Online fraud comes in a wide variety of forms, one more mischievous and costly than the other. As a business leader operating in the online space, you need to be aware of what dangers are out there and how to protect yourself against them.
Consumers are increasingly making digital payments. The ease and convenience of online business also bring with it an increasing risk of fraud. To make the experience of online shopping more convenient, customers are willing to share (and store) more sensitive data on the websites and apps they interact with. This very pursuit of convenience also makes customers vulnerable to attacks and increases the consequences of a hack.
In this handbook, we’re focusing on the types of online fraud that pose the greatest danger to merchants in the online space.
Shortcut menu | Click to navigate:
- False credentials
- Identity theft
- ATO (account takeover)
- Friendly fraud
- Clean fraud
- Triangulation fraud
What is online fraud?
Online fraud is a form of Card Not Present (CNP) fraud. As the name implies, this is fraud that occurs without the card being physically present. Usually, the fraudulent activity takes place over the internet or over the phone.
Globally, online fraud is on the rise. A report by TransUnion found that suspected online fraud attempts rose by 16.5% year-on-year between Q2 2020 and Q2 2021. The largest increases were identified in the gaming, travel, leisure, and gambling industries.
Fraud is a complex phenomenon, and the fraudster modus operandi will vary wildly at any given time. While it is true that at some point, a fraudulent payment transaction takes place, there are typically many unfortunate events that precede the illicit moving of funds. These events are meticulously orchestrated by fraudsters who seemingly have all the time and patience in the world.
How fraudsters go to work
Online fraud often follows a pattern that centres on theft and impersonation. There’s the initial theft of data, followed by the misuse of the data, as fraudsters impersonate a customer or a business (or even create a synthetic identity based on real data) as a means to steal data or money. In the end, the fraudster gets richer, and the consumer is left holding the bag.
Fraudsters generally get their hands on the credit card data either through phishing attacks, successful hacks of a merchant’s database, or in some cases, dishonest employees at credit card companies. They are also able to piece together a customer’s financial information by combining multiple bits of user data from various sources, such as data breaches at popular websites and apps.
A notable trend in online fraud is the emergence of organized fraud crime groups. These entities operate with a level of sophistication and resources comparable to small nations, elevating the complexity and risk of attacks for e-commerce businesses.
Moreover, advancements in technology are continuously shaping fraud methods. Tools like Artificial Intelligence (via ChatGPT etc.) and machine learning are opening new avenues for scammers, making it crucial for fraud prevention measures to evolve accordingly.
Common types of online fraud
For ecommerce merchants, telecommunication companies, and financial institutions, the major types of fraud to watch out for are identity theft, friendly fraud, clean fraud, triangulation fraud and affiliate fraud.
False credentials
A fraudster uses fabricated credentials to access your product or service. Without proper KYC, customer scoring or other checks in place, it is hard to trace or verify this person.
Identity theft
A fraudster uses someone else’s personal and financial information to take out a loan or apply for a credit card with the intention of spending as much as possible before the fraud is detected.
ATO (account takeover)
Account takeover fraud, often known as ATO fraud, occurs when cyber thieves obtain access to and misuse someone else’s internet accounts for financial advantage. In the most common scenario, fraudsters obtain consumers’ account credentials – usernames, passwords, and emails – and use this information to log into their accounts. Since specific accounts are often linked to a credit card, con artists can freely make purchases on behalf of deceived consumers, thereby reaping ‘profits.’ ATO fraud is not an entirely novel issue as it has been known for decades; however, it is a renewed sort of fraud that is on the increase and poses a high-level threat to customers and businesses alike.
Learn more about this topic:
What is ATO fraud? - Alphacomm Knowledge Series
Friendly fraud (chargebacks)
A user makes a purchase but then demands a refund by rejecting the payment. This can be for any host of reasons, both legitimate and illegitimate. The user may claim that the product was never delivered, or that it arrived damaged, and therefore request the funds be returned. Because a chargeback isn’t always with fraudulent intent, this type of fraud is often referred to as ‘friendly fraud’. Chargebacks are very costly, not just because of the missed revenue of the sale, but also due to penalties, the loss of goods, fees, and the time spent on processing the ‘error’.
