How Merchants Can Prevent Fraud | FlavorCloud
Every $1 lost due to fraud in the U.S. actually costs merchants $3.60. That’s an increase of 7 percent over 2020 and 15 percent over 2019. And researchers expect these costs to continue growing. In addition to the cost of the stolen goods from fraudulent orders or credit card transactions, merchants must cover chargeback fees, restocking costs, and interest.
The same study found that fraud soared along with online transactions during the pandemic. U.S. merchants reported an average increase in fraud attacks of 140 percent since 2020, while Canadian businesses experienced a 52 percent increase. So, it’s natural to be concerned about fraudulent purchases and want to prevent them.
We know ecommerce fraud and fraudulent orders are a concern for our merchants. That’s why we’re sharing information and guidance. At FlavorCloud, we’re here to support you and drive growth.
What is ecommerce fraud?
Ecommerce fraud is the use of stolen or scammed credit card or payment information to attempt or successfully order online. This is also called payment or credit card fraud, resulting in fraudulent orders.
Why is ecommerce fraud on the rise?
Several factors are driving increased ecommerce fraud. One is the inclusion of computer chips in credit cards that led to a 76 percent reduction in counterfeit card fraud from 2015 to 2018, where cards were required. Since most retailers have changed their point-of-sale payment system to accommodate chip-enabled credit cards, fraudsters were left to find an alternate method of leveraging stolen credit card and bank information for their gain. Placing fraudulent orders online where physical credit cards are not required was their answer.
Another force driving the rise of fraudulent orders is the dramatic increase of ecommerce during the pandemic. According to CNBC, Americans spent $791.7 billion during 2020 on ecommerce, up 32.4% from 2019.
Data breaches are also a contributor to the increase in ecommerce fraud. And with the number of data breaches so far this year already surpassing the total number in 2020 by 17%, it isn’t surprising that fraudulent orders continue to rise in number. These breaches increase the availability of consumer account information to those wishing to complete fraudulent orders. Plus, this information makes it easier for perpetrators to attain billing and identity data for more successful attempts.
How ecommerce fraud happens
Criminals commonly place fraudulent orders with stolen or scammed credit cards, banking, or payment information. There are several common methods they use to commit ecommerce fraud. The following three are the most frequently used approaches.
Credit card fraud
Credit card fraud, also known as card-not-present fraud or payment fraud, is the use of stolen credit card information to purchase products or services from an online store. When a merchant fulfils a fraudulent order, the criminal is stealing the product. Then the actual cardholder requests a refund from their credit card company for the unauthorized purchase. This results in the merchant paying a chargeback fee in addition to the lost revenue and merchandise.
Card testing scams are part of the credit card fraud process where multiple credit cards are tried to test which are still active and will allow for purchases. Although these types of purchases are typically small, low-risk orders, they can add up and significantly impact a merchant’s bottom line.
Ecommerce stores often offer customers the option to create online accounts where personal and payment information are stored along with purchase history. Cybercriminals gain access to these accounts through phishing schemes where they trick customers into revealing login information via email. Then they log into the accounts, change the passwords, and place fraudulent orders.
In interception fraud, fraudsters use stolen credit cards to make online purchases and ship the goods to the address on file for the credit card at checkout. Then after the transaction is completed, the criminal contacts customer service to change the delivery address before the item ships.
How to recognize fraudulent orders
Keep fraudulent orders to a minimum by looking for key characteristics. It may mean delaying approval of suspicious orders to confirm their validity. But most customers will appreciate you making the extra effort for their security and will understand. And fraudsters will simply flee. The following red flags are common clues an order may be fraudulent.
Inconsistent customer information: Things to look for include a zip code and city on the order that don’t match, an IP address of the shopper and their email address not matching, or a billing and shipping address that don’t match.
Unusually large orders: If an existing customer suddenly enters a substantially larger order than usual for them, you may want to confirm the order with the customer before fulfilling it. And, if an unknown customer enters a larger than average order out of the blue, this is also worth investigating.
Different location: When a customer who always purchases from an IP address in North America suddenly enters an order from an IP address elsewhere else in the world.
Multiple shipping addresses: The buyer places multiple orders using one billing address and multiple shipping addresses, especially if it isn’t a gift-giving time of year.
Many consecutive transactions over a short time: This could be a criminal making multiple purchases back-to-back if it’s not the holiday season.
Numerous orders from various credit cards: It may be suspicious if one customer enters many orders using a lot of different credit cards, especially if they are entered all in the same day or a matter of weeks.
Multiple declined transactions in a row: The purchaser makes a high number of attempts to charge an order without getting the card number, expiration date, and card security code correct. This certainly is a red flag!
A series of orders from a new country: If you’ve never received a single order from a specific country and suddenly receive a dozen orders from that country in a matter of days or weeks, you’ll want to investigate.
How merchants can protect themselves
Merchants need to be proactive to protect themselves from fraudulent credit card transactions and orders. Beyond watching for the red flags described above, there are additional measures you can take. These preventive measures minimize merchants’ fraud risk. Here’s what to do:
Become PCI compliant
Online stores that accept credit card payments must be compliant with Payment Card Industry (PCI). This ensures secure credit card processing. If you operate a SaaS-based ecommerce store, your platform will typically provide this compliance.
Use an Address Verification Service (AVS)
Credit card processors and issuing banks usually offer an Address Verification Service. The AVS compares the billing address submitted by the customer with the billing address on file with the issuing bank. This occurs as part of the merchant’s request to the payment processor for authorization of the credit card transaction to detect suspicious credit card transactions in real-time and prevent credit card fraud. When addresses don’t match, the system either declines the transaction or flags it for investigation.
Require Card Verification Value (CVV) numbers for all purchases
The three or four-digit security code on the back of credit and debit cards is called the Card Verification Value (CVV) or Card Security Code (CSC). Requiring all purchasers to supply this code for every transaction adds another layer of security. This helps minimize fraudulent orders.
Use Hypertext Transfer Protocol Secure (HTTPS)
Buy an SSL certificate to upgrade your ecommerce store to HTTPS, the secure version of HTTP. HTTPS encrypts data sent between customers’ web browsers and online stores. This protects sensitive information like customer names, addresses, and credit card numbers from being viewed by hackers, cybercriminals, and fraudsters.
Don’t ship to non-physical addresses
Never ship online orders to PO boxes and other virtual addresses. Especially watch out for freight forwarder addresses that include a container number in the address, like 533 Dock Road Suite 200 #KXQ-581879318.
Try a fraud-prevention solution
Prevent fraudulent orders and chargebacks while providing an excellent customer experience. Consider automating fraud prevention processes by leveraging a software solution that meets your needs and budget.
Although FlavorCloud does not offer services in this space, we have seen many merchants utilize one of the following solutions. These are worth exploring to see if they fit your requirements and business model.
- Shopify Fraud Protect (available to US-based Shopify Stores using Shopify Payments)
Fraudulent orders and chargebacks don’t need to take a huge bite out of a merchant’s bottom line. Fraudulent transactions can be kept to a minimum by being watchful and proactive. This frees merchants to focus their efforts on other aspects of their businesses.
Still have questions? Contact FlavorCloud. We’re here to help!