15 Ecommerce Fraud Types (incl. Detection & Prevention)

ecommerce fraud

Ecommerce fraud affects nearly every ecommerce owner. It’s not a matter of if you will be affected, it’s a matter of when

By far one of the most common types of fraud that affects ecommerce owners is credit cards, which can take a number of different forms, as we’ll describe below. 

Ecommerce Fraud Types

1. Account Takeover Fraud

Ecommerce account takeover fraud occurs when scammers break into a customer’s online account and use stored payment cards to make purchases. 

This can happen in a number of ways, like if the scammer purchased the stolen password or personal information on the dark web. Or, they may have run a successful phishing scheme to gain the customer’s account information firsthand. 

Retailers may recognize this is occurring when the scammer tries to see if a card is still functioning by attempting small transactions repetitively from the same account.  

How to Prevent it

To help prevent this type of ecommerce scam, retailers can set limits on login attempts from a given IP address. They can also send users notifications when their account details have been changed to flag any wrongful changes. 

Two-factor authentication for log-ins is also very effective in preventing an ATO attack. 

2. Chargeback Fraud 

Ecommerce chargeback fraud is a common fraud to ecommerce sellers and occurs when customers buy something through the online store, then later file a chargeback with their bank.

Customers do this because they want to still receive the product, though not be charged for it–essentially getting the product for free. Though sometimes, this may occur by accident based on the policies of the bank if they incorrectly flag a transaction as fraudulent. 

Retailers may notice disputes from payment processors after the item has already been shipped if customers are attempting this type of fraud. 

How to Prevent it

There are software programs to help detect chargeback fraud, sometimes called friendly fraud, that online sellers can utilize. 

They can also make their policies so that they will only provide a refund upon receipt of the returned items. 

3. Refund Fraud

Similarly, ecommerce refund fraud happens when a fraudster asks to be reimbursed because of an accidental overpayment, then asks for the refund to be paid to a different card. 

When the original card is not refunded, the retailer ends up being liable for this amount. 

This may be difficult to identify as an online seller because the request can seem like a legitimate ask from a customer. However, if they ask for the payment to be sent to a different card, this should be a fraud signal. 

How to Prevent it

Retailers should always have a policy that refunds can only be made to the payment method that was used to make the initial purchase. 

Additionally, they should encourage customers to implement two-factor authentication to make sure that only they can access their accounts to request refunds. 

4. Triangulation Fraud

Ecommerce triangulation fraud is a form of phishing fraud where fraudsters make a replica of a legitimate ecommerce store and host it on their own servers with competitive prices. Victims will visit the website in hopes to make a purchase and add in their payment information. 

After they provide their credit card data, fraudsters will utilize the card to purchase the goods from the actual site, then send them to the final customer. 

Even though the customer may actually receive the goods, their credit card information has still been compromised and retailers are not receiving the direct business. 

How to Prevent it

This is one of the more sophisticated fraud tactics taken by scammers, so it can be challenging to detect since the retailer is making money from the sale and the customer is receiving the goods. 

So, retailers may need to invest in fraud detection software in order to prevent this, in addition to strengthening their policies to deal with chargeback claims in the event that the person with the stolen card notices a charge to an unknown dealer and makes a claim. 

5. Card Testing Fraud 

Ecommerce card testing fraud is very common and widespread across the industry. This occurs when a fraudster gains access to stolen credit card information, likely purchased from the dark web, and then tests out the card in small transactions to see if it’s still active. 

This is a type of ecommerce scam that is also referred to as card cracking fraud. Because they test with such small transactions to begin with, they often won’t be realized until much larger purchases are made. 

How to Prevent it 

Retailers should flag accounts when multiple small transactions are attempted within a small timeframe to prevent this type of fraud. 

Plus, CVV matching technologies should be implemented to help stolen cards not be utilized by unauthorized parties, in addition to IP address tracking and detection. 

6. Affiliate Fraud

Some ecommerce stores utilize promotional tactics like affiliate marketing in order to boost sales, though this may subject them to ecommerce affiliate fraud. 

This may look different depending if the affiliate program is based on traffic, leads, or sales. However, scammers will either generate fake sales, fake leads, take credit for sales from other affiliates, or real sales with stolen cards in order to do this. 

Online sellers may recognize that this has occurred when certain affiliates are earning a lot in a short period of time, especially compared to historical levels. 

How to Prevent it

If retailers want to utilize affiliate marketing, they need to strengthen the terms and conditions of their program in order to prevent this type of fraud and crack down on it once it occurs. 

Another is to manually or through a software program check transaction details to see where the purchase originated, IP information, and other data to help detect when this fraud is occurring. 

7. Buy Now, Pay Later Fraud

Buy Now, Pay Later payment programs are growing in popularity, which has spurred a related ecommerce fraud trend. 

There are a number of ways that the ecommerce buy now pay later fraud can occur. One way is a type of account takeover fraud, where fraudsters enter a legitimate customer account and make numerous purchases with BNPL payment methods. 

With this, the small initial payment may not flag anything for the actual cardholder, though as the recurring payments continue, it grows to become a bigger problem. 

How to Prevent it

Online sellers can work on preventing BNPL fraud by only working with legitimate BNPL providers who do proper vetting to ensure that they will be paid. 

Plus, retailers should encourage customers to enable two-factor authentication so that unauthorized users cannot initiate BNPL transactions from their accounts. 

8. Retail Arbitrage Fraud

This is a type of online store fraud where buyers will make purchases of huge quantities with the use of malicious bots. From there, ecommerce retail arbitrage fraud occurs when the goods are later resold on a different platform at a slightly higher price, profiting the difference on each transaction. 

