E-commerce Fraud Prevention Guide 2024
Learn about fraud in e-commerce, including the most popular scheme and how to prevent them.
According to an International Trade Administration report, the global B2B e-commerce market is valued at $28 billion, and itâs expected to grow as high as $36 billion by 2026. With rapid growth comes a greater risk of fraudsters seeking to steal from both customers and merchants.
Statista suggests that fraudulent transactions conducted through payment cards alone will reach $38.5 billion by 2027âwith the e-commerce market being a prime target.Â
Therefore, the e-commerce sector needs to take action to minimize both financial and reputational risks. To assist with this, we at Sumsub have prepared this guide breaking down e-commerce fraud and how to confront it.
What is e-commerce fraud?
E-commerce fraud can occur in multiple ways. Typically, itâs a result of fraudsters gaining access to someoneâs credentials or abusing loopholes in a companyâs security systemâwith the end goal of stealing from either the customer or the merchant. If unchecked, e-commerce fraud can wreak havoc on a platformâs reputation.
Suggested read: Fraud in E-Commerce: âWhat The Fraud?â Podcast
6 types of e-commerce fraud
The six most common attacks faced by e-commerce platforms include:
- Chargeback fraud
- Credit card fraud
- Refund fraud
- Account takeover fraud
- Promo abuse
- Triangulation fraud
Below we explain how each typeworks in further detail.
What is chargeback in e-commerce?
What is it?
Chargeback fraud, also known as friendly fraud, refers to credit card charges that customers request to be refunded over alleged âfalseâ purchases. While sometimes these requests are genuine, in fraudulent cases theyâre done with the sole intention of obtaining a refund and keeping the item.
You can learn more about the types of chargeback frauds and ways to confront them by following the link here.
Credit card fraud
What is it?
Credit card fraud is when a fraudster obtains credit card information to purchase items from an e-commerce store. This is typically done with the aim of reselling products afterwards.
Card information can be leaked online through hacking, phishing, or other techniques, which then makes it easy for criminals to obtain it.
In cases when full payment details arenât available to fraudsters, they can use credit testing, which includes testing stolen credit card numbers to see which can be used to make unauthorized purchases. This can either be done manually, where the fraudster checks card validity by making small purchasesâor by using special special bots to test large numbers of cards within a short time span, which is known as carding.
Refund fraud
What is it?
Refund fraud is when a criminal claims a refund by pretending to be an actual client of a business. The difference between refund fraud and friendly fraud is that the former is conducted by criminals pretending to be customers, while the latter is initiated by dishonest clients.
For instance, a fraudster can claim a refund for a product that was never purchased by using a forged receipt.
Account takeover fraud
What is it?
Account takeover, also known as ATO, is when fraudsters gain unauthorized access to someoneâs online account. This involves fraudsters stealing someoneâs personal information (e.g., email, password, etc.). Once this information is obtained, a fraudster can access a platform and withdraw/transfer fundsâor make fraudulent purchases on e-commerce sites.
Here are the methods fraudsters use to take over someone elseâs account include:
- Social engineering
- Malware
- Phishing
- Sophisticated techniques (e.g., using AI and machine learning tools)
- Targeting vulnerabilities on e-commerce platforms
In 2023 account takeover was among the five most popular types of identity fraud. We expect that the prevalence of account takeovers will continue to increase, which means that companies need to implement more robust countermeasures.
To learn more about account takeover and ways to prevent it, check out our complete guide here.Â
Promo bonus abuse
What is it?
Promo bonus abuse takes place when a user or a fraudster misuses promotional materials (e.g., vouchers, referral links, sign-up bonuses, coupons, etc.) There are many ways that fraudsters can do this, depending on the type of bonuses your company provides. For example, a customer can create several accounts to get repeat free trials, never paying for the subscription. People can also abuse loyalty rewards by taking over accounts and transferring the bonuses to themselves or changing billing addresses.
You can learn more about each scheme by reading our in-depth article here.Â
Triangulation fraud
What is it?
This scheme can work as follows: a fraudster creates a fake e-commerce website to lure in unsuspecting buyers. After the buyer makes a purchase, their credit card information gets to the criminal. The fraudster then makes the same purchase from an existing e-commerce platform to make the transaction seem legit. In reality, the fraudster has obtained the victims credit card information.
How to detect e-commerce fraud
Companies need to take proactive actions to detect fraudsters in a timely manner and prevent future breaches. To do so, to know the red flags that signal e-commerce fraud. They include, but are not limited to:
- Abnormally large transactions
- Atypical transactions to/from another country
- Unusual transaction patterns
- Change of personal information (e.g., shipping address)
- Mismatch of username and payment method
- Recurring refunds
- Repeated declined transactions
- Errors in provided documents
- Transactions that exceed the credit limits or the card funds
10 ways to prevent e-commerce fraud
While thereâs no end-all solution,, companies can take concrete steps to minimize risks:
- Taking a risk-based approach towards customers, partners, and vendors
- Cyber-security measures and policies, like secure VPNs, etc.
- Using AI-based behavioral fraud detection
- Conducting regular employee training
- Using a reliable KYC solution to onboard only trustworthy users
- Requesting face authentication in case of unusual activity
- Using a reliable business verification solution to know and trust the partners and corporate customers you work with
- Using a transaction monitoring tool to quickly detect unusual transactions
- Encrypting transactions
- Using up-to-date software
What fraud prevention tools are there for e-commerce?
E-commerce businesses should take a holistic approach to detect suspicious activity at every stage. Therefore, itâs not enough to simply verify users at the onboarding stage, as over 70% of fraud takes place after the initial verification. So, while Know Your Customer (KYC) is an essential component of any security system, itâs far from enough.
Companies should choose a verification provider that can cover a full range of security checks, including behavioral and transaction monitoring, device fingerprinting, risk scoring, and much more.
Sumsub can help the e-commerce sector minimize the chances of fraud through account takeover and multi-accounting prevention, payment protection, and more, while also achieving high conversion rates.
FAQ
-
What fraud schemes target e-commerce?
The most common types of fraud that businesses face include:
- Chargeback fraud
- Credit card fraud
- Refund fraud
- Promo abuse
- Triangulation fraud
- Account takeover fraud
-
How does e-commerce fraud work?
There are many different kinds of e-commerce fraud. Letâs look at how friendly fraud works as an example. This occurs when a cardholder requests chargebacks for purchases they intended to make, falsely claiming that they didnât intend to make the purchase. This allows them to acquire the item they intended to buy while getting refunded for it.
-
How do you detect fraud in online transactions?
Companies need to look after certain red flags. They include, but are not limited to:
- Abnormally large transactions
- Atypical transactions to/from another country
- Unusual transaction patterns
- Change of personal information (e.g., shipping address)
- Mismatch of username and payment method
- Recurring refunds
- Repeated declined transactions
- Errors in provided documents
- Transactions that exceed the credit limits or the card funds
-
How can e-commerce fraud be prevented?
Companies need to take a holistic approach that includes the following steps:
- Taking a risk-based approach towards customers, partners, and vendors
- Cyber-security measures and policies, like secure VPNs, etc.
- Using AI-based behavioral fraud detection
- Conducting regular employee training
- Using a reliable KYC solution to onboard only trustworthy users
- Requesting face authentication in case of unusual activity
- Using a reliable business verification solution to know and trust the partners and corporate customers you work with
- Using a transaction monitoring tool to quickly detect unusual transactions
- Encrypting transactions
