Incidents of ecommerce payment fraud rise in proportion to holiday sales. But merchants can protect themselves this Christmas season. The key is to recognize popular forms of fraud and then employ steps to prevent them.
Ecommerce fraud in its many and various forms may have cost the industry a massive $58 billion worldwide last year, according to a Pymnts.com Global Fraud Report released last October.
Fraud varies across product category and business size. For example, mid-market and enterprise, multichannel merchants experience higher fraud rates than small online sellers. There are a few possible reasons for this including the fact that small online retailers handling relatively few orders often review each order manually.
Retailers selling electronics or jewelry may experience more attacks than sellers of other categories, such as apparel.
In every case, there are some things your company can do to help prevent fraud. This begins with understanding trends. Two prominent examples this holiday season are account takeovers and coupon abuse.
Account takeover fraud is a form of identity theft, wherein a criminal gains access to a registered customer’s account and poses as that known and trusted shopper.
Account takeovers can be particularly damaging because the merchant could lose both the fraudulently ordered merchandise and the shopper whose account was compromised.
Once a criminal can log in using a real customer’s account credentials, that criminal could use stored payment methods to buy items; access a loyalty program; or simply place orders using stolen payment cards in the hope of bypassing any fraud prevention software a store may be using.
This particular form of fraud is both costly and on the rise. Javelin Strategy & Research reported a three-fold increase in account takeover losses. Fraud prevention software maker Sift Science noted that account takeovers cost the industry about $5.1 billion in 2017. And in terms of the growth of account takeovers, the fifth edition of the Forter MRC Fraud Attack Index reported a near 35 percent increase in account takeover attacks for the first two quarters of 2018.
To protect your company, watch for changes in customer behavior. For example, if a shopper who has used the same payment card for the last several orders suddenly starts using new payment cards and different names, check it out. If your company’s ecommerce platform, order management software, or fraud prevention tools allow it, flag unusual account behavior for human review.
Coupons can be an excellent way to boost sales during the Christmas rush, but the coupons may also create an opportunity for holiday fraudsters.
In many cases, coupon abuse is a form of so-called friendly fraud, meaning that it is a customer rather than a professional criminal who is the perpetrator.
Imagine, as part of your Cyber Monday promotions, your online store issues a coupon code via email offering a free 32-inch television when someone buys a PlayStation game console.
The coupon code is limited to one per customer. Your online store is breaking even on the transaction, so you won’t make any profit if the shopper buys only the PlayStation. Rather your hope is that the customer will pick up a few other, potentially high-margin, items too.
The key here is that the coupon is limited to one free television per customer.
Enter a grandma in Des Moines. She sees the offer and believes she deserves it not just once, but four times so that she can get the deal for each of her grandchildren. When she tries to buy all four, your company’s ecommerce platform reminds her of the one-per-customer limit. So she cheats.
Granny creates four accounts, using her home address for one, her work address for another, and so on. She even creates a couple of new Gmail addresses for this purpose. She feels great. In her view, she got the deal she deserved. But in reality, she committed coupon or policy fraud and robbed your business.
This might sound trivial because she did buy the PlayStations. But it’s also coupon abuse. And according to the aforementioned Forter MRC Fraud Attack Index, coupon abuse rose 217 percent in the first quarter of 2018.
To protect your company, monitor coupon use carefully. In the case of our hypothetical grandmother, two or more of the PlayStation-television combinations may have been destined for the same shipping address. And in each case, she would have had to use a real name and payment card. So it may have been that a single payment card was associated with more than one customer account.
In short, if something looks odd, check it out.
Obliterate Payment Fraud
Depending on your company’s industry segment, you could be losing 2 percent of revenue or more to some form of fraud this holiday season. That quickly adds up to a lot of money — so much so that it can make sense to invest in a fraud prevention service.
There are a number of good choices, including Kount, Sift Science, Forter, LexisNexis Risk Solutions, Riskifed, and many more.
A good fraud prevention service will consider a shopper’s purchase velocity, IP address, recent behavior across multiple ecommerce sites around the world, and many other data points, providing your business with a score for each purchase. You can set rules around this score and flag or reject orders that are likely fraudulent.