If necessity is the mother of invention, then it is safe to say the pandemic has created an enormous wave of growth in Ecommerce. During the pandemic, consumers got comfortable filling their virtual shopping carts with groceries, ordering through DoorDash, and even having such staples as toilet paper and cleaning supplies delivered. Ecommerce grew by leaps and bounds, and as a result, shopper habits have permanently changed, with a new preference toward online shopping – even as people return to brick-and-mortar purchases.
Emarketer recently estimated that Ecommerce sales grew 13.7% in 2021, reaching $908.73 billion. This increase built upon the massive growth seen in 2020, with totals in Ecommerce sales in 2021 to reach over $147 billion more than expected prior to the pandemic. And it is expected that Ecommerce sales will surpass $1 trillion in 2022.
But as the world continues to go digital, so too will the fraudsters.
There are many different types of Ecommerce fraud – whether perpetrated by hackers or even by your own customers. The number of reported data breaches jumped 68% last year to the highest total ever, according to the Identity Theft Resource Center’s (ITRC) 2021 Data Breach Report. There were 1,862 data breaches in 2021, surpassing both 2020’s total of 1,108 and the previous record of 1,506 set in 2017. Of those breaches reported, ransomware attacks doubled, representing 22% of the total number of reported cyberattacks in 2021. At this rate of growth, ITRC said ransomware will surpass phishing as the top cause of data breaches this year.
The 1,862 data breaches last year represent a lot of risk for the online merchant.
On the other side of the coin, the rise of online commerce can also increase the threat of fraud attempts and chargebacks from your own customers. Ultimately, when a customer engages in fraud on your checkout, you, as the retailer, absorb the cost.
“E-commerce retailers were at risk of losing over $20 billion in 2021 due to online fraudulent activities, a Juniper research report found. This loss would represent an 18% increase, compared to $17.5 billion recorded last year. Identity theft, chargeback fraud, ‘silent’ fraud, account takeovers and ‘pharming’ are major fraud threats for online shoppers and merchants. While the need for security is greater than ever, the competitive e-commerce environment means merchants will need to ensure that extra security checks are justified to the user.”
Types of Ecommerce Fraud
Having a robust cybersecurity strategy in place has always been paramount, but merchants must be extra cautious as Ecommerce continues to grow. There are several types of online fraud that companies need to be aware of:
- Friendly fraud – Friendly fraud is anything but friendly. Friendly fraud has grown in recent years with the rise of Ecommerce. A customer makes a purchase online for a product or service with their credit card and then contacts their credit card issuer to dispute the charge. This type of credit card fraud is often referred to as friendly because the customer will make claims that seem believable and honest.
- Card testing – Card Testing is a technique where the fraudster is trying to determine if he can use stolen card information to make online purchases. Card Testing is also referred to as auth (authorization) testing and is a trial run for fraudsters for $1 or less, hoping that it goes through, or even if it doesn’t, it won’t raise any significant flags if it gets declined.
- Chargebacks – Chargebacks are a consumer protection tool that allows consumers to get their money back for fraudulent charges or purchases that don’t live up to standards by submitting a dispute with their card issuer. If you notice a transaction on your credit card account that doesn’t look familiar or run into issues with a recent order, you may want to (and should) dispute the transaction. Generally, you’ll have two options when disputing a transaction: refund or chargeback.
A refund comes directly from a merchant, while a chargeback comes from your card issuer.
While fraud can happen in numerous ways, merchants must take a proactive approach to combat fraud.
Strategies and Tools to Safeguard Your Checkout from Fraud This Holiday Season
- Take advantage of security tools like reCAPTCHA built into the payment experience. Simply put, CAPTCHAs enhance online payment security and prevent sites from being affected and attacked by hackers.
- Enable standard security elements like zip code validation, address verification, and CVV on the payment pages so that it will be difficult for fraudsters. No single factor can prevent card testing fraud. Hence, we recommend a multi-layered approach that can help merchants prevent credit card testing fraud attacks.
- Merchants can turn on IP blocking rules and velocity checks built in to define their own rules to prevent these attacks.
- Enroll in 3D Secure (3DS), a tool that adds a layer of security to prevent fraud in Ecommerce transactions with credit and debit cards. It sits on the merchant’s payment form and authenticates customers in real-time during card not present transactions. It can help you increase authorizations and shift chargeback liability to the card issuer, including for chargeback codes 10.4837 and 10.4863. But remember, while it is a very useful tool, it alone does not constitute a comprehensive fraud prevention strategy.
- We encourage our merchants to learn more about Bluefin’s fraud-scoring tool, where they can leverage state-of-the-art machine learning models and established rules to identify good customers, analyze patterns and data, and highlight risky transactions. Fraud prevention requires analyzing devices, associated identities transacting across digital channels, and monitoring transaction data. We recommend our merchants adopt a strategy that helps minimize risk and reduce losses caused by card-not-present fraud.
- Bluefin also has various internal monitoring mechanisms through our PayConex™ payment gateway that help detect critical vulnerability indicators like high traffic in a short amount of time with the same attributes, low transaction values, increase in failed authorizations, and specific decline codes.
- Finally, it’s imperative that merchants make Personally Identifiable Information (PII), Protected Health Information (PHI), and cardholder data worthless on the web. Take advantage of our ShieldConex™ data security platform, which utilizes both hardware-based encryption and vaultless tokenization to secure sensitive data entered online.
Protecting Your Transactions and Your Brand
Regardless of what 2022 brings, Bluefin will be with you every step of the way – offering encryption, tokenization, fraud and authentication tools to keep your business safe and your customers coming back. Join us on February 9th at 1 pm EST as we detail several exciting new products available through Bluefin and our PayConex™ gateway to help you meet the digital demand while protecting your business.
To learn more, contact Bluefin today.