eCommerce fraud has been increasing and continues to be on the rise. Projected losses from credit card fraud are expected to reach nearly $50 billion by 2025.
Merchants new to eCommerce may be aware of eCommerce fraud but aren’t familiar with how it works or most importantly, how to protect themselves and their customers. The most important step a merchant should take to combat eCommerce fraud is to gain an understanding of what it is and how it can impact their business.
What is eCommerce Fraud?
eCommerce fraud involves the pursuit of financial or personal gain using tactics on the internet to deceive both a merchant and an unknowing customer.
Why Does eCommerce Fraud Happen?
A number of factors make it easy for fraudsters to commit eCommerce fraud.
Access to Stolen Credit Card Information
It has become quite easy to find stolen credit card information on the dark web, thanks to security breaches that large retailers and even some payment processors experience. In fact, at least 23 million stolen credit cards are available for sale on the dark web at any time. This is why eCommerce merchants must secure their websites and put fraud prevention strategies in place to protect themselves from being hacked.
Another factor is the anonymous nature of online transactions. Merchants simply don’t know for an absolute fact that the person on the other end of the transaction is who they claim to be. In a brick-and-mortar store, staff are trained to look for body language and other cues that indicate potential fraud. Without person-to-person interaction, merchants must rely on the data provided. They can and should have verification tactics in place that help deter fraud, but there is still an element of risk.
Less Threat of Investigation
Fraudsters are clever. They know law enforcement is more likely to investigate a physical robbery than an online fraud, especially when the individual fraud transactions aren’t large enough to attract attention. Merchants without the proper prevention strategies in place don’t even know fraud is happening. When merchants do discover fraud, they are usually left to investigate on their own, unless they have a fraud protection partner.
The next step in understanding eCommerce fraud is knowing what fraudsters’ go-to tactics are.
Types of eCommerce Fraud
eCommerce fraud falls into multiple categories, but the most common type involves stolen credit cards and credit card information.
Card-not-present (CNP) fraud happens when a fraudster uses a stolen credit card or stolen credit card information to make purchases.
Here’s how it works: A fraudster uses a stolen card to make an online purchase. The actual cardholder sees a transaction they didn’t make and contacts the credit card company to contest the purchase. After some level of investigating, the credit card company refunds the cardholder’s money for the purchase and reverses the payment made to the online retailer plus a fee. This reversal plus the fee is called a chargeback.
It’s important to note that high chargeback rates are a red flag for credit card companies. If a merchant’s chargeback rate becomes too high, they are usually placed in a monitoring program. The merchant could permanently damage their relationship with the credit card company, and they could even be considered too much of a risk for other credit card processors.
Chargeback fraud is like CNP fraud in that there is a purchase made that is contested and, subsequently, refunded. But the difference is this fraud is often committed by credit card holders who count on merchants not having the time or resources to dispute claims. Chargeback fraudsters tend to do this for several reasons:
- They are looking for free products
- They are impulsive and end up having buyer’s remorse
- They are unsuccessfully hiding purchases from joint account holders
- They are trying to lower credit card balances
Friendly fraud doesn’t sound like fraud at all, and sometimes it isn’t. It’s the term used to describe when a customer makes a purchase with their own credit card and contests the charge. This fraud is referred to as “friendly” because there are legitimate situations when the customer’s claim is valid. Stolen packages, returns without a refund, and customers not recognizing the merchant’s name on their credit card statement are all examples of non-criminal friendly fraud. Although friendly fraud isn’t as common as CNP or chargeback fraud, it can become costly.
Maintaining detailed records and implementing fraud detection strategies are instrumental in helping your fraud analysts or fraud protection partner quickly and easily determine if malicious activity is happening.
How Is Fraud Detected?
Fraudsters are very well-versed in fraud prevention techniques, which makes fraud difficult to detect. However, there are some ways merchants can detect potential fraud.
Pay Attention to Red Flags
Merchants should look out for these red flags:
Unusual Customer Behavior
Keep track of your customers’ shopping and spending habits. If a customer’s order total is much more than they’ve spent in the past, you should examine further. Look for large multiples of a single SKU in one order, multiple addresses for a large transaction, or multiple purchases in a row. Any of these factors combined with expedited shipping could be a sign of foul play.
