The Definitive Guide to Preventing Ecommerce Fraud
Fraud was born when the first human learned how to lie. It seems that people have never been able to resist the temptation to trick and swindle their way to get what they want, and this is no different when it comes to e-commerce.
Fraud can be very damaging to businesses, not only in financial terms but also to their reputation in the vast marketplace, as well as with their own customers, who can be the unwitting victims of fraudsters.
Over the last decade, we’ve seen more and more customers transitioning to e-commerce for fulfilling their purchase needs. During 2020 in the US, the total retail sales reached a massive 21.3%, a massive increase from the previous year’s 15.8%.
As demonstrated by the graph above, this was a jump significantly greater than in previous years. A significant proportion of this is due to the pandemic; forcing people into their homes and out of the shops.
Although, it’s more complex than it may first appear. Our entire existence has needed to adapt. We’ve learned how to communicate online, to use a whiteboard app instead of an actual whiteboard when we are at work, and to have contactless delivery of food from the touch of a button. We’ve experienced the integration of specific and certain technologies into our lives at a rate much faster than any of us could ever have predicted.
The opportunity to make an online profit has never been greater, but the increasing space between the customer and the retailer brings with it an increased risk of fraud which can be harder to detect.
Fraudsters can now hide behind the screen of a computer, with ever-changing identities and IP addresses. They can work as individuals, pulling the old-fashioned ploys, such as wardrobing (to buy, use, and subsequently return goods for a refund), or they can work as part of an organized crime ring (OCR), to pull off more elaborate and harder to trace hustles.
This article brings you the definitive guide to detecting and preventing e-commerce fraud.
THE DIFFERENT TYPES OF ECOMMERCE FRAUD
The first step to preventing e-commerce fraud is understanding it and recognizing it. This list is by no means an exhaustive list; e-commerce fraud is a constant game of cat and mouse, in which new methods of defrauding companies are being devised as we find solutions to the tricks already in use. There are, however, ways to stay one step ahead.
Fraud can happen at several different points in an online transaction, so it’s important to be looking out for it throughout the customer-company interaction. Ecommerce outlets also report differences in the rates between the types of fraud, seeing an increase. Research conducted in 2020 by Ravelin found that refund abuse has seen the greatest increase, with 51% of merchants reporting a significant change.
Triangulation fraud occurs before a customer visits your website.
Fraudsters build malignant online stores that sell items at cheaper prices than competitors. Once they have hooked the customer in with these amazing “deals”, they steal the customer’s credit card information and forward the transaction to legitimate e-commerce businesses – such as yours.
These customers, upon being charged more than expected, will notify their bank, leading to the legitimate businesses losing out on the money (and the product), while the fraudsters gain access to an unsuspecting customer’s credit card information.
This is not necessarily an easy form of fraud to trace – but can be indicated by mismatched IP addresses and delivery/shipping addresses and a distinctive pattern. For example, the same IP address repeatedly ordering goods to unrelated addresses.
New Account Opening (NAO) Fraud
Ecommerce businesses will often offer deals and bonuses to new customers to encourage them to make an initial purchase. They are then rewarded for continued loyalty, but the fraudsters are looking for a quick and clean five-finger digital discount. They make new accounts before purchasing goods repeatedly. This enables them to enjoy the perks of being a new customer over and over again, while the e-commerce store loses out.
This form of fraud is reasonably easy to identify. Look out for customers repeatedly creating new accounts and email addresses to make purchases from the same IP address or using the same bank details.
Account Takeover (ATO) Fraud
Account takeover fraud occurs when a customer’s account credentials are stolen, by either a human or a bot. This gives the fraudster full access to their account, where they can take credit and loyalty points, make purchases and steal customer data. This version of fraud does not rely on the stealing of credit card information, but usernames and passwords to accounts that are already linked to a credit or debit card.
This is not only financially damaging but can damage customer trust in a brand, as well as having an impact on the company’s reputation. ATO fraud emphasizes the importance of having strong card security at every checkout.
eGift Card Fraud
In contrast to account takeover fraud, eGift Card fraud relies on the theft of payment information to purchase a gift card and sell this onward. While this may initially seem to only victimize the customer, once the customer contacts the bank and reports the fraud, the company is the one to lose out.
This is a particularly difficult fraud to identify, as the eGift Card does not need to be physically posted to an address – it’s all virtual.
Payments fraud is perhaps the most obvious and simple form of fraud. The fraudster steals credit card information, purchases the goods from the e-commerce store, and sells them for a profit, incurring no risk to themselves beyond that of getting caught.
This is a particularly high risk for Card-Not-Present (CNP) transactions, so it is important to consider this while prioritizing convenience for customers. Unfortunately, seamless retail pipelines are equal parts advantageous for both legitimate and fraudulent customers.
Promotion or Coupon Fraud
Promotional marketing campaigns are a strong driver of sales for e-commerce sites. They keep existing customers loyal and satisfied and encourage new customers to make their first purchase.
Fraudsters will take this as an opportunity to benefit from the company’s generosity. This is the case with referral and affiliate programs – another marketing favorite. A customer can reuse the affiliate link time and time again, which defrauds the company and generates false data on the performance of the affiliate. If your company utilizes agile marketing strategies, it might be a good idea to reflect on this possibility at stand-up meetings.
FRAUD AFTER PURCHASE
Once the transaction is complete, you can by no means assume that the opportunity for fraud is gone. In fact, many types of e-commerce fraud can happen long after the transaction is finished.
Friendly fraud is another commonly practiced example. The fraudster makes their purchase, only to dispute the payment later with their bank. More often than not, these disputes are sent back to the merchant, and the customer gets their money back without needing to return the product.
