As an e-commerce retailer, you walk a continual tightrope between providing great customer experience and guarding against fraud. And you’re right to worry. Fraud costs for U.S. e-commerce merchants are estimated at 3.85 times the lost transaction value.
No online business can eliminate fraud, but merchants can take steps to help control their costs. In this blog, we look at three common types of e-commerce fraud—and ways to protect your business.
Fraud Type #1: Card-not-present fraud
A scourge for online retailers, card-not-present, or CNP, fraud is projected to account for up to 74% of payment card fraud losses by 2024. That’s a big jump from just 57% in 2019, but not unexpected. Fraudsters are focusing more efforts online with the surge in online commerce and EMV chip technology making point-of-sale fraud much more difficult.
Here are a few ways to tackle CNP fraud:
Fraud Type #2: Chargeback fraud
About 252 million chargebacks were expected in 2022. With a single chargeback costing merchants an estimated $190 on average this year (based on a $90 average transaction value), chargebacks are an expensive problem.
Chargebacks occur when customers dispute charges on their payment card, and the issuing bank files a chargeback with the merchant. Sometimes this occurs for legitimate reasons. Card information was stolen, so the customer didn’t authorize the charge, or a merchant failed to deliver the goods or services as promised.
In addition to third-party fraud or true merchant errors, chargebacks increasingly fall into two other categories:
How can you counter these chargebacks? You won’t be able to eliminate them, but these measures can help, especially with customer confusion.
Fraud Type #3: Affiliate fraud
This type of fraud uses your affiliate marketing programs to generate false referrals for real-life rewards. Fraudsters use automated website crawlers and other fake activities to increase the amount of traffic and commissions on your site.
Fraudulent affiliates can use bots to complete registration forms, deliver bad customer data, or give you opt-out lists instead of opt-ins. By the time you’ve detected this kind of fraud, bots have scattered your analytics, wasted marketing spend, and made your marketing campaign KPIs almost impossible to measure.
To combat affiliate fraud:
Partner with an expert
Fraud prevention is a multipronged, evolving strategy, but you can take action to protect your business and your customers.
If you’re outsourcing parts of your e-commerce business, make sure your partner is as dedicated to fraud prevention as you are—and experienced enough to help shield you from shifting fraud tactics.
At Ubiquity, we’ve helped identify and shut down suspicious transactions. To learn more about how we combat fraud, please reach out to us.
fraud costs retailers 3.85 times more than the lost transaction value
Fraud losses globally reached $41 billion in 2022
252 million chargebacks were filed in 2022
E-commerce EMV technology. While EMV mostly covers in-person transactions, Click to Pay—available through a Visa, Mastercard, Discover, and American Express consortium—can improve the security of e-commerce transactions. Customers save credit or debit cards in the Click to Pay system. When they make a purchase, they click a single button, which sends them a security code that they use to choose from the payment cards they’ve saved. So customers don’t have to enter a credit card, expiration date, etc., each time they make a purchase. But neither do they have to worry about saving their card information with merchants. The card details stay within the secure Click to Pay system.
3D Secure 2.0. This extra layer of security helps validate the identity of customers and minimize the risk of fraudulent charges. With 3D Secure 2.0, the card issuer can use dozens of data points—like device ID, transaction history, and time zone—for risk-based authentication without creating more customer friction. Using 3D Secure 2.0 can help shift liability for fraud from merchants. 3D Secure 2.0 is required in Europe, but U.S. e-commerce companies may also want to talk to their payment service provider about implementing it.
First-party fraud. A customer pretends not to have received goods or services or has buyer’s remorse about a purchase and tries to get out of it through the chargeback process.
Customer confusion. This occurs when customers forget making a purchase, don’t recognize an item on their statement, or don’t realize that a family member bought something with their card. Or they may become frustrated with your customer service and resort to contacting their card company for relief.
Send automated email confirmations when an order is placed, then track shipments and require a signature at delivery, when feasible, to help defend against chargeback fraud.
Block known first-party fraudsters from making future purchases.
Work with issuers through networks like Ethoca and Verifii to provide relevant transaction and order data before chargebacks are filed.
If you sell subscriptions, make the terms crystal clear, make canceling a subscription easy, and send a reminder when the subscription is about to renew.
Chatbots, FAQs, and similar unstaffed resources can reduce costs and take care of many customer queries quickly and easily, but make sure customers can reach a helpful agent if they need to. Frustration can lead them to a chargeback, leaving you with financial institution fees on top of the loss of the sale and customer goodwill.
Monitor and analyze traffic. Ensure that your traffic monitoring system allows you to log affiliate IDs for an accurate view of how many users they bring. You should also log whether the users they bring make a purchase, because once you have a large database of these leads, you can more easily distinguish legitimate affiliates from fraudulent ones.
Enable device fingerprinting. Block bots from entering in the first place with device fingerprinting. With this software, you can create IDs for the configurations between software and hardware of users that land on your page. Then you can begin to notice anomalies: Has this exact configuration already been used? Is it a case of multiaccounting? Does the device point to an emulator like FraudFox or Linken Sphere? This will help you build a 360-degree profile of all your users so you can spot fraudsters in real time.