Before we dive into this installment of our thought leadership piece on fraud and friendly fraud prevention best practices, here are some numbers on countries with the most internet fraud in 2020, according to the fraud prevention company, SEON:
- United States: 465,177 internet fraud victims.
According to SEON's research of top countries with online fraud, the U.S. received the highest number of internet fraud in 2020.
- United Kingdom: 216,633 internet fraud victims.
Going by population size aggregation, the data above suggest that the U.K., with a population of ~20% that of the United States, has a much more problematic online fraud situation than the U.S.
- Canada: 5,399 internet fraud victims.
Equating Canada’s internet fraud challenges with India’s 2,930 cases, even with a population of 1.38 billion, one can see that Canada is facing a significant eCommerce threat.
By the way, you should also know that estimates from Statista put the monetary equivalence of global online fraud in 2021 at $20 billion. That represents a ~14% growth from $17.5 billion in 2020.
This piece aims to unveil key Shopify fraud prevention best practices that can help you create a 360° fraudulent chargeback protection for your Shopify store.
You will learn:
- The most common online fraud eCommerce merchants face today
- How to detect fraud in online transactions
- eCommerce fraud and chargeback prevention best practices for savvy Shopify online store.
First, let’s start by clarifying the basics.
What is eCommerce fraud?
As the name suggests, eCommerce fraud is any criminal deception in the cause of an online fraudulent transaction with the intent of financial or personal gain by the perpetrator while negatively impacting the business owner's bottom line.
That way, digital commerce fraud, also known as payment fraud, is primarily a criminal deception for financial or personal gain. Criminals exploits payment details that will increase the chargeback cost of your online business.
Research shows that the more eCommerce transactions grow, the more online shoplifters and cybercriminals devise wide range of strategies to scam business owners. eCommerce merchants presently deal with ~206,000 attacks on their stores.
One research claims that merchant losses to online payment fraud could hit $206 billion cumulatively by 2025.
That’s not all.
Analysts at Jupiter suggest spending on fraud detection and prevention platform services by ecommerce platforms will exceed $11.8 billion globally in 2025. And recent research by Ravelin found that 76% of retailers foresee an increase in their budget to tackle fraud-based chargeback in the next 12 months – with one in five anticipating a significant increase.
What are the causes of eCommerce fraud?
There are three main reasons why payment fraud happens. The first reason is that it’s pretty easy for cybercriminals to commit fraud nowadays. Before the massive internet penetration, such as today, a person planning to commit payment fraud will have to manually steal someone’s credit card to make an unauthorized payment. Such an endeavor was pretty challenging, limiting card fraud incidents in those days.
Today, things are much more straightforward for fraudsters: all they have to do is visit the dark web and purchase tons of stolen cards that are not blocked by the credit card company.
Case in point: the Federal Trade Commission reported over 2.8 million cases of credit card fraud in the U.S. in 2021 alone. Earlier this year, the largest carding site operator said they would be retiring after allegedly selling 358$ million worth of stolen cards.
The second reason eCommerce fraud is widespread among online shoplifters is that perpetrators are not easily seen. Unlike robbing people at gunpoint or breaking into someone’s store in broad daylight and risking being captured on camera, eCommerce fraudsters don’t need to engage with any human intermediary. All they need is to log into their laptop anywhere they deem fit and make their moves. Again, they can easily mask their identities with fantom emails and add fake shipping address.
The third cause of eCommerce fraud is when law enforcers are lax in punishing offenders. And it’s understandable why police forces in many countries don’t always prioritize payment fraud. eCommerce fraud does not always involve large sums of money. Plus, many fraudsters commit eCommerce fraud in other jurisdictions, making it hard for law enforcement to go after them.
With that understanding, let’s zoom into our topic for the day.
The most common online fraud eCommerce merchants face today
Cybercriminals use various strategies to commit online fraud. You cannot prevent what you don’t know. Hence, this section will help you understand the main types of eCommerce fraud merchants deal with today. Below are the critical attack vectors used by fraudsters to commit payment fraud:
- Credit card scams: As you would expect, credit card fraud is the leading online fraud today. Credit card fraud, estimated to have cost the world $32.04 billion in 2021, is a family name for every credit or debit card fraud.
Credit card fraud is also known as card-not-present fraud and payment fraud. It generally happens when a fraudster uses stolen credit card details to purchase products or services from an eCommerce merchant.
Card-not-present frauds are a double tragedy for merchants because they often lead to chargeback dispute. And just so you know, the loss here is not only on the transaction cost. Each chargeback comes with a fee and several other ancillary expenses. Credit card fraud can also be in card testing, where a fraudster tests different cards to know the one that’s still valid.
- Phishing scams/account takeover: It’s standard practice for an eCommerce website to store customers’ details, financial information, and order history to enhance repeat buying and product recommendations. Unfortunately, such data can be misused when a fraudster hacks into the store through phishing schemes – a deceitful process whereby a cybercriminal steals a person’s data by sending them an e-mail that appears to be from a well-known source.
