Editors note: this post was contributed by Alon Ghelber, CMO at Revuze
eCommerce is a convenient alternative to going to a physical store and a way to make international purchases possible without even stepping outside of home, especially in times like these where social distancing is forcing people to stay more at home. However, the digital nature of eCommerce provides openings for opportunistic people, and for years, digital transactions have been wrought with fraud—to the chagrin of both eCommerce stores and their customers.
Recently, eCommerce fraud has been on the rise, with the Federal Trade Commission (FTC) indicating a loss of $71 million in online shopping scams through millennial consumers alone. Studies have also shown that retail fraud attempts doubled each year and tripled by 2017. This is alarming for eCommerce websites, especially in light of the current pandemic, where consumers have been turning to online transactions for their needs.
How do fraudsters game the system?
Common Types of eCommerce Fraud
eCommerce fraud is any type of fraud that occurs within online or digital transactions. It has become fairly common due to the relative ease with which it can be done. eCommerce fraud uses stolen or illegally obtained personal and credit card information, a false identity, or affiliate fraud advertising without the need for the legal owner of the information or the credit card to be present while the fraud is committed.
In 2019, credit card fraud reports ballooned into 271, 823 cases—more than doubling the 133,096 reported cases in 2017. This indicates a steady rise in credit card fraud that must be addressed immediately to promote consumer confidence and avoid fraud-related costs. The best way to combat eCommerce fraud is to identify why they are happening and how they are being done. This will help businesses devise a strategy to prevent these attacks in the future. There is no one-size-fits-all approach to protecting a business from fraud, so it’s important to determine the nature of fraud and address them directly.
Below are the most common types and how they’re done.
- Card testing fraud or card cracking
Card testing is done when someone gains access to stolen credit card numbers and uses these to make small “test” purchases. This is done because the fraudster doesn’t have information about the limits of the credit cards and whether or not the cards can be used to successfully complete a transaction. Fraudsters make small purchases from an eCommerce website to test the credit cards and then start making larger purchases once they confirm that the cards are active.
- Account takeover fraud
This happens when a fraudster somehow gains access to another user’s eCommerce website account, either via phishing schemes or purchase of stolen passwords or other personal information. Once fraudsters obtain access to a user’s account, they can make purchases using the account, withdraw funds, and gain further access to the user’s other accounts. In 2019, the account data of more than 700 million users were illegally sold, including account details from popular online services MyFitnessPal, Animoto, and 500px. Data sold included users’ names, email addresses, and passwords.
- Fake reviews or “brushing”
“Brushing” is a form of fraud done by third party sellers on eCommerce giant Amazon. Amazon allows the purchase of items as gifts, which allows the buyer to leave a review for that item as a “verified buyer.” Reviews from verified buyers are perceived as more authoritative and, therefore, more helpful than other reviews. Fraudsters take advantage of this system by obtaining the name and address of a customer, purchasing an item, and then sending it to the customer as a gift. Third-party sellers on Amazon use this method to allow them to write fake reviews and bump up their items or store in the Amazon rankings. It also allows them to post fake negative reviews on competitors’ items or stores.
The War Against eCommerce Fraud
Amazon’s pilot program is a step in the right direction for the eCommerce industry, but its overall success is yet to be seen. Fraudsters are good in finding loopholes they can take advantage of, and it’s a matter of a time before they find one in Amazon’s latest security measures. Amazon may have won a few skirmishes, but it is far from winning the war.
Some tools help fight against the sale of counterfeit products. By analyzing a decline pattern in consumer sentiment & satisfaction companies can get alerts and monitor sales of counterfeit products that are being sold by third parties and are crippling both sales and brand image.
The question still remains: What can online retailers do to protect themselves from eCommerce fraud? Here are a few simple tips.
- Check for frequent and unusual declines
This can help a business detect possible card testing attacks. Aside from a credit card being declined multiple times, declined attempts that are approved later on should also be noted can also indicate a possible fraud attack.
- Use velocity checks to analyze transactional behavior
An unusually large and sudden flow of transactions can indicate a fraud attack using stolen credit cards. Certain ways to address this include verifying purchases with the cardholder via phone, checking the origin of the transactions and blocking them if necessary, and setting limits to the number of transactions that can be done at a time using the same credit card.
- Analyze product reviews
Analyzing product reviews manually is not a practical solution; however, a Cornell study shows that AI (artificial intelligence) can be used in battling fake reviews or “opinion spam.” The study also shed some light on how one can detect if a review is fake or not: fake reviews contain more first-person pronouns to appear legitimate, use more verbs, and are mostly vague because they lack real information about the product being reviewed.
Amazon Fights Back
Being one of the largest eCommerce websites in the world, Amazon has had its share of fraudulent transactions through the years. Although no exact figures have been made public, Amazon was hit by “extensive” fraud through the months of May to October 2018, with the fraudsters breaking into accounts and siphoning cash from the victims. Brushing is also a major problem for the eCommerce giant, especially after Amazon Prime Day, an annual 2-day deal event for Amazon Prime members where they can get special discounts on certain items.
Consumers are very strict when it comes to an online store’s security measures, and a vulnerability to fraudulent attacks like brushing can put a dent on a company’s reputation as a retailer. As such, Amazon has been setting up measures to avoid bogus third-party sellers and increase the overall security of its erCommerce operations. One of these measures is Amazon’s pilot program in which the identity of third-party sellers is verified through a video call. According to the company, this process alone has stopped 2.5 million suspected fraudsters from publishing their products to Amazon in 2019. The pilot program is currently running in a number of markets, including the US, UK, Japan, and China. Amazon Web Services also offers the Amazon Fraud Detector to help third-party sellers detect and combat online fraud faster and more effectively.
As the global pandemic rages on, the new normal for retail might see eCommerce as the only viable channel in the near future. As eCommerce transactions grow exponentially, so does the potential for fraud attacks that can affect both revenue and consumer confidence. Amazon has led the fight with its Fraud Detector service that uses machine learning to identify potentially fraudulent activity. It would be wise for companies to follow suit and invest in AI and machine learning to detect fraud, as these platforms are able to learn and adapt to new forms of fraud attacks, making them future-proof.