E-commerce fraud exploded in 2020. The pandemic created a perfect storm for market exploitation. People who had never shopped on the internet were doing so for the first time. Shops that had never sold anything via e-commerce were now only selling that way. Even experienced online merchants struggled with the volume and variety of customers’ online activities.
Because many people increasingly relied on e-commerce, it was easy for fraudsters to take advantage of the chaos and lack of experience. They harnessed emerging technologies, like artificial intelligence (AI) and machine learning to hone existing tactics. They also came up with some new ones to make money off consumers and small business retailers. It all added up to skyrocketing fraud. In fact, fraud attacks were up 510% in September 2021 compared to pre-pandemic levels.
Indeed, e-commerce retailers risk losing more than $20 billion in 2021 due to fraudulent online activities. This loss would represent an 18% increase compared to the $17.5 billion of fraud recorded in 2020. And the methods they use are increasingly innovative. The first step in preventing financial losses due to these new kinds of fraud is knowing what to look for.
Types of e-commerce fraud small businesses should look out for
Although this list isn’t comprehensive, these five types of fraud are becoming standard in today’s e-commerce environment.
To run this fraud, scammers first order high-value goods online, like electronics, designer clothing or accessories. Then, they claim that the item never arrived or arrived damaged. They then collect a refund and keep (or sell) the good(s) in question. Item-not-received claims actually doubled this year compared to the early days of the pandemic. Unfortunately, more and more regular customers commit item-not-received fraud due to economic difficulties. That fact makes this kind of fraud even more difficult to detect.
Return fraud happens when a fraudster purchases a high-value product and sends back a substitute product. It may be a counterfeit, a damaged version, or even something of no value that weighs about the same. The National Retail Federation found that 18% of online retail sales were returned in 2020, and 7.5% of those were fraudulent.
Sleepy account targeting
This new kind of “account takeover” fraud primarily occurs in accounts from so-called “lapsed” customers. These are the people who had online accounts at stores but hadn’t shopped within the past year. Fraudsters change delivery addresses and order high-priced items in existing customers’ names using their stored credit cards. For fraudsters, such accounts were a gold mine during the pandemic. Typically, accounts that come to life after lying dormant for months or years would raise suspicions. However, in the middle of COVID-19, it looked normal. Knowing that retailers would be reluctant to deny loyal customers purchases during a critical time, fraudsters went to town.
In this scheme, cybercriminals create false checkout pages. They then redirect merchants’ traffic to those sites. From there, customers unknowingly enter their personal and financial data. Pharming is prevalent, too. Since March of 2020, U.K. government authorities have removed almost 300 fraudulent “pharming” websites.
Using advanced technologies like AI and machine learning, fraudsters can automate their activities. The result is rapid-fire fraud en masse across the entire customer relationship lifecycle. Here’s how:
- Card testing: Fraudsters used to test whether stolen cards were valid by making small, virtually unnoticeable purchases manually, one at a time. Today, they use software robots (“bots”) to test thousands of cards simultaneously. Criminals first add new credit cards in bulk to accounts in good standing. Then retailers will typically verify the cards with a $0 charge authorization to determine if the required payment processors and banks will approve them. If the card goes through, criminals then purchase valuable products to resell.
- Credential stuffing: Consumers often use the same passwords across multiple retail sites. So, bots can use stolen credentials to automatically try to get into thousands of sites at once. This beats manually trying to take over accounts. Bots simply notify them once they access an account, and they can defraud merchants at will.
- Synthetic accounts: Criminals create new and non-existent people and then create accounts using those identities. It starts with stolen credentials bought from the dark web. Then, using automation, fraudsters manufacture synthetic identities. They then use these false individuals to open accounts, and steal goods. Fraudsters may even begin using deepfake photos to create fake faces for biometric verification. Synthetic accounts push the boundaries of identity theft, making it even more difficult for merchants trying to protect against fraud.
Conclusion: How technology can help.
Preventing e-commerce fraud requires a delicate balance. The last thing you want to do is to deny a legitimate customer’s purchase by being overly cautious. You don’t want to hurt your profitability by denying too many valid transactions.
Cloud-native technology solutions are emerging that can help small businesses protect against fraud. Clearsale, Signified, and Riskified are among the top-rated anti-fraud platforms. These tools use AI, big data, and advanced analytics to detect fraudulent sales. Then, they stop the transaction before the goods ship. Many such solutions are cloud-based “as a service” or SaaS. With a SaaS service like that, small businesses don’t need to build costly infrastructure. They also don’t need to have fraud expertise in-house to take advantage of them. And many leading fraud protection solutions offer 100% guarantees. If a fraudulent order slips through their defenses, they will pay the chargeback.
Online fraud will continue to evolve as scammers continue to up their game using advanced technologies. The best defense is to choose a system that also evolves with the times and to keep yourself up-to-date and informed about the latest methods. For more on cybersecurity and fraud, check out: