E-commerce fraud is common, and it can realistically happen to you if you don't know how to prevent it. If it does happen, you need to detect it immediately and do whatever you can to get your money back and prevent it from happening again.
While you can be reasonably safe if you take the right precautions, e-commerce fraud is much more of a threat than it was only a few years ago. There are many tricks cybercriminals use to steal money from online retailers. Some of these tricks are fairly sophisticated; others only work against very poorly protected businesses that make no attempt to prevent fraud.
Types of E-Commerce Fraud
Sometimes, people first buy something online, then lie to their credit card company and claim that someone else used their card illegally. This way, they get to keep the item and refuse to pay for it. Another trick is falsely claiming that the item never arrived and refusing to pay for it.
There is no way for the credit card company to know that a scam occurred. Scammers often do this with their own credit cards, not other people's.
The customer often wins if it comes down to the customer's word against the company's word, so it is not easy to use the law against these scammers. You might stop accepting certain payment methods if this happens to you repeatedly.
Identity Theft
Identity theft can be more of a threat to retailers than to individuals. To steal someone's identity, a hacker finds out their name, address, credit card number, and other information and then uses it to make purchases in their name.
If someone is a victim of identity theft, it is sometimes only a hassle and not a financial loss. They can call their credit card company and refuse to pay for anything the hacker stole from them.
However, there is no way for the retailer to get their money back. The thief often gets away with it, and the retailer is stuck with the bill. Retailers have to take responsibility for preventing identity theft.
Fake Online Stores
Some online stores are completely fake and steal from anyone that uses them. The thief offers low prices to get attention, takes people's money, and never ships any products.
Some of these scammers target businesses rather than individual customers. A wholesaler might accept fairly large orders from a business and then never deliver the products.
To avoid this, always make sure that whoever you are buying products from is legitimate. If they are a new company no one has heard of before but are offering products at impossibly low prices, they could easily be scammers.
Scammers may post fake articles online that say their business is legitimate and create fake positive reviews. Buying from large, long-established companies is the safest. If you buy from a smaller company, make sure you know who they are first.
How to Prevent Fraud
One of the simplest ways to commit fraud against an e-commerce business is to scam them with a fake business offer. A scammer might first offer to make you a lot of money, then tell you that they need a bit of money before they can start, and then disappear with your money if they get it.
The scammers' reasons for needing some money first often sound legitimate, but be extremely suspicious if anyone is asking for money after offering you an opportunity to make money. There are many other simple tips and tricks you can use to minimise the risk of eCommerce fraud.
Use Simple Safeguards
Since scammers are usually first-time buyers, you might manually check each order from a first-time buyer instead of relying on software. Repeat customers are much less likely to try to scam you.
If a single customer makes a few different purchases on different credit cards, consider them suspicious. You don't want to be paranoid and block legitimate customers, but a few different cards are a yellow flag that means you should carefully look at their order.
Another yellow or red flag is a few people with different credit cards making purchases from the same IP address. They could be people that live together, but there is a good chance it is a thief with a few people's credit card information.
Some other things that can help you are:
-
Require people to have a verified PayPal account, don't accept any orders from unverified accounts.
-
Refuse to accept credit cards from locations with too much fraud. If they are a legitimate customer living in a high-fraud location, they can use a legitimate PayPal account.
Monitor All of the Data You Can Look At
You can often tell whether or not an order is likely to be fraudulent just by looking at it. If the order looks very suspicious, you should reject it and not take chances.
An obviously fake phone number is a huge red flag. If someone's phone number includes "555" it is definitely fake. No real phone numbers start with "555". Many e-mail addresses are also obviously fake.
If a person uses a different name from the name on the credit card, or a different address, that is obviously suspicious. Someone might move without changing the address on their credit card, but you don't want to be too lenient.
If you don't have time to look at order information yourself, you can either have software do it or get an employee to do it instead. Sometimes, an employee can spot something a software program won't notice.
If an order seems like it might be fraudulent, confirm that it is genuine before you accept it. Look the address up online. If the address doesn't exist or is not anyone's home, decline the order.
Large orders that contain more than one of the same product are also suspicious. Large orders are exciting and usually legitimate, but examine the information and look for warning signs.
Insist on Verifying Addresses for Credit Card Purchases
You can use an "address verification service," which compares the address the buyer types to the address the credit card company lists for that card. Some hackers don't know what the address for their credit card is.
While this trick works, it may block some legitimate customers who haven't called their credit card company and updated their address. You should always require the credit code verification (CCV) number.
The CCV is a few digits printed on the credit card that are not part of the credit card number. Sometimes, a hacker will have a credit card number but not a CCV. The more information you ask for, the more information a hacker has to have to make an illegal purchase.
Use a Payment Processor
While using a payment processor like PayPal is not free, it can be worth what they charge. They are experts at processing payments and guarding people's data, so they can protect you and your customers from hackers.
Use Phone Authentication
Phone authentication is also a great way to prevent identity theft. Even if a hacker knows everything about a victim, they will not have physical possession of their phone. If people have to use text message verification to make a purchase, most identity theft is impossible.
Use Fraud Protection Software
While fraud protection software isn't always enough on its own (you can't rely on software to protect you from someone who calls you up and tries to deceive you), anti-fraud software can still be worth the money.
If you have a larger business and can afford something expensive, Datadome is probably the best software on the market. It is a powerful AI tool that can intelligently sift through your data and look for anything suspicious. Signifyd, DubZapper, and Simility are decent tools if Sift Science is too expensive.
Ecommerce Fraud Management
First, understand that the best way to manage fraud is to avoid it because if a hacker scams you, you probably won't be able to get your money back. The customer can get their money back if they have the right to refuse fraudulent charges on their credit card, but you don't have any similar rights as a business owner.
Second, understand that the police take online fraud seriously and that hackers often get caught. Record as much information as possible and call the police right away. You will have a much better chance if you act quickly.
Some agencies in the United States that can help you are:
-
U.S. Immigration and Customs Enforcement
-
U.S. Secret Service
-
The Cyber Division of the FBI
Sometimes, depending on the size of the theft, no one will investigate your case. There are bigger cases to go after, and law enforcement agencies have limited resources.
If someone steals from you and gets away with it, learn from your mistakes and plug holes in your security. Start using software to protect yourself if you don't already. Check orders manually, buy only from trustworthy companies, and require more information from people using credit cards.