The holiday season can present a significant uptick in sales for many business owners. Unfortunately, it's also during the holidays that companies are more likely to see an accompanying increase in e-commerce fraud.
Overall, the incidence of holiday fraud is rising each year. According to The Forter/MRC Fraud Attack Index, fourth quarter U.S. online sales in 2016 were 79 percent more at risk of fraud than in 2015. (The index measures domestic and international transactions in apparel, luxury and digital goods, food deliveries and travel and hospitality.)
E-commerce fraud increases are likely tied into the increase in EMV-chip technology at physical stores as fraudsters shift to card-not-present (CNP) transactions, believes Kimberly Sutherland. Sutherland is the senior director for fraud and identity management strategy for LexisNexis Risk Solutions, which offers risk management services.
In 2017, retailers have seen the cost of online fraud increase significantly, notes Sutherland.
“According to the 2017 LexisNexis True Cost of Fraud Study, [which surveyed 1,000 fraud executives], merchants that sell both online physical and digital goods experienced a significantly higher cost associated with their fraud losses—a 63 percent increase over 2016."
Types of E-Commerce Fraud
There are two main types of e-commerce fraud for business owners to watch out for during the holiday season. Both types of fraud can significantly affect fourth quarter sales.
“When a customer makes a purchase online for a product or service with a credit card, and then contacts the credit card issuer to dispute the charge in a believable way, that's considered friendly fraud," says Matthew Katz, CEO and founder of Verifi, a payment management and protection company.
Friendly fraud tends to peak during the first quarter, notes Katz.
—Matthew Katz, CEO and founder, Verifi
“Unscrupulous consumers claim they never received purchased items, the products weren't as described online, or they arrived damaged, which results in a refund," he explains. "These losses put a huge dent in a retailer's bottom line."
Friendly fraud is common during the holiday buying season, agrees Jared Ronski, co-founder of MerchACT, which offers merchant payment solutions.
“Customers are making many purchases at once, which opens the door to both accidental and intentional friendly fraud," he says. “Accidental fraud may occur if a customer didn't remember placing an order. The person calls the credit card company, which initiates a costly chargeback."
When cyber criminals target your e-commerce site using stolen credit cards, the losses can also be significant.
“We see a fair amount of identity fraud," says Rene Delgado, founder of The Bounce House Store. “Thieves steal credit cards and try to make purchases with them. We see an uptick of this type of fraud beginning in November, and it goes all the way through the holiday season."
There are e-commerce fraud risks associated with stolen identities of real people, as well as synthetic (fictitious and/or manipulated) identities, notes Sutherland.
“Fraud schemes are forever evolving," she says.
Steps to Help Prevent E-Commerce Fraud
E-commerce fraud may be rising, but there are steps you can take to prevent and minimize online fraud. The key is to manage and mitigate risk with a proactive rather than reactive approach, says Bradley Shaw, CEO of SEO Expert Inc., a digital marketing and e-commerce consulting company.
“Solving the fraud problem requires a multi-layered approach to mitigate the risks," adds Sutherland. The following measures can help prevent and minimize e-commerce fraud.
1. Use e-commerce fraud protection services.
“Having a good fraud protection system in place before the holiday season is in full swing is ideal," says Katz. “Making sure all of your systems, including your chargeback management provider, are up-to-date is a great way to avoid any mishaps in the buying process for online shoppers."
Delgado agrees on the importance of having fraud prevention and chargeback protection.
“The company we use inspects 100 percent of our transactions and validates that the orders are legitimate and not fraud," she says. “They also provide peace of mind by offering a chargeback guarantee. If the company approves an order and our business receives a chargeback from a customer, the company covers 100 percent of the costs."
2. Look for fraud protection that combines artificial and human intelligence.
Whatever fraud protection system you use, it's a good idea to use one that combines machine learning and human experts to prevent fraud, believes Ronski.
“Any additional insights that merchants can gather to help determine whether to approve or reject an order is always helpful."
But how do these systems help to reduce e-commerce fraud?
“Fraud protection companies use advanced machine learning techniques combined with human intelligence to analyze tens of millions of transactions to identify patterns of fraudulent behavior," Shaw explains.
“AI by itself is not enough," says Brad Wiskirchen, CEO of Kount, which provides solutions for fraud and risk management. "The key is the addition of the human element in order to calculate specific tolerance and risk levels. Such information provides real intelligence for retailers."
3. Use verification technology.
“Leverage verification processes that look at both the physical and digital components of an identity, identifying the fraud risk associated with the bill-to and ship-to addresses, email address, phone number and even location of the order when submitted," says Sutherland.
Experts recommend employing an address verification system (AVS) to fight against e-commerce fraud. This verifies the address of the person who claims to own the credit card, which helps ensure that the transaction is valid.
Card verification value (CVV) technology is also advised. This anti-fraud security feature is another layer of protection that can help ensure that the card user is in possession of the card.
4. Take advantage of email authentication.
“Email fraud is a common type of fraud," says Alexander García-Tobar, CEO and co-founder of ValiMail, an email authentication company. “This includes fake email from a customer or a bogus email that looks like it's coming from a supplier or bank.
"The most destructive and hardest to detect is a message coming from a fake email address," Tobar continues. "The only way to avoid this is to use email authentication with DMARC—Domain-based Message Authentication, Reporting and Conformance."
In addition to protecting you or an employee from clicking on a potentially damaging fake link, email authentication can help protect your domain from being misrepresented.
“When you use email authentication, you ensure that your emails to customers are trusted and don't get caught in SPAM filters," says García-Tobar.
5. Identify the origins of transactions.
What sort of device an order is placed on can help you to screen for e-commerce fraud more effectively and accordingly, says Wiskirchen.
“iPhones, iPads, Android devices, etc., all have different fraud profiles," he explains.
Device assessment is key to fraud prevention, according to Sutherland.
“Device assessment helps merchants detect human versus bot interactions, flag malicious intentions and spotlight anomalies associated with account takeovers," she explains. "Even when the identity and payment data are valid, the device risks identified may heighten the overall transaction risk."
6. Ensure software systems are up-to-date.
Make sure you're running the latest version of your operating system, advises Shaw.
“Updates are continually released with security patches to prevent fraud. Newly discovered vulnerabilities, viruses and malware are a daily threat."
7. Provide excellent customer service.
A good bet against friendly fraud is having excellent customer service.
“Sometimes customers will attempt to chargeback a purchase simply because a merchant's return policy is non-existent, hard-to-find or too complicated," says Ronski. “Having a concise, well-defined return policy advertised on your website is important. It's also important to offer multiple ways to reach a readily available customer service agent."
To provide customer service focused on making her customers feel safe and secure while shopping on her site, Delgado has her company phone number at the top of every website page.
“It seems very simple and rudimentary, but we've noticed an uptick in consumer confidence just by having the phone number clearly visible at all points in our store," she says. “We also partnered with a company that provides all of our customers with a shopping guarantee."
Read more articles on cybersecurity.