If you’re selling your business’s merchandise online, you’re likely no stranger to fraud and how detrimental it can be to your company’s success. The financial losses can be severe. In fact, ecommerce fraud caused losses of $20 billion in 2021.
To ensure your business is protected and that you keep the sensitive information from your customers secure, you need to have a complete understanding of what ecommerce fraud is, the warning signs to look out for, and how to protect your business for the long term.
Let’s dive in.
- What is ecommerce fraud?
- Types of ecommerce fraud
- How to detect ecommerce fraud
- How to protect your business from ecommerce fraud
- Protection is possible
Learn more in our guide to starting an ecommerce business. Check it out below.
Starting an online store?
Learn more in our guide to starting an ecommerce business. Check it out below.
What is ecommerce fraud?
When we mention ecommerce, we’re talking about commercial payments and transactions that take place over the internet within an online store. Typically, these purchases happen on laptops, smartphones and tablets.
Ecommerce fraud, sometimes called payment fraud, is when a scammer conducts malicious activity during a transaction on an ecommerce platform. The scammer’s goal is personal or financial gain, which will also negatively impact the bottom line of the merchant and the customer.
This term can include anything online during a purchase, from identity theft to stealing credit card information. An example of ecommerce fraud is when a hacker or cyber criminal uses credit card information or stolen identity to make a purchase in an ecommerce store.
Types of ecommerce fraud
Ecommerce fraud comes in many shapes and sizes, but some common types seem more popular. As an ecommerce business owner, it’s in your best interest to familiarize yourself with these types of fraud to protect yourself for the long haul.
- Chargeback fraud: This scam is often committed by the customer instead of a criminal. A customer files a claim stating their purchase arrived damaged or didn’t arrive at all, demanding a refund. If the claim is approved, the customer gets their purchase reversed, and the merchant has to refund the order. In this case, the customer is taking advantage of the ecommerce platform.
- Friendly fraud: This scam is also committed by the customer but occurs when they demand a refund based on what they believe is an unauthorized purchase. In reality, the purchase was made by a friend or family member without them knowing. Friendly fraud chargebacks can account for between 40% and 80% of all fraud losses.
- Card testing: A scammer has just stolen credit card information, and now they have to check that the card works. A scammer may turn to a small or low-value purchase that the card owner may not even notice. Once they know the card works, they’ll make more expensive purchases of big-ticket items. Card testing is not only frustrating for the customer, but if online payments are consistently being blocked due to this type of fraud, a business could be hit with extra fees.
- Account takeover: This occurs when a hacker or cyber criminal has the login credentials on the platforms and uses this information to make a purchase. This can sometimes take place when stored payment information is saved within the account. Account takeover qualifies as identity theft and is a common tactic for online thieves since it can occur during phishing scams.
- Triangulation fraud: This is a multi-step fraud where a scammer obtains the customer’s purchasing information. The scammer creates a fake online store, listing products at an inflated price. Then, a customer buys the product from a fake store, giving the scammer their payment information. With this information, the scammer buys the same product at a lower price, ships it to the customers, and keeps the difference.
How to detect ecommerce fraud
As a business owner, it’s crucial that you understand what ecommerce fraud looks like and how to detect it.
Multiple orders from multiple credit cards
One sign of ecommerce fraud is getting multiple orders from multiple credit cards, either in one day or over a longer period of time. Consider it a red flag when a customer makes several purchases with different credit cards over a day to a week.
A scammer may be using different cards as a way to avoid detection. Additionally, scammers often do this to test whether the details of a stolen credit card work.
High and low volume orders
As a business owner, you likely love to see large purchases. But still, keep an eye out for a significantly larger purchase, or with a higher price tag, than most of the orders made on your site. A red flag that goes hand-in-hand with this is if the order was made with expedited or overnight shipping, as scammers want their high volume order sent as soon as possible to avoid detection.
Unfortunately, the same can be said for multiple low-volume orders. To test if a stolen card is still active, a scammer sometimes starts by making multiple small purchases. These orders will often go undetected, and a scammer will move on to larger purchases.
Unusual purchase behavior
It’s also a good idea to keep an eye out for unusual or suspicious purchase behavior. This could be inconsistent order data, multiple transactions in a short amount of time, or a string of back-to-back orders from a new country.
Repeated declined transactions
We’ve all mistyped our credit card information when making a purchase. But, when a purchaser has multiple (talking four or more) attempts without getting their card number, security code, or expiration date correct and their order is declined, this is often the sign of someone trying to make a fraudulent purchase.
Different billing and shipping addresses
Another warning sign to watch out for is when a buyer makes multiple purchases under one billing address but ships products to multiple addresses. And while this may be a common instance during the holiday season, it’s still a red flag to keep an eye out for, especially if you notice this happening more frequently.
