7 types of e-сommerce fraud and filters to fight them
The conventional image shows, that cardholders are affected by e-commerce fraud the most. But in fact, online stores get no less. Fraudulent transactions threaten merchants and businesses with the loss of money, customers, and reputation.
What is fraud?
e-commerce fraud is called payment fraud and refers basically to any type of illegal or false transaction.
Types of e-commerce fraud schemes
There are several types of fraud, but most of them are aimed at obtaining the data of a person’s bank card or the plastic itself. As soon as a certain type of fraud is identified and people find ways to fight against it, a new type appears. Therefore, it is vital to always remain vigilant. Below are some of the most common types of fraud out there.
1. Classic fraud: unsophisticated fraudsters purchase stolen credit card credentials on the dark web with the purpose of its future misuse.
2. Triangulation scheme: involves three parties (the shopper, the e-commerce store, and the fraudster). The fraudster creates a fake online storefront, usually offering high-demand goods at low prices, and collects payments for the goods it sells. Then, using other stolen credit card data and the names collected on his storefront, the fraudster purchases goods from a legitimate website and ships them to the customers that purchased on his new online storefront.
3. Interception scheme: fraudsters’ aim to intercept the package in any of the following ways:
- ask a customer service rep to change the address on the order before shipment;
- contact the shipper to reroute the package to an address where they can retrieve the stolen goods;
- wait near the address for the delivery to arrive and offer to sign for the package instead of the homeowner for the latter is not available.
4. Card testing fraud: a fraudster (generally a bot) tests the validity of a credit card number and further uses its credentials at another website to commit fraud.
5. Account takeover: getting hold of a customer’s login credentials, fraudsters take advantage of stored credit cards to purchase goods.
6. Identity theft: usually involves quite sophisticated fraudsters, who assume another person’s identity, create credit cards in the victim’s name and go on a shopping spree.
7. Chargeback fraud (aka “friendly fraud”): hardly ever carried out by hardcore criminals, rather by disingenuous consumers. After making a purchase, they issue a chargeback, claiming their card was stolen. And the chargeback usually occurs after the goods are delivered.
What is antifraud and how it works
Antifraud is a system for monitoring and preventing fraudulent transactions. This system checks each payment in real-time mode, running it through dozens or sometimes even hundreds of filters.
The crucial task of each anti-fraud mechanisms is to check each transaction, detect “suspicious” moments in it and make a decision — to decline the payment or to accept it.
Antifraud systems usually consist of several components: automatic transaction monitoring with a range of customisable filters and mechanisms for cardholder authentication and card validation, as well as “manual” transaction monitoring for edge cases. Such a system is quite an expensive development that is usually affordable only for banks, shops and specialised services (payment aggregators and processing centres that specialize in accepting payments). That is why most online services and online stores prefer to use the services of third-party contractors to receive payments.
Here are some examples of filters in an average processing centre. Sure, they may differ depending on the system developer.
- Filter validators. A validator of bank card details can be described as an example: while a customer enters the payment card data, the system checks the card number according to certain algorithms in order to understand that the buyer has not made any misprint, and the card number entered on the payment form is correct.
- Geographic filters. For instance, by country of IP addresses. Statistics show that some countries have a high level of skimming and card compromise, and as a result, payments made from these countries have a high potential to be fraudulent.
- Block-lists. If the system receives data on a certain card with previous payments marked as fraudulent, or the cardholder has notified the issuing bank about the compromise of his data, such card is included in the block-list — the system knows that transactions cannot be skipped on it, since they will turn out to be fraudulent.
- Parameter matching. Matching the country of the payer’s IP address and the country of the bank card issuer. If the payment is made from a country other than the country where the card was issued, and the cardholder did not warn the bank in advance about his relocation, there is a possibility that the card details were stolen and used by hackers.
- Authorization limits. To protect both the payer and other participants of the online payment process, there are restrictions on the number and amount of payments made during the day or other period.
The system can include hundreds of different filters — the more susceptible to fraudulent activities a business area is, the more filters are enabled and the more subtle each of them is configured for a specific online store or online service.
Antifraud & conversion
As you see, any anti-fraud system requires some fine-tuning in order to maintain a high level of security, while not losing most of the profit. Here are several ways to solve this problem:
- Individual customisation. Experts analyse the business, its average check, the geography of the clients, and sets up the corresponding filters;
- A mechanism for “manual approval” of transactions. The employees of an online store can monitor suspicious transactions and decline them manually;
- Providing partners with the ability to manage part of the antifraud system elements. This decision is made on an individual basis and depends on a number of factors.
In some cases, it’s better to turn off a number of filters in order to maintain a high level of payment conversion. It is better to make a choice in favour of conversion if:
- the online store has a high margin and a well-organized customer relationship in terms of collecting and verifying user data, confirming and tracking orders;
- low-risk goods/services, which, by virtue of their specificity, imply a low level of fraud (housing and communal services, city telephone communications, home Internet, government services).
Cold news, but there is no way to avoid fraud completely. All you can do is try to prevent it. Are you using CVC/CVV and AVS? Is 3DS switched on? The more security and authentications an online store has, the more you can prevent fraud. Unfortunately, fraud can still occur.
Using 3DS or VbV helps you reduce e-commerce fraud by over 90%.
In case you still face a fraudulent transaction even though it was made in a secure environment, you no longer have the liability for the transaction. The issuer becomes liable for the transaction in cases like this. Small yet effective management of your online store will help mitigate fraud and losses in the long run.