Based on data from Statista published earlier this year, the industry has faced significant challenges due to security breaches. In 2022 alone, losses from online payment fraud surpassed 40 billion U.S. dollars. Juniper Research predicts that losses to online payment fraud will surpass $206 billion cumulatively for the period between 2021 and 2025.
Given these alarming eCommerce fraud statistics , it’s imperative for online retailers to implement rigorous safety measures to prevent potential data breaches or financial setbacks. In this article, we discuss ascending eCommerce fraud trends and spotlight protective measures you can use to safeguard both your enterprise and its customers from these types of eCommerce fraud, especially as the peak season approaches.
Account Takeover Fraud is Leading the Pack
Coming up with a strong (and unique) password isn’t easy — especially when you have dozens of accounts with different eCommerce merchants, email providers, and apps. But not having a solid password is a far bigger headache, as you unwittingly expose yourself to fraudsters.
Account takeover fraud — a type of identity theft where a hacker takes control of user accounts for financial gain— is prevalent and on the rise. In fact, recent research found that 22% of U.S. adults have been victims of account takeover fraud —amounting to over 24 million households. Another 2021 study revealed that 43% of U.S. eCommerce businesses reported that account takeover fraud accounted for over 10% of chargebacks.
With so many fraudsters attacking unsuspecting consumers, how do retailers and eCommerce brands protect customer data from account takeover fraud without creating too much friction in the customer experience?
There are two ways: incorporate dual authentication measures and biometric passwords.
- Dual authentication measures ensure that the person accessing the account is the customer who owns it. This can be done by sending a code via text, email, or phone call or by asking for the answer to a security question.
- Biometric passwords use unique traits to grant users access to accounts, such as fingerprint, facial, and voice recognition. Given the unique nature of biometric data, it’s extremely difficult for fraudsters to replicate or fake these credentials. Thus, even if a hacker obtains a user’s basic password or pin, they would still be thwarted by the biometric verification step, ensuring the account remains secure. Biometric systems are becoming increasingly popular for mobile and online shopping experiences.
Bots Are Getting Smarter
In the past, bots were much easier to spot and stop. They could only automate repetitive tasks (like clicks and data entry), and they were unable to perform complex operations that required critical thinking, like CAPTCHA requests.
But that’s changing. Fraudsters are advancing their nefarious technologies to enable bots to set up fake accounts by solving CAPTCHA requests. As time goes on, these intelligent algorithms will only get better at solving complex authentication puzzles.
This puts retail and eCommerce businesses in a difficult situation, as getting ahead of bots requires speed and accuracy that human employees simply don’t have.
Fortunately, you can solve this problem by adopting machine learning eCommerce fraud protection like Radial Payment Solutions. By layering machine learning on top of consortium data and human analysis, Radial enables your team to spot bots and fraudsters before they can carry out their crime.
And since we offer a zero fraud liability guarantee, you never have to worry about the fallout of any fraud attacks on your system. You and your customers are protected on all sides.
Phishing Lures with Shiny, Fake Promos
During peak shopping seasons, cybercriminals employ a range of tactics to deceive unsuspecting consumers, with phishing scams and fake promotions being among the most common. One method they use is domain spoofing, where they register domains that closely mimic popular eCommerce websites.
These slight deviations, such as a minor misspelling or a different domain extension, are often overlooked by shoppers eager to snag a deal. Moreover, these scammers design emails that appear to originate from well-known online merchants, announcing enticing but fake eCommerce sales or alerting users to a supposed issue with their recent order. These emails typically contain malicious links that either lead to harmful sites or initiate the download of malware.
Recently, there’s been a surge in fake promotions appearing as sponsored ads on social media platforms like Facebook and Instagram. These ads, crafted to look genuine, redirect users to phishing sites. Several red flags can help identify these deceptive practices. Offers that seem too good to be true, messages that induce a sense of urgency, or mismatched URLs are typical signs of phishing attempts.
The repercussions of falling for such scams can be severe, ranging from immediate financial loss to long-term identity theft. In some cases, users’ devices get infected with malware or ransomware, further exacerbating the damage.
To combat this, it’s crucial for retailers to play an active role in educating their customers. They should inform them about potential scams, especially during high shopping seasons, and promote safe online habits, such as urging customers to
- Double-check URLs
- Avoid clicking dubious links
- Provide personal and financial information only on verified and secure platforms
Retailers can enhance their site’s security by using SSL certificates, displaying trust badges, and integrating two-factor authentication. Furthermore, by fostering an environment where customers can easily report suspicious activities, retailers can stay informed about emerging threats, swiftly alert their broader customer base, and even explore legal countermeasures against the perpetrators.
Rise in Mobile Fraud & Sneaky App Attacks
The growth of mobile shopping has been a transformative trend in eCommerce, making purchasing more convenient for consumers worldwide. However, with this convenience has come an uptick in mobile fraud, casting a shadow on what is otherwise a beneficial advancement.
