Fraud in e-Commerce
What is fraud?
Fraud is an intentional false representation of a fact. The purpose of fraud is to deceive another party in order to obtain a profit. This profit can be:
- Sensitive information
Fraud can occur through words or actions - it includes false or misleading allegations and withholding of relevant information.
Fraud in commerce is called payment fraud and is basically any type of illegal or false transaction.
Payment fraud is an old issue. For quite some time, fraudsters’ preferred method has been stealing physical payment cards and making purchases with them. This still happens, however, e-Commerce fraud is becoming more common.
E-Commerce fraud is an illegal or false transaction made in a webshop. The big difference between physical and online payment fraud is, that, the card does not need to be present when making an online transaction. The fraudster simply needs the card information. Hackers can steal this information as it is often stored and transferred digitally.
- Use the data themselves
- Sell it to cyberthieves, to make fraudulent transactions.
- Has increased every year since 1993
- Has increased especially since 2010
- Will keep increasing until 2019
The fact that the major increases in card fraud have taken place since 2010 is assumed to be linked to the growth in e-Commerce in the same period.
Why does fraud take place?
With a large amount of card information stored and transferred online, it has been become easier for hackers to get access to this information.
Every time new measures are taken to prevent fraud, hackers step up their game and find new ways to avoid the newly set barriers.
There are two main reasons that online fraud occurs as often as it does:
It is fairly easy for hackers to steal the needed data. For fraudsters, it is easy to buy this information on the black market.
Lack of prosecution for this type of crime.
The lack of prosecution in fraud is due to the following three reasons:
It is hard to detect online fraud and catch the correct fraudster. The fraudster frequently creates a fake email account and opens a post box under an alias revealing no information about himself.
The police do not prioritize online fraud nearly as highly due to the fact that the average amount of each case is low.
Online fraud repeatedly crosses borders, which makes it harder to find a legal punishment.
Types of fraud
Fraud comes in many forms. Here are some of the fraud types most often seen.
When a customer (the fraudster) complains and claims a refund for a purchase.
The customer keeps the purchased item, but gets a refund, because they falsely claim that the product does not live up to expectations or because they claim payment was made with a stolen card.
When a fraudster uses a stolen credit card to make a purchase.
It is more complicated than friendly fraud, as a third person (the fraudster) is involved and this person has to obtain a large amount of information on the cardholder. In this way, the fraudster can “cheat” the fraud detection systems.
When a fraudster obtains and uses another person’s identifying personal information to commit fraudulent actions, for instance, an online purchase.
An example in the payment industry is account theft.
Phishing takes place when a hacker pretends to be a known contact and requests personal data, or tries to get you to install malware, which can then retrieve the data itself.
An example is emails sent by people pretending to be a known and trusted company that asks you to update your personal information.
It occurs when the fraudster makes low-value test-purchases to validate stolen card information or randomly generated card numbers.
The fraudster “hires” an unknowing third-party to re-ship products purchased with stolen card information. The fraudster never pays the third-party as promised and the third-party ends up being an accomplice in the crime.
Triangulation refers to the case in which the fraudster creates a fake online storefront, selling goods at cheap prices.
This storefront has the sole purpose of gathering credit card data. The fraudster then orders the goods at a real merchant and have them sent to the original customer. The fraudster gains the payment for the product, but the customer pays twice:
Cheaper price in the storefront
Actual price to the real merchant
Sometimes the fraudster also uses the card information to make purchases for himself.
How to spot fraud?
Hackers and fraudsters are good at making themselves unnoticed. However, there are a few things you can keep an eye out for if you want to detect fraud in your webshop:
Bigger than average orders
Large quantity of the same product
Multiple shipping addresses
Shipping and billing address is not the same
Several cards used from the same IP address
Payment information typed with capital letters
Many transactions in a short amount of time
Implications of fraud
Fraud often leads to chargebacks. A chargeback is a sum that must be returned by the merchant to the cardholder after a fraudulent transaction.
Processing a chargeback includes operational costs such as transaction fees, legal fees, currency conversions etc.
Another loss is the product sold to the fraudster - the merchant will not get the “sold” product back.
If the merchant incurs a large number of chargebacks the result can, at worst, be that he can’t find an acquirer to process his payments, as he is considered a high-risk customer.
Fortunately, due to the many cases of fraud, several techniques and tools have been created in order to combat fraud. Read more about them in our article How you can prevent fraud in your webshop.