Ecommerce Fraud Prevention Tips & Tactics
December 28, 2021
The Bolt Team
Investing in smart fraud prevention is critical to your ecommerce business’ success. Here are some ecommerce fraud prevention tips and tactics you can use.
Should you be worried about Ecommerce fraud?
Online retail purchases continue to grow and are set to account for nearly 20% of all US retail sales by 2024. As electronic transactions have increased, so too have Ecommerce fraud and online scams. Retailers face an average of 206,000 web attacks per month in 2020, according to Signal Sciences.
In 2019, the FTC registered a staggering 1.4 million fraud reports from the prior year, an increase of over 100% since 2010. The cost to merchants is devastating. Every $1 of fraud costs Ecommerce merchants $3.60. That’s 15% higher than in 2019 and 7.1% higher than 2020, according to the Lexis Nexis Risk Solutions 2021 True Cost of Fraud™ Study.
In addition to costing billions of dollars per year in lost revenue, fraud can also endanger customer goodwill and trust. And when it strikes, it can sour your online reputation.
Fortunately, forewarned is forearmed. Knowing the most common types of Ecommerce fraud (and how to prevent it) can help you protect your business, your customers, and reputation.
What are common types of Ecommerce fraud?
When you know how bad actors are operating, you can protect against them. So let’s look at four types of Ecommerce fraud prevalent today.
Chargeback fraud is one of the most common types of Ecommerce fraud. A chargeback is when someone purchases a product or service online and then requests a chargeback from the payment processor.
The perpetrator creates a convincing story to get their chargeback approved. For example, they may say they never received the item or that they canceled their order, but still received it.
Regardless of how it happens, it’s the retailer who suffers. They deliver a product without being paid. And the transaction itself costs money. This form of fraud has risen approximately 20% year after year, leading to over a billion dollars lost.
The problem with this type of Ecommerce fraud is that a good customer may have a legitimate complaint and ask for a chargeback. Unfortunately, it’s all but impossible to tell the difference in advance. That’s why chargeback fraud is sometimes called “friendly fraud.”
Card cracking is the term for card testing fraud. It happens when a bad actor gets access to stolen credit card numbers, either through a skimmer or bought on the Dark Web.
In this type of fraud, the scammer has stolen credit card numbers, but they don’t know the limits on those credit cards. Nor do they know whether the numbers work.
The perpetrator makes small test purchases, usually using a script that goes through all the numbers at random websites. The purchases are often just a few dollars, an amount that wouldn’t ordinarily cause alarm.
But when a transaction is successful, they go on a spending spree. At this point, they move quickly, making bigger, more expensive purchases.
Fraudsters are banking on the fact that people won’t notice their “test” transactions until it’s too late. Unfortunately, by the time the victim learns about the fraudulent activity, the scammer has already tied several large, expensive purchases to the victim’s name using their stolen credit card information.
Account hacking fraud
This type of Ecommerce fraud happens when the fraudster gains access to a user’s account on an Ecommerce website. There are a variety of ways this can happen. Yet, this typically occurs via stolen passwords, a keylogger, and phishing schemes.
Once the user’s account is compromised, the scammer is free to change personal information, make purchases, and withdraw funds. They essentially have full access to the customer’s account.
Unfortunately, the Ecommerce retailer often gets the blame for this. And when it does, it causes irreparable damage to your reputation. Not only can it create a PR nightmare, but you can also lose countless customers’ trust.
Refund fraud describes any scenario in which a bad actor takes advantage of Ecommerce best practices; particularly fulfillment and customer service.
Returns abuse, for instance, happens when someone asks for a refund on a stolen product. Or they may swap price tags on products they’ve purchased to get a larger refund.
Another example is when a scammer uses stolen credit card information to make a purchase. They then contact the retailer, tell them that they paid too much by accident, and request that the overage be reimbursed.
These are just a few examples of common Ecommerce fraud out there. Some types of fraud are more complex, requiring an entire network of scammers to pull them off successfully. However, knowing how to defend yourself and protect your business can help turn the tide against these bad actors.
The hidden costs of Ecommerce fraud
Billions are lost to fraud each year, but most merchants aren’t aware of another layer of cost. When your company is flagged as a high risk, you pay a premium for ordinary operations.
Imagine you suddenly have a large number of chargebacks after a data breach. When this happens, credit card processors deem your business high risk and charge you higher fees
And we haven’t begun to estimate the cost of lost trust and credibility. It’s difficult to put a number on reputation damage because it’s so intrinsically valuable. That’s why it’s critical to implement basic protection and prevention measures. Once Ecommerce fraud has struck your business, it’s too late.
How do I prevent Ecommerce fraud?
Preventing Ecommerce fraud is an ongoing game of cat and mouse. Your goal is to create a frictionless customer experience while making it difficult for bad actors to hack your systems or commit fraud. You must be proactive, staying one step ahead and fighting back against fraud. Here are three ways to do just that:
Create a customer blocklist
A fraud blocklist is a list of accounts, personal information, and transactions that have been confirmed as fraudulent. Some merchants use a blocklist to validate new purchases, hoping to minimize incidents.
By applying such an approach, potential fraud can be predicted. Merchants can track specific parameters such as stolen credit card numbers, email addresses, and IP addresses. They then compare new purchases to their blocklist, and reject any transactions that appear suspect.
Keep an eye on PCI
PCI, or Payment Card Industry, is a global forum that drives the adoption of data security standards for safe payments worldwide. The PCI Data Security Standard is a set of requirements that address how companies store and process credit card information, including personal data.
Compliance with PCI standards is required for accepting payments online. But PCI compliance often lines up with common-sense measures that you are already implementing, regardless of the Ecommerce platform you use. Things like:
- Maintaining a properly configured firewall
- Using strong security passwords
- Protecting cardholder data
- Encrypting personal information and cardholder details across public networks
These measures shouldn’t be taken lightly. It’s important to review your security protocols from time to time to ensure that you’re protecting customer data and protecting your business from bad actors.
Stay vigilant over the holidays
For many retailers, the holidays account for 25% of the year’s total sales, according to Statista.
But the holidays are also profitable for bad actors. From Black Friday to Cyber Monday, New Year’s Eve, and beyond, scammers are banking on retailers and customers being too busy to check their logs or credit card statements.
Here are a few red flags that may signal Ecommerce fraud:
- Suddenly getting an influx of orders from other countries
- A sudden surge of rush orders
- Lots of small purchases
But manually catching these issues can be overwhelming. You need a system in place that reviews your transactions for you.
Fraud detection: the investment that pays for itself
Fraud is an unfortunate side effect of running an online business. Sooner or later, most Ecommerce businesses will have to wrestle with it. But with the proper protections in place, you can escape unscathed.
And you don’t have to be a large Ecommerce retailer to take advantage of it. Smaller companies may benefit most from a good fraud detection solution, especially since they don’t have the expertise or budget to launch full-scale solutions in-house.
With a fraud prevention system like Bolt, you don’t have to worry about the impact of Ecommerce fraud on your business. Let the Bolt fraud detection network look out for you and your customers’ money. So you can concentrate on running your business.