Ecommerce crime is on the rise and changing
In 2016, PwC’s Global Economic Crime survey found that 1 in 3 businesses had been impacted by financial criminals, but also that the nature of fraud itself was changing. As more companies move into the digital sphere, a nasty side effect is the attention of sophisticated cybercrime. Sadly, online fraud has become the new normal for ecommerce businesses. In 2012, digital fraudsters cost online businesses in the US $3.5 billion, and the number has continued to grow. In fact, from 2015 to 2016, incidents of digital fraud increased by 33 per cent. So, if you’re an ecommerce business, chances are you’ve experienced online crime. But what are some of the different types of digital fraud, how do they work, and what can be done to stop them?
1. Business identity theft
According to a study by Worldpay, identity theft is the most concerning type of digital fraud for ecommerce merchants. This tactic steals a person’s identity and uses it to make transactions. ‘Identity’ can include an email address, phone number, IP address, and of course credit card details. Cybercriminals can use these details to order items online under a false name, and then pay using someone else’s credit card or account. Business identity theft does exactly the same thing with important, publicly available information about the business. By opening a credit card in the company’s name, cybercriminals have a better chance of appearing legitimate and carrying out large scale scams.
2. Chargeback fraud
In short, chargeback fraud is where cybercriminals order a product or service using a credit or debit card and then instantly claim that the account details have been stolen. The company reimburses who they think is an innocent victim of account theft (see below), but of course the fraudster keeps the product or service and the business loses out twice. Although chargeback fraud is also referred to as friendly fraud, the former is premeditated whilst the latter is an honest mistake. The problem, of course, is telling the difference.
3. Affiliate fraud
Affiliate programmes can be instrumental to the success of an online business. They work in one of two ways – either a company will set up an affiliate programme, or join an existing one. Affiliates within the programme are paid by companies to market their product or service, usually via links. The affiliate is then paid commission when traffic or purchases increase. Affiliate fraud essentially works by tricking businesses into paying commissions that shouldn’t be paid, convincing a company they are legitimate and then flooding their site with false clicks or illegal transactions. The fraudulent affiliate can also clone the company’s site to steal traffic and income.
4. Man in the middle
The communication between companies and their customers is vitally important. Unfortunately, something as simple as an email conversation can become the target of a Man in the middle attack. This type of fraud aims to get hold of sensitive data by intercepting digital exchanges like emails and log in credentials. This can be done using malware, eavesdropping techniques, unsecured public networks or even badly protected company networks. The business’s details can then be used to facilitate business identity theft or account theft.
5. Account theft
While identity theft topped the list of high concern fraud types in Worldpay’s corporate study, 63 per cent of respondents stated that they were most worried by account theft. In ecommerce, new account creations and accounts are targeted more than direct payments as cybercriminals can use the account multiple times before detection. If it becomes apparent that a business is susceptible to account theft, their image will be tarnished. On top of this, their customer data and analysis will be shown to be unreliable.
As more companies move into the digital sphere, so do cybercriminals looking to take advantage of weak security settings or user naivety. If you’re not sure who’s at your front door, you can use the catch or check through the spy hole. This, of course, isn’t the case when it comes to online fraud. Once you’ve clicked on a malicious file or dodgy link, you’re in trouble. Of course, this doesn’t mean that there’s nothing ecommerce businesses can do to stop the likelihood of fraud. The key is to set up complex security settings and protocols, inform staff and customers about the various hacking techniques, and checking activity logs for anomalies. Another option is to use a digital fraud prevention company. Given the incremental increase in ecommerce crime, developing and investing in fraud prevention is no longer advisable – it’s a necessity.