Breadcrumb

Common Types of Ecommerce Fraud

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedOct 20212 min read

Criminals are constantly adopting ever more sophisticated ways to commit online fraud, so it is crucial for all e-commerce businesses to be aware of the various types of online fraud and what they can do to protect themselves from falling prey to financial loss.

Categories of online fraud

There are often several variants of each type of online fraud, but they generally fall under five banners. These main categories of online fraud are:

Identity theft
Card testing
Friendly fraud
Triangulation fraud
Refund fraud

Identity theft

This most common form of e-commerce fraud is by far identity theft. It is a crime in and of itself, but is usually the prelude to another crime, such as using stolen credit card details to make purchases online. Not every form of identity theft involves stolen credit card information, but the identity fraud map includes the fraudulent access and use of email accounts and user accounts, as well as names and addresses and even the IP addresses of personal devices.

Criminals use such information to appear to be genuine customers but make fraudulent purchases. They can also use stolen details to create fake accounts and manipulate website traffic.

Card testing

Card testing is similar in effect to identity theft, but is more specific to stolen credit cards. Criminals gain access to multiple stolen credit card numbers and “test” them with small purchases on ecommerce sites. Such small purchases do not raise any alarm and it helps criminals discover which of the stolen credit card details can be used to make larger purchases.

Friendly fraud

Also known as chargeback fraud, this type of fraud is called “friendly” because it can often happen by accident, with no criminal intent on behalf of the cardholder. However, it often does happen with criminal intent as well. It works simply by making a purchase online and then disputing the claim with the payment processor. The purchase has already gone through, so if the financial transaction is cancelled and charged back, then the ecommerce site must still pay for the shipped goods.

Triangulation fraud

Triangular fraud happens when criminals create either fake or replica websites to “sell” products at a cheaper price than they usually go for. One way triangulation fraud works is by the criminals simply taking the money spent by their victims and never shipping the goods. It can also work by criminals using the card details provided by the customer to actually purchase the item from a legitimate website. Either way, the criminals either have the victim’s money or their card details to do with as they please.

Refund fraud

Refund fraud is one of the boldest forms of online fraud. The criminal uses stolen credit card information to make a purchase, but then purposefully overpays. They contact the ecommerce business to ask for a refund of the overpaid amount, but then request an alternative means of repayment.

Ecommerce fraud prevention best practices

Combating cybercrime is an ever-changing battle as technology advances and criminals constantly seek new ways to exploit it. However, there are a couple of ways you can help ensure you are minimising the risk your ecommerce business faces.

Maintain PCI compliance

The mandatory Payment Card Industry Data Security Standards (PCI DSS) covers the storing and processing of credit card information and cardholder information by ecommerce websites. By maintaining your PCI compliance you can help reduce the chances of criminals gaining access to your customers’ details.

Use a secure payment system

It is also vital that you use a secure payment system designed by experts who understand the dangers of cybercrime. Your payment system should include a fraud prevention programme run by an internal team dedicated to detecting and preventing fraud of all kinds.

We Can Help

If you’re interested in finding out more about the different categories of online fraud and ecommerce fraud prevention best practices, or any other aspect of your business finances, then get in touch with our financial experts at GoCardless. Find out how GoCardless can help you with ad hoc payments or recurring payments.