In 2021 alone, losses from eCommerce fraud grew by nearly 20 percent.
eCommerce fraud losses in 2020, according to Juniper Research, were already counted in billions of dollars – $17.5 billion to be precise. A year later, those losses exceeded $20 billion.
The online retail sector is bleeding money because scammers are finding ways to exploit holes in processes and security protocols.
Merchants aren’t the only victims of these scams, either. Acquiring banks, card issuers and customers all bear the costs of these losses, whether directly or indirectly.
Below, Chris Oakley Featurespace Subject Matter Expert, explores the scope and scale of eCommerce fraud around the world, how it impacts businesses, and what can be done to prevent this type of fraud.
What is eCommerce fraud?
eCommerce fraud is a type of crime designed to exploit online retail businesses for material gain. There are a variety of ways to commit these crimes, such as using stolen credit card numbers or by initiating fraudulent refunds.
eCommerce fraud can be devastating not just for the businesses that are defrauded, but for the businesses’ customers and their financial services partners. Each instance of fraud therefore can have multiple victims.
Why has eCommerce fraud boomed in recent years?
For a criminal, online retailers make excellent targets for deception and fraud. There are several reasons why:
- It’s easier to find targets. Imagine a commerce fraudster’s operations in the days before online shopping. They might try to pass bad checks at a local convenience store or ring up phone purchases with stolen credit card details, but there was a limit to the businesses they could try to defraud. Today, they have the entire global online economy to operate within — an economy that itself has boomed in recent years.
- It’s easier for the fraudster to hide. eCommerce fraudsters are not at a shop counter showing their faces. They’re hiding behind a laptop, probably with their connection masked and routed through a VPN. Criminals can operate in much more anonymity today.
- It’s easier to get away with certain scams. Because eCommerce fraud can take place across international borders, the response from law enforcement can be complicated. Multiple jurisdictions and multiple interests intersect when investigating and prosecuting these cases. As a result, someone who has scammed an overseas retailer out of $150 Nikes might not get the highest priority response from law enforcement.
Types of eCommerce fraud
There are many eCommerce fraud scams that businesses need to be aware of. The list below is not exhaustive, but it does include the most common scams online retailers face every day:
Account takeover fraud
Account takeover fraud happens when criminals get access to a victim’s accounts, usually via stolen credentials, and then begin to make purchases, steal money or collect further information.
In eCommerce, an example of account takeover fraud might be someone having their online retail account hacked and having numerous purchases made before the activity gets flagged.
Buy now pay later (BNPL) fraud
A variety of fraud types are emerging from the growth of buy now pay later (BNPL).
For most BNPL providers, customers need to create accounts, which opens the door to account takeover fraud.
Further, there is a type of return fraud that’s common in BNPL, usually after the first payment installment gets billed to the customer’s account, and buyer’s remorse sets in.
Chargeback fraud — sometimes referred to as friendly fraud — happens when a customer initiates a refund request not from the merchant but from their card’s issuing bank.
This sometimes happens by accident, such as when a child rings up in-app purchases on a parent’s phone, and the unaware parent initiates a chargeback to get the money refunded. Sometimes, this happens intentionally when a fraudster knows a merchant will not grant a refund on a purchase that was in fact delivered, but their bank will.
In either case, it’s costly. In a recent study, it reports eCommerce merchants worldwide lost about $125 billion to chargeback fraud in 2021.
Coupon fraud happens when someone tries to transact with fake or modified coupons, or when they intentionally try to use coupons for purposes beyond what the terms and conditions state.
This could happen when, for example, a customer decodes and alters the QR code on a coupon that’s been mailed out to a shop’s customers. If the original coupon offered a 10-percent discount, the altered coupon might ring up as a 99-percent discount.
Gift card fraud
Gift card fraud is actually a different kind of scam, but it’s one that can impact eCommerce businesses indirectly.
In the United States right now, gift card scams targeting elderly victims are popular. In one version of the scam, fraudsters sell fake gift cards to unsuspecting victims.
In another version of the scam, victims receive a phone call from someone purporting to be an employee of a well-known company who, for quality-assurance purposes, needs a photo of the victim’s gift card number. With just that data, the scammer can then drain the gift card of its value.
Gift card fraud can hurt an eCommerce company’s reputation. Even if the brand itself has nothing to do with the scam, the defrauded consumer may associate the brand with the fraud on an emotional level.
Merchant acquiring fraud
Merchant acquirers process payments for merchants and act as an important intermediary between retailers and the banks that issue payment cards.
Merchant acquirers are themselves susceptible to fraud attacks such as merchant bust-outs or transaction laundering operations, which can have negative consequences for the merchants that those acquirers work with.
