Best Practices for Mitigating Evolving Ecommerce Fraud Risks
Fraud tactics are always evolving, which means retailers must always be aware of the new threats they may face. Today, the prevalence of stolen consumer data, fraud tutorials online, and accessible technology make it easier than ever for anyone to commit ecommerce fraud. That not only includes people who go looking for fraud instructions online but also those who stumble on it and decide to give it a try. Understanding how these new fraud tactics work is critical for businesses, so they can adapt their security and fraud-prevention strategies.
Of course, there have been resources for would-be fraudsters on the internet for years. However, most of those tips and stolen databases used to be hidden away on parts of the web where most users never went. That same kind of information increasingly turns up on popular, mainstream platforms including TikTok with hashtags like #scamtok, despite social networks’ attempts to remove the posts as fast as possible.
These posts share tutorials and invite would-be scammers to connect outside the platform to buy how-to guides they can use to commit CNP fraud, return fraud and other types of fraud against retailers. In many cases, scammers are selling how-to fraud guides that are specific to popular retailers, streaming services and service providers, as well as digital payment service providers. At the same time, novice fraudsters and more experienced crime rings can hire bots to test cards, place orders and even impersonate trusted brands to lure consumers into unwittingly committing online fraud.
Retailers and other businesses that transact with customers online need to keep tabs on this fraud-as-a-service space and implement a set of best practices to protect their brands and customer relationships.
Monitor Your Brand and Payment Methods
With fraudsters selling guides to defrauding specific retailers and payment methods (like Buy Now Pay Later, PayPal and others), online businesses should actively monitor mentions of their brand name and payment partners on the web and on social networks. This can help identify and shut down accounts and posts that share fraud tips aimed at your business. Social and web monitoring can also help to identify brand impostors that may be phishing your customers for their account credentials.
Set Speed Limits to Stop Fraud Bot Attacks
Fraudsters hire botnets because it is an efficient way to commit fraud at scale. When these botnets find a vulnerable site, they can quickly overwhelm it with small-value card-testing orders or high-value purchases of goods for resale. Either way, the website gets hit with a chargeback fee for each of those orders, and if the scale and scope of the attack is large enough, they risk losing their merchant account.
Setting limits is the way to avoid this. Retailers can limit the number of times a user can attempt to enter data correctly in checkout forms. They can also limit the number of orders that can come from the same IP address in a set amount of time and limit the total ticket value of those orders.
Use Real-Time Analytics Rather Than Static Data for Fraud Scoring
Data breaches have exposed billions of user credentials online, more data is stolen and sold every day, and a lot of that information is then used to commit fraud. That means retailers who block every address, phone number or credit card that has ever been associated with fraud will have an always-shrinking pool of orders they can approve. Rather than use negative lists to make fraud decisions, ecommerce businesses can use AI and machine learning-powered solutions to assess multiple elements of each order, including location, device, customer history and recent online behavior, to safely approve more orders while avoiding costly fraud.
Review Flagged Orders Before Making Decisions
As pervasive as online fraud has become, it is understandable that retailers may want to adopt a “better safe than sorry” policy for orders that score high for fraud risk. However, that approach can backfire over the long term by driving away good customers and eroding the retailer’s reputation. According to ClearSale’s latest study of online consumer attitudes, 40% will boycott a retailer if their order is declined, and 34% will say something bad about the retailer on social media.
Rather than assume all risky orders are fraud, retailers can manually review those orders to determine which ones are good orders with unusual characteristics and which ones are actually fraud. That prevents false-decline related customer churn and increases good order approvals, while still preventing fraud.
Take a Proactive Approach to Return Fraud
Returns are an expensive fact of life for ecommerce businesses, accounting for more than 16% of purchases in 2021, with retailers losing 10% of the value of returned merchandise to fraud. Some of that fraud comes from consumers wearing or using items in violations of the store’s return policy, and then returning them anyway. This so-called “wardrobing” is common with designer clothing, handbags, large televisions and other items that a fraudster might want to use for a one-time event. Unfortunately, merchants often take a loss on these returns because they can no longer be offered as new.
Stores can get ahead of the wardrobing fraud problem with tags that are difficult or impossible to hide, or which make the product impossible to use without removing them. For example, a designer gown can have a large tag that wraps around and through the dress and that will shred if removed. That prevents the customer from removing the tag and then reattaching it, or tucking it into the dress to hide it while wearing the garment.
Retailers can also track returns by customer, address or credit card to see if a pattern of returns emerges for frequently wardrobed items like high-definition TVs. In some cases, it may be worthwhile to block certain customers from making purchases, to avoid return-fraud losses.
Keeping up with evolving fraud tactics can be a lot of work, but it is important for preventing fraud losses and maintaining good relationships with trusted customers. By protecting your brand, limiting bot access to your site, safeguarding your merchandise from return fraud, and using layered strategies to prevent fraud and false declines, you can stop novice and experienced fraudsters from damaging your business.