E-commerce fraud: where it hurts
By Sift /
23 Aug 2013
Here at Sift Science, we make powerful fraud detection software available to companies of all sizes. Fraud can mean many things and impact many different parts of these organizations. As noted in our post on global fraud, we detect three main kinds of e-commerce fraud (plus other specialized kinds): payment fraud, new account fraud and account takeover. Below, we’ll take a closer look at each type and whom within a company they hurt.
Online payment fraud means using stolen means of payment to make a purchase. Typically, this involves stolen credit card numbers although it could entail other payment info like bank account routing numbers or Paypal credentials. Stolen credit card numbers are shockingly easy to obtain cheaply online. The first time many unprotected merchants learn of payment fraud is after they’ve fulfilled an order, when their credit card acquirer notifies them of a [tooltip tip=”the original charge will be reversed, as the consumer has realized their card was used without their permission”]chargeback[/tooltip]. For [tooltip tip=”when the physical card is not physically present at the time of the transaction. E.g. all e-commerce”]card not present[/tooltip] transactions, the merchant must make restitution, meaning they lose both the revenue and merchandise itself.
While payment fraud understandably impacts the Finance team through the chargeback fees and lost revenue, it also hurts Sales via channel cannibalization. In one case, an e-commerce company detected fraudsters buying their products with stolen credit cards and reselling them on Amazon Marketplace at deeply discounted prices. Fraudsters were thus not only stealing merchandise, but were undercutting legitimate online vendors, causing them to become angry with the original company.
New account fraud
New account fraud occurs when a fraudster opens a new account on a site and does something undesirable with it. Marketplaces and social networks in particular focus on limiting this kind of activity due to their peer-to-peer models. If fake listings or users proliferate, legitimate ones will be spooked, defrauded or otherwise deterred from participating, and the community could become stagnant.
New account fraud impacts Community and User Experience teams due to its drag on user engagement. These teams must spend valuable resources sifting out fraudulent activity patterns. The recent uncovering of a major attempted Kickstarter scam that raised over $120,000 for Kobe beef jerky serves as prominent example of this sort of fraud. Luckily, a film documentary team caught them and Kickstarter froze the account before any backers were charged.
Account takeover is simply when a fraudster commandeers an existing account and uses it for malicious purposes. Wired reporter Mat Honan’s detailed account of how hackers systematically gained access to his entire online identity (iPhone, Amazon, Gmail, Twitter) provides a chilling example of its feasibility. On a larger scale, Riot Games, maker of the popular online game League of Legends, announced this week that its databases were hacked and user names, (salted) passwords, email addresses as well as 120,000 old transaction records were compromised. Account takeover hurts Customer Service teams given the need to change passwords, create new accounts and otherwise repair the damage caused.
Specialized challenges: referral fraud
Fraud takes many other specialized forms. Consider referral fraud, a.k.a. affiliate fraud. Fraudsters will take advantage of refer-a-friend programs at many e-commerce sites by creating multiple identities to maximize their gains. The vast array of sites offering such programs bonuses can be found at refAround. With referral fraud, it’s Marketing who loses, as customer acquisition spending comes from their budget.
What can you do to fight back? Consider a fraud detection solution like Sift Science. We provide protection from all the above mentioned e-commerce fraud types and constantly update our models with emerging threats, leveraging insights from across the customer base. Please get in touch to discuss your challenges, we’d love to talk.