether it’s been opened with a temporary domain service or one that increases risk (no verifications during email account opening). This is particularly helpful when performing a manual review – to confirm a customer’s identity before shipping a product, for example.
- Reverse social media lookup: Thanks to data breaches and dark web marketplaces, fraudsters have access to tons of credit card numbers. What they can’t do, however, is create full social media profiles to match every name on their stolen credit cards. This is a great chance to check if a user appears legitimate or not based on their social presence. SEON can check 35+ social networks.
- Device fingerprinting: This technique looks at how customers connect to your site. It’s helpful to spot suspicious logins via VPNs, proxies or emulators, but also to spot connections between accounts. A lot of fraudsters will recycle the same devices and IP addresses, so flagging them can help you take down entire fraud networks at once.
Ecommerce Fraud Protection With Machine Learning
A good ecommerce fraud solution allows you to sift through all your customers’ data to find suspicious fraud patterns. With basic tools, that data is fed through risk rules. For instance, a rule can state that IPs from blacklisted countries will not be able to go through the checkout.
But because fraudsters adapt to your solutions and can learn to circumvent your risk rules, it’s important to anticipate new attack vectors before they damage your ecommerce.
This is why machine learning systems for fraud protection such as SEON’s can analyze hundreds of data points and identify connections between cases of fraud. It will then suggest rules that you can deploy to block online payment fraud, friendly fraud and other attacks as soon as possible.
SEON’s Ecommerce Software is more than just a tool, it is your business partner in fraud fighting
Book a Demo
FAQ (Frequently Asked Questions)
Ecommerce and online stores are the targets of transaction fraud attacks (paying with stolen credit card numbers), account takeovers (stealing user accounts), return fraud and more.
Detecting ecommerce fraud starts by logging as much data about customers as possible. It helps to authenticate them at login, spot suspicious information that could point to chargeback fraud, and identify customers who abuse return policies.
Detecting friendly fraud is harder than standard payment fraud. However, fraud detection tools can help you acquire detailed transaction and user data, which will enable you to dispute a chargeback request from an unscrupulous buyer.
The key to preventing ecommerce chargebacks is to create a full profile of your users based on minimal data points and with minimal friction. For instance, an email address could point to a social media profile, which lets you know the person really exists.
You might also be interested in reading about:
- SEON: How to Improve Gift Card Fraud Prevention
- SEON: How to Fight Return Fraud
- SEON: Friendly Fraud: How to Mitigate Chargeback Risk More Effectively
- SEON: Best Fraud Detection Software
Learn more about:
Sources of data:
Showing all Articles with `` tag
See a live demo of our product
Bence is the co-founder and COO of SEON whose vision is to create a safer online environment for merchants in high risk verticals.