This activity can cause wildly varying prices across the market, which can be confusing for legitimate retailers and customers alike.

This may be easy to recognize by retailers, especially if they notice large purchases of the same product being made at once, or that their products being sold on other platforms for a slightly different price. 

How to Prevent it

Online sellers should have anit-fraud systems in place to detect when orders of this nature or purchase pattern are being made. 

Plus, they may also want to tighten up their terms and conditions for how they deal with fraudsters when this occurs in the future. 

9. Gift Card Fraud

In certain situations, a fraudster will steal a consumer’s payment information to buy an e-gift card, then they will sell the gift card online to someone else. 

Ecommerce gift card fraud is a type of online retail fraud that is growing in popularity, and can negatively impact consumers when the scammers re-sell the e-gfit card numbers multiple times. This means that certain purchases may end up with a gift card that no longer has value. 

Retailers may recognize this is occurring if customers complain about e-gift cards not working, or if they see their gift cards are being sold on sites other than their own. 

How to Prevent it 

Retailers can encourage customers to only purchase e-gift cards from the store directly rather than from other third-party vendors online. 

Plus, they may want to implement a fraud detection program that will recognize when e-gift cards are being purchased in bulk from their site. 

10. Credit Card Fraud

There are many different types of ecommerce credit card fraud that can occur between fraudsters and online sellers. 

Most of the time, it has to deal with a case of identity theft where a scammer has purchased credit card information online on the dark web, and is posing as the actual cardholder when making purchases. 

This may be referred to as a card-not-present (CNP) scheme, meaning the person making the purchase doesn’t physically have the card with them. Online sellers can detect this is occurring when there’s been multiple failed payment attempts with a given card or multiple cards at a time. 

How to Prevent it 

Online sellers should always requre CVV verifiication in order to make sure that the purchaser physically has the card with them. 

Plus, retailers can encourage two-factor authentication on customer accounts to ensure that only rightful parties are accessing their accounts and store payment information. 

11. New Account Opening Fraud

With ecommerce new account opening fraud, fraudsters create a new account from parts of stolen, real identities. They will then use this account to take advantage of different offers and deals that retailers provide to new customers. 

This can make it difficult for retailers to recognize when new accounts are fraudulent, and when they’re made by real customers. 

However, they may be able to detect that this is occurring when they notice multiple or duplicate accounts where certain information overlaps, like phone numbers, email addresses, and shipping addresses. 

How to Prevent it

Retailers should have policies that prevent duplicate accounts from being made with the same email address or phone number. This may help to catch when new account opening fraud is occurring, which could be costly. 

At the same time, they should have customers use two-factor authentication, because this will attach their phone number and email address to their account, and not let others utilize this information to open fraudulent accounts. 

12. Interception Fraud

When a fraudster buys something on an ecommerce site using stolen credit card information and attempts to intercept the products before they reach the actual billing address registered to the card, it’s considered ecommerce interception fraud. 

Scammers may obtain stolen or compromised credit card information on the dark web, which they can then use with online retailers using the registered shipping address so as to not raise any flags. 

Retailers may recognize this type of fraud if they’ve received requests to change the shipping address once the order has been placed. 

How to Prevent it

Online sellers can prevent interception fraud by prohibiting the shipping address to be changed once the order has been made. 

They can also encourage users to implement two-factor authentication so that no unauthorized users can access their accounts to change the shipping address for future purchases. 

13. Refund Abuse

This is a type of ecommerce fraud that is very common and occurs when customers return a broken, damaged or stolen item in exchange for a refund. 

With ecommerce refund abuse fraud, scammers may steal packages from someone’s doorstep to request a refund, or try to return an item that they have broken or damaged after obtaining it legitimately. 

Retailers may notice this if the returned items are clearly broken or damaged, or if the party requesting the refund wants the funds to be sent to an alternate form of payment than how the purchase was made.

How to Prevent it

To prevent this type of fraud in ecommerce, retailers can inspect returned packages before approving the refund. Or, they can have policies where the refund can only be made to the payment method that made the initial purchase. 

Two-factor authentication can also be used to ensure that only the authorized user can enter into the account and make changes or refund requests. 

14. Loyalty Fraud

Online sellers may also face ecommerce loyalty fraud, which is when customers join a loyalty program, earn points through stolen cards, then resell the points for a percentage of their value. 

Most of the time this occurs in tandem with account takeover fraud, in the sense that the scammers will need to gain access to a legitimate account in order to pull this off. 

Retailers may notice certain customer accounts making a lot of purchases in a short amount of time in order to earn points. 

How to Prevent it

Retailers can mitigate this fraud risk by updating their terms and conditions to make sure legitimate customers are finding any loopholes in the loyalty program to take advantage of. 

They should also have customers set up two-factor authentication on their accounts so that they are the only people who can access their accounts and make purchases. 

15. Promotion Fraud

Ecommerce promotion fraud is when fraudsters find loopholes in a retailer’s promotions to claim products for free. 

Many times this online fraud will occur when a user creates multiple accounts to repeatedly claim a free trial or other generous promotion. This may involve using multiple IP addresses, email addresses, or more to create multiple accounts. 

Online sellers may recognize this because they are receiving multiple claims of the free offer from the same IP address. 

How to Prevent it

Retailers can use fraud-detecting software in order to track the IP addresses of customers and detect when the free trial has been requested multiple times from the same system. 

Requiring two-factor authentification can also help with this type of online retail fraud, because someone can only use their phone number or primary email address one time when setting up a single account, not multiple.

Similar Posts