E-commerce has exploded in the past five years. Easy website design, increased social media traffic, and convenience have made buying and selling online products a pillar of the American shopping experience. In the face of this expansion, however, massive data leaks, haphazard security and bad consumer credit practices have left this industry vulnerable.
This last holiday season, fraud attempts increased by 22 percent from the previous year, according to ACI Worldwide, a company that handles payment systems for major retailers and financial institutions. As more buyers turn online to make purchases, fraudsters have even more opportunity to expose both consumers and merchants. Massive data leaks and lax company security add to this issue.
In October 2017, 145.5 million people's data was exposed. The Equifax data breach was one of the largest in history, and sensitive information such as Social Security numbers and home addresses was released. Several smaller breaches have also left people at risk. With a large database of customer information, and an increase in online and digital sales, fraudsters have more power than ever to steal from both businesses and consumers.
It's important to protect both yourself and your business from potential attacks. This can include using third-party protection services, but the best practices involve daily habits to improve your credit and information hygiene.
Editor's note: Looking for an e-commerce website builder for your business? If you're looking for information to help you choose the one that's right for you, use the questionnaire below to have our sister site, BuyerZone, provide you with information from a variety of vendors for free:
Fraud: How it works
There are many different types of e-commerce fraud and several ways fraudsters can steal from businesses and consumers. Essentially, fraud occurs when an individual steals money or a product (or both) from a business using a stolen identity. There are several ways this can happen – chargebacks, refund fraud or card testing, for example – but at its core, a fraudster operates with stolen information to steal more stuff.
Oftentimes, businesses won't realize they've processed a fraudulent transaction until weeks or even months later. This is why fraud can be so dangerous – it's often a silent crime, and by the time all parties involved realize, it can be too late to find the criminal or dispute charges. That's why the best way to protect your business is to consistently monitor and foster positive habits so that, if a fraudulent transaction does occur, you're on top of it.
Macaire Douglas, co-founder of Half Pint Shop, said that her online retail business has been the target of fraudsters in the past. Fraudsters would charge products to a stolen credit card. A few months later, the cardholder would realize their information had been stolen and file a dispute with their bank, so Half Pint Shop would have to refund the money. This is known as a chargeback, and Douglas estimates that her business has lost close to $1,200 from it. For a small business, this is a significant number. Douglas even had to change her advertising strategy for a popular baby lounger called DockATot to avoid the number of fraudulent orders she was receiving.
"When we were advertising it, and someone was searching for that, we were one of the top picks," she said. "That's when we saw a lot of the fraud."
While fraudsters obtained both the product and payment through a chargeback, this overall form of fraud is known as clean fraud. Clean fraud, or when fraudsters purchase products with stolen information and circumnavigate fraud detectors by using verification information, has become more common. Unlike standard chargebacks, clean fraud is committed by fraudsters who have more information and can often be harder to detect. Erika Dietrich, director of risk management for ACI Worldwide, said that clean fraud poses a major risk to e-commerce owners.
"The most common type of fraud trends that we see today is most often clean fraud or one-hit wonders," she said. "They're fraudsters that have access to loads of data through, unfortunately, the number of data compromises that we see on a frequent basis … To the merchant, it looks like a valid customer."
Dietrich, who has 15 years of fraud prevention experience, also said that fraud has become harder to detect than it was a few years ago. It can be hard to detect, but there are systems in place to alert businesses of fraudulent activity, and some practices you can enact to protect yourself and your business.
Why does fraud occur?
Fraudulent purchases are largely a symptom of growing consumer demand and the willingness of e-commerce businesses to meet consumer needs. Amazon and other online delivery companies have made shopping easy and convenient; you don't even have to leave your house to pick up a package. Amazon delivered roughly 5 billion packages via Prime in 2017.
"Consumers expect frictionless [e-commerce systems] – they want immediacy," Dietrich said. "When you have frictionless and immediacy, that means [when it comes to] the capability to question and scrutinize things that don't look right, your time is limited."
These behaviors establish a playing field for fraudsters that's ripe with opportunity for theft, but fraudsters succeed because of our own bad online habits. Keeper, a password management firm, analyzed passwords from the public data breaches last year and found that most people's passwords were predictable, to say the least: "123456," "password" and "123123" are all in the top 10. And when hackers crack a password, they often have access to multiple accounts. Using the same password and predictable usernames across accounts puts consumers at risk of identity theft.
This type of behavior affects businesses because it makes it easy for criminals to impersonate everyday people and steal products and money from e-commerce businesses.
"Year over year, the percentage of fraud has increased," Dietrich said. "[With] the access to online data and profiles, and the speed of packages, and the ability of fraudsters to buy online and pick up items in store, they're really, really focused on things that enable them to get the [product] quickly."
How to prevent fraud
Preventing fraud, as a business owner, can be a complicated endeavor. There are a host of companies and platforms you can purchase to protect your business, guard against fraud and monitor your transactions. Many major banks or payment systems integrate fraud detection technology into their platforms. Douglas said she uses PayPal and Stride's detection software during transactions.
While these systems are helpful, nothing is guaranteed. If you're running a small business operation, it may still be in your power to analyze and review each transaction – or a group of transactions prone to fraud – to ensure your business is safe. Douglas has been doing that since she saw the spike in fraudulent orders for the DockATot. If you're running a bigger operation where analyzing each transaction is out of the question, third-party software may be your best option.
If you do decide to monitor your own transactions, look for these signs that an order could be from a fraudster instead of an actual customer.
- Shipping address is different from billing. Since the fraudster's address will always be different from the cardholder's, this could be the most consistent difference. However, be careful when analyzing this. It's also in line with normal consumer behavior – many people order gifts for others or need an item shipped to a different address for various regions.
- Customer asks for immediate shipment. Fraudsters want the product as quickly as possible to avoid detection. But rushed shipping is also a standard customer request. Instead of a marquee sign, think of it as an added detail that could prompt suspicion.
- The email address looks strange. Be conscious of email addresses that don't seem normal. Douglas said she sometimes does some research on the company the address is from to see if it exists.
- Reach out to suspicious orders. Reaching out to the customer to gauge who they are and what they need the product for can be a good way to find out if they're a real customer. Douglas said she often reaches out to customers who place suspicious orders and asks if they can provide a phone number for delivery or if they need a gift receipt.
Fraud is hard to detect and requires diligence and constant monitoring. If you're running a small business and can manage to monitor and review certain orders of specific products, then regular monitoring is your best bet. If you're running a larger business, consider implementing a fraud protection service. Dietrich said you should think about how it stacks up relative to your business's revenue. While fraud has become a prevalent crime, guarding against it can be a tough task.
"There really is an art and a science when deploying a sophisticated fraud solution at a large scale," Dietrich said.