The wide variety of online payment methods plays a big role in the proliferation of ecommerce, but it also provides opportunities for fraud.
The wide variety of online payment methods plays a large role in the proliferation of ecommerce, but it also provides plenty of opportunities for fraud.
Fraudsters work hard to cheat online businesses out of products and money, and are quite accomplished at staying up to date on the latest security trends. Taking proactive steps to protect a business puts it less at the mercy of fraudulent hacks.
Fraud is any course of action that aims to:
- Gain an unfair or unlawful advantage,
- Persuade another to give up an item of a right, or
- Inflict some type of injury
Poor business practices do not constitute fraud. However, intentionally acting to deceive and deprive another is criminal fraud, which is subject to severe fines and penalties.
The History of eCommerce Fraud
Ecommerce fraud only came into being in the mid-nineties, when ecommerce really got going. Along with the excitement of both merchants and customers, fraudulent schemes appeared almost immediately, according to The Fraud Practice. They started at first using false names and stolen credit card numbers and quickly moved to card number generators; within just a few years, fraud practitioners set up dummy merchant sites to collect credit card data from unsuspecting consumers.
Citing a study by LexisNexis, the National Retail Federation reported that on average, retailers lose 0.68 percent of their revenue to fraud, a figure that keeps increasing each year. And dealing with fraudulent transactions requires additional countless hours of work, adding to the total business loss.
Recognizing Online Fraud
It comes in many varieties, but there are some well-recognized ecommerce fraud archetypes.
- Night owls: Many fraudulent orders take place late at night or in the wee hours of the morning
- International orders: Once the package leaves the country, it is gone for good
- Shipments to P.O. boxes
- Express shipping, i.e. a fast getaway
- Orders for numerous big-ticket items
- Billing address does not match the shipping address
- Frequent calls from the purchaser
No one thing on its own indicates fraud, but a combination of factors should send up some red flags. There are hosts of ecommerce fraud schemes as well, according to The Fraud Practice.
One Hit Wonders
A difficult type of fraud to detect, in this technique, a perpetrator appropriates a credit card number and makes single, infrequent purchases of items such as jewelry, cell phones, computers, and gift cards. Prevention techniques include using reverse lookup of address and phone, establishing rules regarding big-ticket items and express shipping, and card security schemes.
A consumer makes a purchase, but then denies ever receiving the item or making the purchase at all. The fraudster often calls his or her bank to dispute the charge.
Exploring the customer’s purchase history may reveal a pattern of “lost” shipments. If this is the case, add their name to a “watch list” to head off problems in the future; additionally, require a signature on delivery requirements or card security techniques.
The thief attacks the same merchant multiple times, but makes changes to vital information so that the items still arrive at the delivery address (e.g. 5th Avenue vs. Fifth Ave.). Detecting and stopping morphers sometime requires only sufficient checks in place, but it may also require looking at prior account activity and information—keeping in mind the various ways to express a name and address—or even tracking the IP address.
Fraud rings are formidable opponents that understand how to find flaws in a business’s fraud prevention tools and then exploit those weaknesses. They first test-run the technique to determine if it will get past security measures. One of the most disturbing facets of fraud rings is that ecommerce sites often know nothing of the attack until the fraudsters are long gone; identifying them may require noticing the use of several similar data points, geolocation, and verifying delivery addresses. Identity theft devastates countless consumers, and constitutes the greatest volume of Federal Trade Commission complaints. Ecommerce merchants must educate consumers about identity theft as a way to lessen its impact, and, at the same time, employ all available fraud screening tools.
New Payment Options Provide New Opportunities for Fraud
A plethora of payment options now exist, all threatened by possible fraud. However, many new systems feature proactive design features to fight fraud.
While Google Wallet is a convenient payment system that not only stores loyalty cards but also payment information, according to the Better Business Bureau, fraudulent fake invoices sent to users have caused problems. Thankfully for consumers, Google Wallet covers 100% of “eligible” unauthorized transactions. Google Wallet also provides protections for merchants:
- Chargeback Resolution Policy that evaluates and fights chargeback disputes
- Automatic fraud detection through advanced risk models
- Buyer information sharing
In 2011, researchers at the Black Hat Security conference revealed two fraud vulnerabilities in Square, which permits credit card payment acceptance through mobile devices. They figured out how to transfer money from a stolen credit card into a bank account associated with Square, having never even swiped the card.
They also discovered they could use Square’s dongle to skim information from cards to create cloned cards, because the dongles use no authentication or encryption technology. While Square’s overall ratings are improving, they still receive many negative posts.
When using a new service, research it, test it, and research it some more before using it to make purchases.
Assuming Responsibility for eCommerce Security
Better data results in better business decisions, and insight into the sales process decreases ecommerce fraud exposure. From real-time validation of purchases to transactional data, ecommerce merchants have tools for reducing fraud exposure.
For instance, real-time contact validation service providers offer data validation APIs that swiftly integrate with ecommerce site internal applications and systems. Not only do these services reduce fraud by validating transactions, they also augment conversion of incoming leads. Taking advantage of the services of those who specialize in ecommerce fraud prevention means fewer losses—and greater revenue.