The e-Commerce industry is battling a huge wave of card-not-present fraud, and small businesses are particularly at risk. In Q2 2016, more than 450 million botnet fraud attempts were made against e-Commerce merchants worldwide, seeking out vulnerable places to steal merchandise and validate stolen payment data. Because many small businesses have no fraud protection, professional fraudsters view them as easy targets. To survive, small e-Commerce business owners must know the scope of the problem, the risks, and the best ways to fight back.
How E-Commerce Fraud Got So Bad So Fast
There are several reasons e-Commerce fraud has exploded. First, the U.S.’ transition to chip-and-PIN cards at store checkout terminals made it harder for thieves to use fake cards in stores, so they’ve pivoted to new targets. Huge data breaches around the world have yielded more stolen card numbers than ever before. To work out the expiration dates and security code numbers for those stolen card numbers, criminals now use botnets to test many cards quickly in online stores with poor anti-fraud protection.
Meanwhile, more small businesses than ever are selling online, often with little to no knowledge of the fraud threats they face. A 2016 MasterCard survey found that 60% of U.S. small businesses don’t use any online fraud prevention tools at all. That makes small online shops ideal places for fraudsters to test their stolen info by attempting purchases, either by hand or using bots.
How Fraud Kills Small E-Commerce Businesses
Small businesses face disproportionately high risks when it comes to online fraud. Because small businesses have less revenue and cash reserves than major retailers, the effects of even a few successful frauds can be devastating.
E-Commerce businesses lose revenue on each fraudulent order, of course, and if they fulfill the order before the fraud is discovered, they lose the value of the goods shipped and the cost of shipping. The damage doesn’t stop there. “Friendly fraud” orders (in which customers lie about not receiving their purchase), and purchases made with stolen card data, often get charged back through the credit card companies, and the retailer pays a bank fee for each chargeback – up to $100 per transaction. Each chargeback factors into the retailer’s chargeback ratio, which measures chargebacks against total transactions. Merchant banks use the chargeback ratio to evaluate the shop’s risk level and set the shop’s transaction processing rates. The higher the ratio, the higher the risk and the costs. Meanwhile, if the shop earns a reputation as easy to defraud, more criminals and botnets will target it, pushing the chargeback ratio and losses higher.