The pandemic has made the most significant impact on online shopping habits, increasing the overall “population” of ecommerce customers as well as the number of hackers, scammers, and other eager cybercriminals in the field. According to FTI Consulting’s 2019 U.S. Online Retail Forecast, online sales in major markets will exceed $630 billion in 2020, 12 billion of which will be stolen.
Online merchants face an average of 206,000 threats every month, according to Signal Sciences. As a rule, the number of attacks increases on the 15th and 30th of every month, when the number of online purchases spikes and criminals get better chances to disguise themselves as law-abiding buyers.
In 2019, 81% of organizations experienced payment fraud. The statistics demonstrate the continued pervasiveness of this threat while no industry appears immune to potential frauds.
Fortunately, constant monitoring and reliable methods to eliminate potential threats help minimize the number of fraudulent transactions. In this article, we’d like to share a range of ecommerce fraud prevention best practices and techniques that should help you lower the underlying risks in your ecommerce. But what are the risks? Let’s first review how much online merchants lose due to frauds.
How much does fraud cost to online merchants?
Ecommerce sales see unprecedented growth in the past years accounting for $870 billion in the US in 2021, which is a 14.2% increase over 2020 and a 50.5% increase over 2019. With such a high total sales share, ecommerce will remain quite a fertile ground for fraud opportunities.
Juniper Research claims that online merchants will lose $130 billion between 2018 and 2023 due to online payment scams. This is approximately 2% of the whole profit. The number of regular threats is also growing. Today, 344 attacks are made on American ecommerce sites every month, which is 24.2% more than in 2019 (277). In 2020, only 118 (34.3%) threats were timely prevented. A year earlier, 156 (56.3%) fraud attempts were successfully averted.
Every dollar fraudulently earned now costs US retailers $3.36 according to the LexisNexis report. That is, this year, fraud is more expensive by 7.3%.
Built-in protection and filtering tools are provided by most ecommerce platforms and payment gateways. But they simply cannot keep up with the changes in the way criminals work. This makes ecommerce fraud prevention a major challenge for businesses looking to profitably serve a growing number of customers.
Examples of major ecommerce frauds
Consumer associations in Europe are sounding the alarm and taking action to protect customers. Since the beginning of the pandemic, over 40 thousand suspicious domains have been found where the keywords “Covid” or “corona” are used in abundance. Associates have warned against fraudulent advertisements promising an easy cure for COVID with tea, essential oils, and bath salts.
Only Aliexpress removed 250 thousand ads with dishonest advertising. And eBay has blocked or removed more than 15 million scam attempts. In the Czech Republic, a hacker attack shut down an entire hospital. In Germany, experts managed to prevent an illegal deal involving the sale of 10 million masks for €15 million.
Government agencies also fall victim to cyberattacks. In Spain, the government purchased defective test kits. The tests had all guarantees, a certificate for use in the EU, and the specifications met the required quality standards, but turned out to be utterly unreliable.
Charity affected by cyberattacks
In the UK, the National Cybersecurity Center received 160,000 signals from citizens and organizations, and almost 1,500 links to dubious sites were removed. In Bracknell, a local charity was targeted by scammers. The attackers hacked the corporate email database and sent requests to the organization’s partners to transfer 40 thousand pounds on behalf of the chairman of the organization. The respected foundation nearly ceased to exist.
Card fraud in Germany
In Germany, a gang of web fraudsters has been uncovered who purchased train tickets, expensive electrical equipment, and other goods on the Internet using data from criminally obtained credit cards. In total, they used over 7,000 credit cards to purchase about 8,700 tickets, while Deutsche Bahn never received the money for them. The amount of damage was about €750 thousand.
What are the major types of ecommerce fraud?
We’ll mention two of the most common types of fraud that can be encountered most often:
Сriminals make purchases using the victim’s personal data. Most ecommerce stores provide customers with accounts that store personal user and financial data as well as purchase history. Attackers hack these accounts using phishing.
Basically, scammers send out inquiring emails asking users for their account username and password. Getting this info from trustful victims, they then log into the customer’s account, change their password, and make unauthorized purchases. Bots on social networks are also used to obtain personal confidential information.
