How to Avoid E-commerce Fraud

Theft has always been a bane in the life of anybody who sells anything, and as the habits of shoppers have changed with the rapid growth of E-commerce, so have how bad actors will try to take advantage as well. The growth of online sales has brought about an explosion in online fraud, and protecting businesses from this explosion has become a multi-billion pound industry in its own right.

And while suppliers of merchant accounts, payment processors and gateways will do what they can to limit fraud, as an E-commerce retailer you also have a responsibility to limit fraud yourself. After all, the cost of living crisis is continuing to bite hard and staying afloat can be difficult enough at the best of times, so what are the most common types of E-commerce fraud out there and what can you do to help its proliferation?

What is E-commerce Fraud?

Broadly speaking, E-commerce fraud is an umbrella term for fraud schemes that specifically target E-commerce businesses, in particular transactions conducted electronically over the Internet, typically through an online store. These transactions are usually made from desktop computers, laptops, tablets, and phones.

Which Types of Businesses Should Be Worried About E-commerce Fraud?

Online Retailers

All online retailers need to be aware of the patterns that come with fraudulent transactions. They’ll usually cost you money in the end!

Payment Processors

E-commerce fraud affects both retailers and payment processors, so processors themselves are in the frontline of the battle against it.

Digital Content Providers

If you produce digital content for a paid audience, E-commerce fraud could cost you a considerable amount of money in missing revenue.

Subscription-based Services

Offering a service to pay by subscription can bring otherwise unaffordable services and products into the price range of a wide range of consumers, but you will miss out if you don’t pay attention to the efforts of bad actors.

Marketplaces, Auction Sites, Travel and Event Booking Sites

Such websites rely to a considerable extent on the trust of both buyers and sellers and losing that confidence could have serious ramifications for your business.

Understanding E-commerce Fraud: Types and Tactics

As E-commerce fraud is constantly evolving, this list cannot ever be definitive, but these are some of the most common types that have been found and the ways in which they are exploited.

Friendly Fraud (Chargeback Fraud)

Friendly fraud occurs when consumers use the chargeback process incorrectly, and sometimes there will be malicious intent behind this. Items will be purchased as part of a premeditated plan to later dispute the purchases so they can have goods or services for free.

Unauthorised Transactions

Consumers call their banks to dispute charges they don’t recognise or don’t realise were made. For example, a third party might use somebody else's card without their knowledge, or a cardholder might forget about a subscription purchase.

Account Takeover (ATO) Fraud

ATO fraud happens when a bad actor forcefully gains access to customer accounts. Once into an account, the fraudster can steal personal and payment information, change account details, or make purchases with no concerns over whether that transaction is later disputed or not.

Promotion Fraud

Promo abuse can refer to any situation in which customers take advantage of a business's promotional offers in a way which was not intended by the merchant, for the purpose of monetary gain. This may include the abuse of discount codes, new customer referrals, or sign-on bonuses.

Refund Fraud

Refund fraud takes place when someone tricks a company into giving them money back for a product or service they didn't buy, or when they falsely claim there's a problem with the product or service they received.

E-gift Card Fraud

Egift card fraud is a scheme where a fraudster buys gift cards online using stolen payment information and then uses or resells them. Because egift cards don’t require buyers to attach hardly any personal details to them, fraudsters can easily get away with scams, and once that money has been spent, it's been spent.

Retail Arbitrage Fraud

This type of fraud involves multiple different E-commerce stores, purchasing similar-looking but differently priced goods, and returning the cheaper item as the expensive one and profiting off the difference.

Interception Fraud

Interception fraud occurs when fraudsters make online purchases using stolen credit cards. They ship to a valid billing address linked to the stolen card, which will bypass checks that look for discrepancies between billing and shipping addresses. Once the transaction is complete, the fraudster will find a way to intercept the goods.

Triangulation Fraud

Triangulation fraud occurs when a criminal ‘sits’ between a legitimate customer and a retailer. With a fake storefront, fraudsters can intercept a customer’s payment while they are making a purchase. They take the money and can also steal the customer’s credit card details. On a third-party marketplace, fraudsters use fake seller accounts to accept customer payments, but they cannot view or steal credit card details. In both scenarios, the fraudster fulfils the customer’s order using someone else’s stolen credit card details.

Identity Theft

Identity theft occurs when someone steals sensitive information such as a name, personal information, financial information or any other information that is specific to an individual and then uses them to commit a crime, such as opening bank accounts or obtaining credit cards, loans, state benefits, driving licences or passports in that name.

Affiliate Fraud

Affiliate fraud refers to any fraudulent activity conducted to generate commissions from an affiliate marketing programme. In affiliate marketing, publishers and website owners can insert tracked links in their content that lead to a company’s online store, product pages, and registration pages. When a specified action takes place, such as a registration or sale of a product, the affiliate is paid a commission. Affiliate fraud involves gaming programmes with fake activity to generate new commission payments or increase the amount of the payments.

