Fraud is no new issue in the world of ecommerce. Since the early 2000s, as more consumers have adopted new ways to shop and consume services, fraudsters have flocked to every new channel to try and exploit the flaws they could find. It’s now more imperative than ever that online businesses set up proper ecommerce fraud prevention tools and detection practices.
Fraudulent activities show no sign they will go down any time soon. A recent survey by PwC showed that approximately 50% of organizations had experienced fraud in the past two years—a number that has been relatively stable since 2018. And it’s not just the big corporations like Amazon targeted by fraudsters; the same survey indicated that more than 1 out of 3 smaller organizations—including ecommerce stores—experience fraud.
The numbers are striking: From $9.84 billion in 2011, the global losses attributed to fraud (internal and external) now reach more than $32 billion annually. By 2024, ecommerce businesses may lose an estimated $24 billion to online fraud.
For online retailers, it significantly impacts the bottom line, but it’s even more than that. Because with the financial risks of fraud come a whole array of less tangible impacts that must be considered: A decline in online sales, brand reputation, customer loyalty, and operational costs are serious threats.
When it comes to external fraud, what should ecommerce managers pay attention to in 2023?
It’s always a bit difficult to predict what’s to come, but when you can understand fraudsters and what drives some of their decisions, you can make an educated guess as to what’s going to be more prevalent and what to pay attention to more closely.
I want to address two trends that will take up a lot of space in the next 12 months. None of this is new, but some might underestimate how much damage a well-executing fraud scheme can cause to businesses.
2 Types of Ecommerce Fraud Every Business and Consumer Should Monitor in 2023
Account takeover fraud
This one might seem like a no-brainer to the most experienced ecommerce professionals. Account takeovers have taken more and more space in the mainstream media in the past couple of years, but it has been an issue for many years.
For a long time, financial institutions and telecommunication companies were the primary targets of such attacks. It was simply easier and brought more money. If you could take control of someone’s bank accounts and wire those funds to another account you control, all that was left to do was to find the right target and purchase information on some dark web marketplace.
But as fraud attacks like that grew, those big corporations had no choice but to bolster their defenses, making the job much more difficult for criminals. Things like device fingerprinting and 2-factor authentication were good first steps to prevent account takeover.
But at the same time, we saw more and more online retailers try to create a stronger, long-lasting customer experience. We want them to create an account, provide more information, receive promotions, and make a purchase in as few clicks as possible, so we have them store their payment information, etc.
That created an amazing opportunity for fraudsters: Take over a well-established customer’s account, make online purchases using a saved payment method, then have the products delivered somewhere else or, even better, intercept the packages on their way to their victim’s actual address.
If, on one hand, the focus on customer experience has been a huge growth factor for online retailers, it also meant more opportunities for fraudsters. Now with the massive number of data breaches we have seen in the past two years (the COVID pandemic made things so much easier for hackers), we can expect to see even more account takeovers against smaller players in online retail.
The first thing to protect yourself is to acknowledge the potential risk and prepare for it. Too often, I have seen business leaders tell me they had never been attacked and, therefore, didn’t prioritize investments in security standards or fraud protection.
But it’s exactly why online retailers and ecommerce merchants should invest more in fraud detection and review security standards to protect their ecommerce stores and safeguard their ecommerce sales.
Some quick tips and tricks include:
- Don’t store more information than you need. The more you keep, the more attractive you become to fraudsters. For example, is it worth storing credit card information (Visa or Mastercard numbers) or personal data if you sell high-value goods, with purchases made yearly at best?
- Watch out for new addresses. If a purchase is made and delivered at a newly added shipping address—different from the billing address—you should take a few minutes to investigate the purchase. If it’s going to be delivered to an Airbnb, for example, it’s a huge risk.
- Have some basic security methods in place, such as IP analysis. If your customer suddenly connects from a suspicious IP address, it might be a red flag to consider.
