Types of Ecommerce Fraud
While you may be familiar with ecommerce fraud in general, you might not know there are several different types of ecommerce fraud—all of which can create big headaches for you and your business.
Card-not-present fraud
Card-not-present (CNP) fraud can happen in three ways:
- Use of a stolen credit card
- Theft of a consumer’s identity
- Use of stolen card data, without presenting the actual card itself
In CNP fraud, the following process takes place:
-
A fraudster makes a purchase at an online store using someone else's credit card information.
-
The acquirer (or issuing bank) checks if the card has enough balance and approves the purchase.
-
The transaction is completed, and the goods are delivered to the fraudster.
-
The actual cardholder does not recognize the purchase and notifies the merchant (or more commonly, their card issuer).
-
The online store reimburses the cardholder and is left with a loss.
-
In many cases, the store is also penalized with a chargeback fee.
Related Reading
Understand more about the payment process, payment vendors and where fraud fits into the picture: How Does the Online Payments Process Work?
read more
Even if a consumer is exceedingly cautious with their own data, fraudsters are using increasingly sophisticated tools:
-
• Skimming — stealing card information at the point of sale
-
• Phishing — conning the cardholder out of their numbers either via email or over the phone
-
• Pharming — installing malicious code on a computer to steal personal data.
And that’s not even counting the identity theft resulting from large-scale data breaches. Unfortunately, many consumers have no idea their card data or identity has been stolen until they receive their bill. By that time, fraudsters have stolen thousands (or more) of dollars in merchandise and have moved on to the next victim.
Alarmingly, CNP fraud is growing quickly. In the United States alone, CNP fraud is estimated to increase by 14% and cost ecommerce businesses $130 billion by 2023.
likely due to the prevalence of online shopping throughout the year. Of the 2,450 fraud attempts in an average month, 916 were successful.
What does that mean for your business? Fraudsters have gotten smarter, more skilled, and more able to work around fraud prevention. Small businesses need to up their game in this new era of ecommerce.
Account takeover (ATO) fraud
A type of CNP fraud, account takeover fraud (ATO) is one of the fastest growing fraud risks in the ecommerce industry. Bank and social media data breaches combined with text and email scams enabled a 307% increase in fraudulent account takeovers between 2019 and 2021.
ATO fraud happens when fraudsters purchase stolen customer data on the dark web and use it to make fraudulent purchases. In 2021, the cost of data breaches grew to $4.24 million, the highest level in 17 years.
Fraudsters commit ATO and CNP fraud using a similar process:
- A fraudster uses stolen credit card or bank information to make a purchase online.
- Once the purchase is approved by the payment processor, the transaction is completed.
- The purchased goods are shipped to the fraudster.
- When the actual consumer doesn’t recognize the purchase, they contact their bank or payment processor.
- The online business must reimburse the consumer, but the costs of shipping and goods sold are lost.
- Most often, companies also have to pay a penalty to the payment processor — known as a chargeback.
Free Download
Understand Your CNP Fraud Risk and
Optimize Your Fraud Prevention Process
Donwload now
Another thing to consider when it comes to CNP and ATO fraud is the damage to your reputation. In our 2021 Consumer Attitudes report, 84% of consumers reported they would never again shop with a business that approved a fraudulent order with their credit card.
Social commerce fraud
With the rising popularity of Instagram Shop, Pinterest Lens and even TikTok as a source of online shopping, social commerce is booming. Experts expect it to reach more than $604 billion by 2027.
It only follows that social commerce fraud is booming as well. For starters, fraudsters create fake brand accounts to perpetrate a variety of fraud schemes, from phishing to triangulation fraud. In the fashion industry, alone, impostor brands are promoted on as many as 65 million fake posts every year and almost 20% of all fashion product posts from 50,000 on Instagram are fraudulent.
The other issue is with passwords. When the most common password used by consumers in the U.S. is “123456,” it’s not hard to hack into an account. And when you factor in how many people use the same passwords across their accounts, a single data breach can be a mother lode of opportunity for a fraudster.
Friendly fraud
Despite its name, friendly fraud is no friend to your business.
Friendly fraud happens when a customer makes a purchase with a legitimate credit card, was delivered the merchandise or service, but then disputes the charge.
While it is considered a form of fraud, it is usually not done maliciously and can happen for several reasons:
-
The customer might believe their package was stolen, but it was just misplaced.
-
The customer might not recognize the company’s name on their statement.
-
They might be disputing recurring charges, saying nobody notified them that these charges would take place.
