E-Commerce Fraud Up 178% This Holiday Season: Trends and Predictions
A recent report recorded a 178% increase in malicious e-commerce fraud websites seen from October to December 2021, compared to the rest of the year.
What caused this impressive increase, how does it affect businesses that accept payments online, and how does the fraud landscape expect to evolve?
Malicious shopping websites are on the rise
Set up to coincide with the pre-holiday shopping season, an average of 5,300 new malicious e-commerce websites per week were recorded from October to December, according to a report by Check Point Research.
These scam websites have been created to look like legitimate online stores, often impersonating the look and branding of popular online shopping destinations, such as Amazon and Michael Kors. Customers would arrive by clicking on fraudulent emails or advertisements. They would be tricked into buying something, thinking it was a legitimate product from a legitimate store, in which case the criminal would get their card details and send them nothing. Others tried to lure customers through social media and hacked into the accounts of friends and family members.
This type of scam obviously targets consumers, with the aim of stealing their credit card details. However, an increase in this type of fraud also affects businesses in several ways.
-Many of these stolen credit cards are then used on legitimate online stores, causing chargebacks. Each chargeback costs a company approximately 2.60 to 3.20 times the price of the lost products, even if it is not considered to be the fault of the company.
-The chargeback rate increases for stores where stolen cards are used. This leads to higher bank charges and even a potential trader blacklist.
-The general decline in the confidence of affected consumers in online cardless transactions may have an impact on the market in general.
– Extensive fraud reduces the purchasing ability of affected consumers, which affects large-scale commerce.
-A major increase in online fraud can make merchants overly cautious, increasing false positives and declines for those managing their own rules – and thus increasing customer insult rates.
-Customers who file a chargeback are more likely to do so again within two months, often at a new retailer (at a rate of 40% by Chargebacks911).
Fraud Trends 2022: Criminals are getting bolder
It is clear that fighting fraud on a larger scale benefits all businesses involved in the online economy rather than just the people or businesses affected by individual cases. And, coupled with this is the evident increase in fraud directly targeting merchants, with 75% of organizations across the world reporting an increase in fraud attempts over the past two years, according to a 2022 report from the MRC.
The good news is that it’s not just fraudsters who are getting more sophisticated. Fraud prevention technology and methodology has advanced by leaps and bounds in recent years, reflecting the exponential increase in fraudster activity. As explained in an article on e-commerce fraud by SEON, scammers no longer only target stores selling luxury goods and electronics. Every business can be a target, whether it sells physical or digital goods. In fact, some of the most common attack methods existed long before the Internet. they have just been updated.
But what types of fraud are on the rise in 2022? Merchants are well advised to be on the lookout for the items below, as well as to always consult with their fraud vendors and/or analysts as soon as they notice suspicious activity.
1. Return Fraud
Return abuse is an umbrella term that encompasses different methods, including “wardrobe” – when customers buy clothes with the intention of wearing them once or twice and returning them – and receipt fraud. – when a person falsifies receipts in order to return goods for profit.
Return fraud may be an old avenue for criminals and hobbyists, but it’s still on the rise. According to Shopify, in the United States, approximately 10.6% of all merchandise purchased in 2020 was returned. This shows how important it is for businesses to be able to distinguish fraudulent returns from genuine returns. According to the same source, the overall reduction in yields could save the entire retail sector up to $125 billion per year.
Preventing fraudulent returns starts with effective inventory management and sales records. The more accurate and organized your records are, the less likely an attempt will be to succeed. Some stores are implementing new policies, such as weighing returned items. But it’s also about accurately assessing risk by assessing buyer intent and legitimacy using methods like device fingerprinting and fingerprinting.
2. Fraud by triangulation
A little more complicated but equally popular with contemporary fraudsters, triangulation fraud actually has a very low barrier of entry, meaning it could be set up by criminals of varying skill levels and backgrounds. experience.
