Ecommerce Fraud: A Comprehensive Guide

Erica Berghan
Erica Berghan
February 2nd, 2021
Estimated read time: 5 minutes, 55 seconds

Ecommerce transactions are one of the fastest-growing revenues on the planet. As Coronavirus has swept the world, so has the demand for online sales. Since the beginning of the year, data clearly reflects the bursting demand for ecommerce.

However, as online selling continues to set records, unfortunately, so does the probability of fraud.  

This isn’t anything new, of course. Since humans have inhabited the Earth, fraud and theft have been associated with money. We can even trace fraud back to the ancient Roman Empire. While they weren’t exactly cybercriminals running around in togas, they were effectively committing what we know today as financial fraud. 

Cut back to modern-day life. Ecommerce fraud attempts are at an all-time high, and these are far from amateur attack methods. In the digital world, criminals often use incredibly sophisticated techniques to hit ecommerce sites for their own gain.  Research suggests retailers are anticipated to lose about $130 billion from fraud by 2023. While there’s no way to stop fraud entirely, there are ways to protect yourself.  

The best way to do that is to keep up with the latest forms of ecommerce fraud detection and prevention methods.

The first step is knowing what kind of ecommerce fraud is out there to protect yourself. Let’s dive into some ecommerce fraud examples. 

Most Common Types of Ecommerce Fraud

Friendly Fraud/ Chargeback Fraud / Refund Fraud

Often referred to as refund fraud or chargeback fraud, it involves purchasing from an online merchant then requesting a refund from the processing company claiming that the transaction was bogus. Unfortunately, while the customer gets a refund, the online retailer who has accounted for the transaction doesn’t just lose the sale but also has to pay the amount back and chargeback fee to the credit card processing company. 

This is also known as friendly fraud because, in many cases, the buyer claiming an invalid transaction may be right. However, there are a significant enough number of fraudsters out there who dispute charges deceitfully that it’s essential to keep your guard up.  

Regardless of whether refund requests are honest or ecommerce frauds, you should reduce chargebacks as much as you can. Not only are they lost revenue, but too many can damage your relationship with your bank. 

How to Protect Yourself

Card Testing Fraud

It’s not uncommon for unsuspecting consumers to find several small charges on their credit card statements that leave them wondering where they originated. Known as card testing, these types of ecommerce scams involve small transactions used by scammers who have gained access to stolen credit card numbers. They attempt multiple modest charges on various ecommerce sites to see whether the card can be run on larger purchases. In some cases, the ecommerce site may specify why their card was declined, giving them valuable insight into how to make the purchase work next time.

Since the charges are often so small, they go undetected until criminals have succeeded at their tactics resulting in much larger purchases. Card testing hurts online merchants in various ways. 

For one, too many card declines can put you in poor standing with your bank. Secondly, if fraudsters are using bots, too many automated card tests can overload your web traffic and cause problems for legitimate customers trying to make purchases. 

Here’s how you can protect yourself from this kind of ecommerce fraud. 

  • Require a billing address
  • Require CVV and expiration date
  • Keep decline messages general without specifying the reason for the decline
  • Flag suspicious IP addresses
  • Forbid multiple orders from the same IP address in a small amount of time

Interception Fraud

In some cases, cybercriminals attempt to place an order on a website that will deliver physical goods. Using the correct billing and address number, the thief successfully makes the charge. However, before the item is shipped, they call and request the package to be rerouted.

In some cases, they may not even need to reroute the package. If they live in the same area as the shipping address, they can intercept the package and accept the delivery, posing as the credit cardholder. The best ways to guard against interception fraud are:

  • Send a purchase confirmation email
  • Require a signature for delivery

Account Takeover Fraud/Phishing

While phishing doesn’t exactly require a fishing pole, it’s the same idea. When a cybercriminal “hooks” a person by luring them to a site to share their sensitive information like credit card details, banking information, or passwords,  this is known as phishing.

Account takeover can either be accomplished by phishing or obtaining someone’s personal account on an ecommerce store. While the methods vary, the result is the same: identity fraud. 

Someone taking over your customer’s account via your website doesn’t just hurt your customers but also your reputation. The last thing you want as an online merchant is a reputation for having a vulnerable website. You can protect yourself from this malicious ecommerce scam by doing the following.

  • Flag accounts that suddenly all change simultaneously in the same field (for example, the same phone number)
  • Flag accounts that log in from a new device immediately after updating a change
  • Flag accounts with multiple IP address logins 
  • Flag accounts that have multiple accounts linked to the same device 
  • Send user notifications of account changes
  • Send user notifications of new device logins 

Triangulation Fraud

This type of fraud gets its name because, like a triangle, it involves three basic parts. 

1 ) Creating a fake ecommerce store with “too good to be true” products and prices.

2) Stealing genuine customers’ information who attempt to make purchases.

3) Using the stolen information to order from a real ecommerce site that genuinely sells what the customer attempted to buy on a fake site. 

The typical flow of ecommerce fraud.

At this point, things get interesting. The fraudulent seller then has the genuine product sent to the buyer but then disputes the charge with the online retailer. In the end, the retailer has to pay a chargeback, and the fraudster gets to keep the money.  

The online retailer gets hit in two ways: a chargeback and a loss of the goods they shipped. There are a few ways to protect yourself against triangulation fraud.

  • Review transactions that have a shipping/billing mismatch 
  • Apply fraud filters 
  • Monitor “too good to be true” competitors

Protect your Ecommerce Business

As the numbers of ecommerce fraud continue to rise, it’s more critical than ever to safeguard your online business against criminals.  
By using the right software, staying up to date with the latest types of ecommerce fraud, and encouraging your team to be on the lookout for suspicious activity, you will reduce your chances of being a victim of ecommerce scams. Schedule a demo with FastSpring to learn how the full-service ecommerce platform can keep your business safe from ecommerce fraud.

Erica Berghan

Erica Berghan

Erica is a writer by day and mom by afternoon, evening, way too early in the morning, and middle of the night. When not writing or “momming,” you can find her enjoying the outdoors, shamelessly watching reality television, or publishing Instagram stories of her cat.

Try FastSpring

Get a free account and see why FastSpring is the ecommerce partner of choice for software providers around the world. Try our full-service ecommerce solution today to unlock revenue growth for your online company.