7 types of e-сommerce fraud and filters to fight them
The conventional image shows that cardholders are affected by e-commerce fraud the most. But in fact, online stores get no less. Fraudulent transactions threaten merchants and businesses with the loss of money, customers, and reputation.
What is fraud?
e-commerce fraud is called payment fraud and refers basically to any type of illegal or false transaction.
Types of e-commerce fraud schemes
There are several types of fraud, but most of them aim to obtain the data of a person’s bank card or the plastic itself. As soon as a specific type of fraud is identified and people find ways to fight against it, a new type appears. Therefore, it is vital always to remain vigilant. Below are some of the most common types of fraud out there.
1. Classic fraud: unsophisticated fraudsters purchase stolen credit card credentials on the dark web with the purpose of its future misuse.
2. Triangulation scheme: involves three parties (the shopper, the e-commerce store, and the fraudster). The fraudster creates a fake online storefront, usually offering high-demand goods at low prices, and collects payments for the goods it sells. Then, using other stolen credit card data and the names collected on his storefront, the fraudster purchases goods from a legitimate website and ships them to the customers who purchased on his new online storefront.
3. Interception scheme: fraudsters’ aim to intercept the package in any of the following ways:
- ask a customer service rep to change the address on order before shipment;
- contact the shipper to reroute the package to an address where they can retrieve the stolen goods;
- wait near the delivery point for the parcel to arrive, offer to sign for it instead of the homeowner, saying they’re not available.
4. Card testing fraud: a fraudster (generally a bot) tests the validity of a credit card number and further uses its credentials at another website to commit fraud.
5. Account takeover: Fraudsters take advantage of stored credit cards to purchase goods using a customer’s login credentials.
6. Identity theft: usually involves sophisticated fraudsters who assume another person’s identity, create credit cards in the victim’s name and go on a shopping spree.
7. Chargeback fraud (aka “friendly fraud “): hardly ever carried out by hardcore criminals, rather by disingenuous consumers. After making a purchase, they issue a chargeback, claiming their card was stolen. And the chargeback usually occurs after the goods are delivered.
What is antifraud, and how it works
Antifraud is a system for monitoring and preventing fraudulent transactions. This system checks each payment in real-time mode, running it through dozens or even hundreds of filters.
The crucial task of each anti-fraud mechanisms is to check each transaction, detect “suspicious” moments in it and make a decision — to decline the payment or to accept it.
Antifraud systems usually consist of automatic transaction monitoring with a range of customisable filters and mechanisms for cardholder authentication and card validation and “manual” transaction monitoring for edge cases. Such a system is quite an expensive development that is usually affordable only for banks, shops and specialised services (payment aggregators and processing centres that specialise in accepting payments). That is why most online services and online stores prefer to use the services of third-party contractors to receive payments.
Here are some examples of filters in an average processing centre. Sure, they may differ depending on the system developer.
- Filter validators. A validator of bank card details can be described as an example. While a customer enters the payment card data, the system checks the card number according to specific algorithms to ensure the buyer has not misprinted and entered the correct card number.
- Geographic filters. For instance, by country of IP addresses. Statistics show that some countries have a high level of skimming and card compromise, and as a result, payments made from these countries have a high potential to be fraudulent.
- Block-lists. If the system receives data on a certain card with previous payments marked as fraudulent, or the cardholder has notified the issuing bank about the compromise of his data, such a card is block-listed. The system knows that transactions cannot be skipped on it since they will be fraudulent.
- Parameter matching. Matching the country of the payer’s IP address and the country of the bank card issuer. If the payment is made from a country other than the country where the card was issued, and the cardholder did not warn the bank about his relocation in advance, there is a possibility that the card details were stolen and used by hackers.
- Authorisation limits. There are restrictions on the number and amount of payments made during the day or other periods to protect both the payer and other participants of the online payment process.
The system can include hundreds of different filters — the more susceptible to fraudulent activities a business area is, the more filters are enabled, and the more subtle each of them is configured for a specific online store or online service.
Antifraud & conversion
As you see, any antifraud system requires some fine-tuning to maintain a high level of security while not losing most of the profit. Here are several ways to solve this problem:
- Individual customisation. Experts analyse the business, its average check, the geography of the clients, and sets up the corresponding filters;
- A mechanism for “manual approval” of transactions. The employees of an online store can monitor suspicious transactions and decline them manually;
- Providing partners with the ability to manage part of the antifraud system elements. This decision is made on an individual basis and depends on several factors.
In some cases, it’s better to turn off some filters to maintain a high level of payment conversion. It is better to choose favour of conversion if:
- the online store has a high margin and a well-organised customer relationship in terms of collecting and verifying user data, confirming and tracking orders;
- low-risk goods/services, which, by virtue of their specificity, imply a low level of fraud (housing and communal services, city telephone communications, home Internet, government services).
Cold news, but there is no way to avoid fraud completely. All you can do is try to prevent it. Are you using CVC/CVV and AVS? Is 3DS switched on? The more security and authentications an online store has, the more you can prevent fraud. Unfortunately, fraud can still occur.
Using 3DS or VbV helps you reduce e-commerce fraud by over 90%.
In case you still face a fraudulent transaction even though it was made in a secure environment, you no longer have the liability for the transaction. The issuer becomes liable for the transaction in cases like this. Small yet effective management of your online store will help mitigate fraud and losses in the long run.