eCommerce businesses are increasingly the target of fraud

There are many types of fraud that eCommerce businesses face. The most common form of eCommerce fraud occurs when a criminal obtains stolen payment card information and uses it to complete an unauthorized transaction without the account owner’s knowledge. The fraudster may have physical possession of the card or acquired the card data electronically. Once the transaction is complete and the payment is approved, the business remains responsible for ensuring that the cardholder was who they said they were in the event the legitimate cardholder disputes the transaction. This puts the task of preventing fraud on the merchant. While card issuers and merchant services providers provide solutions to prevent eCommerce fraud, criminals quickly evolve to more elaborate schemes. Understanding the types of fraud and how they can be spotted is the first step in protecting your business.

Five types of eCommerce fraud

Cyber-criminals are resourceful. There are many ways to commit eCommerce fraud, and new techniques are created daily. However, most fraud will fit into one of five different categories: true fraud, friendly fraud, phishing, refund fraud, and card testing.

• True fraud happens when fraudulent transactions are conducted by either opening accounts in the names of identity theft victims or using a stolen payment card number to make purchases online
• Friendly fraud occurs when a merchant receives a chargeback because the cardholder denies making the purchase or receiving the order, yet the goods or services were received
• Phishing occurs when an email, text, or phone call mimics reputable entities like banks, online resources and credit card companies to trick the recipients into sharing their financial information
• Refund fraud is when a criminal purchases something with a stolen payment card, then returns it to the store for a refund to a different account, for cash, or store credit
• Card testing is when a cyber-criminal is unaware if a stolen payment card number is valid, so they make small test purchases to confirm the information is valid

Fraud red flag examples

• Bulk orders with a higher-than-average dollar value are worth another look. Fraudsters have a short amount of time in which to use a stolen card and they want to buy as much as they can, as quickly as they can.
• Multiple orders from one customer in a short time frame may suggest unauthorized card use. By limiting the number of transactions per hour, day, or week from a specific customer, you may reduce risk of fraud.
• Different delivery and billing addresses are often valid but warrant further analysis to ensure card authorization. The Address Verification Service (AVS) system indicates if there is a full, partial, or no match response during address verification by comparing an address in the card issuer’s database.
• A new customer demanding overnight or rush delivery for big-ticket items requires additional confirmation to ensure validity of card use. Fraudsters want the fraudulently purchased items in their possession before the cardholder realizes something is amiss – so they often pay extra for overnight shipping.
• Purchases made with numerous attempts on the payment card number or expiration date may signify that the card is not on hand which can be an indication of fraudulent activity.