Fraud in eCommerce is on the rise. An increase of almost 30%, to put an exact number on it, according to an annual study of LexisNexis Risk Solutions. Even more worrying: that figure is almost double the growth in eCommerce sales, according to data from Digital Commerce 360. Detecting fraud is not impossible, though, and eCommerce expert Jorge Zuñiga Blanco explains some of the most common types of fraud found on online retail platforms.
Fortunately, fraud prevention in eCommerce is also on the rise, with methods as sophisticated as scams that frustrate. Explains Zuñiga, “As fraud schemes become more sophisticated, so do the tools that are available to fight them. The first step, however, is to ensure you limit the potential risks that could be exploited by scammers.”
eCommerce retailers have to fight fraud on two different fronts. On the one hand, they have to protect themselves from schemes that specifically target merchants, such as fraudulent charge charges or site imitation. They also have to protect their customers from scams. The fact that there might be scammers on the site is a kiss of death to online stores. Even you are as victimized as your buyers.
Email account phishing is one of the most popular forms of scams. These are as old as the Internet itself, so many of you have probably already opened an email from a stranger asking for sensitive account information. Lately, however, we are seeing an increase in scammers passing not by Nigerian princes, but by eCommerce stores. They send emails disguised as order/delivery confirmations, in order to extract sensitive data from the account or take victims to a fraudulent site.
At best, this leads to an unexpected advertising page instead of an official store page. Other times, it is not so harmless; links in phishing emails often go to sites with viruses, malware or other misfortunes related to hacking. That’s why it’s always recommended to hover over suspicious links instead of clicking on them.
If someone loses their account information via a phishing email, what happens next? The scammer takes that information and buys a lot of expensive gifts for himself, and guess who pays the bill. Impersonating someone else and making purchases with your financial information is known as identity theft. Strange as it may seem, the retailer is often the most harmed by identity theft. Explains Zuñiga, “A credit card company usually initiates charge returns on behalf of the victim, but without obligation to return the merchandise. Even if the retailer manages to recover the products, they are no longer new. The only way for an eCommerce retailer to avoid the embarrassment of identity theft is to stop it before it starts.”
It’s also worth mentioning that online stores should also be careful not to become unwitting accomplices to identity theft. Yes, your site is not safe. Hackers can steal their customers’ information right under their noses – as was the case with the million dollars in 2013 Target hackers.
It’s on a site you’ve used hundreds of times before, but this time, on this particular page, something looks different. It could be that the site had one of its pages stolen. Pagejacking is when hackers create a fraudulent website that mimics an existing site. The most advanced cases involve stealing pages from a high-ranking site and siphoning your traffic on search engines. Pagejacking is also commonly associated with “mousetraps,” in which a page prevents users from leaving the page, for example, by opening a new window every time the user tries to close the browser or page, or by flooding the computer with encessant pop-ups.
Chargeback fraud is painfully simple and woefully common. Basically, the scammer buys a large eCommerce order and then cancels the payment after it is shipped. They keep the goods when he arrives without paying a penny. Methods vary, although it can be as easy as the scammer calling the credit card company and saying his identity has been stolen.
Another popular technique is to claim that the delivery never arrived, so the scammer receives a duplicate of the order for free. Even if the scam is detected on time, even in the best situations, the trader has yet to investigate the false claims.
Friendly fraud is when a legitimate customer accidentally causes a chargeback fraud, such as losing a package delivery or entering incorrect payment details. Traders are caught in the dark about whether a charge was malicious or just an accident, fearing offending a well-meaning client with accusations of fraud. eCommerce brands operating under a subscription model often deal with friendly fraud, as customers claim they did not know the charges were recurring.
Targeting eCommerce merchants specifically with affiliate programs, affiliate fraud refers to scammers who manipulate or abuse affiliate links for greater pay. In other words, if an affiliate receives a payment for each visitor they send to a site, a scammer can make it look like they sent more visitors than they actually sent, earning a higher salary. States Zuñiga, “Affiliate fraud, in many instances, involves hacking and the exploitation of automated systems. However, in others, it can be as simple as using a fake profile. Scammers will generally have an advanced level of computer knowledge to skillfully avoid detection.
There’s one more merchant-specific fraud scheme, when the scammer becomes a manufacturer, wholesaler or other B2B business, promising a service that he never intends to provide. Online stores sign up, hand over some money, but they don’t know anything about the supplier again. These scams rely heavily on other scams like phishing and perhaps even pagejacking, with the big difference being that they target companies rather than consumers. It’s one of the reasons we always recommend thoroughly researching who you’re doing business with.