Clean fraud (stolen payment details)
A fraudster makes a purchase, with stolen – though unreported – credit card details. Since banks aren’t yet aware that the credit card in question has been compromised, the payment is allowed without any red flags being raised. By the time the card has been blacklisted, the fraudster has already had ample time and opportunity to completely max out the credit card.
Triangulation fraud
The fraudster first gains access to the user’s credit card details. This is usually either through phishing or by gaining access to their account on a shopping platform where payment details have previously been stored for ease of use (one-click payment etc).
Next, the fraudster offers a highly sought after product on an online marketplace for a price that is too good to be true. For example, the latest high-end smartphone. The product listing, however, is fake. After an unsuspecting customer buys the product, the fraudster uses the previously stolen payment details to purchase the real product and send it to the address of the buyer. Sounds complicated, doesn’t it? This is actually how fraudsters cover their tracks. By sending the product to the buyer, it may seem like a legitimate transaction on the marketplace.
However, the defrauded user, whose credit card was used, may at some point notice the suspicious transaction and demand a chargeback from the credit card company. When this happens, an investigation is started by the parties involved, and the one who gets the blame is often the unsuspecting buyer. The buyer, if unable to prove otherwise, is blacklisted. The e-commerce retailer who shipped the product to the buyer suffers a chargeback and loses the item for good. The fraudster walks off into the sunset with the money paid by the buyer.
Additional background on triangulation fraud
What you need to know about triangulation fraud is that it's a crafty and harmful scam where criminals exploit stolen credit card details and marketplaces to mask their activities. Here’s a breakdown of how a typical triangulation fraud scheme unfolds.
Triangulation fraud work starts when fraudsters obtain stolen credit card information through phishing or data breaches. Next, they set up fake shopfronts on a third-party marketplace and list high-demand products for prices that appear too good to be true. Unsuspecting buyers purchase these items, believing they are dealing with a legitimate merchant. The fraudster then uses the stolen credit card details to buy the genuine item from a legitimate ecommerce website and ships it directly to the buyer. As a result, the fraudulent purchase looks like a normal transaction.
Triangulation fraud works because the buyer receives the product they ordered, but the rightful cardholder is left with unauthorized charges, which they only discover after reviewing their statement. This leads to disputes and chargebacks that cause losses for legitimate retailers.
To prevent triangulation fraud, e-commerce businesses and consumers should be aware of these scams and be vigilant. Look for the warning signs of triangulation scams, like prices that seem unreasonably low or new marketplace sellers with no feedback. For businesses, monitoring transaction patterns and using multi-layered security can help identify when triangulation fraud occurs before it results in a fraudulent transaction.
How to protect your customers and your business
Online fraud has been around since the dawn of the internet and will persist until its end. In other words, fraud isn’t going anywhere. In fact, the more we move our lives online, the more fraud risks there are.
Effective ecommerce fraud management has become a competitive advantage. The financial impact of deceptive payments necessitates robust fraud prevention solutions that strike a balance between high acceptance rates and effective fraud detection. Businesses must remain vigilant and do all they can to lower the risk of fraud. It’s not just a matter of preventing theft, it’s also critical to preserve their brand reputation. It takes years, maybe even decades, to build a solid reputation, but it only takes one bad incident to tear it all down.
With our Protectmaxx (fraud API), Alphacomm is able to protect businesses and their customers from all types of online payment fraud. Protectmaxx ensures you’re not vulnerable to costly chargebacks that may occur as a result of fraudulent transactions.
Contact Alphacomm today
The online fraud landscape is continually evolving. The shift towards organized crime in payment fraud, the increasing risk of Artificial Intelligence, the rise in synthetic identity fraud, and evolving fraud tactics highlight the ongoing need for vigilance and adaptive strategies in fraud prevention. As a business leader, it is important to find a scalable solution that grows with your business and adapts to any new threats as they arise.
At Alphacomm, we don’t just offer solutions, we also offer advice. Online fraud is a complex topic. If you’re looking to mitigate fraud risks for your business and protect your revenues, it definitely helps to discuss the challenges with an expert. Feel free to get in touch with our Revenue Geeks anytime for a free consultation.