Fraud and Identity Cover
Fraud & Identity

6 Types of eCommerce Fraud and How to Fight Them

September 15, 2021

10 minutes
6 Types of eCommerce Fraud blog image 1

In only nine years, eCommerce fraud tripled from $9.84 billion in 2011 to $32.39 billion in 2020, and the trend shows no signs of slowing down.

With e-commerce on the rise, it’s critical for companies to know how to avoid becoming a statistic.In this article, you will learn about the six most common types of eCommerce fraud, and how to protect your business from them.

The Most Common Types of eCommerce Fraud

For those looking for a quick answer, we’ve outlined the 6 most common tactics  cybercriminals use to  scam e-commerce companies:

  • Card testing fraud

  • Interception fraud

  • Triangulation fraud

  • Account takeover fraud

  • Identity theft fraud

  • Friendly fraud

Card Testing Fraud

Card testing fraud, or “card cracking”, involves testing whether the stolen credit card is valid and active by making a small online purchase to see if there are any restrictions or limitations.

When someone fraudulently obtains debit or credit card information, this is usually the  first thing bad actors do before attempting to execute larger transactions. Therefore, all transactions are equal when searching for fraudulent behavior, and smaller, suspicious transactions should not be overlooked.

Interception Fraud

Interception fraud entails placing an order online using the victim's credit card along with their billing and shipping addresses. 

Once the order is placed, cybercriminals “intercept” the delivery process by contacting the store, pretending to be the victim, and redirecting the delivery to a new address.

Triangulation Fraud

In triangulation fraud, the criminal creates an online storefront. The customer makes purchases through that storefront, assuming they are purchasing legitimate products from a real company. 

The cybercriminal ships the items the customer has ordered through the legitimate eCommerce store, but saves the card information provided by the customer. Once the transaction is complete, the cybercriminal uses the authorized credit card provided by the unwitting victim to make additional, unauthorized purchases through the same store. 

Since the first transaction was valid, the criminal can potentially continue making fraudulent purchases without raising any suspicions for years to come.

Account Takeover Fraud

Account takeover fraud is often a crime of opportunity. Here, the fraudster illegally obtains and uses another person’s saved account information on an eCommerce store or marketplace to make purchases on the victim’s behalf without consent.

The sensitive information is typically obtained through hacking (rare) or phishing schemes (extremely common), the practice that entails sending emails on behalf of legitimate companies or people to trick the victim into revealing login credentials.

Identity Theft Fraud

Identify theft fraud is the most common type of eCommerce fraud that occurs when a person’s identity is stolen to make unauthorized purchases online on their behalf.

Since many payment processors make it possible to complete transactions without using credit card information every time, hackers may find a workaround by obtaining the victim’s name, email address, or phone number to make purchases.

Friendly Fraud

Friendly fraud, also known as “chargeback fraud”, happens when cybercriminals make a legitimate purchase using their own credit card.

After receiving their order, they request a chargeback, alleging the charge was fraudulent or not received.

How to Combat eCommerce Fraud

6 Types of eCommerce Fraud blog imag

Since eCommerce fraud has been getting more and more common, you must develop more awareness and defenses against cybercriminals in your organization.

There are a myriad of ways companies worldwide push back against the plague of fraudulent transactions. To get started, begin with implementing the following techniques to protect your company and your customers.

Create Blacklists

A blacklist is a list of individuals or businesses that you have identified as committing or attempting to commit acts of fraud against your business.For example, this might include people who have initiated fraudulent chargeback requests or tried to use card testing transactions. 

Once you add their information to your blacklist, you can block them from making any purchases on your store again.

Although it is a simple yet important first line of defense against fraud, this measure isn’t wholly effective. For example, it doesn’t prevent a fraudster from assuming a new identity to scam you or your customers. Still, it’s a solid preventative step.

Identify the Origins of Transactions

If you identify the device used to make a transaction, you can better screen that transaction for any indications of fraud. This is done by collecting and storing a device's “fingerprint,” which can be used to identify suspicious transactions involving a specific device.

For example, you may want to verify transactions whenever the same IP address is associated with multiple, unrelated transactions, or when the same customer makes purchases from multiple locations across the world.

Keep Your Systems Up to Date

Every company providing solutions for online stores is perfectly aware of the rampant fraud going around. 

 Upgrades often include security fixes that fix weaknesses exploited by cybercriminals, meaning you drastically reduce the likelihood of a successful fraudulent transaction or hack attack just by keeping everything up-to-date. Regularly updating your CMS, add-ons, and other systems that you rely on to run your e-commerce business is critical to ensure you always stay one step ahead of cybercriminals.

Use the Power of Big Data to Prevent Fraud

With each year, fraudsters become more sophisticated in their attempts to scam eCommerce businesses, making it difficult to fight back with simple tools and techniques.

In real-time fraud prevention instances, companies crosswalk the data obtained from live transactions with existing records and third-party datasets to detect fraud as it occurs.

Credit card fraud may be uncovered when transaction data doesn’t align with existing customer data, purchase history, or device information, thus flagging the transaction as suspicious. If that happens, the transaction can be stopped from being processed. 

The data used to prevent fraud can come from many sources and may include:

  • Geolocation data from apps

  • Website logs

  • Customer information

  • Transaction history

Additionally, successful fraud detection cases can help train intelligent fraud prevention systems to detect future incidents of fraudulent behavior.

Fight Back Against eCommerce Fraud with Data

The most fraud-proof e-commerce businesses rely on the latest tools to prevent fraud before it becomes an issue.

At the core of almost any effective fraud detection software is fresh and comprehensive data powering the systems that accurately block fraudulent transactions.

People Data Labs offers an extensive dataset containing more than 2.5 billion records and over 150 fields that empower companies to combat e-commerce fraud effectively.

To learn more, get in touch with our team today and schedule a free consultation.

Like what you read? Scroll down and subscribe to our newsletter to receive monthly updates with our latest content.

Call to Action
PDL Team

Founded in 2015 by Henry Nevue and Sean Thorne, People Data Labs helps thousands of engineering, data science, product, and other technical teams to build compliant, innovative, people data based software solutions. Our sole focus is on building the best data available by integrating thousands of compliantly-sourced datasets into a single, developer-friendly source of truth.