Personal data theft
Fraudsters manage to break into databases and steal usernames, passwords, credit card numbers, and other personal information. Hackers often sell credit card details to other scammers that use the acquired credentials to open accounts with eСommerce merchants and use the stolen numbers to pay for purchases.
This type of ecommerce scam is difficult to detect because many people don’t check credit card statements and are usually unaware that someone has opened an online account in their name.
On top of these, there are also:
- “Pure fraud” – a stolen credit card is used to make a purchase and fraud detection systems are bypassed naturally.
- “Affiliate scam” – traffic or registration statistics are changed to get more money from affiliate programs.
- Seller fraud – items for sale are offered with a huge discount but are not delivered eventually.
And that’s not all. Web criminals can be much more original when it comes to stealing your hard-earned money.
How do you spot a fraud?
Fraudulent activities are increasingly implemented via advanced technology. But many hackers often leave traces of their crimes. Here are some examples of suspicious behavior that indicate signs of possible fraud:
- Differences in the payment and shipment addresses;
- Multiple orders of the same product item;
- Unusually big order;
- Multiple orders for the same address paid for with different credentials;
- Suspicious international order.
All of these traits can indicate potential fraud, but there are no 100% guarantees. Some perfectly legal transactions can show any number of these warning signs. And it can cost as much, or even more, to refuse them as accepting a fraudulent transaction. That’s why investing in investigating potentially malicious situations becomes critical.
What are ecommerce fraud prevention best practices?
Fraud can be pretty problematic to detect and prevent. The proper level of security awareness, employment of strong technology tools and safer digital technologies should be based on thorough data analysis to see where privacy gaps can be addressed.
A key element in fighting fraud online today is the consideration of interconnections in collected customer data, transactions, and behavior. Here are top ecommerce fraud prevention best practices:
- PCI-DSS Compliance. This set of security standards is designed to ensure that companies accept, process, store, or transmit credit card information in a secure environment. Conduct regular PCI scans several times a year to reduce the risk of platform vulnerabilities.
- SSL certification. SSL certificates help verify your company’s identity and encrypt data in transit. The payment gateway will use online address verification services to verify credit card payments, with verification details provided by your credit card issuer.
- IP address check. If the IP address comes from a random location rather than from the customer billing or shipping address or it’s obtained from a hosting company or proxy rather than from a separate account, you may be dealing with a scammer. It’s best to deploy solutions to track and resolve such inconsistencies.
- Reinforced verification. The approach recommended by most experts offers a proactive solution. 3D-Secure is a step-by-step cardholder authentication process that ensures the sturdy security of all transactions. It usually requires users to enter a security code to validate input. In addition, it transfers the seller’s responsibility for the sale to the bearer bank in the event of possible litigation.
- Use of strong passwords. Fraudsters use sophisticated programs and algorithms to match possible permutations of the password creation string. Define strong (more complex) password structures. On top of that, secure platforms such as Drupal 8 can be deployed to minimize risks.
- Preventing chargebacks. If the seller cannot prove that the transaction was authorized by the owner, the total purchase amount is returned to the buyer who can then keep the purchased items.
- Understanding customer behavior. Real-time analytics tools allow you to see how visitors move around the site and interact with its sections. They also help detect suspicious behavior. If the same credit card is used more than three times a week and exceeds a certain predetermined amount, one should introduce appropriate rules that limit “over-the-top” transactions.
Regular updates to your shopping cart software and limiting the number of rejected transactions for each account are effective ways to prevent fraud. Using advanced platforms like Magento can also add a layer of security and point you in the right direction of how to prevent ecommerce fraud.
Automation of security processes using technologies such as AI, graphical analytics, and automated orchestration significantly impacts the effectiveness of the countermeasures taken, according to a recent report from IBM.
Ecommerce Fraud Prevention: Bottom Line
Fraud is an unfortunate reality to keep in mind if you plan to do business online. However, up-to-date software can help you significantly reduce the number of threats while the methods listed above will aid you in protecting your ecommerce solution from existing hackers and fraudsters.
Ultimately, this will maximize the benefits of online sales. Take the necessary precautions and make the first step ─ partner up with an experienced ecommerce development company to boost business security.