The Four Types of E-Commerce Fraud

As ecommerce becomes mainstream for shoppers of every generation, fraudsters are honing their skills and developing tactics to seize the moment. In fact, the problem is expected to worsen over time. Juniper Research anticipates that businesses will lose more than US$362 billion globally to ecommerce fraud between 2023 and 2028.

So, what can you do to avoid being caught in that net? For starters, your fraud prevention team needs to know what they’re dealing with – fraudsters use a combination of old and new techniques. That means, at a minimum, you should have a strategy to address the four most common types of ecommerce fraud:

1. Card-not-present (CNP) fraud
2. Chargeback fraud
3. Friendly fraud
4. Policy abuse

Let’s look at each one.

1. Card-Not-Present (CNP) Fraud

CNP fraud happens when a criminal uses stolen credit card information to make purchases. Most often, fraudsters get this stolen information on the dark web and through phishing scams.

Phishing? What’s that?

Today’s fraudsters are so sneaky and resourceful, they can convince innocent consumers to hand over their financial information without realizing it. Here’s how it happens:

1. The criminal sends out an email, text message or direct social media message with a message that spurs interest or alarm, along with a link that promises to address the consumer’s concern.
2. The consumer misinterprets the message as legitimate and clicks the link.
3. Almost immediately, a software program (known as malware) gets installed on the consumer’s PC, laptop or device — giving the criminal unfettered access.
4. From there, the criminal pulls login credentials, personal information and financial information that can be used to access accounts and make fraudulent purchases.

Every day, more than 450,000 new malware programs are identified, which puts more consumers at risk. Using this data, fraudsters can perpetrate multiple schemes and scams.

Account takeover (ATO) fraud

ATO fraud happens when that data stolen through a phishing scam or bought on the dark web is used to take over a victim’s account. Usually, the fraudster assumes control over checking and savings accounts, brokerage, and even loyalty accounts.

ATO fraud is a huge problem, accounting for every fifth login attempt in the United States. Not only is this the stuff of nightmares for consumers, but ATO fraud can also lead to high chargeback rates for businesses. Among the most common business targets are subscription services and recurring payments. Once businesses set up the initial payments, they may pay less attention to changes over time. This is where fraudsters can easily attack.

Another tactic fraudsters use is one that makes customers unwitting accessories to crime.

Triangulation fraud

Triangulation fraud happens when innocent customers make purchases on a third-party marketplace, but the merchandise they receive is actually bought on another website using stolen payment information.

How it works:

• A fraudster sets up a third-party marketplace to look like a legitimate online store.
• A valid customer purchases a product on the third-party marketplace.
• The fraudster collects the valid customer’s shipping and payment information and orders the same product from a legitimate retailer.
• The fraudster provides shipping information for the valid customer with payment information stolen from a different customer on the legitimate retailer’s site.
• The legitimate retailer processes the fraudster’s order, shipping it to the valid customer’s address provided during checkout, and charges the innocent victim’s credit card.
• The valid customer receives the item they ordered, but their credit card information is now likely going to be used in another triangulation fraud transaction.

Buy online, pick up in store (BOPIS) fraud

BOPIS fraud is somewhat of a hybrid between ATO and triangulation fraud.

Here’s how it works:

• The fraudster acquires stolen credit card data or assumes control over a bank account and makes a purchase online to be picked up in store.
• The fraudster usually chooses one or more locations that are close by so they can quickly retrieve merchandise before the victim sees any charges on their statements or apps.

Because there’s no shipping address to confirm, this type of fraud isn’t easily detected until the business is alerted about a potential chargeback.

This type of fraud has increased up to 250% since the beginning of the pandemic, forcing businesses to distinguish between suspicious and legitimate orders.

As we move into the era of artificial intelligence, fraudsters are taking tactics to the next level.

Fraud-as-a-service (FaaS)

Fraud has transformed into a profit model for criminals who use bots and brand impersonation for attacks. They can simply rent bot networks from fraud "service providers" to launch large-scale campaigns that phish victims and attack websites.

FaaS is inexpensive, too — each bot call can cost as little as 15 cents.

2. Chargeback Fraud

While chargebacks were initially developed by card issuers to protect consumers, the chargeback process has become so easy that fraudsters and consumers alike game the system and knowingly commit chargeback fraud.