Triangulation fraud involves three parties: a legitimate customer, a legitimate online store, and a fraudster.
1. The scammer creates an online store website or adds fake products on eBay, Amazon Marketplace or similar platforms.
2. A buyer tries to buy from a fake online store, giving the fraudster his card details.
3. The fraudster purchases the same product from a legitimate online store using a stolen credit card and provides the legitimate buyer’s shipping address.
4. The buyer receives the item from the real store, but soon notices another charge on their card (because the scammer stole their details).
5. The buyer initiates a cashback procedure with his bank.
6. The legitimate merchant is hit with the chargeback, losing both the item and the money it costs.
Chargebacks are a very common problem for businesses. As Zoho explains, they can be linked to actual shopper or merchant error, but they also often accompany fraud. For example, a cardholder charged for a fraudster’s transactions will request a chargeback, while some purchasers will use the chargeback process itself to keep both their money and the product (fraud friendly/first party).
While shopping and payment platforms such as Shopify and Stripe may have built-in tools to stop fraudsters, these aren’t particularly adept at detecting triangulation fraud. For this more sophisticated type of scheme, dedicated fraud prevention solutions are more appropriate, deployed by the merchant to protect their own interests as well as those of their customers.
3. Account takeovers
An ATO, or Account Takeover, is simply when a fraudster gains access to an existing account belonging to a legitimate customer. This can be done through various methods such as phishing, brute-forcing, and cross-site scripting.
What makes all the difference in 2022 is that the stakes have been raised. A few years ago, taking control of someone’s account allowed a criminal to use it to commit further fraud, perhaps to sign up somewhere, but there was rarely anything worthwhile inside – always depending on the type of account hacked.
Today, however, the public is increasingly encouraged to save their payment card details online: in their accounts on online stores like Amazon and TK Maxx, in their browser profiles, in digital wallets made possible by open banking protocols, and on other digital accounts. . As a result, a successful ATO is much more likely to provide usable credit or debit card details, which the criminal can use in the same store or elsewhere.
In its article on this phenomenon, NordVPN highlights how major breaches even at trusted companies such as British Airways in 2018 led to the theft of customers’ card payment details. Certainly, the size and reputation of a company does not guarantee the security of consumer card data.
And, of course, a company’s reputation suffers greatly once it has been involved in such an incident. The public are already concerned about sharing personal information such as their full address and phone numbers – and payment details have so much more potential to cause harm. It doesn’t matter if the blame lies with the company, as in the British Airways example above, or perhaps with the customer, in the case of someone using a very weak account. The results are always detrimental to the business.
Additionally, the criminal may attempt to use (or test) the stolen cards on the spot, causing more cashback problems for the already unhappy merchant.
There are simple steps to take as a first line of defense, like requiring (or forcing) customers to use multi-factor authentication, which is much more complicated to hijack. In the merchant backend, to mitigate such an attack, end-to-end anti-fraud solutions deploy technologies such as machine learning, inline fingerprinting via reverse lookup of emails and phone numbers , behavior analysis, speed checks and device fingerprinting. By bringing together hundreds of different data points, a fraud prevention platform assesses the level of trustworthiness or risk for each user and transaction, weeding out bad actors.
Key points to remember
Overall, e-commerce fraud is clearly on the rise in 2022 – and beyond, according to forecasts. Fraudsters are eager to take advantage of every opportunity and become early adopters of new technologies, although they also adapt and modify proven methods to gain the upper hand. Sophistication is at the heart of this challenge: as online fraudsters become increasingly sophisticated, so should we.
About the Author
Gergo Varga has been fighting online fraud since 2009 at various companies – he even co-founded his own anti-fraud startup. He is the author of The Dummies’ Guide to Fraud Prevention – SEON Special Edition. He currently works as a Senior Content Manager/Evangelist at SEON, using his industry knowledge to maintain sharp marketing, communicating across departments to understand what is happening on the front lines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.