From credit card signatures to lockable cash drawers to PIN numbers, there have been numerous ways merchants, consumers, and financial institutions have tried to protect payments. With today’s increasingly connected world, criminals constantly look for ways to gain unauthorized access to sensitive payment details such as credit card numbers, usernames, and passwords.
In fact, eCommerce fraud represents a serious threat to online businesses of all sizes:
- Larger companies may be more attractive targets since they capture, store, and transmit more payment information. However, they may also have the resources to help protect themselves – and potentially bounce back after a data breach.
- Smaller companies may not be so lucky – with an estimated 60% going out of business within half a year of a cyberattack.1
Below are four common types of eCommerce frauds, complete with strategies you can implement to help protect your business.
1. Stolen credit card fraud
With this popular scam, criminals use stolen credit cards to make big-ticket purchases online. The thief uses the cardholder’s billing address, but the physical items are delivered to re-shippers, PO Boxes, or other hard-to-trace addresses.
You can help prevent this by using fraud management filters to flag online purchases in which the billing and shipping addresses don’t match. The order will only go through once you’ve had a chance to contact the user and authenticate the purchase.
2. Card testing fraud
Long before making large-ticket purchases, many criminals will test stolen cards to make sure they work. Usually, these fake online orders are just a few pennies – but the damage can be significantly more.
It’s estimated that for every $1 in direct fraudulent losses, eCommerce merchants could lose an additional $2 – due to fees, penalties, litigation, and time spent disputing unauthorized charges.2 Moreover, even relatively minor instances of fraud can negatively impact consumer confidence in your organization’s ability to safeguard sensitive data. This partially explains why small companies have such a hard time bouncing back after cyberattacks.
You can help prevent card testing fraud by establishing minimum purchase amounts during checkout. It shouldn’t be possible to initiate a $3 sale if the lowest-priced item in your company’s inventory is $4.
3. Account takeover fraud
Criminals don’t have to see a user’s credit card number to abuse his or her payment information. By gaining access to a customer’s username and password, for example, a thief can initiate transactions using whatever credit card details are on file.
To help minimize this type of fraud, require customers to select stronger passwords, with a blend of numbers, symbols, and mixed-case letters. In addition, implement two-factor authentication (2FA) in which users are required to complete a second verification step. Criminals might gain access to a customer’s username and password, but it’s less likely they’ll also be able to:
- Intercept a security PIN sent to that user’s phone or email
- Guess that customer’s secondary password
4. Chargeback fraud
Because this scam involves your customers, it often goes by another name – “friendly fraud.” It works whenever a customer buys something from you before claiming that the item never arrived or that the purchase was unauthorized.
The customer keeps the item and reverses the charges through his or her credit card company. That customer’s bank then comes after you for a refund, meaning you’ve lost the sale, lost the inventory, and now get to spend many weeks or months disputing the charge with that cardholder’s bank.
Some of the best practices to prevent friendly eCommerce fraud include:
- Eliminating guest checkout so that users can no longer anonymously purchase online.
- Using 2FA to make it even harder for customers to claim someone else placed the order without their knowledge.
- Requiring signatures on delivery to verify if and when a shipped item arrives.
Although these four types of fraud represent some of the more common scams, this list is far from exhaustive. New strategies emerge every day as more payment activity moves online. The anonymity, speed, and ease of eCommerce shopping create too much temptation – for career criminals and friendly fraudsters alike. As a result, the tools used to help prevent online abuse must also constantly evolve.
For a more comprehensive overview of eCommerce threats and prevention strategies, see the accompanying resource.
This information is provided for informational purposes only and should not be construed as legal, financial, or tax advice. Readers should contact their attorneys, financial advisors, or tax professionals to obtain advice with respect to any particular matter.
1 “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself,” Inc., 7 May 2018
2 “CNP Fraud Costs US Merchants $3.36 for Every $1 of Direct Fraud Loss,” CardNotPresent, 30 July 2020