Cybercriminals also gain access to eCommerce sites through a customer’s Social Media accounts or by stealing their identity data with bots.
- eCommerce chargeback fraud: Commerce chargeback fraud happens when a cardholder chooses to play a sleight of hand with the vendor. They make a purchase, receive their order, and then file a chargeback, that is, ask their card company to reverse the payment. This technique goes by the fancy pants name of friendly fraud, and available industry data puts the projected annual cost of friendly fraud to merchants at $48.02 billion. There’s more. About 1/4 of eCommerce businesses have a chargeback rate exceeding 1%, and ~80% of vendors report a chargeback rate above 0.6%.
- Affiliate marketing fraud: The fraudster intends to take advantage of the affiliate marketing system and defraud the eCommerce vendor for this fraud. The risk of fraud is even higher because fraudulent usually place high-risk order to take advantage.
Affiliate marketing seeks to help third-party publishers determine commission for traffic; customers’ visits to a merchant’s store. The Shopify merchant gives the affiliate a unique, trackable link that points shoppers to the merchant’s store. When a prospect clicks on the link, the vendor provides the publisher with a predetermined commission.
Cybercriminals who commit affiliate fraud will register domain names with a misspelled version of the vendor’s actual store web link. They then redirect the domain name to the vendor’s website with an affiliate link. Hence, using fictitious customer activity to increase their commissions.
- Triangulation fraud: The criminal creates a synthetic digital storefront that claims to sell well-known products at highly affordable prices. They intend to steal shoppers’ IDs, addresses, and credit card numbers. So when a customer places an order, first, they use that information to purchase the customer’s order from a legitimate seller and ship it to the buyer. But that doesn’t end the loop. After dispatching the customer’s demand, they make additional purchases for themselves. Triangulation fraud isn’t always easy to notice on time.
- Order interception fraud: As the name suggests, interception fraud is when a cybercriminal uses a stolen card to buy something from your Shopify store, ships the goods to the address on the record for the card, and then intercepts the delivery before it gets to the stated address. Typically, the fraudster will call your customer service to reroute the delivery to their preferred address, and the unsuspecting team will happily grant their wishes.
How to detect fraud in online transactions
Cyber crooks are constantly devising new methods and systems to try and take your lunch money. And it would be best if you were stepping up your game as well. Your ability to beat the scammer in their own game by spotting fraud patterns early on will go a long way in determining the sustainability of your Shopify store in these times of elevated cases.
Below are crucial eCommerce fraud patterns to keep in the note.
- Transaction data mismatch: When the customer’s IP address differs from what their email address says, or their city does not match the zip code they entered, that should sound a red alarm in your fraud prevention systems. Examine such details and be sure there’s congruency before processing the order.
- Orders from suspicious locations: Orders from fraud hotspots should cause you to raise an eyebrow. If the shopper usually purchases from an IP address that puts them in the UK region but then places an order from an entirely new location, you should pierce the corporate veil to establish its legitimacy.
- Multiple orders in a short period OR several declined orders in a row: Suppose you’re not in a holiday season and the customer is placing multiple orders in short intervals. You should examine to ensure everything checks out. If the shopper’s transactions have been declined more than twice, you should know something’s wrong. Don’t assume you’re experiencing a windfall; many transactions in short periods are a significant red flag, even if it's a holiday.
- Inconsistency between shipping and billing address or orders with several credit cards: Fraudsters often place orders with one billing address but ship to different addresses. Additionally, there’s no reason for someone to make several orders with a string of credit cards unless they’re in the business of manufacturing credit cards. If you notice such an incident, examine it.
- Substantial transactions or multiple orders from a new country: If a shopper places an order from a place that’s not within the range of their historical records, that’s a red flag. Also, if the order is from an unusual location you don’t have clients, it’ll be wise to do a double-take before processing it. You should also apply due diligence if they ask for expedited shipping.
Although the above steps are crucial fraud detection mechanisms you should know, they’re not enough. Fraud attacks' intensity, scale, and sophistication are nauseating today.
Merchants can’t possibly keep up with the best of their knowledge. Plus chargeback fee also reduces the valuable profit margin. You need software and tools designed specifically to ferret customer data and order history inconsistencies. And SEON is the foremost fraud detection tool for Shopify merchants today. Its ability to uncover hidden user data makes it a fantastic solution to augment KYC or pre-filter users before a KYC check.
eCommerce fraud and chargeback prevention best practices for savvy merchants
At this point, you know how to put your paws on different eCommerce fraud patterns. You know where to look and how to search out the details you need to approve or decline any order. But how do you level up to ensure a waterproof fraud mitigation strategy? The rest of this piece will walk you through the essential steps you must take to prevent fraud damages from happening.