In these cases, customers intentionally file fraudulent chargebacks with the goal of keeping the product or service they ordered while also receiving a refund of the full transaction amount.

Chargeback fraud can take place in a variety of ways, including when the customer:

• Places an order with the explicit intent to get free products
• Experiences buyer’s remorse and regrets a high-priced purchase
• Hides a purchase from a spouse or joint account holder
• Tries to lower their credit card balance

It’s become such a pervasive problem that the FBI currently views it as the third-largest problem in ecommerce.

How much do chargebacks cost?

Chargeback fraud takes a big bite out of small- and medium-sized ecommerce businesses’ bottom line. Businesses lose around $125 billion annually in time, fees, physical goods and shipping costs. That doesn’t include the damage done to the company’s relationship with payment processors if their chargeback rate is too high. Once a chargeback rate is nearly at or over the 1% threshold, businesses are usually subject to management programs that impose high fees and the potential of becoming “high risk.”

3. Friendly Fraud

Despite being labeled as fraud, customers who misuse the chargeback process aren’t always malicious. Instead, think of friendly fraud as “accidental fraud” that can occur when a customer doesn’t keep meticulous records of their credit card purchases or simply doesn’t recognize a purchase on their credit card statement that they did in fact make.

Friendly fraud may also result from misunderstandings like:

• The customer forgot they made the purchase.
• The customer forgot they agreed to a recurring payment, such as a software or magazine subscription.
• Another family member authorized the purchase without the cardholder’s knowledge.
• The purchaser misunderstood the return or refund policy.
• The company name on the credit card statement differs from the company the customer made the purchase from, and the customer doesn’t recognize it.

The important thing to remember with friendly fraud is that these customers aren’t trying to be deceitful. Still, the impact of friendly fraud is significant:

Friendly fraud chargebacks have increased by 15%-20% across almost all types of businesses. This is partly because card-issuing banks have made it very easy for cardholders to make their disputes and certain social media influencers have highlighted the advantages of chargebacks.

– Chris Ballenger, VP ChargebackOps

4. Policy Abuse

Policy abuse is a category of fraudulent activities that take advantage of a store’s policies for personal gain. Each year, U.S. retailers lose about $89 billion to policy abuse. It’s predominantly an issue for enterprise retailers that process thousands of transactions daily and may not track if customers are abusing company policies.

Unlike ecommerce fraud, where a fraudster steals from a company using an innocent customer’s payment information, policy abuse involves theft solely from the company. As customers become more savvy shoppers, some take advantage of companies and exploit them for free merchandise and more benefits. The incidence of policy abuse has increased 75% over the past several years, with four main types.

Return/refund abuse

Return or refund abuse happens when criminals take advantage of a company’s return policy, costing U.S. retailers more than $12 billion each year. This type of scheme isn’t easy to perpetrate. Finding the loopholes in a business’s policies takes time and planning, and it’s often the sign of a crime ring or FaaS.

One of the most common types of return or refund abuse is wardrobing, where high-end fashion and luxury goods are purchased with the intent of returning them after a singular use.

Other types of return and refund fraud include:

• Returning shoplifted merchandise for full price.
• Receipt fraud, where a stolen or fake receipt is used to return merchandise.
• Purchasing merchandise on sale at one store and returning it to another for a higher price.
• Insider fraud, where employees assist fraudsters in returning stolen goods.
• Purchasing a replacement product and returning the damaged or defective item.
• Bricking, which involves purchasing and stripping an electronic product of its valuable parts before returning it.

Loyalty abuse

Loyalty abuse typically happens in one of a few ways:

• Fraudsters take over customer accounts to order expensive merchandise that’s shipped to the customer, and the fraudster uses the loyalty points to purchase products that can be easily resold or returned for credit.
• Fraudsters hack into airline and travel apps and transfer points.
• Fraudsters share referral codes and free trials with large groups.

Coupon abuse

Nearly 49% of ecommerce businesses have seen an increase in coupon abuse, which happens when a criminal creates multiple accounts so they can take advantage of a promotion more than once. Most often, coupon abuse is the work of large-scale crime rings and mass-registered fake accounts.

Gift card fraud

Gift card fraud can happen in a few ways.

• Fraudsters leverage bot technology to hack into emails and texts with gift card-related keywords and use the gift cards without the customer knowing.
• Fraudsters activate gift cards displayed on end caps and rotating store displays and use them to make purchases while they’re still on the racks.

Regardless of the fraud type, your best bet is to avoid it altogether.

How to Reduce Your Fraud Risk

To prevent fraud, businesses need to take certain steps before and after a purchase has been made:

• Maintain good customer relationships. Encourage customers to call businesses before filing chargebacks. This contact gives businesses the opportunity to make the transaction right.
• Make getting in touch easy. Businesses should offer multiple ways for customers to get in touch with them — phone numbers, email addresses, social media pages — and train their customer service team to handle complaints efficiently.
• Make policies prominent: Publish easy-to-understand return and refund policies on your product pages, checkout pages, and order and delivery confirmations. Consider changing your policy to store credit for returns.
• Consider holiday- and sales-specific return policies. During peak seasons, limit returns to 30, 60 or 90 days. You may also want to charge a restocking fee for luxury goods and consumer electronics with a high dollar value. Just make sure to communicate it.
• Require card verification values (CVVs). These three- or four-digit codes increase the likelihood that the customer has the physical card in hand, not just the number.
• Prioritize exceptional customer relationships: Make the shopping experience memorable and foster trust so customers will default to asking questions about a purchase instead of disputing a charge.
• Confirm orders through multiple channels: Send multiple confirmations to customers, especially through the channel they prefer. Include email, text and in-app confirmations, if possible.
• Communicate shipping and delivery information: Make sure to provide clear expectations about delivery dates to give customers peace of mind.
• Require delivery signatures: Require signatures for deliveries, especially high-value orders. This makes it harder for a customer to deny receipt.
• Ensure clarity on credit card statements. Consider the business name that displays on a customer’s credit card statement. Ensure the description won’t confuse customers; at the very least, let customers know what name they should expect to see on statements.
• Make returns easy: Establish a flexible return policy that’s fair to both businesses and consumers, and then communicate it — on product pages, transaction confirmations and email communications.
• Keep detailed purchase history information: Include when, where and how a purchase was delivered or downloaded. This will help you prove the legitimacy of a disputed transaction.
• Think of gift card displays as cash on the floor. You may even want to relocate them to a location that can’t be easily accessed.

It’s also important to implement a comprehensive fraud prevention solution.

Implement a Robust Risk Prevention Solution

Even businesses that implement the aforementioned preventive measures may still find themselves the victim of fraud. Some businesses may then try to implement simple fraud rules and basic fraud filters in an effort to prevent these transactions, but they just aren’t effective. Instead, they must implement a comprehensive fraud prevention solution that can protect them against the rising threat of CNP and friendly fraud.

Hybrid fraud prevention model

ClearSale’s hybrid solution starts with a highly effective automatic approval algorithm that “learns” as more transactions are processed. Globally experienced fraud analysts assess the small percentage of orders flagged for review with the goal of locating as many additional approvals as possible. Fraudulent transactions are identified and declined.

Highly trained human analysts along with advanced machine learning address the friendly fraud threat in real time. Not only can we help protect your business over the long term, but we also guarantee transactions 100% against fraudulent chargebacks.

By applying this global lens and a large database of orders across industries, we’re able to quickly recognize fraud trends and help clients eliminate fraud threats and prevent chargebacks — all while approving more orders, faster.

Chargeback management

Through our partnership with enterprise chargeback management service provider ChargebackOps, ClearSale offers full-scale chargeback management:

• Total Chargeback Protection allows businesses to recoup a portion of losses due to fraudulent transactions.
• Chargeback Guarantee reimburses the transaction amount plus the chargeback amount for any unauthorized transaction that’s approved.
• End-to-End Chargeback Management delivers comprehensive chargeback mitigation and resolution services, including team training, data audits and timely responses to issuers.

Comprehensive brand protection

Leveraging a combination of artificial intelligence and expertise, we help prevent cyberattacks and mitigate their effects, quickly removing threats from various sources.

• Phishing: Including fake page URLs and other communication channels
• Applications: iOS and Android
• Social Media: Facebook, Instagram, Twitter, TikTok, YouTube, LinkedIn, and more

To find out more about how you can prevent your company and your customers from being the victims of fraud, contact a ClearSale analyst today.