The conventional image shows that cardholders are affected by e-commerce fraud the most. But online stores get no less – e-commerce fraud schemes threaten merchants and businesses with the loss of money, customers, and reputation.
What is fraud?
E-commerce fraud trends
There are several types of fraud, but most of them aim to obtain the data of a person's bank card or the plastic itself. As soon as a specific kind of fraud is identified and people find some antifraud solutions to fight against it, a new type appears. Therefore, it is vital always to remain vigilant and be well-versed in e-commerce fraud prevention tools. Below are some of the most common e-commerce fraud trends out there.
Classic fraud. Unsophisticated fraudsters purchase stolen credit card credentials on the dark web with the purpose of its future misuse.
Triangulation scheme. It involves three parties – the shopper, the e-commerce store, and the fraudster. The fraudster creates a fake online storefront, usually offering high-demand goods at low prices, and collects payments for the goods it sells. Then, using other stolen credit card data and the names collected on his storefront, the fraudster purchases goods from a legitimate website and ships them to the customers who purchased on his new online storefront.
Interception scheme. Fraudsters aim to intercept the package in any of the following ways:
- ask a customer service rep to change the address of the order before shipment;
- contact the shipper to reroute the package to an address where they can retrieve the stolen goods;
- wait near the delivery point for the parcel to arrive, offer to sign for it instead of the homeowner, saying they're unavailable.
Card testing fraud. A fraudster, generally a bot, tests the validity of a credit card number and further uses its credentials at another website to commit fraud.
Account takeover. Fraudsters take advantage of stored credit cards to purchase goods using a customer's login credentials.
Identity theft. Usually involves sophisticated fraudsters who assume another person's identity, create credit cards in the victim's name and go on a shopping spree.
Chargeback fraud (aka "friendly fraud "). Hardly ever carried out by hardcore criminals, but rather by disingenuous consumers. After making a purchase, they issue a [chargeback](https://corefy.com/glossary/chargeback %20?utm_source=blog&utm_medium=link&utm_campaign=text), claiming their card was stolen. And the chargeback usually occurs after the goods are delivered.
What is antifraud, and how does it work?
Antifraud is a system for monitoring and preventing fraudulent transactions. Such systems are used for e-commerce fraud detection – they check each payment in real time, running it through dozens or hundreds of filters.
Antifraud systems usually consist of automatic transaction monitoring with various customisable filters and mechanisms for cardholder authentication and card validation and "manual" transaction monitoring for edge cases. Such a system is quite an expensive development that is usually affordable only for banks, shops and specialised services (payment aggregators and processing centres that specialise in accepting digital payments). That is why most online services and stores prefer to use the services of third-party contractors to receive payments.
How to prevent e-commerce fraud
Here are examples of e-commerce fraud detection filters in an average processing centre. Sure, they may differ depending on the system developer.
Antifraud solutions
- Filter validators. A validator of bank card details can be described as an example. While a customer enters the payment card data, the system checks the card number according to specific algorithms to ensure the buyer has not misprinted and entered the correct card number.
- Geographic filters. For instance, by country of IP addresses. Statistics show that some countries have a high level of skimming and card compromise, and as a result, payments made from these countries have a high potential to be fraudulent.
- Block-lists. If the system receives data on a particular card with previous payments marked as fraudulent, or the cardholder has notified the issuing bank about the compromise of their data, such a card is block-listed. The system knows that transactions cannot be skipped on it since they will be fraudulent.
- Parameter matching. Matching the country of the payer's IP address and that of the bank card issuer. If the country of payment doesn't coincide with that of the card issuer, a further check is executed. If the cardholder didn't warn about their relocation, the card data might be stolen.
- Authorisation limits. There are restrictions on the number and amount of payments made during the day or other periods to protect the payer and other participants of the online payment process.
E-commerce fraud prevention tools can include hundreds of filters — the more susceptible to fraudulent activities a business is, the more filters are enabled, and the more subtle each of them is configured for a specific online store or service.
Antifraud & conversion
As you see, any antifraud system requires some fine-tuning to maintain a high level of security while not losing profit. Each business owner should know how to prevent e-commerce fraud and maintain a high conversion level. Here are several ways to solve this problem:
- Individual customisation. Experts analyse the business, its average check, and the clients' geography and set up the corresponding filters.
- Mechanism for "manual approval" of transactions. The employees of an online store can monitor suspicious transactions and decline them manually.
- Providing partners with the ability to manage some antifraud system elements. This decision is made on an individual basis and depends on several factors.
In some cases, it's better to turn off some filters to maintain a high conversion level. It is better to decide in favour of conversion if:
- the online store has a high margin and a well-organised customer relationship in terms of collecting and verifying user data, confirming and tracking orders;
- low-risk goods/services, which, under their specificity, imply a low level of fraud (housing and communal services, city telephone communications, home Internet, government services).
Cold news, but there is no way to avoid fraud completely. All you can do is try to prevent it. Are you using CVC/CVV and AVS? Is 3DS switched on? The more security and authentications an online store has, the more you can prevent fraud. Unfortunately, fraud can still occur.
In case you still face a fraudulent transaction even though it was made in a secure environment, you no longer have the liability for the transaction. The issuer becomes liable for the transaction in cases like this. Small yet effective online store management will help mitigate fraud and losses in the long run.
E-commerce fraud and ways to cope with it often change. We at Corefy are ready to assist you with any additional questions. So, do not hesitate to contact our team.