For individuals and organisations, there are a lot of advantages to selling and buying goods and services on the internet. You have access to a much wider customer or goods base through your computer and it is easy and quick to complete transactions. Unfortunately, there are also some drawbacks to e-commerce, and one of the big ones is fraud.
Internet fraud is becoming more and more widespread
In the digital age, it's much easier to steal credit card information than it is to steal a physical credit card. Virtual theft can be committed on a much larger scale, and victims often won't notice the theft right away. This means that there are many more stolen credit cards floating around online than there are in the real world.
Credit card fraud is a common problem for e-commerce merchants, and one that is incredibly difficult to solve. Every time the payment industry comes up with a new way to prevent fraud, the fraudsters come up with a new way to commit it. However, there are a number of tools and strategies that merchants can use to detect online fraud.
Here are seven tips to help your organisation detect online fraud:
Use an address verification service
Address verification service is an automated fraud prevention system designed to reduce the risk of fraudulent transactions. The service compares the billing address provided by the customer at checkout with the address recorded by the issuing bank.
A mismatch can be a sign of fraud, as the criminal may have limited access to the cardholder's personal information and not be able to provide an accurate match.
When a fraud check flags an order as possibly fraudulent, it is often a good idea to flag that order for manual review rather than rejecting it outright. While some indicators of fraud are clear enough that an order should be automatically rejected, many others are more nuanced and would be better served by using human expertise to minimize the risk of fraud as well as the risk of losing a legitimate customer.
There are many companies with dedicated fraud prevention staff who can review all high-risk transactions. Others may outsource this to third-party companies.
Be aware of the user's location
The most secure transactions are those where the shipping address, billing address and IP address all point to the same location. Transactions that show long distances between these different addresses should be examined more carefully.
Register the shipping destination
Scammers need a way to get their stolen goods and will often send products to addresses other than the billing address. Orders with different billing and shipping addresses have a much higher risk of fraud. If the destination of the goods is a freight forwarder or re-shipper, this is a very big red flag.
Beware of the use of IP proxies
Scammers often try to mask their IP address using a VPN so you can't tell they're placing the order from another state or country. There are services that can detect the use of a VPN, but given their increasing popularity with the general public, it may not be wise to simply refuse these orders.
Manual review may be useful here, but another solution would be to simply display a message to the customer telling them to disable their VPN in order to complete their purchase.
Google is your friend
When conducting a manual review of an order that appears to be high risk, finding the customer online with an active social media account can be a strong indicator that the purchase may be legitimate. You may also find a treasure trove of public records that can help you feel more confident about sending a high-risk order.
Check email addresses for reputable domains
Scammers usually use free email addresses that are easy to set up and use once. Emails coming from domains like Gmail and Yahoo are riskier than emails from a corporate domain. Using a third-party service can give you more data about the email address, such as lifetime.
Watch for patterns in fraud and theft
If you see several failed purchase attempts in a row with different card numbers, the likelihood of a non-fraudulent transaction coming from that lot is low. Additionally, once a fraudster is successful, they will likely place additional orders to make the most of their stolen payment information. Be sure to blacklist the phone, email, IP address and billing address of any scammers you identify.
What are the most common ways you can catch scammers?
By far the most common way that merchants find out about scams is through employee tips. Sathe reality is that frontline staff witness all the regular scams your organisation sees, whether they're in a store or servicing customers via an online portal.
After that, use external audits to help. Third-party fraud and chargeback management firms can help you see holes in your system or vulnerabilities you won't catch on your own.
Finally, many merchants simply find fraud by accident. That doesn't mean they just stumble across it, but these merchants are always looking for and encountering fraud that can escape through prevention tools.
Have a fraud prevention strategy
No matter the size of your business or the method you choose, any business that sells goods or services online should have a fraud prevention strategy in place. You don't want to learn this the hard way.
Preventing fraud - as well as the chargebacks that come with it - is essential to having a healthy economy for most businesses.
Fraud prevention for individuals
Here are the characteristics of some common types of fraud on the internet and how you can protect yourself from them as an individual.
Overall: If it sounds too good to be true, it probably is. Scams aren't just limited to the internet. Criminals also use phone, text, social media and email scams to obtain personal information and commit fraud and identity theft.
Watch out for email transfer scams
Criminals actively use email schemes to defraud banks and their customers by tricking them into making bank transfers that appear legitimate. To avoid falling victim to these bank transfer scams, make sure to:
- Be careful when conducting transactions online or with unknown third parties.
Too good to be true
- You may not remember to enter a lottery or competition, but will be notified by phone, text, email or letter that you have won.
- You receive super-good offers on travel, furniture, electronics or other items.
- You are promised to earn extra money working at home in return for using your bank account to send or receive money.
- You receive a job offer through a job portal, your email or social media like Facebook
Request for money
- You are asked to pay money upfront for "administration fees" or "taxes" before you receive a prize or winnings.
- A friend or boss uses urgent communication to request transfers, passwords or similar. A common scam scenario leads you to believe that your friend is travelling in a foreign country and needs money immediately, or that your boss has forgotten to pay a large customer.
- You get an email message saying you're entitled to an inheritance, but you have to send money to receive it. The sender is trying hard to build trust through the story of the inheritance.
App against online scams
Consumers can use the "My Digital Self-Defence" app to help detect online scams.
"My Digital Self-Defence" can help consumers in several ways:
- Alerts on current threats such as fake text messages and emails, phishing attacks and fake competitions and websites.
- Consumers can submit tips about scams
- Consumers can get advice if they have been victims of cybercrime and had their information misused.
- Includes tools to protect against digital threats and online fraud.
- Provides advice on protecting personal information when consumers are on computers or mobile devices.
- The app can be used on both Android and iOS mobiles and tablets.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.