What does fraud mean?
Deception that is intentional and is used for the purpose of personal gain. Credit card and identity fraud are two major issues in the modern day world, identity fraud occurring when people fail to keep their computer secure. Online fraud can occur when a hacker retrieves the personal details of someone by hacking into their device and using their details to purchase products or services.
There are many measures in place to try and limit the occurrence of online credit card fraud such as the authorization process for credit cards as well as the necessity to match the billing address of transactions to the one that the credit card is registered to. Even so, the number of cases and amount lost through fraud has grown every year since 1993 as criminals become increasingly sophisticated and vehicles for fraud expand.
In the increasingly connected world fraud is no longer confined to just credit cards. Hackers are finding increasingly sophisticated ways to break into bank accounts and other online accounts to steal user data and make fraudulent purchases. Below are the six common types of ecommerce fraud:
This is the most common type of fraud, and the one that causes the most concern for online merchants, banks and credit card companies alike. Credit cards are often the most popular target for identity theft, since a thief really doesn’t need much information to successfully complete a “card not present” transaction.
In identity theft a thief simply takes over someone’s identity in order to make purchases in their name, and with their resources. It’s surprisingly easy to do, especially for experienced identity thieves. With some basic personal information, such as name, address, phone number and/or credit card details a fraudster can order items online and have them charged to someone else’s credit card or bank account.
In many cases this information is gathered in a method known as phishing, where users are tricked into entering personal information into a website form, which the fraudster then collects and uses as part of the identity theft.
Another method called pharming gets users to enter a password into a fake website, and the identity thief can then test that password at many other common banking or commerce sites, knowing that a large number of consumers will reuse the same password at many different sites.
Other methods of identity theft include hacks on ecommerce providers that steal user data, malware installed on personal computers to steal personal information, and man-in-the-middle attacks where data is intercepted when being sent between customer and merchant or bank.
Friendly fraud isn’t really all that friendly, especially for ecommerce merchants. This is where a customer purchases goods using some “pull” method like a credit card or direct debit and then initiate a chargeback, claiming tht they didn’t place the order and that their account details had been stolen. They are reimbursed by the merchant, and they keep the goods or service.
Clean fraud is actually pretty dirty. A stolen credit card is used to purchase some good or service, and the transaction is manipulated to get around the fraud detection functions used by payment processors.
Clean fraud is fairly sophisticated and requires knowledge of the payment system fraud detection systems, as well as a great deal of knowledge about the owners of the stolen credit card.
When the thief has a good deal of personal information about the person whose stolen card is being used they are often able to bypass any fraud detections systems, since these are based on the correct entry of personal details during the purchase process.
Clean fraud often includes card testing, where small purchases are made as a test to see if the stolen card data works.
Of special concern to ecommerce merchants who may use affiliate programs to increase sales and revenues, the affiliate fraud can occur either through a fully automated process, or by having real people place fraudulent transactions in an effort to increase either traffic of signup statistics.
Triangulation fraud gets its name from the fact that the fraud has three points. The first point is a fake ecommerce store offering some popular item at an amazingly low price. The shop will often also offer an incentive for orders completed using a credit card, because the only purpose of the fake storefront is the collection of credit card and address data.
The next corner in the triangle involves using different stolen credit card data to purchase goods at a legitimate online store and have them shipped to the original customer of the fake storefront.
The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.
We feel it necessary to mention this type of fraud as well. It’s a simple theft where orders are accepted at an ecommerce store, but nothing is ever shipped and the payments are kept. Merchant fraud can be found in both retail and wholesale transactions, making it dangerous to both customers and legitimate online merchants. The most common payment method for merchant fraud are the “push” methods where chargebacks are not possible.
Fraud and Sales Channels
Online merchants report that the increased use of multi-channel sales makes fraud even more worrisome. Third-party websites such as Amazon and Alibaba used for cross-channel sales are particularly susceptible to online fraud. Mobile sales are also more likely to see fraud, but even the merchants own ecommerce site is never safe from fraud.