Online merchants are going to be facing many new threats. Online fraud, in particular, is radically different from the fraud typically observed in brick-and-mortar businesses.

For instance, TD Bank has reported that 44% of professionals in the financial industry have defined online payment fraud threat as the number one concern in 2019, a 14% increase compared to the previous year.

This is why online merchants need effective fraud detection software to spot suspicious activities faster and minimize the damage.

Darren Hodder
“Every £ / € / $ that is lost to fraud is money that comes straight out of your profit margin, and with margins so tight in our current competitive landscape, it is critical that organizations understand the level of risk they are exposed to. Only with this understanding can you then define an appropriate strategy in order to minimize losses,” comments Darren Hodder, director at Fraud Consulting Ltd.

Thus, the post will cover the following points:

  • Common e-commerce fraud types
  • How to combat them with in-house methods and external tools

E-commerce Fraud Types and Detection Methods

E-commerce businesses are suffering significantly from fraud activities. In 2016, the industry saw $6.7 billion in losses, a 33% increase compared to the previous year. Moreover, it is expected that by 2020 the losses will increase to $7.2 billion.

LexisNexis has reported that 48% of surveyed merchants believe that reducing fraud can help increase their online business profitability.

fraud beliefs

In general, online merchants face the following risks:

  • Chargeback (friendly) fraud
  • True fraud
  • Phishing
  • Card testing fraud
  • Refund fraud

Each type has its own peculiarities and methods for detection and prevention. It is critical to understand which type you face and define how it affects the health of your business.

In the next sections, we will discuss both internal and external methods for protecting your e-commerce business from different types of illegal actions.

fraud types proportion

Chargeback (Friendly) Fraud

Another name for chargeback fraud is friendly fraud. At first, it looks like a legitimate transaction, but then the fraud happens when the purchaser requests a chargeback to dispute a transaction and get their money back.

Visa and MasterCard impose a fine on merchants with the “high chargeback risk” label. Typically, the amount falls between $20 and $100 per transaction. However, when the frequency of chargebacks runs high, the merchant account can be terminated by the acquiring bank.

chargeback reasons
It is estimated that 40% of people who request a chargeback once will do it again. Taking this into consideration, by 2020, chargeback-related losses will account for $25 billion.

Prevention Solutions

Online merchants can fall back on a few in-house means to protect themselves from chargeback requests:

  • Make merchant billing descriptors recognizable
  • Provide reliable and easily accessible customer support
  • Incorporate automated checks into your order management system and customize them according to your requirements
  • Blacklist purchasers who have requested chargebacks
  • Stick to ethical business practices
  • Track all transactions more carefully and avoid shipment delays

Along with these in-house strategies, merchants can use additional external software to reduce the risk of being attacked:

  • Third-party chargeback management tools (CDRN, Accertify, Clearhaus)
  • Order management software that can block problematic accounts (Zoho Inventory, aCoobe)
  • Visa Merchant Purchase Inquiry
  • Tools for analyzing and identifying the root causes of the chargebacks (Visa Chargeback Monitoring Program, Root-Cause Analyzer by Chargeback Gurus)

True Fraud

True fraud happens when someone steals your data and uses it to commit a crime and makes an online purchase on a marketplace. It is also known as identity theft.

According to Identity Force, 1 in 15 people suffered from this type of e-commerce fraud in 2017. Last year, there were more than 1,500 data breaches, which exposed 179 million records.

Prevention Solutions

Here are the in-house methods of protecting your business from this type of violation:

  • Ask a customer to verify their contact information in case you see suspicious activity with their account
  • Use CVV (card verification value) and AVS (address verification system)
  • Track the IP addresses of each user
  • Pay extra attention to purchasers who request overnight shipments

Some external solutions include the following:

  • Third-party email verificators (ZeroBounce, HuBuCo, GetEmail.io)
  • Frictionless 3DS2 authentication
  • Order insurance services

Phishing Attacks

Cofense has reported that 91% of all cyber attacks start with phishing.

Phishing is defined as account takeover. It takes place when a criminal obtains access to payment accounts of other people.

This is possible in a variety of ways. Scammers can simply guess a weak password or an answer to an easy security question. Once the credentials of the account are in the wrong hands, a phisher can easily make purchases through the online store.

According to the Phish Labs, 86% of attacks target customers from the United States.

Prevention Solutions

Merchants can use the following in-house methods to avoid phishing:

  • Set tough password requirements
  • Make employees use only domestic Wi-Fi networks
  • Enable Google Alerts
  • Always install the latest security patches
  • Use AWS or Google Cloud

These internal methods may not suffice for solid protection. It is critical to support them with some external tools:

  • Tools for identifying compromised credentials (PasswordPing)
  • Tools to prevent account takeover (ShieldSquare)
  • Bots for performing vulnerability assessment tests

Card Testing

If someone has stolen credit card credentials, they may not know whether this card is valid. To confirm that they can use this card to make online purchases, they test it by carrying out small transactions.

This is a serious issue because thousands of stolen cards can be tested at once by bots . In 2017, this type of online crime increased by 200% and is still on the rise.

