Updated in February, 2022.
The global market has seen a significant shift in the eCommerce industry, primarily due to the COVID-19 pandemic. Modern life has seen rapidly growing digitalization, as the purchasing habits of buyers have shifted to online and the number of digital shoppers increases every year. A Statista research recently showed that in 2021, over 2.14 billion people purchased goods or services online, and the retail eCommerce sales worldwide reached US$4.28 trillion that same year.
The expansion of eCommerce markets and online purchases has also triggered an increase in fraudulent activities, and online businesses are more frequently becoming targets for cyberattacks and fraud. A report made by Statista estimated that eCommerce losses due to online payment fraud already had reached US$20 billion globally by 2021. Unfortunately, the cost of fraud as a percentage of revenue continues to grow each year.
The Scope of eCommerce Fraud
According to a study by Juniper Research, online retailers could lose over US$206 billion in total between 2021 and 2025, as a result of CNP fraud.
As online sales went up during the pandemic, financial crime also intensified, leading to a surge in account takeover fraud as well as an increased use of synthetic identities.
Fraudsters often go after items that have high resale value, with expensive physical goods as the prime target. However, digital goods and services can be attractive as well, especially those with entertainment value like video games or streaming services, or software which the fraudster could repurpose and use to aid with other criminal activities.
Most importantly, fraudsters also like to attack easy targets. They often target new merchants, who may be eager to accept sales without much scrutiny and are less knowledgeable about payments fraud detection. Other times, they simply try to find online stores that have very few or no security measures in place. You can protect your business by educating yourself and your staff about eCommerce fraud, as well as working with a partner who is specialized in fraud prevention tools and mitigation techniques.
Most Common Types of eCommerce Fraud
1. Card Not Present (CNP) Fraud or Payment Fraud
The Card Not Present fraud usually occurs when a fraudster tries to make an illicit credit card transaction without being in possession of the physical card. When transactions are conducted online or over the phone, the scammer only needs to provide the cardholder’s name, billing address, card number, three-digit security code, and card expiration date. These types of details can be stolen electronically, usually through phishing scams, or purchased by fraudsters from underground marketplaces.
If the fraudsters are successful in this attempt and receive the goods they’ve ordered, it is very likely that the legitimate cardholder will eventually discover the unauthorized transaction and open a chargeback, leading to a material loss for the merchant.
2. Friendly Fraud or Chargeback Fraud
Friendly fraud occurs when a person willfully makes a purchase from a merchant, but afterward initiates a chargeback to receive a refund and remain in possession of the item they have purchased. In these cases, the cardholder may claim that they have never received the product or haven’t ordered it in the first place.
Aside from any material losses incurred from shipping goods that cannot later be reclaimed, chargebacks have a significantly negative effect on merchants. They are an expensive process for all parties involved, including the issuing bank, the acquiring bank, and the payment service provider. If a merchant receives a high number of chargebacks, this may lead to fines and even could result in the merchant losing permission to accept credit cards from the card associations.
Bonus: Check out these best practices on how to manage false and fraudulent chargebacks.
3. Card Testing
This type of fraud occurs when a fraudster gains access to many credit card numbers and then uses them to make small-value purchases repeatedly at the same store. The purpose of this activity is to identify which cards are good (valid) and can be used to commit more fraud later, for more expensive items. These fraudsters often choose online stores with no authentication or security measures in place, and frequently use bots and scripts to carry out this activity quickly.
If the volume of this activity is high enough, card associations may temporarily suspend a merchant’s ability to accept card transactions until the fraudulent activity is blocked.
Why Are eCommerce Merchants Particularly Vulnerable to Fraud?
There are many ways in which fraud can occur and just as many reasons why eCommerce providers are vulnerable to fraud. In the end, however, it comes down to two main themes: it’s easy for the fraudster, and difficult for the target.
