Having a comprehensive e-commerce fraud protection strategy is a must for any business that operates online. If you handle card-not-present transactions (every e-commerce business does), there’s a chance that criminals will find ways to steal from you as well as your customers without ever being caught and charged.
To develop an e-commerce fraud prevention strategy that protects you and your customers without turning away too many legitimate sales, you will need to understand the different types of fraud and effective measures for preventing them.
Types of E-Commerce Fraud
E-commerce payment fraud occurs when a non-authorized user of a credit or debit card uses that card to make purchases online. In the short term, the customer loses money when the funds disappear from their card. In the longer term, the merchant loses the money when the customer issues a chargeback.
Who Commits Payment Fraud?
In some cases, it might be a family member of the cardholder who is using the card without permission, such as the teenage child of parents who regularly let their children use their card or spouses who share a card. In most cases, however, payment fraud occurs when criminals buy stolen credit card information on the dark web and use this information to make fraudulent transactions.
New Account Fraud
Using stolen credit cards, fraudsters can open a new account and place purchases under the name of the cardholder. This kind of fraud is especially hard to detect because you have no prior purchase history from which to compare and detect the fraudulent activity. In new account fraud, the perpetrator can also create a false email account under the person’s name and use their own mobile phone number, so two-factor authentication measures won’t help.
Identity theft is like payment fraud but has the potential for more damage to the customer. After obtaining customer data—name, date of birth, address, social security number, password, and card information—the criminal hacks the customer’s e-commerce (and bank) accounts and makes as many purchases as they can.
Account Takeover Fraud
In some cases, identity theft is coupled with account takeover fraud. The fraudster obtains the customer’s username and password information through phishing emails, logs in as the customer and makes fraudulent transactions. When social media logins are used to make the account creation process quicker, fraudulent logins are even easier to do.
After fraudulent orders are made—especially after an account takeover—the fraudster calls the e-commerce businesses to change the address to which the package will be mailed so that it is posted to the fraudster instead of to the legitimate customer. In this way, they intercept the package to make sure it goes to them.
Triangulation fraud is one of the most sophisticated kinds of e-commerce fraud and the one that can do the most damage to your brand if you don’t invest in e-commerce fraud protection. In triangulation fraud, the fraudster creates a fake store that mimics your company. Then, they use the site to collect customer data when the customers make “purchases” on their lookalike site.
Two Types of Triangulation Fraud
In some cases of triangulation fraud, the fraudster actually places the customers’ orders on your website for shipping to the customer. In others, they simply take the customers’ money and the order never arrives. In both cases, the fraudster uses the credit card information collected to make online purchases for themselves.
Affiliate fraud is a newcomer on the scene that online merchants need to keep in mind. In affiliate fraud, the fraudster uses tracking links illegally in order to generate or increase commissions. A common type of affiliate fraud is called “typosquatting.” With this strategy, the fraudster registers a domain name that contains a common misspelling of your brand’s URL and redirects the customers to your actual site using an affiliate tracking link. They then receive commissions for every purchase the customer makes on your site.
Unlike the kinds of fraud mentioned above, friendly fraud is committed by legitimate customers. After ordering and paying for goods or services, the customer complains—generally weeks or months later—that the goods or services never arrived. They force a chargeback through their issuing bank to have the transaction refunded while continuing to enjoy the goods.
Top Ideas for E-Commerce Fraud Protection
With e-commerce sales increasing each year, you can’t afford to take a lax approach where fraud prevention efforts are concerned. It is estimated that e-commerce merchants lost € 36 billion to fraud globally in 2019. However, it’s not just about the money involved. E-commerce fraud also damages customer trust and brand image and may lead to being blacklisted by your credit card company or merchant bank as well.
The aim of e-commerce fraud protection is to prevent fraud without blocking too many false positives—i.e. losing legitimate sales because they don’t exactly fit the mould. While you will never know a legitimate transaction was lost due to your fraud filters, a customer who has their transaction blocked isn’t likely ever to order from you again.
Make Sure Your Gateway is PCI Compliant
At the very minimum, prevent a data breach from occurring in your store by following the PCI-DSS security standards. These standards are the first step of any credit card fraud prevention plan, requiring such things as point-to-point encryption and restricting access to customer data. If you use a merchant service provider that handles your global payment gateway for you, no credit card information should be stored on your site at all.
Buy an SSL Certificate for Your Website
A secure socket layer (SSL) certificate is a must for e-commerce fraud prevention efforts. This certificate establishes an encrypted connection between your website and the customer’s computer so that customer data can’t be intercepted and stolen by cybercriminals on its way through. Most e-commerce platforms (Shopify, BigCommerce etc.) provide SSL certificates as part of their service. If your store’s URL begins with “HTTPS”, your site is already secure.