If you’ve consistently been shipping to your customer at the same address and they suddenly want to ship half-way across the world, or if you suddenly receive multiple orders from an obscure location, you may be dealing with fraud.
Multiple Declined Transactions
We all make mistakes when entering information manually. But when a purchaser makes four or more unsuccessful attempts to enter the credit card number, expiration date, and/or CVV code, something is likely amiss.
Take Advantage of Fraud Filters (But Be Aware of Their Limitations)
Almost every eCommerce platform has fraud filters to detect fraudulent transactions. Filters like an address verification service (AVS) that declines or flags transactions where billing and shipping addresses don’t match is quite useful. So are card verification value (CVV) filters and IP address mismatch filters.
Where merchants get into trouble is when they start using static filters that decline transactions based on factors like total sales volume for a particular time frame, time of day, transaction amounts, and other static measures. These fraud filters don’t consider the nuances of peak sales events like Black Friday, closeout and clearance sales, personal events like travel or wedding planning, and other unique circumstances when it’s difficult to determine whether a transaction is actually fraudulent.
This is important because fraud filters on their own can decrease a merchant's approval rate — the number of valid transactions being processed — and increase its false declines rate, which can lead to lost customers and, ultimately, lost revenue.
A false decline happens when a legitimate transaction is declined when it shouldn’t have been. They account for 58 percent of legitimate orders and are a source of embarrassment and frustration for consumers. Nearly one third of customers will never shop with a merchant again after a false decline. When you look at the Millennial population, that ratio is closer to one half.
The financial losses attributed to false declines are projected to reach $443 billion by 2021, where losses due to eCommerce fraud is projected to reach $6.4 billion in the same timeframe. That means false declines are on pace to cost merchants 70 times more than the fraud they’re intended to prevent.
Clearly, merchants need solutions that prevent eCommerce fraud without increasing buyer friction and decreasing customer satisfaction.
Preventing eCommerce Fraud
Preventing eCommerce fraud isn’t a simple process. It requires a keen understanding of how fraudsters commit fraud, ongoing expertise in the latest tactics to identify and stop fraudulent practices, and a combination of manual and technical tools. Here are some suggested steps merchants can take.
Audit Your Site Security
Make sure all your software and plugins are up to date. If your store isn’t PCI-DDS (Payment Card Industry Data Security Standard) compliant, it should be. Check your backup schedule and make sure it is based on your site’s traffic and unique needs. Confirm the strength of admin passwords and create a top-secret policy for changing them.
Look for Red Flags
Use the list of red flags mentioned in this post and others your team identifies as pertinent to your online store to monitor for suspicious activity. Flag any customers, cards, or products that are or may be associated with questionable transactions and take a closer look.
Perform Manual Reviews
As important as filters and machine intelligence are for fraud prevention and detection, a manual review can be highly effective in finding fraud. It adds context and allows you to see nuances that software may not recognize. Manual fraud review is especially important for new customer transactions to set a baseline and make sure that they are, indeed, legitimate new customers and not fraudsters establishing a pattern that your tools won’t recognize as suspicious in the future.
The challenge with manual reviews is they are time consuming. Most merchants don’t have the resources or expertise in house to conduct the level of manual review needed for it to be useful. This is where fraud prevention solutions can be beneficial.
Choose an eCommerce Company That Also Offers Fraud Prevention Expertise
eCommerce platforms like 3dcart are partnering with fraud protection solution providers to offer integrated solutions that address fraud prevention. So, set up your eCommerce site and payment gateway with a company that is dedicated to helping you prevent and detect fraud. ClearSale’s partnership with 3dcart gives customers fraud protection that helps reduce chargeback and false decline rates that plague so many eCommerce retailers and threaten their relationships with payment processors.
For several years, the ClearSale and 3dcart partnership has helped merchants not only complete more sales but also protect their shops from fraud allowing them to focus on other facets of their business. We value our partnership with the 3dcart team and look forward to the continuation of this relationship for many years!