New eCommerce fraud trends your business needs to know

This post was written by Kelsey Blakely, Square’s Lead of Risk Partnerships and Insights.

Please note that this article is intended for educational purposes only and should not be deemed to be or used as legal advice. For guidance specific to your business, consult with a qualified professional.

Most companies and consumers will be aware of fraud techniques such as digital payment fraud, where purchases are made using stolen cards or stolen card details. Unfortunately, it is nothing new, but this and other forms of fraud are becoming increasingly prevalent online. In fact, a recent UK Finance report found that eCommerce fraud accounted for 58% of all card fraud in 2019, costing UK businesses over £300 million.

This huge number is growing due to the increase in people using eCommerce as a practical, convenient and safe way to shop. Just this year, there has been a 209% increase in online retail in the UK, a rise which has been accelerated by the effects of the 2020 coronavirus pandemic. With the rise in eCommerce not showing any sign of slowing down, it is key that businesses understand the new trends in online fraud that could end up affecting them, their customers and ultimately their bottom line.

So what are some of the new fraudulent payment scams that online retailers should be aware of and what can you do to combat them?

Account Takeover Fraud

Account Takeover Fraud is basically online identity theft and can probably be described as the next step on from the more standard digital payment fraud. Instead of stealing cards or card details, with Account Takeover, fraudsters steal and assume innocent consumers’ online identities.

Using these existing accounts and their associated payment details, fraudsters then buy products, changing the existing security settings to lock the real users out. This sort of fraud is becoming more common with the increase in online shopping but also different online payment platforms such as Paypal, Klarna and Skrill etc, which give fraudsters even more opportunities to access accounts. From 2016, losses resulting from Account Takeover Fraud rose 122% and reached $9 billion in 2019.

Merchant App Fraud

The popularity in shopping via mobile and app platforms has also seen a rise in the similar trend of Merchant App fraud. This is where the same defrauding techniques as Account Takeover Fraud are used but solely within a businesses app platform. A report by LexisNexis found that app and mobile eCommerce fraud tripled between 2017 and 2019.

To avoid fraud it pays for you to be set up to stop it before it even happens. But with Account Takeover and Merchant App Fraud in particular, having additional payment security features in place, such as verifying customer information of their name, address, CVV code and date of birth are best. Plus having two-factor authentication for online shopping accounts will help prevent them too.

Gift Card Fraud

The recent impact of the coronavirus pandemic on businesses has led to a rise in gift cards as an alternative to traditional product purchases. A recent study by US gift card company Blackhawk Network found that gift card sales had risen by 54% this year alone. 63% of consumers surveyed, stated that they buy them as they can be bought, sent and redeemed entirely online, and so remain unaffected by any COVID-19 related restrictions.

Unfortunately, though, Gift Card Fraud has also increased. This is usually through purchasing gift cards with stolen card details or stealing gift card serial numbers to claim back fraudulently at a later date. There are now even online bots that fraudsters use to find corresponding gift card serial numbers that are active, to spend without either the customer or business knowing before it’s too late.

Gift card fraud can be hard for businesses to detect but one way is to help is to ensure you sell through software that can track all gift card purchases. Using something like Square Gift Cards can help monitor this and also watch for any odd customer behaviour.

Triangulation Fraud

This is a relatively new and more sophisticated method of digital payments fraud. It still involves the theft of a card or card details but instead of the fraudster taking over an account, as with Account Takeovers, they set up a fake business. As the name suggests there are also a further two parties involved, a legitimate business and a legitimate customer.

The defrauding happens when the fake business lists items and then accepts orders and payment from the legitimate customer. Rather than holding the stock and fulfilling the order themselves, they then buy the same item from the legitimate business with a stolen card, and ship this to the legitimate customer on behalf of their fake business, or in some cases not at all!

While the risk of Triangulation Fraud can also be reduced by increasing payment security features, it is also all about vigilance. Monitoring customer behaviour for things such as new customers making the same transactions or the billing address not matching the delivery address can be enough to recognise this trend.

Friendly Fraud

Also known as First Party Fraud, this method of defrauding businesses is carried out by requesting refunds for goods that have been received, yet the ‘customer’ claims haven’t arrived. However, rather than going through the original business they bought from, fraudsters will request refunds directly from their banks. To do so, a consumer can call their bank, which will refund the purchase and issue a chargeback to the company. Statistics from the last couple of years have shown that for eCommerce businesses in particular, friendly fraud now accounts for a higher percentage of losses than digital payment fraud.

To fight Friendly Fraud it is best to be upfront and open with your customers to avoid genuine confusion and promote support when fraud does happen. Be clear about your T&Cs and prompt with all of your customer communication, but especially order and delivery confirmations.

Refund Fraud

Friendly Fraud is not to be confused with the similar Refund Fraud, which has again been boosted by the overall rise in popularity of eCommerce. According to Deloitte, online return rates are expected to reach close to 10% by 2022, so both are something that eCommerce businesses will have to deal with. Refund Fraud is where ‘professional’ refunders set themselves up as companies and are contacted by legitimate consumers. They then pose on their behalf, claiming fraudulent refunds based on loopholes and false claims of unfulfilled orders.

When it comes to Refund Fraud, you should be strict with all facets of your returns and refund process and policies. For example, requiring proof of identity when accepting returns. You can even go so far as to getting rid of refunds entirely and offering store credit or gift receipts instead.

How eCommerce fraud can impact your business

All of these fraud trends are bad for your business because once customers discover that they are having goods bought fraudulently through any of these methods, they can request refunds for those orders. This will essentially end up costing your business twice, once for the loss of stock for the original fraudulent order and again when you have to refund the cost of it. Overall, fraud is estimated to cost the UK £130 billion a year.

With fraud trends such as Account Takeover and Merchant App Fraud, there are also other potential implications, with any accrued loyalty rewards or points being used up by the fraudster too. Again, this will end up costing your business.

Defrauding can also lead to wider implications for consumers online security across other personal accounts and even banking details, which will have wider and more severe implications for them. As with all fraud, it can also be really damaging to a company’s reputation and you could also end up losing the customers affected.

However, with support from services such as Square’s in-built security measures, you can set up shop secure in the knowledge that your customers’ details and your online payments are well, secure! But it always pays to be careful, so stay vigilant and make sure that you are up to date with any new fraud and payment security developments and how you can stop them.