Payments fraud in eCommerce is the criminal act of using illegitimate financial or login credentials to purchase goods or services on the internet. Fraudsters may use stolen credit card numbers to complete a purchase or obtain a cardholder’s store login credentials and take over an existing account using the cardholder’s saved payment information. Legitimate cardholders may also commit eCommerce fraud in the form of fraudulent chargeback claims.
Learn to Detect eCommerce Payments Fraud
Good fraud protection begins with learning to recognize the individual behind a transaction. Understanding who a fraudster is and how they commit fraud can inform merchants as to what data to look out for and how to establish effective fraud detection and prevention strategies.
Let’s Meet the Fraudsters:
Fraudsters can be categorized into three categories: friendly fraudsters, amateur fraudsters, and sophisticated fraudsters.
1. Friendly Fraudsters
Friendly fraud refers to fraud that is committed by a legitimate customer post-transaction. The fraud would occur in the form of an undeserved chargeback initiated by the customer maliciously or in spite. The shopper may be trying to get away with keeping the merchandise for free out of complete disregard for the merchant or in response to a negative shopping or customer service experience.
2. Amateur Fraudsters
Amateurs can learn everything they need to know about committing eCommerce fraud on Youtube, TikTok or the dark web. Popular fraud tactics tend to evolve into Bandwagon Fraud as a popular DIY fraud clip goes viral and more and more youngsters feel compelled to override their better judgment and jump on the new social trend.
An amateur fraudster will attempt to make an order by impersonating a cardholder. They will need some basic information about the cardholder, while simultaneously wanting to keep tabs on the order and ultimately receive it. Consequently, some of the information on the order will be legitimate, while other pieces of data may be their own, such as the fraudster’s personal email or shipping address, and some data may be randomly fabricated.
3. Sophisticated Fraudsters
A sophisticated fraudster will always attempt to mask their identity, location and device, perhaps using a proxy, a burner phone, gift cards, or VOIP. They often create brand new personas and new email addresses so they can receive updates on orders.
Career fraudsters can now rent botnets for Card Testing. The market for attack technology as-a-service is growing at an alarming rate. A number of recent data breaches flooded the dark web with stolen login credentials that have fueled a major flare up in Account Takeover Fraud (ATO). Sophisticated fraud rings can purchase millions of logins and rent bots to identify the sites and individuals worth exploiting. The bots can also be used to test which cards are still active and what their credit limit is.
Reroute Fraud is often how fraudsters acquire stolen goods purchased via ATO fraud. They pose as a returning customer using a legitimate customer’s compromised information. Once the order is approved, they then attempt to reroute the shipment to a destination of their choice.
How to Prevent Payments Fraud
To Keep your customers friendly, eCommerce businesses should seek ways to improve their customer service and overall shopping experience. Responding quickly to customer concerns or inquiries will make customers feel valued and less likely to act out of spite. Always ensure that they can cancel or return an order without too much difficulty so that dissatisfaction can be addressed through a refund and doesn’t translate into a fraudulent chargeback.
Amateur and sophisticated fraud attacks can be spotted by scrutinizing all data points on an order. If any of the order details seem incomplete or off, an attempt should be made to reach the real cardholder to validate the order. Merchants should always be on alert for changes in customer behavior, new email addresses, changes to shipping addresses, and rerouting requests. Multiple orders placed in close succession exhibiting similarities should always raise a red flag.
Staying alert and cautious can go a long way in preventing fraud, however, the risk of rejecting legitimate orders due to suspicions of fraud can be just as damaging.
Often, the only way to identify sophisticated fraud tactics is to employ advanced fraud detection systems that can determine the longevity of an email address, has IP location and device recognition capabilities, has an awareness of emerging threats and a vested interest in protecting your business.
If manual review and detective work is not what you signed up for, consider outsourcing fraud tasks entirely to a fully automated effective fraud prevention solution, such as NoFraud. Visit www.nofraud.com for more information.