E-commerce has grown tremendously in recent years, with statista indicating that online business has increased by over 300% over the past decade. This growth has made online businesses a favorable target for fraudsters and cybercriminals.
Research by Experian indicates e-commerce fraud is growing twice as fast as online sales. For example, e-commerce fraud attacks in the US increased by 30% in 2017 compared to 2016.
Below is a list of the most common types of fraud schemes targeting e-commerce businesses and their customers.
Payment fraud
Payment fraud is the most common form of e-commerce, making up 71% of all attacks. Most fraudsters use identity theft to execute their attacks, with 5% of the population being victims of identity theft fraud. Even though payment fraud is often associated with stolen credit card details, it can also involve other methods.
Cybercriminals can hack user accounts, email accounts, addresses, names, IP addresses, or take over personal devices. They then use the stolen personal details to present themselves as real customers. Fraudsters can use the details to make fraudulent purchases, create fake customer accounts, or manipulate traffic.
Account takeover fraud
The term ‘account takeover fraud’ refers to a fraudulent transaction that seems legitimate, but the user is not a real customer. Typically, the fraudster uses stolen credit card details to impersonate the account holder. Fraudsters can access customer details by tricking account holders into purchasing goods on a fake website, buying personal data on the dark web, or intercepting transactional messages.
Takeover fraud is a major concern for e-commerce websites because the transaction is not flagged or blacklisted by their fraud detection system. Account takeover fraud can result in reputation damage for the e-commerce site and loss of trust among existing customers.
Refund fraud
Refund fraud, also known as friendly fraud, involves a customer paying for a product or service then claiming it was not delivered or that it was not in good condition or was not the product they ordered. The vendor is forced to refund or re-deliver the product or face the prospect of a chargeback.
Chargebacks happen when customers instruct their bankers to retrieve funds used for online transactions. Friendly fraud can result from a genuine case or a deliberate fraud scheme. Chargebacks are a major concern for most e-commerce businesses because they expose them to fraud by legitimate customers.
Triangulation fraud
Triangulation fraud involves fraudsters forming an interconnected network of fake websites to defraud customers and steal their personal details. The fraudsters target customers with ads or email trying to convince them to make purchases through phishing methods.
Typically, cybercriminals create a fake website or a replica of a popular website and entice customers with cheap merchandise. The only problem is that the goods don't exist and will never be delivered. If the fraud involves impersonation, the legitimate business may suffer reputation damage.
This type of fraud is very damaging because customers who purchase also share their financial details with the criminals. Cybercriminals who get credit card details using this method often use them to make fraudulent purchases. This is why it is called triangulation fraud because it involves a three-fold process of convincing customers to buy, stealing their personal details, and using the details to engage in more fraudulent activities.
Affiliate fraud
Most e-commerce websites have affiliates who increase their visibility and promote their products for a commission. Affiliate fraud involves unscrupulous affiliates manipulating traffic or sign-ups to make the e-commerce business think they are getting a lot of customer attention. Affiliate fraud can entail different tactics, such as refreshing a website several times or sending spam mail and popups to create a false impression of high traffic.
Combat fraud with Email Hippo: Download our ebook
Download our guide to find out why fake sign ups are problematic and why email address intelligence should be your first line of defence against them.
