eCommerce Fraud Prevention is always evolving as fraudsters continue to develop new tools to facilitate chargebacks and high risk payments. This guide discusses best practices for ecommerce fraud prevention and payment risk analysis.
Ecommerce Fraud Prevention
Ecommerce and payment processing is a big business. There are over four-and-a-half billion people online[1], making it a huge market even if you capture just the tiniest fraction of it. Unfortunately, it also makes it risky; ecommerce payment fraud is big business, too. In 2021, worldwide card fraud totaled over $28 billion, with more than a third of that in the US alone[2]. The nature of online transactions means it’s possible for fraudsters to work at a large scale, taking advantage of the inherent vulnerability of a remote transaction and putting the pressure on you to detect ecommerce fraud and prevent chargebacks.
What is eCommerce fraud?
There are many types of ecommerce payment fraud, and it is a constant game of cat-and-mouse between fraudsters, merchants & retailers, and payment processors. The one thing these bad actors have in common is that they seek to make money by, ultimately, leaving the retailer out of pocket. Although payment fraud is in its own class, we do see a strong overlap in behavior with credential stuffing fraud and account takeover (ATO).
The most obvious chargeback fraud involves using stolen credit cards or leaked payment details. Using stolen cards has been a technique since the creation of credit and debit cards. But the internet reduces the risk to the fraudster, as they do not need to be there in person and can use the card repeatedly and rapidly. The internet has also made it possible to use accounts in much the same way. If someone has saved their payment details online, then a hacked database or easy-to-guess password makes it easy for a fraudster to make purchases. This data is also frequently used for fake account creation as the data can pass most third party validation checks.
Fraudsters can also put themselves in the middle of transactions. In a triangulation fraud they will effectively process purchases, putting themselves between the buyer and retailers to collect payment details for use later. Or in a gift card fraud they resell gift cards, meaning they have cash from the unfortunate buyer, but leave the retailer with a chargeback. Alternatively, they can try to get goods for resale. They might fraudulently claim refunds, claiming non-arrival or seek to exploit loopholes in the returns process, or intercept goods that are intended for others.
The variety of fraud types, along with the inventiveness and innovation fraudsters bring, means that effective ecommerce fraud prevention techniques focus on the customer behavior to spot potential frauds.
How to Detect Ecommerce Fraud
For most businesses, it is likely to be necessary to use a software solution to identify attacks with payment risk scoring. Aside from being better at identifying unusual behavior, the sheer volume of attacks makes it impossible for a human to track, Signal Sciences suggest that the average medium to large retailer can expect 206,000 web attacks a month looking for vulnerabilities[3]. However, knowing what patterns the software will look for can help everyone prevent losses.
KYC - Know Your Customer
Knowing your customer can help keep you safe. You cannot treat every new customer with suspicion, but basic checks can reassure you that they are legitimate.
Using verification tools, like collecting a CVV or CVN at payment, using the payment provider’s authentication tools and address verification services (AVS) are all the top methods used by retailers to help prevent fraud[4]. Solutions like email address fraud prevention can also provide additional insight into payment quality. These can provide a significant degree of confidence that the customer is who they say they are and are the ones authorized to use that payment method.
Payment Risk & Chargeback Behavior
Chargeback fraud affects companies of all sizes. If you have a regular customer, or even a long-standing customer who doesn’t order regularly, then a sudden change in behavior can indicate something is wrong.
While the orders might be legitimate, the sudden purchase of large value orders might suggest that it’s an attempt to use a card fraudulently. Even the opposite might indicate a problem; fraudsters will frequently make low several low-value purchases to test a stolen card or account. Intervening in these will help detect chargebacks before they happen.
Analyze Payment Risk & Billing Details
Because you know where your customer is, you can usually have a good idea of where they will want their orders delivered, and where they will be when they are making orders.
If the customer’s IP address, the location from which their order is originating, is different to their usual address it can be a warning sign, especially if it’s some distance away. People can access the internet from anywhere, but if a customer suddenly appears to be making orders from a different state, or a different continent, it can be a fraud give-away.
Likewise, if they are now requesting delivery to new places, especially multiple new locations, it can be a sign of fraudulent use.
Deploy eCommerce Fraud Prevention APIs
An external service will be able to spot far more fraud, far more quickly, and help to prevent chargebacks.
External ecommerce fraud prevention will bring the significant advantage of scale to your business. IPQS for example, analyzes over 1 billion user events per day which provides a wealth of data that can be analyzed for anomalies. Using advanced tools like bot protection and email address fraud prevention can completely protect against stolen billing data and any form of ecommerce fraud. Fraudster behavior is also critical to this process, so a bad actor trying to commit "ecommerce payment fraud" might make a single purchase across multiple retailers. In this scenario, only a company with big data would be able to spot the wider pattern, alerting merchants to stop processing the orders.
Common Sense Pattern Recognition
As well as looking for signs, it’s worth bearing in mind that a lot of fraud exploits the human elements in a chain. It’s vital to train your customer service representative to spot fraud and to question things.
If you spot something that doesn’t seem quite right, there’s a good chance it’s because it isn’t quite right. If that product you’ve never sold is suddenly flying off the shelves, or you’re getting lots of orders from a new market, that might be great news, but it’s always worth asking yourself, could this be an ecommerce payment fraud? Sometimes, the best ecommerce fraud prevention can be your gut feeling.
[1] Statista - Global digital population as of January 2021
[2] Loss Prevention Magazine - The US is the Most Card Fraud-Prone Country in the World…Here’s Why
[3] Signal Sciences - The Rising Tide of E-commerce Fraud: Methods, Patterns, and Defensive Measures
[4] Cybersource - Masters of Balance: What it takes to be a fraud management leader