- Look out for suspicious customer data changes and potential identity theft. If the personal data on the account is changed before a big purchase (email address, phone number, etc.), try to contact your customer using the old information.
- Enable two-factor authentication (2FA). There are many ways to do so, and even if email or SMS isn’t the most secure, it’s better than no 2FA.
Friendly fraud, opportunistic fraud, and chargeback fraud
Also referred to as first-party fraud, this second type of attack is not perpetrated by experienced professional criminals with stolen credit cards or credit card numbers but by any legitimate customer.
In online retail, it occurs mostly when a shopper with authorized access to a payment method, such as a credit card, uses it to make an online purchase to dispute the charge later or falsely declares the product was never received.
Friendly fraud can happen, for example, when a cardholder makes a purchase online and then claims to the issuer that the charge was unauthorized after checkout—even though the cardholder made the purchase themselves—forcing a chargeback.
We use the term “opportunistic fraud” because these “fraudsters” might not intend to commit this type of fraudulent transaction multiple times. They most likely see a one-time opportunity they can seize.
Experts like myself foresee a rise in those crimes in 2023 because of a strong correlation between this type of fraud and socioeconomic problems:
- During the COVID pandemic, we saw a rise in opportunistic fraud, with people claiming funds from government programs without being entitled to them.
- During the subprime crisis in the US around 2008, we saw internal fraud increase, mostly due to otherwise loyal employees seizing opportunities to target their employers.
- With a recession still considered a very probable scenario in 2023—and after seeing massive layoffs in different sectors—we can expect regular consumers to be more tempted to “seize an opportunity.”
For most retailers, that will mean an increase in chargebacks with the usual operational burden it represents and more risks. You will have to invest more time in handling disputes and investigating those claims and might not have all the appropriate tools to do so.
The problem is so widespread in the payment card industry that credit card issuers change dispute rules regularly, and keeping track of acceptable supporting evidence can be challenging. Nonetheless, you should never ignore chargeback fraud: If the problem gets too big, you can suffer much greater consequences than financial losses.
You could be fined, audited, or, even worse, forbidden to accept one of the big credit card brands as a payment processor.
So here are a few things that could help you prepare for potential friendly fraud spikes. These are mostly technological, as they aim to prevent ecommerce fraud and provide you with compelling evidence to dispute eventual abusive disputes:
- Create metrics (and track them) around returns for specific items and/or geolocation. One of the easiest friendly fraud attacks is made so easy by information exchange on forums, and people quickly figure out your “threshold.” Track that and adjust your policies regularly
- Collect information on the device (commonly called device fingerprinting) with which a purchase is made. This is essential for repeat orders, as it can be used to identify fraud risk and defend against a friendly fraud dispute.
- Collect information on the geolocation of a buyer when the transaction is made. That can create a compelling evidence report by showing a pattern of legitimate transactions in a location where fraud is declared.
- Create dynamic return and refund policies. This can be based on various data points such as the nature of the purchase, the “seniority” of the account with your organization, the type of problem declared, etc.
- If you don’t have the resources to dispute chargebacks, look for organizations that can handle that for you. They typically charge only for successful disputes, helping you manage the costs more effectively.
Protect Your Business: Invest in Ecommerce Fraud Prevention Solutions
Ecommerce fraud is not going away any time soon. It will most likely keep growing in the coming years, and organizations of all sizes, including online stores and ecommerce retailers, will fall victim to fraud.
If you haven’t been the victim of a massive attack, you are lucky and should seize this opportunity to bolster your fraud management defenses and prepare yourself.
- Do a manual review of your security standards (if any). Watch for the red flags we listed in this article.
- Ensure your ecommerce platform (Shopify, for example) provides adequate fraud protection. If you’re unsure, check with your provider.
- Identify high-risk areas that should be addressed immediately.
- Invest in an ecommerce fraud prevention solution.
For businesses and consumers, nowadays, the question isn’t “if” you will be a victim of fraud, but “when.”
For more essential ecommerce advice, subscribe to The Ecomm Manager newsletter today.