Dropshipping Fraud

Dropshipping is an order fulfilment method that does not require a business to keep products in stock. Instead, the store sells the product and passes on the sales order to a third-party supplier, who then ships the order to the customer.

Dropshipping in itself is not necessarily always a scam, but scammers are increasingly using it to mislead customers, often promising items shipped directly from China with no idea of their quality and a significant markup on the price included. Other variations of this form of fraud include companies that don’t even send their orders out in the first place.

The Impact of E-commerce Fraud on Businesses

There can be no doubting the impact of E-commerce fraud on businesses.A study produced by Crowe, Peters & Peters with the University of Portsmouth in 2023 found that in 2021 the total amount of fraud perpetrated in the UK amounted to more than £200 billion, with almost 73% of that figure - an astonishing £157.8 billion - affecting private businesses and £8 billion affecting private individuals.

These figures represented increases of 12% in the overall volume and 22% against private individuals since 2017, and they’re even considered to be somewhat on the light side since some businesses are believed to lack the tools to properly measure fraud, or obscure it for fear of drawing attention to practices that may see them penalised for breaches in data or financial security.

E-commerce Fraud Prevention Best Practices

Just because there seems to be an ever-proliferating number and range of E-commerce fraud types, the number of actions that you can take to protect your bottom line has increased as well.

Use Machine Learning/Artificial Intelligence

Traditional brick-and-mortar stores hire fraud prevention officers to catch shoplifters, and you can protect your online store against fraudulent transactions by monitoring your store for suspicious activity using machine learning, or AI. Use tools that track customer IP addresses and alert you to such potential issues as addresses from countries known as a base for fraudsters.

Integrate Multiple Data Sources

By bringing all your information about your customers and orders under one roof, you should be able to more quickly identify any orders or customers which raise alarm bells. Monitor your accounts and transactions for red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers.

Monitor Security Posture

A cyber security risk assessment helps you identify and prioritise threats, including uncovering security blind spots, identifying and prioritising key risks and allowing you to demonstrate improvements and any Return on Investment that comes with neutralising them.

Identify Risks

The risks that your business faces will be determined by the exact nature of what your business does. It is, therefore, imperative that you understand the nature of your customers and how they do business with you, to be able to scrutinise those anomalies. Knowing your customer is the first step on the way to being able to successfully identify and mitigate the risks that may affect your business.

Install Updates in a Timely Manner

Software and firmware updates can be a pain in the backside, but they usually contain important security updates which you need to install as soon as you're able to. Remember that bad actors will look to exploit vulnerabilities in your systems. Keeping them up to date is the most important single step that you can take to make their job considerably more difficult!

Authenticate Users

Authentication verifies a user's identity, usually through a username and password. You can prevent unauthorised access to your systems and data by authenticating users. In addition to preventing unauthorised access, authentication can also help to prevent fraud. Multi-factor authentication, which may require a customer to key in a one-time passcode sent to their preferred device, will add an extra layer of security to this.

Customise Policies

Robust anti-fraud policies and procedures are essential to any fraud prevention strategy. As you integrate employee fraud prevention training into your strategies, it is worth reviewing your anti-fraud policies and procedures to make sure they are robust. If you change anything, make sure that everyone knows about the changes. Regularly reviewing your anti-fraud policies will reinforce them. It may also be worth periodically reviewing the policies and procedures with your staff to ensure that everyone is up to date.

Engage in Manual Reviews

Automated reviews of purchases and the use of AI and machine learning will get you so far, but they may not get you in terms of identifying fraudulent behaviour. Manual reviews of orders can be time-consuming, but sometimes nothing beats a pair of human eyes in identifying suspicious transactions.

Choose Your Payment Processor Carefully

Customer security is paramount when handling their payment data. A data breach can have severe consequences for your business, including financial penalties and damaged reputability. Therefore, ensuring your payment processor complies with industry standards like PCI DSS is essential. This certification indicates that the processor follows stringent security protocols to protect sensitive information. Additionally, it's wise to consider the processor's fraud prevention measures, data encryption, and tokenization capabilities. A secure payment processor protects your customers and safeguards your business's reputation.

Require Card Verification Value (CVV)

The Card Verification Value (CVV) requires a customer to provide a separate three or four-digit identifying code that is physically printed on their credit card when they make a purchase. It is illegal for merchants to keep CVV data on file. This offers an extra layer of security to all card purchases.

Use Hypertext Transfer Protocol Secure (HTTPS) for Data-in-Transit

HTTPS is the protocol that sends data between your online store and your customer’s browser. With HTTPS, you encrypt the data-in-transit to protect customer information like name, address, and payment card number. Increasingly, the most popular browsers will flag to end users if your online store doesn’t use HTTPS protocol; not doing so will damage customer faith in your business.