Due to the nature of eCommerce transactions, where chip-and-PIN cannot be utilized and ownership of the card used cannot be established with the same level of accuracy, preventing fraud requires more effort. In certain regions such as Europe, 3D Secure authentication is a very useful tool to reduce risk, but even this has not been adopted at similar levels in every country. It also comes with a slight increase in friction, because it requires buyers to provide other forms of identification, a step that may deter them from proceeding with their purchase.
eCommerce Fraud Prevention Best Practices
The health of any eCommerce business depends on not only detecting fraudulent activities when they take place, but also finding the best fraud prevention tactics to keep your business and your customers safe. Naturally, reducing the loss resulting from fraud can also significantly increase your eCommerce revenue and boost your customers’ satisfaction.
Some best practices that eCommerce merchants can embrace to help prevent fraud include:
- Knowing where your customer base tends to be located. When getting high-value orders from countries which don’t typically generate sales, it may be a good idea to apply extra care before fulfilling them.
- Knowing what types of sales are typical for your customer base (dollar amount, frequency, preferred products/services, item quantities, etc.). Out-of-pattern transactions can sometimes indicate fraud, and it might be a good idea to screen such orders more carefully.
- Requiring CVV and Billing Address input for all orders. A good way to combat eCommerce fraud is to require the CVV number when the online transaction takes place. The card security code (CVV) is a three-digit code that can be found on each card and can help authenticate online transactions. Collecting a full billing address also allows using address verification systems (AVS) when available. AVS is a transaction security measure that helps merchants prevent fraud by verifying if the cardholder’s address is correct or invalid, based on the cards’ billing address that is registered in the bank’s files. While only available in certain countries like the US, this can be an effective prevention tool when selling physical goods.
- Utilizing 3D Secure 2.0 authentication. Another great way to prevent fraud is to implement the latest 3D Secure Systems as an additional security layer. The latest technology version of 3D Secure (3DS2) allows the card issuer (bank) to use a wide range of data points from the transaction to run a risk-based analysis. It enables a real-time, secure, more accurate way to authenticate customers without asking for a static password or slowing down commerce. For example, for low-risk and low-value transactions (i.e., less than 30 EUR), the card issuer will not send any extra authentication requests to the cardholder. However, for all other customer-initiated transactions, the cardholder will be required to go through Two-Factor Authentication (2FA), whether via text (SMS), app push notifications, or biometric means (fingerprint, etc.).
- Implement CAPTCHA or customer authentication. One of the most effective solutions against card testing fraud is CAPTCHA. Many providers offer both visible and invisible captchas, as well as configuration options to help tailor validation to the behavior of your customers and reach an optimal level of protection with minimal friction.
- Communicate with your users. As a merchant, keeping yourself up to date with the status of your customers’ orders, shipping details, and past orders will make the whole payment process more resilient to fraud, as well as boosting your shopper’s confidence in your services and business.
2Checkout takes comprehensive steps to mitigate fraud. These include a fraud review process, which starts by combining automated detection and manual reviews conducted by highly trained fraud analysts, and ends in an approval or cancellation of every order.
Additionally, 2Checkout regularly evaluates emerging fraud trends and adjusts over 300 different fraud detection rulesets and models in an effort to stay one step ahead of fraudsters. This fraud prevention process is further enhanced by the communication and interaction we have with our merchants and their buyers.
Why Fraud Prevention Requires Teamwork
Essentially, stopping fraud is all about protecting your bottom line. When fraudulent orders are processed and fulfilled by your business, the negative impact is two-fold: loss of revenue due to refunds/chargebacks and loss of product due to the fulfillment of said orders.
While 2Checkout is always on the lookout for fraud, we need your help because no one knows your customers as well as you do. By understanding who your customers are (and aren’t), adding secondary protection to your checkout process, and collaborating with us, you’ll be able to prevent as much fraud as possible while successfully fulfilling orders for your legitimate customers.
Conclusion
Payment security is a crucial factor in any eCommerce business, and it’s still an active concern for merchants as well as buyers. One of the first steps in preventing online fraud is to be aware of the most common types of fraud and understand how and why they happen, and to try to figure out what your payment setup might be missing and the best way to improve it.
Partnering with the right payment service providers for your business would be the next step in securing your online payments, by optimizing your eCommerce fraud prevention strategies and, ultimately, keeping you and your customers safe and secure.
Ready to learn more? Check out our webinar on Payment Fraud Prevention: An eCommerce Industry-Wide Perspective to learn about fraud trends and best practices in combating them.
