If necessity is the mother of invention, then it is safe to say the pandemic created an enormous wave of growth in e-commerce. During the pandemic, consumers got comfortable filling their virtual shopping carts with groceries, ordering through DoorDash, and even having such staples as toilet paper and cleaning supplies delivered. E-commerce grew by leaps and bounds, and as a result, shopper habits have permanently changed, with a new preference toward online shopping – even as people return to brick-and-mortar purchases.
The National Retail Federation’s (NRF) recent forecast revealed that “as we emerge from the global pandemic, retail is growing at levels not seen in over 20 years. Retail sales grew by 7% in 2020 and by over 14% in 2021. NRF forecasts that sales will grow by between 6% and 8% to more than $4.9 trillion in 2022.”
NRF’s figures represent all retail sales, but e-commerce represents a large portion of the growth.
As we near the end of 2022, it is projected that 2022 will finish strong, as the U.S Census Bureau of the Department of Commerce recently reported an increase in digital revenue of $251.7 billion in the third quarter, a 10.8% increase from the previous year’s Q3 revenue. By the end of the year, U.S. e-commerce sales will reach the $1 trillion mark for the first time. By 2025, e-commerce sales are predicted to make up nearly twenty-four percent of total retail sales in the U.S., an eleven percent increase since 2019.
With Growth Comes Opportunity – For Fraud
E-commerce growth creates new opportunities for fraudsters, and the first half of 2022 saw 817 publicly reported data breaches, all due to some type of cyberattack, according to the ITRC H1 2022 Report. The top three attack vectors were phishing (219), ransomware attacks (124) and malware (46), representing 734 of the reported breaches and over 35 million victims. Although behind the pace of last year’s 1,862 data breaches, 2022’s third quarter findings show a fifteen percent increase over Q2 of this year, with 474 reported data compromises.
Data breaches represent a lot of risk for online stores. IBM’s Cost of a Data Breach Report revealed that the average cost of a data breach in the U.S. reached an all-time high of $4.35 million in 2022. Additionally, of those organizations studied, eighty-three percent have experienced more than one data breach.
It is safe to say that as e-commerce continues to grow, so too will the opportunity for hackers to breach a system or network. Juniper Research’s recent study shows that global e-commerce fraud loss is estimated to reach over $41 billion globally by the end of 2022, and reaching $48 billion by the end of 2023, a sixteen percent increase YoY.
The U.S. will bear more than its share of the fraud burden.
Juniper’s research identified North America as the target of the majority of cybercriminals. The region has the largest fraudulent transactions by value and will account for over forty-two percent of global e-commerce frauds in 2023, despite representing less than seven percent of banked individuals globally. The research cites the vast volume of data breaches and the broad availability of stolen credit card information as key risk factors in this market.
Types of E-commerce Fraud
Having a robust cybersecurity strategy in place has always been paramount, but merchants must be extra cautious as e-commerce continues to grow. There are several types of online fraud that companies need to be aware of:
- Friendly fraud– Friendly fraud is an increasingly prevalent crime that involves a person making purchases from an e-commerce site, receiving the item(s) in question, and then falsely claiming to their credit card company that the charge was fraudulent. This type of credit card fraud is known as friendly because the customer will make claims that seem believable and honest.
- Card testing– Card testing is a tactic that fraudsters use to determine whether a stolen is “live” or usable to make online purchases. Typically, fraudsters attempt card transactions in small amounts as not to be detected by the actual card holder. Testing can also occur as authorizations sent as a query from the payment processor to the issuer or bank, asking if the customer has sufficient funds to cover a transaction. This type of testing takes longer to notice and gives the fraudster more time to use the active card. But once detected by the card holder, it is the merchant that faces chargeback requests – which is expensive and could also affect the merchant’s chargeback rate.
- Chargebacks– Chargebacks are a consumer protection tool that allows consumers to get their money back for fraudulent charges or purchases that don’t live up to standards by submitting a dispute with their card issuer. If you notice a transaction on your credit card account that doesn’t look familiar or run into issues with a recent order, you may want to (and should) dispute the transaction. Generally, you’ll have two options when disputing a transaction: refund or chargeback. A refund comes directly from a merchant, while a chargeback comes from your card issuer.
Strategies and Tools to Safeguard Your Checkout from Fraud
Fraudsters will always look for vulnerabilities to steal consumer payment data, and although fraud prevention is not foolproof, there are several strategies you can use to effectively reduce the risk of fraudulent activity. The following steps can help make your checkout process more secure.
- Enable security tools like reCAPTCHA. This service prevents automated bots or scripts from submitting payment forms and requires users to click a checkbox – like asking the users to match words with images in a simple puzzle – if malicious targeting is detected.
- Enabling CVV Verification. Enabling zip code validation, address verification, and CVV on the payment page adds another layer of security. CVVs are harder to compromise than card numbers and expiration dates, so requiring them on your payment form is optimal.
- Implement Transaction Velocity Checks. Merchants can turn on IP blocking rules and configure velocity checks that will automatically block transactions coming from unwanted sources while allowing transactions coming from specific IP addresses. It is recommended that merchants define their own rules to prevent fraudulent transaction attempts.
- Temporarily disable vulnerable forms. If all security protocols put in place still result in a compromise, temporarily disabling a payment form allows the merchant the ability to retain the page for future use without deleting the entire form.
- Verify users prior to displaying payment forms. Validating user sessions or requiring users to log in prior to accessing the payment form helps eliminate access by bad actors attempting card testing or validation of stolen credit cards.
- Use fraud-scoring tools. Bluefin encourages its merchants to learn more about Bluefin’s fraud-scoring tool, where they can leverage state-of-the-art machine learning models and established rules to identify good customers, analyze patterns and data, and highlight risky transactions. Fraud prevention requires analyzing devices, and associated identities transacting across digital channels and monitoring transaction data. Bluefin recommends its merchants adopt a strategy that helps minimize risk and reduce losses caused by card-not-present fraud.
2023 – New Opportunities for E-commerce Solutions
Regardless of what 2023 brings, protecting payment data against fraud will be crucial for all merchants. Security experts recommend using a secure payment gateway that offers PCI-validated point-to-point encryption (P2PE), tokenization, fraud, and authentication tools to keep your business safe and your customers coming back.
Bluefin’s products and our PayConex™ gateway can help you keep up with the digital demand while safeguarding your business. To formulate your best payment and data security approach, download our whitepaper today.
Attending NRF 2023 Expo in January? Please stop by Bluefin’s booth (#4458) to learn more about our solutions.