Minimise Data Collection

Hackers can only steal information that you hold on your customers, so the less that you do hold, the less valuable your systems will be to them. Remember that this isn’t just a matter of good practice; it’s the law. GDPR (General Data Protection Regulations) requires that personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Set Purchase Limits

One of the biggest red flags when it comes to E-commerce fraud is multiple purchases in a short amount of time or sudden large purchases after several smaller ones. Legitimate customers will be unlikely to act in such a way, so one effective way of identifying fraudulent activity is to set a limit on the number of purchases (and/or the value of them) that any card can make over a fixed period.

Compare IP Address and Billing Address

Every order placed on your online store comes from a unique, public IP address (a string of numbers separated by periods that identifies each computer which communicates over the Internet). From the IP address, you can generally detect the city or region of the world where the purchaser is making the purchase. If this city or region does not match the address of the credit card being used, that’s a red flag.

Use Address Verification Services (AVS)

Credit card processors and issuing banks will usually offer an Address Verification Service to detect suspicious credit card transactions in real time and prevent credit card fraud. The Address Verification Service checks the billing address submitted by the card user with the cardholder’s billing address that’s on file with the issuing bank. This check takes place as part of the merchant’s request to the payment processor for authorisation of the credit card transaction. When addresses don’t match, the system either declines the transaction or flags it for investigation.

Monitor Chargebacks

Chargebacks, whereby a customer requests money to be refunded back to them after completion of a transaction, are one of the biggest banes of the retail business world. The better you keep records of all transactions, the easier it will be to dispute chargebacks. So keep all receipts, invoices, date and time of transactions, and correspondence with customers. Name all these records appropriately so they’re easy to find too. Build a process around transaction documentation so you don’t have to start again from scratch for every chargeback.

Communicate with Competitors and Industry Organisations

The type of scams that people may attempt against your business will probably be specific to the business that you do. Therefore, it makes perfect sense to talk to other business owners in the same sphere as you to discuss emerging trends in this area and pool knowledge on how to combat them. Many businesses have trade associations which may have security information that is specific to your area of business. Your local chamber of commerce is a great place to start.

E-commerce Fraud Trends and Future Predictions

There is no question that businesses need to be proactive when preventing and combating E-commerce fraud, including gaining an understanding of trends and systemic conditions that influence how the fraud is perpetrated or where vulnerabilities can be found. As we’ve already seen, how customers make payments is changing enormously, and while this offers the genuine customer greater variation than ever when it comes to making payments to you, it also affords new opportunities to those with bad intentions. For the health of your business, it pays to stay abreast of the latest trends in E-commerce fraud.

Growing Sophistication of Attacks

Fraudulent actors are constantly developing new tactics and refining their methods, making it increasingly difficult for businesses and customers to detect and prevent fraudulent activities. Remember that how they attempt to defraud you will continue to evolve, so you should try to stay ahead of the curve in terms of understanding the sophistication of the attacks that are being attempted.

Rise in Mobile Commerce Fraud

With the increasing popularity of mobile shopping, fraudulent actors are shifting their focus to mobile platforms. Businesses need to adapt their fraud prevention measures to address the unique challenges associated with mobile commerce.

Increased use of Artificial Intelligence (AI) and Machine Learning

As mentioned above, businesses are increasingly using AI and machine-learning tools to analyse vast amounts of data and identify fraud patterns more efficiently. But fraudulent actors are also using these technologies to create more precise attacks. As AI and machine learning become increasingly sophisticated, we can also expect to see how they’re used for fraudulent behaviour to grow in sophistication too.

Growth in Account Takeover Fraud

With more data breaches and a greater amount of personal information available on the dark web than ever before, account takeover fraud is expected to continue rising. Criminals use this information to access and compromise online accounts, leading to unauthorised transactions and other malicious activities.

Increased Focus on Data Security and Privacy Regulations

The likelihood is that in the future, meeting the bare minimum to reach regulatory minimum levels will not be enough to persuade customers to trade with you. It has been shown time and again that security is at the top of customer expectations when purchasing goods online, and as customer awareness of data privacy and security grows, businesses will need to comply with stricter regulations and invest in more robust security measures to protect customer data and prevent fraud.

Collaboration and Information Sharing

It is worth remembering that we are still relatively in the infancy of E-commerce and that the landscape for combating it will change over time. Businesses, financial institutions, and law enforcement agencies are already increasingly collaborating and sharing information to combat e-commerce fraud more effectively. This includes establishing dedicated task forces or industry-wide initiatives to address the evolving threat landscape.

Growing Role of Biometrics and Behavioural Analytics

Biometric authentication, such as fingerprint or facial recognition, and behavioural analytics that assess user interactions with devices and platforms, will play a more significant role in fraud detection and prevention efforts.

Fraudsters and scammers are getting ever more sophisticated in how they attack online merchants, and the number of attacks on web stores is increasing as E-commerce grows in popularity. But merchants are also getting more sophisticated in how they detect and deter online bad actors.

But once you understand what E-commerce fraud is and why it is so prevalent, and once you learn how to detect online fraud, you are empowered to take the necessary steps to prevent fraud on your online store. Theft has always been a feature of the life of anybody who sells anything, but so has security and so are profits, and by taking control of the former of these you can start to grow the latter very quickly.