As the eCommerce industry continuously grows and thrives in 2020 especially due to the situation created by COVID-19, the chance for eCommerce fraud and its frequency are also increasing and causing problems for merchants across the globe. People are bringing their previously completely physical businesses and trade setups online and learning new eCommerce tools and techniques everyday – trying to keep up with the changing business landscape. However, that is certainly not the only significant change that the situation is causing.
Another important change caused by lockdowns occurring globally is an increase in the number of people who swarm the web for online shopping and entertainment purposes. That plays a significant role in increasing the frequency and chances of eCommerce fraud for merchants. Therefore, it is the need of the hour to keep your eCommerce platform up to date in terms of fraud prevention and control. There are many strategies and tricks that can be put into place in this regard, and many of them have proved to be helpful and highly effective in the eCommerce world.
While the eCommerce industry expands and reaches new milestones in terms of gross revenue and growth rates each year, there is also an increase in the techniques and tools being introduced to support that industry – including fraud prevention tools like the famous WooCommerce Antifraud plugin. Such tools can help merchants keep up with all kinds of potentially fraudulent transactions occurring on their eCommerce platforms and nip the evil in the bud – hence allowing them to gain the trust of their customers while ensuring a healthy stream of work for their own business.
If you are lacking in the number of strategies and tools you use to prevent fraud on your platform, not only will you face major losses due to cashbacks and other issues, you will also slowly begin to lose the trust of your customers as they realize that they are not trading securely and safely with you. Therefore, the integrity of an eCommerce business infrastructure is very important in helping it survive and thrive among fierce competitors investing in all kinds of business domains from marketing to fraud prevention and security.
In this article, we will share a few tricks and techniques that can help you add an extra layer of protection to your eCommerce platform.
Antifraud Plugins
A plugin for fraud prevention is basically a set structure with algorithms and rules in it that help your store respond to certain cues about fraudulent transactions being conducted to it and also notify you about the same. Plugins are a major preventive measure against eCommerce fraud and can help you in many ways. As an example, we will use the modern WooCommerce Antifraud plugin that is continuously rising in popularity in the WooCommerce world due to its effectiveness against fraud in the domain of WooCommerce – the most important and the most common eCommerce plugin used in the most popular of eCommerce Content Management Systems, WordPress.
It can help a WooCommerce merchants in many ways including:
- Analyzing the risk associated with each order and getting notified of it
- Automatically cancelling or pausing highly suspicious orders
- Customizing the importance of each risk factor with respect to the most common types of fraud happening in the specific business domain
- Installing and using an IP Geolocation checker
- Set a list of high-risk countries in terms of fraud
- Detect multiple orders from the same IP address
- Order quantity and amount check
- Billing and shipping address conflict indicator
- Proxy detection
- Blacklist fraudulent email addresses
All these measures taken due to the plugin’s different features allow an eCommerce store to prevent many different types of fraud including those that are the most common in the eCommerce landscape currently.
A few important types of fraud used by eCommerce fraudsters very frequently are explained below to help you understand how the WooCommerce Antifraud plugin mitigates the risk of eCommerce fraud.
Shipping Fraud and Billing Fraud
It is also known as interception theft because, in this kind of fraud, the fraudster uses the same shipping address and billing address as the one linked with the credit card that they are wrongly using for the transaction. That measure helps them make sure that the fraud is not detected at the first stage of the order placement. After a while, they will ask the customer support to change the address due to some circumstances and get away with having it shipped to themselves instead.
There are other ways like intercepting the delivery at the time of its reception too, but they are used less frequently as they apply only if the fraudster is living close to the person whose credit card he is using and so on. Therefore, they require special circumstances not available in every case. The easiest option is the one mentioned before.
According to some recent statistics, shipping and billing fraud have increased by 37 and 34 percent in the US alone, respectively, in the past few years. (Experian)
Identity Theft
As evident by the name, it is a type of fraud that involves a level of compromise on the card holder’s personal information such as their login credentials to the account or payment information.
According to Information Age, over 450 million records of personal information were breached in 2018 alone.
Another very important way that fraudsters use to go about identity theft fraud on WooCommerce platforms is by phishing – a majority of sellers agree that it is a significant problem in terms of the frequency and ease with which WooCommerce fraud is being pursued.
Account theft is more common than leakage of payment credentials – naturally, because people are prone to saving their login credentials in multiple browsers and so on. Not only that but hacking an account might prove to be easier than trying to steal somebody’s payment credentials as those are usually encrypted by all trustable and credible platforms.
Account theft is also the third most common WooCommerce fraud type, so it is of considerable importance for WooCommerce users.
