Countering common forms of fraud in eCommerce
More people are shopping online than ever before. Global eCommerce sales reached a staggering $4.9 trillion in 2021, according to Statista. And while some doubters might suggest the rate of growth will slow with the return of in-person shopping, the concern is not shared by all. Statista projects that online sales will rise to $7.4 trillion by 2025. This growth is great news for retailers, but it is not without consequence: the increase in activity has brought with it a rise in fraud cases. In 2021, eCommerce fraud cost businesses $20 billion — a 14% rise over 2020 figures.
It’s vital for retailers to take pre-emptive action in warding off these attempts at deception. To best protect your customers and your business, familiarize yourself with the common types of eCommerce fraud and the ways they can be countered.
Types of eCommerce fraud
There’s a long list of tactics deployed by fraudsters to benefit at your, or your customers’, expense — often literally. Some of the most common forms of eCommerce fraud include:
- Friendly fraud: This is where a customer makes a purchase online and then disputes that payment with their credit card provider. Often, this means the customer not only receives the product, but also gets their money back — leaving the business out of pocket.
- Refund abuse: It’s common for criminals to attempt to get a refund for illegitimate reasons, such as lying to say that a product never turned up or that it arrived with defects. The fraudster will then find ways to avoid sending the product back as a way of keeping both the refund and the original product. The National Retail Federation says U.S. eCommerce retailers lost $7.7 billion to refund abuse in 2020. With the growth of the industry, it is reasonable to expect the losses to rise as well.
- Loyalty abuse: Some fraudsters may make false purchases to generate loyalty points and rewards, or find loopholes in a loyalty program in order to claim more points. Other cybercriminals choose to hack customer accounts to transfer loyalty points to themselves or to a gift card, which is then typically sold for profit. This is a bigger market than many realize — The New York Times recently reported that an estimated $1 billion in rewards value is lost every year to loyalty fraud.
- Account takeover fraud: Criminals can illegally obtain user account details through practices like email or SMS phishing. With a customer’s account details, fraudsters can make unauthorized purchases that look legitimate to the retailer.
- Card testing: Criminals with access to stolen card information might make small purchases to test that the card works and that it can get past a store’s fraud prevention measures. These small purchases all add up, but they could also signal that a larger purchase is coming.
- Triangulation fraud: This three-step process begins when a fraudster sets up a fake eCommerce storefront where unsuspecting victims hand over their personal and financial details to make a purchase. The fraudster then uses that information to order the actual product and have it sent to the victim, tricking them into thinking they’ve made a legitimate purchase. The criminal can then make a series of illegal purchases using the stolen card details. NPR recently spoke with a fraud victim turned fraud-buster who summed triangulation fraud up succinctly: “If you’re getting something for free on the internet, somebody somewhere is paying for it.”
Trust, Safety & Security Solutions
Discover how TELUS International’s best-in-class Trust, Safety and Security Solutions help brands actively manage risk and reputation.
eCommerce fraud prevention
In order to protect customer data and payment information, it’s important for every eCommerce brand to have the necessary measures to prevent fraud in the first place.
It’s not enough to have a secure website and call it a day — security best practices must be followed throughout the business. At every customer touchpoint and step along the buyer’s journey, security and fraud prevention must be top of mind.
Prevention is always better than having to deal with the ramifications of a data breach or fraudulent orders. Here are some areas eCommerce businesses should focus on to ensure customer data is kept safe.
Fraud prevention processes:
With the right processes and controls in place, it’s easier for a business to assess possible risks.
Take know your customer (KYC) programs, for example. KYC is fundamentally about preventing fraud and financial crimes by monitoring transactions against expected behavior. With the execution of key KYC processes, brands can analyze customer identity and evaluate risk in an effort to stop fraudulent activity in its tracks.
Of course, it’s also important to work with partners who comply with Payment Card Industry Data Security Standards (PPI DSS). The series of key requirements and test procedures are designed to protect consumers, reduce fraud and prevent data breaches across the payment ecosystem. In the eCommerce industry, payment providers play an important role in the prevention of fraudulent transactions by bringing their own expertise and technology to the fight against criminal activity, and freeing up retailers to focus on other forms of data protection and customer service.
Fraud prevention training:
Proper fraud prevention training is important for every member within your operation, whether a given individual is working in-house or as an outsourced extension of your team. It’s vital that team members understand their specific role in preventing fraud and how protecting customer information necessitates a team effort.
As well as training for any new staff members, brands are wise to invest in the continual development of their teams’ skills. The eCommerce industry is rapidly changing and cybercriminals are always coming up with innovative ways to bypass security measures. Make a concerted effort to keep your team up to date with these industry changes to increase your chances of preventing future breaches.
Fraud prevention technology:
Assessment is often supported by dedicated technology to help protect customer data while preventing fraudulent transactions.
The use of artificial intelligence (AI) to determine fraud scores, for example, can help prevent illegitimate transactions from happening in the first place. This approach takes into account variables such as transaction amount, time of purchase and IP address in order to detect fraud before it happens. Using machine learning principles, the accuracy of these scores develops over time as the tool gathers more data. Parameters can be set to automatically reject payments that score above a certain threshold, blocking potentially fraudulent transactions.
eCommerce fraud detection
Unfortunately, not all fraud can be prevented. In the event that someone slips through your defenses, it’s important to have the right elements in place to minimize the repercussions and retain customer trust.
Fraud detection processes:
Risk-detection can stop fraudsters before they rack up massive charges, but for many in the industry, designing and implementing effective processes is a challenge. As a trusted partner, TELUS International is counted upon by leading brands to apply expertise and best practices in fraud detection. For one global eCommerce marketplace, TELUS International introduced sophisticated risk management processes and built a team up from scratch to 160 members. As a testament to the effectiveness of the program, it has been running for 11 years and consistently scores in the area of 90% accuracy.
Fraud detection customer support:
Once fraud has occurred, it’s important to support your customers with care and empathy. A high-quality customer service department — ideally with a dedicated fraud team — can help ease customers’ worries and ensure they’re kept in the loop during the investigation. This is critical for customer retention during a time when trust might be low.
Fraud detection technology:
Automation can be a useful tool in fraud detection, helping teams to comb through swaths of transaction data to flag cases that call for further review. For more nuanced cases, tools that leverage AI can detect fraud as it happens. These tools can automatically block fraudulent payments or can simply flag high-risk transactions. A major benefit of both automation and AI is that time is freed up for your agents to get on with other tasks until the system flags a transaction that needs their attention.
The reality is that fraud is a risk faced by every eCommerce business, and that’s not likely to change soon. But with the right technology, processes and people in place, you can minimize the risk to your brand and your customers. Working with an experienced trust, safety and security partner like TELUS International can help ensure you have the right measures in place to prevent and detect fraud.