Last editedMay 20223 min read
Ecommerce sales have skyrocketed in recent years, with around1.92 billion people worldwide purchasing services or goods online in 2019. While shopping online can open up new doors for businesses, there are also plenty of challenges associated with increasing payment processing, such as losses due to fraud.
In this post we’ll take you through the most common types of ecommerce fraud with advice on how to prevent falling victim to it.
What is ecommerce fraud?
Ecommerce fraud, or purchase fraud, refers to the fraudulent purchasing of goods online using a stolen or copied credit card. In the case of friendly fraud, which we’ll discuss in more detail below, this involves requesting a chargeback on false grounds with the issuing bank after a purchase has been made, effectively putting a business out of pocket.
In the past, fraud was limited to using stolen credit cards, but now transactions can be fraudulently placed simply by having a copy of the card information. This is known as card-not-present (CNP) fraud, and is on the rise.
Types of ecommerce fraud
With a clearer idea of what ecommerce fraud entails, let’s look into the most popular forms of it.
Also known as chargeback fraud, friendly fraud occurs when a customer buys a product with their own credit card, but then requests a chargeback from their bank.
But what is a chargeback?
A chargeback involves an issuing bank returning a charge to the customer, then retrieving the funds from the merchant. The merchant then has to pay chargeback fines and processing fees on top of remunerating the charge for the goods purchased. It can therefore be very costly for sellers.
Sometimes, a customer will request a chargeback for legitimate reasons. These include:
An item never showing up after ordering
The ecommerce business seemingly disappearing
The item/s which arrived differed significantly to the description on the site
The customer believes the purchase was made by someone else using their card
However, often customers will cite one of the above reasons whilst knowing full well that they do not apply. They are simply defrauding the merchant in order to get their money back and keep the item they purchased.
Occasionally, a customer will not recognise a transaction no their credit card statement and so request a chargeback erroneously. In this case, they’re not intentionally trying to defraud anyone, it’s just a simply mistake. This is where the “friendly” in friendly fraud comes from.
Clean fraud refers to old fashioned credit card theft. However, in ecommerce, it its strictly card-not-resent (CNP) fraud. This may involve any of the following:
Copying card information
Making a copy of somebody’s credit card number, CCV (credit code verification) and expiry date is enough to be able to carry out transactions online. Fraudsters sometimes do this by attaching a skimming device to cash machines in order to make a copy of individuals’ cards while they’re withdrawing cash. It can also be done simply taking a photo at an opportune moment.
With interception fraud, fraudsters need information such as billing and shipping address in additional to stolen credit card information. Their victim is therefore usually somebody they know. Once the order has been placed, the fraudster will either try to change the shipping address by contacting the delivery service, or they will intercept the package as it arrives. Again, if it’s someone they know, they can often just take the parcel from the victim’s doorstep.
With refund fraud, a fraudster will use a stolen credit card/credit card information to make a purchase online and then seek out a refund on a different card, i.e. their own. It’s therefore a means of effectively taking funds from the stolen credit card. They’ll try to achieve this refund by claiming the card they used to pay with has expired or been lost or stolen and they therefore need to receive the refund on a different card.
How to prevent ecommerce fraud?
While there is no way to ensure zero fraud in ecommerce, there are certain steps you can take to improve your ecommerce fraud protection. These are outlined below:
Implement SSL protocol - This allows you to encrypt information, such as credit card information, as well as any other personal data shared by customers at checkout.
Be PCI compliant - PCI compliance is a list of regulations set up by major card schemes, such as Visa and Mastercard. It requires businesses meet 12 separate data security requirements in order to take credit card payments online.
Implement 3D Secure authentication - This adds an additional verification step at payment whereby cardholders are redirected to a different page to verify their identity.
Use AVS - Address Verification Service (AVS) certifies that the billing address of the purchase and the billing address linked to the credit card match up.
Install ecommerce fraud protection software - Software like ClearSale, Signifyd and SEON all provide solutions which help you detect fraudulent activity on your e-storefront.
We can help
GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.