This article was written by our director of business development for Entrepreneur.com.
As an eCommerce seller, there are multiple responsibilities juggled between you and your team — sourcing product, quality control, customer service, SEO, HR. One of the tasks that is often overlooked, until it is too late and very costly, is fraud prevention.
With the frequency of data breaches recently — 1,253 reported breaches in 2017 alone — stolen credit card data is readily available to cybercriminals. According to a recent Javelin study, $16 billion was lost to fraud last year. While the credit card companies identify and stop some of the credit card fraud that occurs, any fraudulent charge that slips through their fingers and makes its way to your website is your responsibility to stop. If you miss one, you will know about it, in the form of a fraud chargeback from your bank.
1. Classic fraud.
This type of fraud is generally committed by unsophisticated fraudsters. Stolen credit card credentials are purchased on the dark web, and goods are sent to reshippers in an attempt to retrieve the stolen merchandise. Often, internet proxies are used to mask the international IP where a majority of this type of fraud originates.
2. Triangulation fraud.
This type of fraud involves three parties — the fraudster, the unsuspecting legitimate shopper and the ecommerce store.
An online storefront is created by the fraudster, often on eBay or Amazon, that offers high-demand goods at extremely low prices. The store collects payment for the goods it sells. The fraudster then uses other stolen credit card data and the names collected in orders on his online storefront to purchase goods from a legitimate website and ships them to the customers that purchased on his new online storefront.
This type of fraud can usually be identified by the products that are targeted as well as some investigative work by locating the unsuspecting shopper who can identify the storefront where the stolen goods were purchased.
3. Interception fraud.
Fraudsters will create orders where the billing and shipping match the address linked to the card. Their goal is to intercept the package in any of the following ways:
Asking a customer service rep to change the address on the order before shipment.
Contacting the shipper to reroute the package to an address where they can retrieve the stolen goods.
In cases where the fraudster lives in close proximity to the cardholder’s billing address, physically wait near the address for the delivery to arrive and offer to sign for the package as the homeowner is not available.
4. Card testing fraud.
This is the practice of testing the validity of a credit card number, with plans to use valid credentials at another website to commit fraud. Fraudsters target websites that reveal a different response for each type of decline. For example, when a card is declined due to an incorrect expiration date, a different response is given, so they know they just need to find the expiration date. This is generally done by bots, and transaction attempts happen quickly, in rapid succession. The data on the orders will often be identical, either all the data or just a subset of data — like the shipping address.
5. Account takeover fraud.
This occurs when fraudsters get hold of a legitimate customer’s login credentials and take advantage of stored credit cards to purchase goods. An update on the shipping address will usually occur shortly before purchase so the fraudster can retrieve the stolen goods.
6. Fraud via identity theft.
In this case, the fraudsters assumes another person’s identity, creates credit cards in the victim’s name and goes on a shopping spree. This type of fraud is increasing rapidly as the number and scope of data breaches increase. It is also the most difficult to identify as the fraudsters behind identity theft are quite sophisticated.
7. Friendly fraud, also called chargeback fraud.
An online shopper will make a purchase, then issue a chargeback, claiming their card was stolen. The chargeback usually occurs after the goods are delivered. This type of fraud is traditionally not carried out by hardcore criminals but rather by consumers who are clearly aware of what they are doing. This type of fraud is difficult to detect but can often be won via chargeback representing.