eCommerce fraud is a serious threat that affects businesses large and small:
- Larger companies sometimes make the headlines after a breach, but they usually have the financial resources to manage damage control after a cyberattack.
- Smaller companies rarely make the news following a cyberattack, but a staggering 60 percent go out of business within six months because the costs associated with the cyberattack are too high to overcome.
Whether to avoid a PR crisis, severe financial losses, or even going out of business, it’s vital you understand the different types of eCommerce fraud – and how best to protect yourself. Below is a brief overview of some of the more common threats you face when selling online.
1. Card testing fraud
With this scam, criminals test stolen cards by making small transactions of just a few pennies. Once they know a card works, these thieves may then make larger purchases – either on your eCommerce site or on someone else’s.
Losing a few pennies here and there might not seem like a big deal. However, for every $1 of reported fraud, impacted merchants lose an estimated $3 – due to penalties, legal fees, and authorization fees.
The fix involves setting up your payment environment with fraud management filters to help prevent suspiciously small transactions. If your least expensive item costs $0.75, for example, there should never be a charge of $0.74 or less.
2. Account takeover fraud
Criminals sometimes take over a customer’s login credentials to make unauthorized purchases – either with that user’s stored credit card details or with credit card information illegally obtained elsewhere.
Requiring strong passwords with lowercase letters, uppercase letters, numbers, and symbols is a good start, but an even better strategy is to also require two-factor authentication (2FA) for all logins. In addition to usernames and passwords, users must also supply one or more of the following:
- Something they know (e.g., their high school’s mascot)
- Something they have (e.g., a code sent to their phone or email address)
- Something they are (e.g., a fingerprint scan or some other biometric indicator)
Making 2FA a requirement for all logins – including those used by employees, vendors, and suppliers — will help thwart fraud attempts.
3. Overpayment fraud
With this scam, criminals use stolen credit cards to overpay for items. They then immediately request that the remaining balance be sent to a different account.
To help prevent this, create a policy in which employees can only send refunds and balances to the original funding source.
4. Chargeback fraud
This scam is usually perpetrated by your own customers, which is why it is often referred to as “friendly fraud.” Here’s how it works:
- After ordering an item, a customer claims it never arrived – or that he or she never placed the order in the first place
- The customer then contacts his or her credit card company to reverse the charges (while conveniently keeping the item)
- After a total loss on the item, your only recourse will be to dispute that charge over the next several months – with the very real possibility that the bank will rule in the customer’s favor
Chargeback fraud is very difficult to detect and prevent, which is why merchants lose an estimated $30 billion annually to this online scam. However, you can help reduce friendly fraud by:
- Adding tracking and signature requirements to outgoing packages to prevent claims of non-delivery
- Eliminating guest logins and implementing 2FA to make it harder for customers to claim they never ordered the items in question
eCommerce fraud is already a major problem, and as more businesses move their operations online, this threat will only increase. Protecting yourself requires continuously implementing the latest fraud prevention best practices as they emerge.
For a more comprehensive list of current eCommerce fraud types and prevention strategies, be sure to download the free infographic below.
Infographic created by Fiserv, a PCI service provider