Fraud is increasingly becoming a bigger concern for online platforms. As an online store's sales increase, it is also caught up with more fraud risks and losses. While it is common for users' passwords to be stolen, e-commerce sites are closely linked to fraud attacks involving credit card payments.
When payment is made over the web, merchants cannot physically observe the payer to ensure he or she has authorized use of the payment method (e.g. credit card). For most online purchases, shoppers are required to pay upon submitting their purchasing request, which puts the store at risk of bad actors trying to gain from different fraud approaches.
In this article, we discuss the growing prevalence of fraud in e-commerce and summarize the suggested ways in which its participants can better ensure their safety when selling and shopping online.
A survey conducted by Financial Fraud Action UK (FFA) revealed that E-Commerce fraud grew by 18%, weighted against annual sales in 2016, standing at 308.8 million pounds. Because of this, both domestic and international banks have been the first to move towards creating and adopting solutions to fight fraud.
What's not being mentioned frequently enough is the fact that as security technology develops, criminals also have their own way to surpass the protective walls. One of the major sources supporting cyber criminals in this realm is the dark web.
The dark web is a portion of the internet only reachable with application of a specialized software. It is also known as a “black market”, within which fraudsters can easily purchase stolen passwords, credit cards, and so on to carry out their fraud attacks.
The main in which these websites gather and enrich their information is through cybercrime groups who either share or sell sensitive data. These information sources could also originate from major corporate data breaches and leaks over many years of operations. Upon stealing sensitive account information, these criminals list them on dark websites.
Over time, criminals have progressed to include more sophisticated ways to monetize stolen data. Among these ways is to use stolen card information to purchase one-time gift cards to make purchases, aiming to cover their own digital trace. This kind of attack is further ensured by using a 'mule' recipient name and address, while only forwarding the bought items to the real address upon receiving.
Experts in cybersecurity suggest the following list of things for companies with E-Commerce channels to try when securing their operations from fraud.
This particular type of authentication mechanism verifies a user's identity using two or three factors. It often includes something you know (a password), something you have (a key), and something that is part of you (biometric).
Two-Factor Authentication (2FA)
2FA uses a combination of two over three of the aforementioned items to verify that you are the legitimate user of an account or payment card. This takes security to another level by creating another challenge for hackers to bypass if they were to compromise your account.
Fraudsters usually use a rental mail box to receive things anonymously. This is because while carrying out their fraudulent acts, they cannot risk being caught by either the seller or the legitimate card holder.
When selling online, encourage your customers to double check their addresses, and if they happen to be a recurring customer, do the work to check whether their addresses are similar. In the case of address change, take the initiative to confirm with your customers to ensure the right person is buying and receiving your goods.
In the case of fraud and disputes, customers will likely turn to your store for inquiry. Having an active customer service line helps both your customers timely identify transaction abnormality and therefore act on it to resolve their concerns.
Nowadays, with the strong support from CRM tools and the internet, there is no need to run a telephone line like how it used to be back in the days. An active social media or a web-based chat box are totally fine to handle day-to-day customer service.
Some companies invest heavily in building and maintaining meaningful customer relationships, as it always costs less to retain a loyal customer than acquiring new ones. This is particularly seen in newly developed, automated chatbots that can be preset to send out response templates, which saves time and labor cost for businesses.
When interacting online, customer's accounts and browsers will leave digital traces, such as IPs. By taking a deeper look into these indicators, you, as a merchant, will be able to tell where the customer is ordering your goods from.
In cases when the shipping address appears to be too far from their IP trace, that might be a red flag. This could either mean fraud — when a fraudster steals an account and starts purchasing things to another address line, or that your customer is actually legitimate and they're buying things for other people. No matter how varying the situation could get, it's always better to be one step ahead and perform these quick checks to secure yourself when selling online.
There are plenty of tools available that can even be embedded into your checkout page for verification of both customer identity and browsing information like IPs. Taking a quick look into that could help merchants find out the solutions to their security needs.
While there are many things that you could manually do to identify and protect your business from fraud, detection tools are available for you as an all-in-one solution. These programs often help, by retrieving and analyzing browsing and account data, to identify good customers from the bad, while applying specific rules for transactions when they pass through.
Within these programs, you can take the initiative to set transaction limits to when a customer cannot continue to purchase from your store or must provide additional verification to prove that they are the legitimate cardholder. This helps prevent stolen card fraud or any of the same kind.
As a provider of fraud prevention technologies, we are always on our feet to develop the newest and safest solutions for our clients, whether they are acquirers or merchants. With long-term experience and in-depth knowledge of fraud-fighting technology, we understand the merchants' needs for fraud prevention while not discouraging customers with complex authentication embedded into the purchasing process.
HiTRUST puts forward solutions that emphasize a frictionless transaction flow. What this means is that we encourage merchants to adopt a way of processing transactions with the least friction as possible. Within a frictionless flow, merchants' customers do not have to go through many steps to authenticate themselves, aiming towards a click-to-buy shopping experience.
HiTRUST's fraud detection mechanism retrieves data from your customer's browsers, hardware information, and employs machine learning to analyze their online activities and even typing speed to identify whether it is actual human behavior or the purchase is being initiated by a robot.
Our newly-developed technology allows us to look deeper into the IP addresses, and has the ability to unveil identities and locations even when the user employs VPN to cover their trace. This is an extremely common approach for fraudsters, since their aim is to gain from fraud while staying anonymous.
Summary of how fraud detection works
Comparison between the non-friction and friction flows
As a tech service provider, we always encourage our clients to do their homework (of course with our strong support ;) ) in acquiring prerequisite knowledge about EMV 3DS — the global protocol for fraud prevention. Upon helping you establish some general understanding about the protocol and technology, our experts will, based on your specific needs, consult you with what's best for your business.
Although it is not necessary, it would be awesome if you could share with us any of your fraud experience (if any) or your main concerns when it comes to fraud. It could be worries coming from new market penetration, or simply increased volumes of online sales. By letting us know more about your business and concerns, we will be able to help you choose the solution that works best, and is the most suitable for you.