This is usually an example of an individual chancer taking advantage where they can, as opposed to a COR. However, it can still be an expensive problem for businesses, damaging profits as well as muddling stock inventories.
Retail Arbitrage Fraud
Retail arbitrage fraud can have a huge impact, not only on individual companies but across entire marketplaces. Bots enable fraudsters to purchase massive quantities of discounted products and sell them at increased prices to gain profit. This can result in huge disparities in product prices and can be very damaging to sales and the customer experience.
The speed at which bots are developing and learning makes this very difficult to identify and prevent, but technologies are available which can facilitate the tracking of retail arbitrage fraud. It’s also a method that is reasonably easy to spot as it’s very unusual for a legitimate customer to purchase many versions of the same item. This might be a good indicator that the product is not intended for use by the customer, but for reselling.
Refund fraud is another technique that is run by a sole fraudster, although it can also be run by CORs. It can take many different forms, but is essentially based on requesting a refund for a product under false pretenses; be it claiming that the item did not arrive, that the box was empty, or using a fake tracking ID.
The fraudster ends up being able to keep the product while also pocketing the cash.
This form of fraud waits in hiding until the customer has completed their order. The fraudster will contact customer service under the pretense of being the legitimate customer, change the shipping address and claim the products for reselling.
This requires the fraudster to gain access to the customer’s account details, in order to see the information relating to the purchase. It is, again, not a method reliant upon stealing credit card information but can be as simple as purchasing usernames and passwords from the darknet.
This, in turn, impacts the company as the customer will not receive the goods as they wanted them and end up requesting a refund or another product to be sent.
The takeaway from this should be that noticing fraud is about noticing breaks in patterns or new patterns emerging. For the most part, legitimate customers will function on e-commerce sites in a consistent manner. Fraudulent customers will behave unusually.
They might frequently create new email addresses and usernames or make lots of repeat purchases, they might ship products to multiple or unusual addresses, and they might have several credit cards linked to a single IP address.
This being said, it would be silly to be just “keeping an eye on things” to protect your company from being taken advantage of. In the same way, your company might have business phone systems in place, structuring and organizing communications with your customers, you should approach fraud in a methodical and efficient manner.
You should cover all your bases, and use the technology available to you to sift through the data, brought to your attention and prioritized.
PREVENTING FRAUD AND MACHINE LEARNING
Once you have noticed fraudulent activity, you can go about preventing it. The question that must be considered, however, is how we can prevent fraud without decreasing customer satisfaction.
There are many different methods for combating fraud and function to varying degrees of success. Several of these techniques are demonstrated in the graph above.
There are basic and simple steps you can take to prevent fraud. For example, by implementing risk-based or step-up authentication, or having card security code requirements. Risk-based authentication could, for example, be requiring high-strength passwords from your customers, but ultimately it comes from placing a risk assessment on every purchase.
The higher the risk, the further your authentication process should step up to protect the company and the customer. This can include security code requirements. Something as simple as asking for a security code at the point of purchase can prevent fraudulent CNP transactions.
It, too, is important to make sure that at least some of your customer service reps are trained in understanding and dealing with fraud. By having some customer service representatives appropriately trained up, you can use a call in queue system to triage customers and ensure that fraud-specific issues are dealt with efficiently and correctly.
Perhaps the most significant development in fraud prevention can be found in machine learning. According to the 2021 Global Payment Risk Mitigation report, more than 69% of merchants use machine learning tools to limit fraud.
Machine learning is one of the forms of artificial intelligence that we are seeing put to use in many industries, from journalism and verifying information, to complex surgeries done by robots instead of doctors.
The basic premise is that the AI takes data from every customer interaction, analyzing it for a variety of behavior-based biometrics, and creating a map that demonstrates the likelihood of fraud.
The biometrics considered could be those demonstrated in the table above.
We already know that, in general, legitimate customers behave in a similar and consistent way. They log in, they browse, and they purchase. While fraudulent customers will also do this – as previously noted in this article, there are inconsistencies in their behavior.
Some of these can be spotted with the naked eye and use of our intuition. But the reality is that we will never be able to spot patterns as well as a machine programmed to do so.
AI machines can see the nuance in behaviors and draw up a more detailed and illuminating image of the prevalence of fraud experienced by a company. Machine learning can come in two forms; unsupervised, where the machine is left to teach itself, and supervised, where we intervene and input labels into the code to help guide the analysis.
The below graph demonstrates the impact that machine learning – both supervised and unsupervised – can have on our efficiency in identifying fraudulent behavior on e-commerce sites, by separating behavior types into clear sections.
To summarize, the most important part of preventing fraud is by first noticing it. Having a clear understanding of the types of fraud out there, and the obvious signs indicating fraud is the first step to combating it.
Through the use of machine learning, and implementing security checks throughout the transaction, you can further your company’s protection and prevent your e-commerce business from losing money to fraudsters.
The FDP or fraud detection and prevention market is foreseen to surpass $63 billion in 2023, reiterating how important it is for e-commerce companies to invest in some sort of protection. Unfortunately, fraudulent customers will always be out there attempting to take advantage of any loophole possible.
Working to be one step ahead, you can minimize damage, bringing both your business and customers a safe, secure, and enjoyable e-commerce environment to operate in.
Grace Lau is the Director of Growth Content at Dialpad, an AI-powered cloud phone system that makes managing remote employees simpler and easier. She has over 10 years of experience in content writing and strategy. Currently, she is responsible for leading branded and editorial content strategies, partnering with SEO and Ops teams to build and nurture content. Here is her LinkedIn.
When I woke up this morning, the first thing I did was to ask Alexa, Amazon’s voice assistant, to …