Refund fraud is similar to chargeback fraud in that the scammer is seeking money for a good or service that was delivered. There are two common ways this scam plays out:
- The fraudster tries to request a refund while claiming non-delivery of a service or product.
- The fraudster tries to return a used product while claiming that they’re returning the purchase brand-new.
Triangulation Fraud is an elaborate scam that typically folds into the operations of an organized crime ring.
In a typical instance of triangulation fraud, the criminal will set up a fake online store front. When customers place orders, the fraudster will then order the same item from another retailer and have that shipped to the customer.
The trick: The fraudster will use stolen credit card details to make the purchase.
After some time, when the operation will have laundered stolen credit cards into legitimate cash, the storefront will close, and the other retailer will be left to sort out the mess.
What percentage of eCommerce transactions are fraudulent?
This is not an easy number to pin down because some fraud goes undetected, and some companies’ systems will flag legitimate purchases as fraudulent.
That said, TransUnion released a report at the end of 2021 that found nearly 1 in 6 eCommerce transactions are suspected fraud attempts.
That number rises to 1 in 5 transactions during the four-day stretch from Black Friday to Cyber Monday.
eCommerce fraud prevention and detection
As eCommerce grows in popularity, so does eCommerce fraud, which becomes increasingly sophisticated. To detect and stop this kind of fraud, merchants and their banking partners must find ways to stay a step ahead of financial criminals.
Here are four things the retail sector can do to gain that advantage:
1. Bolster security best practices
Many eCommerce transactions already require two-factor authentication (2FA), whether that means confirming a purchase via SMS or push notification, inputting a card’s CVV code, or verifying the buyer’s identity with a biometric scan.
2FA should be a baseline for merchants because of its effectiveness against various types of payment fraud. Emerging tools like Request to Pay will only strengthen those capabilities.
2. Make sure you trust your payment partners
eCommerce merchants rely on their payment partners to handle fraud checks and fraud prevention. Merchant acquirers are often the parties tasked with managing customer data, ensuring security compliance and fielding chargeback requests.
For the merchant, then, due diligence means ensuring their partners manage data and process payments according to best practices.
3. Customer Education and Awareness.
This is not a technology approach, but the weakest point is the human in the chain and raising awareness means that people are not as susceptible to fraud.
4. Embrace machine learning
The first two points will help with payment fraud. But note that most of the types of eCommerce fraud discussed above don’t have anything to do with payment fraud. These are scams in which people initiate fraudulent refunds, alter coupons or set up fake storefronts.
How do you detect and prevent those scams? By studying people’s behaviors to figure out what exactly they are up to, which is something machine learning can do.
Today, a lot of banks have machine-learning tools to help with fraud detection and fraud prevention. This kind of software works in real time to assess the fraud risk of an individual transaction or customer, and it operates at a speed and scale that far exceeds what any team of human analysts could do.
Best-in-class machine learning can recognize patterns of behavior that indicate some type of fraud is taking place.
Going forward, look for banks to embrace deep learning, which represents a big step forward in the field of machine learning. Deep learning tools can learn from, remember, and understand human behaviors, and will allow the industry to push past the current limits of fraud prevention.
Our eCommerce fraud detection solution
Featurespace’s ARIC™ Risk Hub is built with the machine learning capabilities that monitor the entire eCommerce fraud landscape, from payment fraud to card fraud to merchant acquisition fraud.
Our proprietary machine learning technologies are designed to understand the behaviors of consumers and banking customers. Our models study behaviors, learn which transaction behaviors are normal and which are suspicious, then flag suspected instances of fraud according to an assigned risk score.
This lets fraud analysts prioritize cases, which makes the entire system of fraud prevention more efficient up and down the line.
Using machine learning to detect and prevent fraud
The Adaptive Behaviors Analytics and the Automated Deep Behavioral Networks that power our machine learning models are designed to constantly monitor and learn from people’s activities.
This means they’re able to seamlessly navigate events that we humans might view as unpredictable, such as a global pandemic suddenly accelerating a worldwide move toward eCommerce.
This also means that as fraudsters find new twists on their old scams, the models will be able to keep pace and stay a step ahead of whatever criminal innovations emerge in the retail and banking sectors.
Learn more about eCommerce fraud protection
As more and more consumers embrace eCommerce for their everyday purchases — groceries, clothes, pet supplies — the risk of eCommerce fraud grows.
Banks, payment processors and merchants can all take steps to stay ahead of scammers by embracing real-time fraud detection technology, just as eftpos has.
To learn more about how ARIC™ Risk Hub can support eCommerce fraud detection and prevention for your organization, contact us or request a demo today.