Payment fraud is one of the key ongoing challenges faced by e-commerce merchants, as fraudsters’ tactics and the technology to carry out fraud attacks gets ever-more sophisticated.
Most e-commerce merchants have seen an enormous influx of new customers this year as the pandemic has pushed ‘digital avoiders’ to make the switch to online shopping. This has created an ideal environment for fraudsters to hide their activities but has also made it far more difficult for merchants to separate good customers from fraud.
The first step in battling fraud is to understand how it is most commonly perpetrated, along with the most effective tools for fraud prevention.
Common fraud types
There are many different types of fraud – too many to cover in one short blog. However, some types of fraud hit merchants far more than others. Here are some of the most common frauds that e-commerce merchants experience:
Forter recently reported a 123% increase in Identity Manipulation this year- where fraudsters use stolen Personally Identifiable Information (including sensitive data such as card details, address, email etc.) to conduct attacks. According to Ravelin, identity theft is at the root of a vast majority of e-commerce fraud, comprising over 71% of all attacks.
Fraudsters can obtain the data from genuine customers from various sources, including the dark web, bot attacks, other forms of hacking, phishing, lost or stolen payment cards, and the list goes on. They use real data to make fraudulent purchases – resulting in losses for both the genuine customer and the merchant.
Account takeover fraud
Account takeover fraud is a form of identity theft where a fraudster gains access to an account (bank account, payment card or digital wallet, for instance). The fraudster changes information such as log in credentials or personal information and then makes unauthorized transactions using that account.
Fraudsters often use e-commerce sites to test stolen card details to see if they’re useable. Card testing is often conducted using very small payment amounts, sometimes repeatedly, before the fraudster moves on to higher-value purchases.
Friendly fraud is a growing problem – and one that is difficult to spot, because the customer is real, and often legitimate. In friendly fraud, the customer pays for a service or product and then claim it was never delivered. The merchant then has to issue a refund, replace the item, or face a chargeback.
The tools and tactics to beat fraud
A solid fraud prevention strategy is vital for maintaining profitability, customer satisfaction and strong conversion rates, as well as minimizing losses – because it’s just as important to ensure genuine customers are not wrongly declined, as it is to block fraud.
While it’s virtually impossible for e-commerce merchants to eliminate fraud entirely, there are many tactics that you can and should put into place to protect your customers and your business from fraud losses. These include:
- Understanding the latest fraud trends can help you adapt your fraud prevention processes to address emerging threats
- Ensuring that you capture and analyze as much customer data as possible within the transaction and use it to build strong customer profiles. This will help you spot unusual behaviours that may signal fraud – but it will also ensure you understand and support genuine customers better.
- Ensure you validate customers through a robust authentication process such as 3D Secure
- Consider tokenization or encryption methods to help protect sensitive customer data.
- Make sure your fraud solution can identify patterns that highlight repeat offenders of friendly fraud. You can then take action to shut down those accounts if needed, or at least review orders before approving them.
Velocity risk checks can help spot card testing and repeat fraud by flagging accounts with an unusually high number of transactions in a short time period.
If you want a customized fraud prevention strategy or useful tips on how to minimize fraud with your specific business model, get in touch at firstname.lastname@example.org.