If you're part of an ecommerce business, it’s vitally important to protect your online store from fraud. From data breaches to spam emails, fraudulent activity takes many forms – so how can you recognise and put a stop to it? Find out more about ecommerce fraud prevention in this guide.
How does ecommerce fraud work?
Ecommerce fraud refers to any form of criminal deception specifically targeting online merchants and commercial transactions. In the past, this type of fraud was riskier as it involved stealing physical credit cards, using stolen numbers to order merchandise over the phone, or breaking into brick-and-mortar premises. Now, fraudsters can access millions of stolen credit card details on the dark web or submit mass phishing emails. A cybercriminal might set up hundreds of false email accounts with the fake online personas to match.
What are some common types of ecommerce fraud?
Some types of fraud involve stolen credit card numbers, while others focus on stolen bank details or other sensitive financial data. Here are a few of the most common types of ecommerce fraud any merchant should be aware of.
1. Card-not-present fraud
The fraudster uses stolen card details to purchase products or services online. While initially this type of fraud targets the cardholder, the cost ends up being passed on to the merchant through chargeback fees. Card-not-present fraud cost UK businesses £452.6 million in 2020, accounting for 79% of total card fraud value that year.
2. Fake chargebacks / friendly fraud
When an online shopper makes a purchase, receives their items, and then requests a chargeback anyway, this is called a fake chargeback or ‘friendly fraud’. The shopper might wait several weeks or months after receiving the item, making it more difficult to investigate. They may claim they never received the goods or that they never authorised the transaction. As a result, the business must pay a chargeback fee on top of the refund cost, unless they can prove to the bank that it was indeed a fraudulent chargeback request. It’s estimated that one third of all chargeback requests are fraudulent, with merchants losing £1.70 for each £1 taken by a fraudster.
3. Affiliate fraud
Criminals can scam the merchant by using fake online activity to generate unearned commissions through affiliate links. They might send spam emails, use pop-ups, or refresh the webpage from multiple locations to generate false traffic. The merchant then pays a commission for false traffic. It’s estimated that up to 10% of digital ad spending is lost to this type of fraud.
4. Account takeover fraud
With an account takeover, the criminal uses phishing techniques, bots, and hacked social media accounts to trick customers into revealing their username and password. They then log into the account and quickly change the password, locking the real customer out. When locked out of their accounts, customers are unable to make purchases and may lose trust in a business website, choosing to shop elsewhere instead. This type of fraud has increased by 34% over the past few years, according to Experian.
5. Card-testing fraud
When scammers purchase stolen credit card details in bulk, they won’t know which ones are still active. Scammers usually test multiple credit cards with small orders that the cardholder is unlikely to notice at first. While these test orders have lower value, multiple orders add up to revenue loss over time due to chargeback costs and lost inventory.
6. Automatic push payment (APP) fraud
This involves being tricked into willingly making a bank transfer. When targeting a business, the fraudster will often pose as an existing supplier and convince the business to change bank account details. Rather than sending payments to existing suppliers, the business instead pays fake invoices to a fraudster’s account. Similarly, customers can also be fooled into thinking they are making a payment to your business, when they are in fact sending money to a fraudster. In 2019, UK banks and their customers lost £456 million in 2019 to APP fraud.
How is ecommerce fraud detected?
Merchants can often spot ecommerce fraud by keeping track of orders. Inconsistencies in orders don’t always indicate fraud, but they tend to be a red flag. Here are some signs of ecommerce fraud to watch for:
Orders from the same card from different IP addresses
Difficulty providing personal information
Repeat transaction declines
Orders of the same item in multiple colours or sizes
Multiple small orders sent to the same address
Multiple orders from different cards sent to the same address
Multiple orders from the same card sent to different shipping addresses
Any sudden and unusual activity warrants a second look for ecommerce fraud prevention.
How to fight ecommerce fraud
While learning to spot the signs is important, the best ecommerce fraud solutions are proactive. You’ll be best placed to protect your business as a merchant with preventative tools and processes.
1. Ensure PCI compliance
If your business accepts card payments, you’ll need to follow the Payment Card Industry Security Standards Council (PCI DSS) regulations. You’ll find the latest compliance information on the SSC website, including best practices for storing, handling, and transmitting customer data, which in turn will help reduce instances of successful fraud.
2. Update website security
Perform regular audits to ensure your shopping cart software, plugins, and SSL certificates are all up to date. Download the most recent version of fraud protection software, scanning your site regularly for malware. It’s also important to use strong, regularly updated passwords for your hosting dashboards, admin accounts, and databases.
3. Use more secure payment methods
Minimise card-not-present fraud and chargebacks by encouraging secure, alternative forms of payment. Instant bank transfers offer a secure alternative with faster payments and lower fees than cards. The TrueLayer Payments API uses a secure open banking framework with the customer in complete control over their payments.
4. Install anti-fraud software
Automate the process with anti-fraud software designed to digitally scan data to watch for inconsistent billing information, suspicious IP addresses, and discrepancies in usual buying behaviour.
5. Keep detailed records
When a customer does request a chargeback, you’ll need to assist the bank with their investigation. Prepare for fraudulent chargeback requests with meticulous record keeping. Retain shipping records, signed receipts, and always use clear billing descriptors to help document your case.
How do open banking payments help reduce ecommerce fraud?
Open banking payments, like those offered as part of TrueLayer’s Payments API, are inherently secure and built for online payments. There are three specific ways that open banking payments will help keep ecommerce fraud to a minimum:
Every payment is strongly authenticated
When a customer confirms their purchase and chooses open banking at checkout, they are sent to their bank’s app to strongly authenticate, usually with biometrics. This means their bank checks that the customer owns the phone or computer they are paying from, and uses fingerprint recognition or face ID before the payment is authorised.
No card details are shared with the merchant
The only details transmitted during an open banking payment are the payment instructions, which are sent securely to the customer’s bank, rather than the merchant. With card payments, in contrast, the customer shares their long card details with a merchant, providing another opportunity for scammers to get hold of important information.
Payment details are pre-populated
When customers choose to pay using open banking, their details are pre-populated by the open banking payment provider, who has a contract with the merchant. This effectively eliminates the possibility that funds could go to the wrong place or end up in the hands of a fraudster.
Find out more about open banking and how it can transform your brand’s payment experience in our open banking guide.