The tricky part of friendly fraud is that without meticulous record-keeping, it’s almost impossible to know if the customer is telling the truth or trying to defraud you.
Nonetheless, friendly fraud is a growing concern, and the losses can be significant in shipping fees, staff time lost to dealing with the issue, and chargebacks.
Related Reading
Friendly Fraud: What Ecommerce Merchants Need to Know
read more
Chargeback fraud
While chargebacks were initially developed by card issuers to protect consumers,
The chargeback process has become so easy that some people game the system and knowingly commit chargeback fraud.
They intentionally file fraudulent chargebacks with the goal of keeping the product or service they ordered while also receiving a refund of the full transaction amount.
Chargeback fraud can take place in a variety of ways, including when the customer:
- Places an order with the explicit intent to get free products
- Experiences buyer’s remorse and regrets a high-priced purchase
- Hides a purchase from a spouse or joint account holder
- Tries to lower their credit card balance
We’ll dive much more deeply into chargebacks a little later on, so keep reading!
Related Reading
Get more statistics, insights and tips on identifying ecommerce fraud: Ecommerce Fraud Protection for Online Merchants: The Ultimate Guide
read more
Channel-specific ecommerce fraud
Internet shopping has come a long way from the days of simply purchasing online using home-based computers. Consumers are now shopping with multiple types of devices in omnichannel environments. This includes but is not limited to:
- Voice commerce
- Mobile and tablet commerce
- Gaming consoles
- IoT devices such as watches
- Vehicles
Each of those channels presents a new fraud risk for small businesses.
Social commerce has exploded on apps like Instagram and Facebook, which creates a perfect opportunity for CNP fraud — the leading cause of ecommerce fraud today. Fake social media accounts lure consumers into making purchases that never materialize. Nearly 20% of the fashion product posts on Instagram come from imposter brands that promote up to 65 million fake posts each year.
Meanwhile, voice commerce using smart speakers like Amazon’s Alexa, Apple’s Siri, Google Assistant and Microsoft Cortana are expected to generate sales of $80 billion by 2023.
Related Reading
Thinking about voice commerce? Make it easier for customers to voice search on your site: 4 Ways to Optimize Your Online Store for Voice Search Commerce
read now
Ecommerce Fraud and Risk Factors
While all ecommerce and multichannel retailers are at risk for fraud, some businesses tend to be more popular targets. These are referred to as “high-risk” businesses.
Being a high-risk business makes it even more difficult to fight fraud — not just because of the tactics fraudsters use, but because many payment processors shy away from high-risk businesses
Add to that the risks of increased chargebacks, and you have a trifecta of challenges. Often, these businesses have no choice but to work with high-risk credit card processors, who tend to impose much higher fees and stricter conditions, cutting deeply into the company’s bottom line.
A number of factors determine whether a business account provider will deem a business high-risk, but the two most common are industry and transaction types.
High-risk industries
The riskiest industries for fraud and chargebacks tend to service providers and businesses that sell goods with a high resell value on the black market. Service providers are considered high-risk simply because it’s harder to prove that a service has been delivered.
While high-risk industries vary based on consumer demand, here are some industries that typically struggle with fraud risk:
Want to learn more about your particular industry's ecommerce trends and fraud risk? Explore our in-depth industry guides.
High-risk transaction types
Transactions that tend to raise red flags with account providers include:
While high-risk industries vary based on consumer demand, here are some industries that typically struggle with fraud risk:
- Accepting recurring payments
- Having high monthly sales volumes or individual transactions
- Having cyclical sales
- Being in an industry with historically high chargeback ratios
- Offering subscription-based products or services
- Having not yet established a payment processing history
High-risk geography
Another factor that small businesses don’t always think about — but payment processors do consider — is geography.
Within the U.S., some states have higher fraud rates, and any online business in that state could be considered riskier for payment processors to take on.
Certain countries also face higher fraud rates, such as Mexico, or China with its particularly high mobile fraud rate. At the same time, both of those countries present opportunities for cross-border ecommerce, so there is a reward that goes along with the risk.
Expanding into new territory? Explore some of the most dynamic and promising ecommerce markets in the world, with our country profiles.
Even if your industry is considered low risk, it doesn’t mean you’re immune. Some fraudsters like to target companies in lower-risk industries, figuring their guard is down and they’ll be easier to scam.
One of the biggest ways ecommerce fraud hits small businesses hard is through chargebacks. Let’s do a deeper dive into chargebacks, how they happen and what you can do to protect your business.