Get Trust Badges for Your Website
An important part of fraud management is customer education. You can teach your customers what your legitimate website looks like (and how they know they can trust it) by displaying trust badges, legitimate customer reviews, and a “how you know this is a legitimate site of [brand]” banner when users open your site. Trust badges are usually obtained when you sign up for a fraud protection program, merchant verification service, SSL certificate and so on.
Ask for the Card Verification Value (CVV)
A simple way to make sure the card is actually there is to ask for the card verification value or CVV number that is displayed on the back of the card. While this won’t prevent people from using stolen credit cards, it may dissuade fraudsters who have simply purchased a credit card number online.
Use an Address Verification Service (AVS)
Address verification services or AVS checks if the billing address provided by the customer matches the address that the customer has on file with the issuing bank. If the addresses don’t match, the transaction will either be declined or flagged as suspicious. Please note that AVS only works in some countries and doesn’t check the entire address. However, it can help a lot with e-commerce fraud protection, especially in cases where credit cards from the United States, Canada, Australia, New Zealand or the United Kingdom are being used by a fraudster elsewhere.
Use Two-Factor Authentication
Two-factor authentication adds an additional layer of security by asking the customer to retrieve a code that was sent to their email address or mobile phone—either to sign in or approve a transaction. As mentioned earlier, two-factor authentication doesn’t stop new account fraud because the fraudster can create a fake email address with the customer’s name. However, it can help to prevent account takeover fraud and identity theft.
Don’t Ship to P.O. Boxes
Fraudsters often ask for goods to be shipped to a post office box or freight forwarding service so that they can’t be tracked down. A simple way to deter fraudsters is to state on your website that you will only ship to a physical address and decline (or flag) transactions with shipping addresses that come with a container number, as freight forwarding services often indicate fraud. However, freight forwarding is also often used by expatriates, so it could pay to flag these transactions rather than blocking them outright.
Only Collect the Information You Need
When signing up new customers on your site, keep yourself and your customers safe by collecting only the information you need. At a minimum, you will need the person’s name, card number, billing address and shipping address. However, you don’t usually need their date of birth or social security number. By collecting only a minimum of information, you help to protect your customers from identity theft.
Know Your Customers
Getting to know your customers can help with e-commerce fraud protection. After a transaction goes through, consider placing a friendly call to thank the customer for their purchase and to check that it was really them. This human touch is sure to be appreciated by customers and is likely to increase their loyalty as well. Calling customers after suspicious transactions are flagged is also a good idea. Perhaps the customer is making purchases on vacation and a quick call will clear up any confusion.
Know Your Affiliate Marketers
Getting to know your affiliate marketers is also a good idea if you want to prevent affiliate fraud. While websites like Amazon don’t require your individual permission to make affiliate sales, merchants that aren’t on Amazon can develop a more comprehensive affiliate program with an approval process and individual tracking codes. A periodic review of your affiliate payments can also help you detect fraud.
Offer a Straightforward Returns Policy
Friendly fraud often occurs because a company’s return policy is hard to find, unclear or a refund is not issued on time. The good news is that you can prevent a large number of chargebacks with a clear returns policy and requiring a signature on delivery. By making your returns policy easy to find and easy to complete (and refunding customers’ money promptly), you will remove the need for customers to issue a chargeback if there is a problem with their order. Likewise, requiring a signature on delivery gives you proof that the package was actually delivered.
Use Customisable Fraud Prevention Tools
Finally, online retailers need fraud protection software that will work for them around the clock to keep them and their customers safe. Fraud detection tools look for common markers of fraudulent activity and either flag or decline these transactions. For example, fraud prevention software could be set either to flag or decline:
- Multiple, repeated transactions
- Multiple transactions using different credit cards
- Multiple transactions with the same card and different shipping addresses
- Transactions with an unusually large ticket size
- Transactions from an unusual country
- Transactions for which the customer’s address and the IP address don’t match
In some cases, suspicious transactions may come from legitimate customers. That’s why it’s important to have fraud prevention software that you can customise to accept transactions from a customer you know is on holiday abroad or who has communicated that they intend to place an especially large order.
Use Chargeback Protection Tools
In addition to customisable fraud scrub, the best merchant services also include chargeback mitigation tools to prevent chargebacks before they even go through. When a chargeback is intercepted, you can contact the customer and work to resolve the issue directly without having the chargeback added to your score.
As many merchants know, credit card processors take chargebacks very seriously and can even add you to their industry blacklist, so it’s far better to mitigate chargebacks than to have them add up and suffer the consequences later on.
E-Commerce Fraud Prevention is Possible
With so many different kinds of e-commerce fraud to think about, preventing fraud from occurring in the first place may seem something of a daunting task. Fortunately, using all of the tools above will help you to prevent most kinds of fraud, most of the time. Best of all, effective e-commerce fraud protection will help you win the trust of your loyal customers and give them the