While the internet is a boon for everyone in several ways, internet security has now become a common problem for all users. If you thought shopping online is less prone to crime just because thieves cannot get hold of your goods, you are completely wrong. Online or ecommerce fraud has increased at a rapid pace over the past couple of years, and is now one of the major concerns facing ecommerce business owners and online shoppers alike.
What is Ecommerce Fraud?
In short, ecommerce fraud, also known as online fraud, is basically an illegal activity performed by a cybercriminal on an ecommerce website. It results in activities such as illegitimate refund requests, stolen products, and/or unauthorized transactions.
Who is more susceptible to ecommerce fraud?
Online stores that accept credit card payments happen to be the number one target of online fraudsters. While ecommerce fraud can happen any time, some of the busy shopping times of the year, such as during the holidays, black Friday, cyber Monday, etc., are when shoppers and ecommerce stores happen to be more vulnerable, and hence, fraudulent activities increase considerably during those times.
This is because, your ecommerce store will handle several transactions during these times of the year, making it easy to ignore a fraudulent transaction.
Types of Ecommerce Fraud
Do a little research and you will come across a wide range of ecommerce fraud, from the usual credit card fraud to refund fraud to some unknown names, such as triangulation fraud, friendly fraud, and more. Some of the most common ones are:
Identity theft is perhaps the most common of all ecommerce fraud types, and with many new and innovative methods being found by cybercriminals to steal identities, this fraud has become one of the top concerns for online retailers.
This method involves the process in which cybercriminals steal the sensitive data of others and use the same to perform online transactions pretending to be the victim. The information that often get stole include credit card numbers, usernames, and passwords.
Also known as casual fraud, this type of online fraud is known to be performed without any malicious intent, because it is done by an original customer who makes a purchase but forget about it and request a chargeback for some reason.
Otherwise called phishing, this is a fairly old technique and carried out all across the globe. Here, cybercriminals act like an ecommerce company to gather personal information from customers.
When a customer orders items from a website using credit or debit card, he or she waits till the products get shipped and then initiates a chargeback, claiming their identity to be stolen. This lets them have the products for free.
As the name suggests, this online fraud involves three steps: firstly, cybercriminals establish a bogus store and collect customers’ personal information and credit card details; the collected data will then be used to make purchases, which will then be shipped to the actual card owners; and lastly, the same details will be used to make further purchases.
According to the Association of Certified Fraud Examiners (ACFE), about half of the small online businesses experience fraud at some point in time. To be honest and practical, you cannot completely prevent or protect your ecommerce business from fraud; however, you can most certainly detect the same and take some preventive measures to reduce the damage.
Ecommerce Fraud Detection
Look at the Location
When a transaction is made on your ecommerce platform, the IP address, billing address, and shipping address should all be almost in the same location in order for the transaction to be considered secure. If you happen to find the addresses to be too far from each other, it has to be checked out more carefully.
Address Verification Service
Also known as AVS, this is a tool that helps prevent fraudulent credit or debit card transactions. This service basically checks the customer’s address provided during checkout with that of the one registered with the issuing bank. While a mismatch in the addresses may not necessarily signify a fraudulent transaction, it indicates you to take a better look at the other aspects of the particular transaction.
Google to the Rescue
When you find an order to be fishy or high risk, one of the best and easiest ways to reduce the associated risk is to Google the customer and try to find their active social media account.
Different Shipping and Billing Addresses
Cybercriminals, in order to receive the products of their fraudulent purchase, often tend to use an address that is different to the billing address. Therefore, if you find a transaction with different shipping and billing addresses, consider it to be a red flag.
Many a times, fraudsters follow a pattern; for instance, if you happen to notice several failed attempts for making a purchase with different card numbers, all in succession, then there is every chance for it to be a fraudulent transaction.
Ecommerce Fraud Prevention
As an online retailer, one basic step you need to take is make your website PCI compliant. The Payment Card Industry Security Standards Council (PCI SSC) is a global forum of brands such as American Express, MasterCard, Visa, etc., that has in place some best practices to help ecommerce businesses protect their customers’ sensitive data as well as themselves. This step is mandatory for all companies that accept credit card payments.
By complying to PCI, you will be required to change the default passwords on all your network equipment and use firewalls to safeguard your customers’ financial and other sensitive data. Moreover, attaining this compliance doesn’t require you to do anything complex; it involves only a few basic steps.
✓ Have Strict Password Requirements
With so many new and improved technologies, programs, and techniques available at their disposal, cybercriminals can easily crack a simple password running through different alterations of the same. Therefore, having strict password requirements is necessary to prevent ecommerce fraud.
Ask for the use of at least eight letters in a password, along with at least one special character, number, and capitalization each. Also, make it clear for your customers that such strict requirements are for their own safety.
✓ Always Ask for CVV
Asking for a purchaser’s Card Verification Value (CVV) is another excellent way to prevent ecommerce fraud in 2019. This is basically a three-digit security code (some cards have four-digit CVV) printed on the physical card (usually on the back). According to PCI SSC, online retailers are forbidden from storing customers’ CVV along with the person’s name and credit card number, and this makes this fraud prevention technique extremely effective.
✓ Use AVS
Address Verification Service (AVS) is yet another security measure that you can use to prevent fraudulent transactions made using credit or debit card on your website. As the name suggests, this service compares the address entered by a purchaser with the billing address available with the credit card company to make sure both are the same.
✓ Keep All Your Software Up-to-Date
Right from your operating system to your shopping cart software, always make sure that everything is up-to-date, and that you are using the latest versions of everything. This is because software providers constantly provide updates that come with many security-based improvements to protect you from different vulnerabilities and thus prevent fraud. This makes it difficult for hackers and other cybercriminals to take down your website and its features.
Ecommerce fraud isn’t something you can expect to decline or go away anytime soon. In fact, the threats are only increasing year after year, and your best option is to take all possible measures to prevent them from happening to you and your customers in the first place.