6 Types of eCommerce Fraud and How To Prevent It

01.4.2023

Where there’s growth, there’s opportunity. Unfortunately, while U.S. eCommerce orders were exploding at an unprecedented rate of 110% year-over-year, the bad actors weren’t sitting idle. eCommerce fraud is growing tremendously as well with several developments that make it difficult to verify user identity, including:

  • Increased use of mobile and digital wallets and other contactless payment methods that complicate the ability to assess fraud risk.
  • Prevalence of synthetic identities.
  • Increased numbers of botnet attacks.
  • Difficulty in determining physical location.
  • Lack of access to real-time data-assessment tools.

Companies want to provide a smooth and frictionless experience, but they must balance this against the real need to protect themselves and their customers from security risks.

6 Types of eCommerce Fraud

The increased use of mobile devices for online transactions makes it particularly challenging. There are a variety of methods cybercriminals use to defraud eCommerce companies. Following are some of the most common types of eCommerce fraud.

1. Chargeback Fraud

A chargeback occurs when a customer asks their bank to take money back from a seller, typically due to a dispute. Chargebacks protect customers, for example, from fraudulent transactions, paying for products or services they never received and illegitimate charges. They were designed to favor customers and keep merchants honest and transparent in their dealings. 

But before requesting a chargeback, the customer is supposed to try to work it out with the seller. When the customer cannot work out a solution with the merchant, they may make a claim for a legitimate chargeback. All too frequently, however, the chargeback process is a result of fraud. There are two types of chargeback fraud:

Friendly Fraud

This occurs when a customer requests a chargeback on a purchase for reasons that don’t qualify — for example, they have waited too long to return the merchandise, they don’t want to pay a restocking charge or they are abusing the merchant’s policies in some other way. They may also be trying to get something for free, which could arguably be called a crime.

Criminal (Or Transaction) Fraud

When stolen credit cards are used to purchase goods and services, the actual card owner will request a chargeback. Of course, the chargeback is legitimate, but it was caused by criminal activity that costs the merchant.

2. Credential Stuffing

Most people reuse usernames and passwords across dozens of websites. Credential stuffing takes advantage of this fact. This is a type of cyberattack where criminals make multiple automated login attempts using a list of stolen usernames and passwords. When they find combinations that work, they gain unauthorized access to user accounts. It is one of the most common methods used to take over accounts

3. Refund Fraud

Refunds are a typical part of the retail business. But in 2019, U.S. online retailers lost $41 billion in sales, roughly 10% from fraud. Also known as a “whitehouse scam,” refund fraud is the abuse of a seller’s return policies. It happens in both retail and eCommerce stores, but it’s growing most aggressively for card-not-present channels and is very likely to occur online. There are many ways that this scam occurs. 

For example, a fraudster may:

  • Claim that the package never arrived or was stolen by a porch pirate.
  • Claim that the box was empty.
  • Claim that the item was damaged or missing parts.
  • Return an item that has been used once or twice.
  • Switch or alter the price tag to get a bigger refund.
  • Switch the item for a lower-priced or counterfeit item.

It gets worse. Criminals have also used decoy tracking. They buy a high-priced item, then request a refund. They then attach the label to a piece of junk mail which will be discarded at the return center. But delivery tracking provided by the label proves that the item was returned. The criminal then pockets the refund. 

4. Interception Fraud

A criminal uses a stolen credit card and places an order to be shipped to the billing address. To receive the goods, they must ask the customer service representative to change the address on the order before it is shipped or contact the shipper to reroute the package. Alternatively, the bad actor can physically intercept the package when it is delivered to the cardholder’s address. 

5. Triangulation Fraud

One of the fastest-growing schemes is triangulation fraud. As the name implies, this fraud involves a party of three: the criminal, an eCommerce storefront and a customer. The criminal sets up a storefront with bargain-basement prices in a third-party marketplace such as eBay or Amazon. When the customer sees a great deal and places an order, the criminal uses a stolen credit card to order the merchandise from a legitimate eCommerce site and has it shipped to the unsuspecting customer. 

The criminal pockets the money from the customer’s credit card and the customer never knows what happened. The eCommerce business that shipped the order and the owner of the stolen credit card are the victims.

Address Verification Service helps limit fraud and chargebacks by verifying the customer's address during the onboarding process against the credit card account. It’s a service used by many major credit card companies. If the transaction looks suspicious, it is declined. 

6. Onboarding Fraud

With increasing levels of fraud, security needs are high. Onboarding is critical for eCommerce businesses, especially right now when there are more new customers than ever. Scammers are looking for opportunities to exploit overwhelmed sites. Cybercriminals can easily falsify information like names, addresses and passwords to create fake identities and commit fraud.

Adaptive Authentication (AA) is another way to prevent eCommerce fraud. This extra layer within multi-factor authentication is tailored to each user who signs up based on the device, event and customer data.

Beat eCommerce Fraud

Consumers want security and they expect you to provide it. But they also want an easy and frictionless onboarding process. If the process is overly cumbersome or requests too much personal information, potential customers will abandon it. Instnt AcceptTM is your onboarding solution, offering security and reliability to this essential part of the customer journey. With Instnt AcceptTM, you can protect yourself against fraud losses while giving your customers a safe and reliable onboarding experience. You’ll have fewer customer abandonments and you’ll be indemnified against fraud losses up to $100MM. Further, Instnt AcceptTM uses data science to verify identity and validate devices.

With the right tools and strategies, you can significantly reduce fraud and enhance your bottom line. Get started today.

Share

About the Author

Instnt Inc. is an AI managed customer acceptance platform founded and operated by serial entrepreneur Sunil Madhu, founder, and former CEO of Socure. Instnt is on a mission to bring frictionless inclusion and continuous identity assurance experiences for businesses and their customers through proprietary artificial intelligence technology, open standards, and a collaborative effort in the identity governance industry. Instnt powers various financial institutions, lenders, fintechs, banks, and credit unions across North America. For more information, please visit www.instnt.org