Therefore, the techniques listed above clearly improve the chance of detection and mitigation of such fraud by linking the IP addresses, billing information, shipping information, email addresses and different credentials used for the placement of an order, reviewing, and comparing them to the present records.
Industry Specific Risk Modeling
An important technique that can be used to prevent fraud for any individual eCommerce business is the research and analysis of the risk factors involved in the most common fraudulent transactions being conducted in the industry. In most of the eCommerce domains, there is a significant similarity in the fraud happening throughout the industry, and most of the merchants face the same kind of complexities and issues many times in their business careers.
Keeping a track of all the fraudulent transactions and chargebacks occurring in a certain eCommerce domain or even in the business itself can help a merchant choose which measures to put into place, which countries, emails, and IP addresses to blacklist. In this way, when the most common types of fraud are covered by the techniques and strategies put into place, there need not be a holistic model implemented to cover all the fraud possibilities in all kinds of industries which can be both impractical and non-beneficial.
Scaling Fraud Prevention to Decide When to Act
There are many kinds of benchmark values that can be used by merchants to decide whether or not they need to go down a certain road of fraud prevention and what type of road it should logically be. When you are constantly monitoring the threats you receive from all directions and keeping note of all the fraudulent transactions occurring, you can easily realize when there is a need for a certain preventive measure and thus make sure that you act accordingly to prevent your business from suffering from major losses.
Managing Phishing Attacks
As discussed above, one of the most common methods that modern eCommerce fraudsters use is to target business with phishing attacks intended to procure important payment credentials and information about the customers from the eCommerce company. One of the most important modes of phishing used is email – the email system is not secured properly, and its lack of encryption can lead to its exploitation for phishing purposes.
An important way to combat that kind of phishing is through a plugin – like the WooCommerce Antifraud plugin mentioned above that allows you to match the IP addresses of the various commands being given to the system and thus clarifies whether it is a phishing attack or a genuine request from a customer.
Finding Vendor Specific Tools
Many platforms including Shopify offer customized tools to the users to let them improve the security level of their eCommerce businesses. Such vendor-specific tools can serve as an important way to add some security measures and layers to your eCommerce store. They are usually customized to suit the needs of specific merchants.
Such websites also keep a record of how fraudsters are trying to target the vendor’s eCommerce website and the suggestions they give the vendor are based on all that information. Therefore, these tools and techniques can prove to be highly beneficial for eCommerce platforms.
Using Address Verification Services
As mentioned and explained above, shipping and billing fraud is one of the most common and easy types of fraud for the modern fraudsters considering the level of security that many eCommerce websites have. It is also known as interception theft because in this kind of fraud, the fraudster uses the same shipping address and billing address as the one linked with the credit card that they are wrongly using for the transaction.
That measure helps them make sure that the fraud is not detected at the first stage of the order placement. After a while, they will ask the customer support to change the address due to some circumstances and get away with having it shipped to themselves instead.
There are other ways like intercepting the delivery at the time of its reception too, but they are used less frequently as they apply only if the fraudster is living close to the person whose credit card he is using and so on. Therefore, they require special circumstances not available in every case. The easiest option is the one mentioned before.
According to some recent statistics, shipping and billing fraud have increased by 37 and 34 percent in the US alone, respectively, in the past few years. (Experian)
Therefore, matching the shipping and the billing address of the order is necessary to make sure that it is actually the person themselves who placed that order on the website and not a potential fraudster. It is one of the most basic ways in which the WooCommerce Antifraud plugin helps merchants keep their stores safe from eCommerce fraud.
Understanding Chargeback Reason Codes
If you don’t understand the chargeback reason codes used by banks worldwide to authorize chargebacks, you cannot protect your store against them and thus will fall prey to what is called friendly fraud or chargeback fraud very often. While other types of fraud take a lot of skill and effort trying to breach different kinds of personal information and finding ways to intercept deliveries, chargeback fraud is much easier and therefore more common.
In this unique but not very uncommon case, the fraudster is not even aware of the fraud that they are committing and thus focused single-mindedly on getting their money back by hook or by crook.
Buyers often, when cheated, take the easy road and don’t want to go through the bothersome and tiresome process of trying to get the merchant themselves to give them a refund.
That is the fourth most common type of fraud – although it is not given considerable importance.
According to Ravelin, QuickSprout, and Midigator, WooCommerce businesses lose around 4 dollars from every 1-dollar chargeback.
Friendly fraud has caused a tremendous amount to be lost by WooCommerce merchants in the past – mostly due to three important reasons:
- Unauthorized transactions
- Cancel recurring billing
- Products / Services