Cybercriminals are quickly adapting to this shift by increasingly targeting mobile apps and browsers. In their quest for illegal gains, they exploit vulnerabilities inherent in some mobile systems, often arising from inadequate security measures or outdated software. A particularly concerning mobile-specific tactic is the creation of malicious apps. These are designed to look and feel like legitimate shopping platforms, luring unsuspecting users into downloading them.
Once installed, these counterfeit apps can access personal data, log keystrokes, or even conduct unauthorized transactions. The resemblance to authentic apps makes it challenging for consumers to differentiate between genuine and malicious platforms. Given that many users store payment information on their devices or use mobile wallets, the stakes are particularly high.
For the businesses at the center of these breaches, the aftermath can be a debilitating loss of trust among their customer base. If consumers perceive a brand as insecure, the ensuing reputational damage can deter both existing and potential customers.
To combat these issues, retailers can employ a variety of methods to prevent fraud, such as:
- Regular Updates: Both consumers and businesses must ensure mobile apps and operating systems are regularly updated. Updates often patch known vulnerabilities.
- Two-Factor Authentication (2FA): Implementing 2FA can add an extra layer of security. Even if credentials are stolen, accessing the account would require an additional verification step.
- Educate Consumers: Businesses should educate their users about potential risks and best practices, like not clicking on suspicious links and verifying app publishers before downloading.
- Encrypted Transactions: Ensure all data transactions, especially those involving payment information, are encrypted.
- Regular Security Audits: Businesses should conduct regular security assessments of their mobile platforms to identify and rectify vulnerabilities.
- Prompt Response to Threats: In case of a suspected breach or fraud, businesses should act swiftly, notifying affected users and taking corrective actions.
Return and Reshipping Ruses Rise
During peak seasons, with the influx of orders, scammers may exploit return policies. They purchase items, use or replace them, and then return them for a full refund. In some cases, they may even manipulate unsuspecting individuals into reshipping goods purchased with stolen credentials.
Scammers, capitalizing on generous return policies, may purchase items only to use or replace them with counterfeit or damaged goods, subsequently initiating a return for a full refund. This deceptive practice, often termed “wardrobing” when involving clothing items, results in the retailer receiving a worthless item while the scammer retains both the original product and the refund.
Another sinister form of this fraud is the reshipping scam. Here, fraudsters use stolen credit and debit card information to buy goods and then have them shipped to an unsuspecting individual, often recruited under the guise of a “work-from-home” job offer. This individual is then instructed to forward the goods to another location, usually overseas. By the time the actual cardholder of the stolen credit card notices and reports the unauthorized transaction, the products are long gone, having passed through the hands of the unsuspecting middleman.
Direct financial loss stands at the forefront, where businesses not only lose out on inventory but also the revenue from both the initial sale and the consequent refund. This tangible hit to the bottom line is compounded by the ancillary administrative and operational costs tied to processing returns, which can mount up, especially if fraudulent returns become a recurrent issue.
In a bid to safeguard their interests, businesses that consistently grapple with return fraud may inevitably tighten return policies. Such restrictive measures, even if well-intentioned, can dissuade legitimate buyers, casting a shadow over the brand’s image and eroding customer trust. Lastly, on an operational level, frequent instances of return fraud can wreak havoc on inventory management, leading to disruptions in the supply chain and skewing sales forecasts, further destabilizing the business’s strategic planning.
Tackling return and reshipping fraud requires a balance. While businesses need to protect themselves from losses, it’s equally crucial to ensure genuine customers don’t face unnecessary hurdles, maintaining the trust and ease that online shopping provides. A few strategies retailers might use include to prevent these types of fraudulent transactions include:
- Clear Return Policies: Retailers should have clear, well-communicated return policies that deter fraud while still being fair to genuine customers.
- Monitor Return Patterns: Employ analytics to identify patterns or behaviors consistent with return fraud, such as frequent high-value returns from the same customer.
- Verification Systems: Implement systems that inspect and verify the authenticity and condition of returned items before processing refunds.
- Limit Reshipping: If possible, restrict the reshipping of products, especially to regions known for high levels of fraud.
Customer Experience and Fraud Prevention Are at Odds
Legitimate customers don’t want to deal with fraud, but they also don’t want to deal with arduous fraud prevention tactics — especially at checkout. If they’re falsely declined, they’re much more likely to abandon their cart and take their business elsewhere.
Retailers don’t have to choose merchant fraud protection over the customer experience (CX) to keep out fraudsters, though. In fact, many fraud prevention solutions operate seamlessly (almost invisibly) in the background. And because these “invisible” solutions are much less likely to turn legitimate customers away, you also don’t have to risk your customer loyalty to ramp up security. The CX and fraud prevention can work together in concert.
With your reputation and financial health—not to mention your customer experience, well-being, and loyalty on the line—you can’t afford to have fraudsters running rampant on your eCommerce website or in your store. Luckily, there are quite a few fraud management trends you can take advantage of to mitigate the risk.
For the foreseeable future, that means creating strong dual authentication and biometric passwords, using machine learning to detect fraudsters early, and making your fraud prevention methods invisible to the customer.
Radial can help respond to trends in payment fraud.