Ecommerce Fraud Prevention: 10 Best Practices

Before we learn how to protect yourself against ecommerce fraud, let’s understand what it is.

Ecommerce fraud includes any kind of action aimed at exploiting online stores for personal or financial gain. When a scammer tries to intercept a commercial transaction on your online store, they may look to steal money from your customers, your business, or both.

Credit Card Fraud

When a fraudster makes a purchase with a stolen credit card number, the store processes the payment, and then the real cardholder initiates a chargeback after noticing a strange transaction. This results in you, the merchant, having to refund the payment. You lose the sale, and end up paying an expensive admin fee to the card company. This type of fraud is also called transaction fraud or card not present (CNP) fraud.

Phishing

Another type of ecommerce fraud is phishing. This is when scammers create near-identical copies of your online website, and encourage customers to buy items. These hackers then steal customer credit card numbers to use in future scams.

Another method of phishing is via email. Fraudsters send emails to customers to try to trick them into revealing personal data like usernames and passwords. They then log into the customers’ accounts, change their passwords, and make unauthorized purchases. Criminals often use bots to steal confidential information, making the fraud very difficult to trace.

“Friendly” Fraud

Transaction fraud is not only carried out by professional fraudsters. Sometimes, a chargeback is initiated by someone whose card hasn’t been stolen. This is also called first-party fraud or ‘friendly’ fraud – though there’s nothing friendly about it! It’s called this because it usually involves genuine customers rather than professional scammers. These customers either accidentally request a chargeback on transactions they don’t recognize, or deliberately do so to avoid paying for the item at all.

Affiliate Fraud

Ecommerce stores make use of promotion, affiliate, and loyalty programs to attract new customers and engage existing ones. But this also leaves open avenues for scammers to exploit.

In affiliate marketing, online merchants pay affiliates a commission for each referred sale. Criminals seek to defraud the merchant by either generating fake commissions or increasing the number of commissions.

Triangulation Fraud

Triangulation fraud uses a three-step method to defraud online merchants. Firstly, the scammer creates a fake online store to steal names, addresses, and credit card details from unsuspecting customers.

Next, fraudsters use stolen customer details to buy the exact items the customer bought from the fake store and have the items shipped to them.

Lastly, the scammers use the stolen information to buy other online purchases for themselves. This type of fraud tends to go undetected for quite some time because the original purchase (from the fake store) raises no suspicion.

For more information on the biggest challenges of running an ecommerce website, read our list.

So, with so many types of ecommerce fraud out there, how do you spot when it’s happening to your online store? There are a few tell-tale signs to look out for:

• Inconsistent order data: Is there some information in the order that doesn’t add up? Pay close attention to the city and ZIP code – do they match?
• Unusual location: Your regular customer always makes their purchases from the same IP address, but this time it’s different. Could this be something to look into?
• Multiple shipping addresses: A buyer makes several purchases under the same billing address, but items are shipped to multiple locations.
• Multiple declined transactions in a row: The customer makes several attempts to pay with a credit card without getting the details correct.

Let’s take a look at 10 ecommerce fraud prevention best practices for your online store.

Find any flaws in your security before criminals do! This is a must for any online business to be robust against scammers. When conducting a security audit, ask yourself these questions:

•       Are your shopping cart software and plugins up to date?
•       Is your SSL certificate current and working?
•       Are your passwords for your admin accounts strong enough? It’s good practice to review and change these every month or so.
•       Are you scanning your website regularly for malware?

For more information on setting your site up for success, check out our article on best practices for ecommerce stores.

If your website accepts credit card payments, it has to be PCI (Payment Card Industry) compliant. This is a set of security requirements that ensures your business meets the technical and operational guidelines in order to protect customer credit card data.

PCI compliance is a continuous process that requires regular evaluations of your current security systems and practices. Take a look over the latest set of security standards to check if your online store is PCI compliant – many platforms, like Shopify, take care of this for you!

Address Verification Service (AVS) is a service offered by credit card processors and issuing banks to check that the billing address submitted by the credit card user matches the billing address held by the bank. If the addresses don’t match during the authorization process, the transaction is either declined or flagged for investigation.

The AVS check is done automatically, but it’s the merchant’s responsibility to accept or decline the sale based on the AVS code provided. Check out the different AVS codes and what they mean for your business.

You know that three- or four-digit number on the back of your debit or credit card? Well, it’s important. The Card Verification Value (CVV) or Card Security Code (CSC) adds another layer of security to online transactions by ensuring that customers have the physical card in their possession. Asking for a CVV or CSC number with each transaction will help keep your business safe and prevent fraud.

A good way of protecting your store from a data leak or hack is to hold onto a minimal amount of customer data. Only collect data needed for the transaction and shipping. After all, you want to attract customers to your online store, not put them off with unnecessary questions. Plus, hackers can’t steal what you don’t have. Reducing the amount of customer data you have on file will minimize the risk of criminals targeting your business or your customers.

Hypertext Transfer Protocol Secure (HTTPS) is a system that securely sends data from a customer’s web browser to your online store. Using HTTPS is a standard way to make sure transactions on your website aren’t easily viewed by hackers, cybercriminals, or fraudsters.

Set limits on the number of purchases and total dollar value that you’ll accept from one customer in a single day. You can use your order and revenue trends to understand what limits would be appropriate and know what to sell online exactly. This will reduce the risk of transaction fraud by minimizing potential openings in the system that could be exploited.

Peak holiday seasons are usually pretty hectic for online stores, but this is when you need to be on your toes the most! Fraudsters often target stores during this busy time, and transaction fraud in particular can be easy to miss with orders stacked up. Make sure to leave enough time to continue security audits, and process all transactions securely.

Make sure your employees are clued up on ecommerce fraud prevention, and how to look out for it. Consider doing some workshops with your staff, and establish best practices for your business to follow when it comes to fraud.

Double-check that every transaction’s IP address matches the city or region that the credit card has been issued. This may seem like a lot of work, but it’s worth it – setting out a best practice such as this is a solid way to ensure your transactions are valid. If the IP address and credit card billing address are radically different, make sure you flag the transaction for further review.

During the COVID-19 pandemic, rates of ecommerce fraud rose by at least 70% globally. And, according to a recent study, it’s not getting any better either. By 2024, owners of online stores could lose an estimated $24 billion in profits to ecommerce fraud.

Now more than ever, it’s essential that every online store learns these ecommerce fraud best practices and understands how to combat ecommerce fraud in the most effective way. Sadly, no one – not even the biggest companies – is immune to fraud. But, if you can spot the fraud early, or reduce the risk by using our best practices above, you have a great chance of beating the fraudsters at their own game.