Prevention Solutions

The internal strategies for avoiding card testing crimes include the following:

  • Thoroughly track all small transactions
  • Pay attention to purchases made from a foreign IP address
  • Blacklist suspicious customers
  • Use CVV and AVS

External tools for fighting credit card fraud:

  • Payment gateways with screening features and PCI compliance
  • Order management software that can block suspicious accounts (Zoho Inventory, aCoobe)

Refund Fraud

This fraud is when a scammer gains access to the credentials of someone’s credit card, purchases something on the marketplace, and requests refund to another account (or even cash).

There are many traditional ways for detecting this cybercrime:

  • Granting a tracking number for each order
  • Clearly communicating your refund policy
  • Avoiding processing refunds during holidays

However, all these are all generic methods that may not fully protect your e-commerce business from being attacked. Take into consideration some external means as well. Use the CRM system for order management which has such features:

  • Blacklisting customers
  • Tracking and recording all refunds

Packaged Fraud Detection Solutions for Managing Different Types of E-commerce Fraud

Many solutions combine the desired features for detecting and preventing all types of violations in the e-commerce sphere. Let’s overview some of them in detail.

    • Signifyd is a cloud-based fraud detection software. It applies machine learning technologies and provides the following features:
        • blacklisting,
        • real-time order monitoring,
        • bot mitigation,
        • payment verification,
        • risk assessment,
        • remote access detection,
        • fraud alerts,
        • device tracking,
        • and session analytics.

      Signifyd best suits merchants combatting friendly fraud, true fraud, and phishing.

    • Riskified is another e-commerce fraud detection solution. The key feature of this software is the semantic risk engine. It is used to identify whether a purchaser is a legitimate individual. Other useful features include the following:
        • transaction approval control,
        • real-time order tracking,
        • pattern recognition,
        • proxy detection,
        • device and browser fingerprinting,
        • ML models for behavior analysis,
        • IP, and geolocation matching.

      Riskified helps handle friendly fraud, phishing, true fraud, and card testing fraud.

    • Ravelin is an ML-based fraud detection software that can also be used in e-commerce. It enables online merchants to identify and block risky orders and bad accounts.Features provided by Ravelin include:
        • fraud scoring,
        • identification of similar customer accounts,
        • scam networks detection,
        • order and payment method highlights,
        • fraud maps visualization,
        • and breached credentials database monitoring.

      Ravelin is a full-fledged solution that may protect your online store from true fraud, chargeback fraud, refund fraud, and credit card testing activities.

    • Kount Complete is powered by machine learning techniques and advanced artificial intelligence.The feature set of Kount Complete includes:
        • geo-location and IP proxy detection,
        • mobile fraud detection,
        • multi-layer device fingerprinting,
        • custom and transaction scoring,
        • order linking,
        • and intelligence reporting.

      This software best helps in preventing true fraud, friendly fraud, and credit card testing fraud.

    • NoFraud enables online retailers to detect and eliminate fraudulent activity. The system is based on the combination of machine learning techniques and human intelligence. It is automated and controlled by in-house experts, so it requires no input from merchants. NoFraud offers such features:
        • whitelisting/blacklisting,
        • phone orders screening,
        • pre-gateway integration,
        • chargeback protection,
        • reporting of multiple user accounts,
        • and risk factors assessment.

      The software is aimed at friendly fraud detection and prevention.

The Value of a Custom, ML-Backed Fraud Detection Software

While all merchants run their business according to a certain model and stick to already established in-house processes, it is difficult to find a single solution that will suit all their needs.

Dan Draz

Dan Draz, fraud management expert at Fraud Solutions comments, “very rarely does ONE technology solve ALL of a company’s anti-fraud challenges, most often, effective anti-fraud efforts involve utilization of a combination of tools, techniques, policies, processes, procedures, and people working holistically in combination with each other.

 

In his “Fighting The Global Fraud Epidemic” article, Mr. Draz explains that while fraud impacts not only the company revenue but also their brand and reputation, it is critical to remain proactive, conduct regular enterprise fraud risk management assessment, and take immediate action to mitigate risks identified.

Innovecs has extensive expertise in developing custom programs and applications for companies from the e-commerce sector. Our team of developers has a long track record creating algorithms powered by machine learning to increase the chances of finding an anomaly in online transactions.

Khandogin_CTO-Innovecs

“Thousands of payment transactions conducted within the online store have to be processed to build algorithms for analyzing online purchasers’ behavior and detecting suspicious activities. Merchants have to provide a sufficient amount of data points to make sure that the created patterns will be effective for fraud assessment and management,” comments Sergey Khandogin, CTO at Innovecs.

Sergey adds, “Moreover, sets of data points have to be regularly extended with fresh data to retrain ML models. Or ML algorithms that constantly learn based on all recent data received and aggregated with activity outcomes can be implemented to enable the identification of new fraud patterns.”

Undoubtedly, the development and maintenance of custom fraud detection software requires more investments and human resources. Nevertheless, such a solution is meant to protect your e-commerce business from specific issues and emphasis on the areas which are at the biggest risk.