First, ensure the security protocols on your Shopify store are not letting you down. From a working SSL certificate and being PCI-DSS compliant to backing up your data adequately and updating every necessary plugin (while removing those you no longer need), it’s your job to find false positives in your system before the criminal does.
Further, do well to frequently scan your site for viruses, use long admin passwords, encrypt communications with customers, and host dashboards, CMS, database, and FTP access separately. Similarly, do fraud analysis on regular intervals and keep an eye on risk transactions.
Second, be sure to use Address Verification Service (AVS) at checkout to ensure your system can verify the legitimacy of orders. And require Card Verification Value (CVV) numbers for every order to determine that the shopper has the credit card on them when making the order.
Third, you can limit the number of orders and total dollar value you allow from a specific account in one day to reduce fraud exposure. This way you will on focus on genuine customers and can manual review potential fraud orders.
Fourth, evaluate the customer’s IP address and ensure their data matches the credit card records address. And as cybercriminals prefer to use PO Boxes and synthetic locations to protect their physical addresses, be wary of virtual addresses.
Fifth, let technology do the work for you. In the world of fraud prevention, there are two aspects of the equation you should be looking at: before and after the sale.
Whereas the vital due diligence tools and strategies we’ve listed above can help you mitigate pre-purchase fraud and chargeback for your Shopify store, they’re not enough. Not even close. You must go above and beyond the basics to stop determined criminals from taking your business down.
That presents another challenge. The quantum of fraud detection and prevention tools flashed in your face today makes choosing the best option challenging. Not to worry, though. We’ve narrowed down the vital fraud detection and prevention features to look for before onboarding any software.
Must-have fraud detection and prevention features
The first, as you’d have guessed, is data enrichment. You should be able to excavate external data to ultimately gain a better picture of a user at a glance. For instance, you should be able to conduct a reverse email lookup and know the transaction's risk level based on the single data point of an email address.
The second feature is Social Media lookup, which helps you verify the shopper’s ID. Ideally, your solution should be able to check as many social media networks as possible and in as many regions as possible. Fraudsters are lazy, and they can't replicate a legitimate digital footprint. A fraudster cannot match this scale and the depth and breadth of social and digital footprint.
Third, the software should have custom risk scoring functionality to help you weigh payment risk appropriately. You must be able to control the risk calculation to adapt the results to your business model and make informed decisions.
Of course, the pricing has to be transparent. Pay-per-API pricing model, where you pay per API call, gives you the flexibility to scale your fraud prevention usage based on your business growth.
And last but not least on our list, you should also aim for a clean user experience. There’s an enormous amount of data visualization frameworks involved in fraud prevention. The software you onboard should, at the barest minimum, be intuitive to use and give you options for exporting your data and reports to gain a clearer view of things.
SEON offers a fully modular fraud solution and team support from experts in online fraud to help you reduce fraud by ~80%.
Now, I can imagine someone thinking, that’s on the pre-purchase side. How about instances when customers force their way through a post-purchase chargeback and friendly fraud?
We’ve got the best answer you can get on that front.
Chargeflow is the world's first automated chargeback management solution specifically designed for eCommerce merchants. With Chargeflow success-based pricing model and powerful artificial intelligence technology, real-time analytics, and predictive analytics, e-commerce businesses have absolute transparency and insight into their chargeback process and volume. So, for advance fraud protection use Chargeflow fraud prevention app available on the Shopify App Store as well.
Chargeflow early adopters see improved win rates of 60% to 80% compared to the industry average of 12%. Pairing SEON and Chargeflow will help you create a 360° eCommerce fraud and chargeback protection for your Shopify store in these times.
What types of fraud prevention measures does Shopify have in place?
Shopify has a number of built-in fraud prevention measures, including automatic fraud analysis, 3D secure (Verified by Visa, Mastercard SecureCode, etc.), address verification system (AVS), and CVV verification. In addition, Shopify integrates with third-party fraud prevention apps to provide additional protection.
How does Shopify handle chargebacks and disputes from customers?
Shopify offers a dispute resolution process for customers who raise chargebacks. Merchants can respond to chargebacks with evidence to support their case, and Shopify will work with the acquiring bank to resolve the dispute.
Can I set up custom fraud prevention rules on my Shopify store?
Yes, merchants can set up custom fraud prevention rules in their Shopify admin to automatically flag and review potentially fraudulent orders.
What happens if a fraudulent transaction goes through my Shopify store?
If a fraudulent transaction goes through a Shopify store, the merchant may be liable for chargebacks and other losses. Shopify recommends taking steps to prevent fraud, and monitoring their store for suspicious activity. In the event of a fraudulent transaction, merchants should contact their payment provider for assistance.
Does Shopify offer chargeback insurance to protect against losses?
No, Shopify does not offer chargeback insurance. Merchants can purchase chargeback insurance through a third-party provider, but it is not an official service provided by Shopify.