Finally, let’s say you have a repeat customer with an IP address in North America. If they’re suddenly making purchases from an IP address that’s located in an unusual location (like Nigeria or Indonesia), they might use VPN to change location. But in most cases, this is a sign of a scammer committing fraud.
How to protect your business from ecommerce fraud
While it may feel daunting to know and understand so many signs of ecommerce fraud, it can be comforting to have a complete understanding of how to protect your business from these occurrences.
Here’s how to arm yourself against ecommerce scammers.
1. Manually review suspicious orders
In the same way a brick-and-mortar store may have cameras set up to catch shoplifters, an ecommerce store needs to monitor your site regularly for any suspicious activity. Keep an eye out for the red flags discussed above, such as billing and shipping information that doesn’t match, multiple declined purchase attempts and multiple orders from one credit card.
2. Achieve PCI compliance
As an online store that accepts credit cards for payments, achieving Payment Card Security (PCI) compliance is an absolute must.
PCI compliance is managed by the PCI Security Standards Council and it ensures that all credit card transitions are secure and that you avoid credit card fraud. Being PCI compliant means your ecommerce store and all transactions meet the PCI standards. Having this isn’t just a best practice or a suggestion but a requirement for every merchant that processes credit card information.
The PCI Security Standards Council guidelines ensure credit card data is always protected and that sensitive information is secure throughout the transaction process.
3. Implement fraud detection solutions
Monitoring every purchase on your website can feel like a daunting task–because it is. When you implement fraud detection software, you can have peace of mind that these tools are doing the checking and heavy lifting for you. These solutions notify you of suspicious activity so that you can act quickly against hackers.
4. Require CVV numbers for all credit card transactions
A Card Verification Value (CVV) is the three-digital security code on the back of credit and debit cards distributed by VISA, MasterCard, and Discover. American Express cards have them too, but they’re a four-digital code on the back.
When your ecommerce store requires these security codes on all purchases, you help to ensure the purchaser has the actual card in their possession, which can help reduce the likelihood of fraud and scams.
5. Set limits on total purchases
Since scammers sometimes make high-volume purchases, you can protect your business by limiting the number of items a customer can purchase in a single order. To get started, look at how many units of an item the average customer purchases at once, set a limit slightly higher than that, and then decline or flag orders above this set limit.
6. Encrypt your website with SSL
SSL stands for Secure Socket Layer and is how you keep your internet connection secure, which is especially important when handling sensitive data, like credit card information.
Encrypting your website with SSL prevents hackers from reading credit card data and other sensitive information, as it’s being transmitted from your customer’s web browser to your online store. Customers are more likely to trust your store when the URL starts with HTTPS, the S standing for secure.
7. Require strong passwords for user accounts
Another step to protect your business is requiring users to have strong passwords for their accounts. Since account takeovers occur when scammers use bots to guess their passwords from thousands of commonly used passwords, this can help to reduce the number of account takeovers on your site.
When a new user is creating an account, require their password to be:
- At least ten characters long
- Include a number
- Include an uppercase letter
- Include a symbol
Without these requirements, users are likely to choose passwords that can easily be guessed by hackers, which are passwords like… password, qwerty, or 123456.
8. Regularly audit your website for vulnerabilities
No matter what type of ecommerce website you have, it’s recommended that you conduct a security audit for vulnerabilities at least once or twice a year. These audits can be carried out by you, a member of your IT team or you can hire an external third-party security company to audit your website for you.
Running these audits will let you know if there are weak points in your website that a scammer can take advantage of, like software that’s outdated, expired SSL protection or failed PCI compliance.
9. Use an Address Verification Service (AVS)
Another tool at your disposal is an Address Verification Service (AVS). This is another fraud protection measure your business can use to check if the billing address the customer has provided matches with the one on file with the credit card company. If these two addresses aren’t a match, you can choose whether this transaction is flagged or declined altogether.
10. Avoid collecting too much sensitive customer data
Finally, don’t collect too much data from your customers. If the data isn’t saved or backed up in your system, a scammer can’t steal it. So, for your ecommerce store, limit the information you collect from customers to only data needed for the transaction. For example, collecting a name and an address is fine, but you don’t need to save your customer’s birthday or their sizing information into your system.
Protection is possible
Protecting your ecommerce business against scammers and hackers can feel like a stressful challenge, but it doesn’t have to be. Now that you’re educated on what red flags to look out for and how using the right software can help, you can focus more on running your business to ensure it’s successful and worry less about whether your website has any flaws or weak points that a scammer can take advantage of.
Lightspeed eCom lets you set up shop online and start selling securely. Best of all, it integrates seamlessly with your POS system to reduce manual work and double entry. Get in touch with us to learn more.
News you care about. Tips you can use.
Everything your business needs to grow, delivered straight to your inbox.