E-commerce: what are the different types of online fraud?
Online fraud, where do we stand?
With the widespread deployment of strong authentication solutions for online payments (a receipt of a code or password by SMS or validation of the transaction via the bank's mobile application), the situation is rather positive: fraud on internet payments will be down in 2021, according to the Observatory for the security of payment methods.
However, the cost is not neutral for e-merchants: in Europe, the cost of fraud is 3.49 times higher than the amount of each lost transaction (source: LexisNexis Fraud Multiplier(TM)). And this also impacts the trust consumers have in the websites on which they buy because, for many, the fault is primarily blamed on the merchant rather than the fraudsters. There are therefore many issues at stake, particularly with regard to credit card fraud: verifying that it is a person and not a robot, but also verifying that it is indeed the owner of the credit card and not a case of identity theft!
A good practice for the first verification is to propose a captcha at the time of the transaction, where the customer is asked to enter a series of numbers and letters or to identify a notable element in a photo.
1. Credit card payment fraud
"This type of fraud is particularly common for small amounts - less than €30 - for which some e-merchants skip the strong authentication stage, notably for reasons of simplifying the purchasing process", explains David Le Dru, a fraud expert at Monext, a retail and online payment solution.
It is therefore not surprising that subscription-based services - streaming, online games etc. - are particularly exposed to this fraud technique. - No wonder subscription services - streaming, online games, etc. - are particularly exposed to this fraud technique, as they often involve transactions of just a few euros. According to an analysis by Stripe, which specialises in online payments, charities are affected by this scam. Again for the same reasons of small donation amounts but also due to a lack of resources (fraud experts and tools).
To prevent this, business management rules can be put in place such as limiting the number of new customers per day or purchases from the same IP address over a given period of time etc. Artificial intelligence can also be used to detect unusual activity.
2. Fraud by manipulation
"For larger amounts, which require validation by the cardholder, techniques have evolved towards social engineering, where real psychological manipulation is used," notes David Ledru. The scam is increasingly sophisticated, consisting of calling the person pretending to be their bank department or the fraud department of their bank. The real owner of the bank card is then led to validate the information and the transaction himself, thinking on the contrary that he is preventing it!
Fraud therefore most often begins with a search for information to simulate a pseudo "knowledge and proximity" with the person.
Good practice: make your customers aware of these new approaches to fraud with education to inform them that this type of behaviour exists.
3. Fraud involving payment in several instalments
Faced with increasingly diversified payment methods, cybercriminals continue to develop their fraud techniques. With the deployment of split payments - in France, more than a third of consumers use split payments to buy goods - the scams linked to payment in several instalments have multiplied.
"In this case, users pay the first instalment and then stop payment on the card or empty the account, leading to a situation where the other instalments are not solvent," explains David Le Dru.
It is therefore better to be accompanied by a robust solution partner concerning risk-taking or to better score upstream the agreements to pay in instalments to avoid the riskiest profiles, especially as more and more households are accumulating instalments (even for small amounts), leading to situations of household over-indebtedness.
4. Fraud involving "pseudo" non-receipt of packages
Here the deception consists of pretending not to have received the order in order to request the cancellation of the transaction from the merchant or the bank. Or claiming to have made a return when the product has been retained.
Hence the importance of a rigorous order tracking process: confirmation of the transaction, delivery address, etc., but also of a clear product return policy, which stipulates that the process is only possible once the product has been received.
5. Customer account theft
Finally, the recommendation is for stronger security of customer areas on merchant sites, so that consumers are not exposed to the hacking of their accounts, in particular through the recovery of their password.
What is the attraction for the fraudster? In particular, that of recovering purchased vouchers or codes, as may be the case for brands that offer vouchers via their loyalty programme or the purchase of digital products such as codes for video games. New authentication methods such as social login, biometric identification or a one-time password with a single-use code or link are therefore preferred. Otherwise, the invitation to create a complex class word, difficult to find, even by bots.