Online fraud: what is it and how do you spot it?

What is fraud?

Fraud is an intentional false representation of a fact. The purpose of fraud is to deceive another party in order to obtain a profit. This profit can be:

• Money
• Goods
• Sensitive information

Fraud can occur through words or actions - it includes false or misleading allegations and withholding of relevant information.

Fraud in commerce is called payment fraud and is basically any type of illegal or false transaction.

Payment fraud is an old issue. For quite some time, fraudsters’ preferred method has been stealing physical payment cards and making purchases with them. This still happens, however, e-Commerce fraud is becoming more common.

E-Commerce fraud is an illegal or false transaction made in a webshop. The big difference between physical and online payment fraud is, that, the card does not need to be present when making an online transaction. The fraudster simply needs the card information. Hackers can steal this information as it is often stored and transferred digitally.

Hackers either:

• Use the data themselves
• Sell it to cyberthieves, to make fraudulent transactions.

According to a Nilson Report from 2015 and another from 2016, worldwide card fraud:

• Has increased every year since 1993
• Has increased especially since 2010
• Will keep increasing until 2019

The fact that the major increases in card fraud have taken place since 2010 is assumed to be linked to the growth in e-Commerce in the same period.

Why does fraud take place?

With a large amount of card information stored and transferred online, it has been become easier for hackers to get access to this information.

Every time new measures are taken to prevent fraud, hackers step up their game and find new ways to avoid the newly set barriers.

There are two main reasons that online fraud occurs as often as it does:

1. It is fairly easy for hackers to steal the needed data. For fraudsters, it is easy to buy this information on the black market.

2. Lack of prosecution for this type of crime.

The lack of prosecution in fraud is due to the following three reasons:

1. It is hard to detect online fraud and catch the correct fraudster. The fraudster frequently creates a fake email account and opens a post box under an alias revealing no information about himself.

2. The police do not prioritize online fraud nearly as highly due to the fact that the average amount of each case is low.

3. Online fraud repeatedly crosses borders, which makes it harder to find a legal punishment.

Types of fraud

Fraud comes in many forms. Here are some of the fraud types most often seen.

Friendly fraud

When a customer (the fraudster) complains and claims a refund for a purchase.

The customer keeps the purchased item, but gets a refund, because they falsely claim that the product does not live up to expectations or because they claim payment was made with a stolen card.

Clean fraud

When a fraudster uses a stolen credit card to make a purchase.

It is more complicated than friendly fraud, as a third person (the fraudster) is involved and this person has to obtain a large amount of information on the cardholder. In this way, the fraudster can “cheat” the fraud detection systems.

Identity theft

When a fraudster obtains and uses another person’s identifying personal information to commit fraudulent actions, for instance, an online purchase.

An example in the payment industry is account theft.

Phishing

Phishing takes place when a hacker pretends to be a known contact and requests personal data, or tries to get you to install malware, which can then retrieve the data itself.

An example is emails sent by people pretending to be a known and trusted company that asks you to update your personal information.

Card testing

It occurs when the fraudster makes low-value test-purchases to validate stolen card information or randomly generated card numbers.

Re-shipping

The fraudster “hires” an unknowing third-party to re-ship products purchased with stolen card information. The fraudster never pays the third-party as promised and the third-party ends up being an accomplice in the crime.

Triangulation fraud

Triangulation refers to the case in which the fraudster creates a fake online storefront, selling goods at cheap prices.

This storefront has the sole purpose of gathering credit card data. The fraudster then orders the goods at a real merchant and have them sent to the original customer. The fraudster gains the payment for the product, but the customer pays twice:

1. Cheaper price in the storefront

2. Actual price to the real merchant

Sometimes the fraudster also uses the card information to make purchases for himself.

How to spot fraud?

Hackers and fraudsters are good at making themselves unnoticed. However, there are a few things you can keep an eye out for if you want to detect fraud in your webshop:

1. First-time customers

2. Bigger than average orders

3. Fast shipping

4. Unusual location

5. Large quantity of the same product

6. Multiple shipping addresses

7. Shipping and billing address is not the same

8. Several cards used from the same IP address

9. Payment information typed with capital letters

10. Many transactions in a short amount of time

Implications of fraud

Fraud often leads to chargebacks. A chargeback is a sum that must be returned by the merchant to the cardholder after a fraudulent transaction.

Processing a chargeback includes operational costs such as transaction fees, legal fees, currency conversions etc.

Another loss is the product sold to the fraudster - the merchant will not get the “sold” product back.

If the merchant incurs a large number of chargebacks the result can, at worst, be that he can’t find an acquirer to process his payments, as he is considered a high-risk customer.

Fortunately, due to the many cases of fraud, several techniques and tools have been created in order to combat fraud. Read more about them in our article How you can prevent fraud in your webshop.