eCommerce

eCommerce Fraud 101: A Guide to the Risks Facing DTC Brands

Taking your DTC brand online opens up a world of possibilities. Increased sales, stronger customer relationships and cross-border expansion to name a few.

It also comes with a unique set of challenges. While no business owner likes to think about how malicious actors or even their own customers could scam them, hiding your head in the sand doesn’t achieve anything.

eCommerce fraud is part and parcel of selling online, but you don’t have to be a victim. By understanding the size of the threat you face, what to look for, and how to protect your brand going forward, you can make sure your eCommerce journey gets off to the best and most secure start possible.

The Threat of Fraud Is Real and Growing

It’s impossible to understate the damage that eCommerce fraud is doing to online resellers nor the rate at which the threat is growing.

The 2018 True Cost of Fraud Study by LexisNexis found that retail fraud attempts had increased by almost one-third over the course of a year. 

Another study by Juniper Research estimates online merchants will lose more than $25 billion to fraud in 2024, up from $17 billion in 2020. This is despite improved security technology like secure customer authentication. As the study’s co-author Nick Maynard explains: “The explosion of eCommerce means that fraudsters have evolved their tactics, and so merchants must also evolve.”

Improving fraud prevention efforts will be even more important if eCommerce stores are held to greater account by financial institutions in the future. McKinsey analysts Marie-Claude Nadeau and Jonathan Steitz et al. say banks will increasingly hold merchants liable for costs associated with fraud as prevention technology improves. In other words, it’s your responsibility as a reseller to protect your brand and your customers. 

There’s no getting away from fraud, either. Everyone from small retailers to big brands is at risk, writes Rafael Lourenco, Executive Vice President at fraud prevention operation ClearSale. Thanks to a glut of cheap consumer data available on the dark web, you don’t have to be a high-end retailer to be a worthwhile target.

Customer frowns looking at a credit card and a laptop; concept: eCommerce fraud is part and parcel of selling online.

eCommerce Fraud Takes Many Forms

Like many online businesses, DTC eCommerce stores face a diverse threat landscape and are at risk from both professional thieves and their own customers. 

Identity theft compromises 71% of all eCommerce fraud attacks, writes UKTN News Editor Alara Basul at Ravelin. Attackers don’t just use stolen credit card data. They also use stolen email accounts, names, addresses and even IP addresses to add legitimacy to their transaction and fool manual and automatic fraud prevention efforts.

Next, there’s account takeover fraud. This is very similar to identity theft, says Brad Boegler, Director of Systems Operations at web hosting solutions provider Nexcess, but thieves take over existing accounts instead of creating new ones.

There are several ways attackers take over accounts, he explains. The most basic attacks use brute force to guess username and password combinations. Attackers can also use stolen data in the hope that consumers use the same username and password combination for multiple sites. On the more sophisticated end of the spectrum, hackers can use phishing attacks to fool consumers into handing over data or try to bypass eCommerce store authentication efforts themselves.  

Chargebacks — where consumers dispute the purchase  — are also common, writes Louis Columbus, Principal of manufacturing software provider IQMS. They are also one the most expensive because of the resulting fees and loss of inventory. 

This type of consumer fraud will be a bigger problem than traditional retail fraud within three years, predicts Indy Guha, Signifyd Senior Vice President of Marketing & Alliances.  “Among the most ominous threats to retailers’ profits is so-called friendly fraud or consumer abuse—shoppers filing false reports that a package never arrived, came damaged or did not live up to the description on a merchant’s website.” 

Store Owners Play a Role in Detecting eCommerce Fraud

It’s very common for brands not to realize they’ve been a victim of eCommerce fraud until they’re slapped with a charge from a credit card company. Spotting fraud as it happens isn’t impossible, however, even for the small DTC stores.

Srii Srinivasan, Chief Executive Officer and Co-Founder of Chargeback Gurus, offers several ways store owners can detect fraud. These include:

  • Compare billing and shipping addresses. Long distances between the two can suggest fraud.
  • Look closely at the shipping destination. Orders that deliver to freight forwarding companies or re-shippers should be scrutinized. 
  • Identify patterns. Multiple failed purchases with different card numbers is a big red flag.

You can also look for unusually large orders and suspect email addresses, writes the team at Ravelin. Store owners should pay particular attention to these warning signs during peak traffic periods like the holiday season, they add. 

These indicators don’t just highlight fraud, writes the Worldpay editorial team. They also highlight just how hard it is to fight fraud. While these are all signs that fraud may have been committed, they aren’t guarantees. Legitimate transactions can feature any and all of these warning signs, and denying such transactions can be just as detrimental for your brand.

Three customers frown at a laptop; concept: eCommerce fraud is part and parcel of selling online.

Store Owners Can Prevent eCommerce Fraud

Just as you can detect fraud, there are plenty of actions store owners can take to prevent eCommerce fraud from happening in the first place. 

Being transparent with consumers and maintaining good communication can go a long way to stopping instances of chargeback fraud, writes the team at checkout platform Bolt. The better you can resolve problems, the less likely customers will complain. Even something as simple as using consistent and familiar branding across all communications, and especially on credit card charges, will reduce the frequency of complaints. 

It’s important to choose a payment processor that automatically identifies and blocks fraudulent purchases too, writes Lucas Miller, Founder of Echelon Copy. Even the most basic of filters can help stop fraud attempts in their tracks.

Following PCI Security Standards is a must, says John Rampton, Founder of payment processing company Due. These regulations, established by the credit card industry, lay out how retailers should accept, transmit and store cardholder data. “Becoming compliant is one of the most effective ways to thwart credit card fraud,” he writes.

Complying with PCI doesn’t mean you can store as much data as you want, however. In fact, the less information you do store, the more secure you are, says PCMag Business Analyst Gadjo Sevilla. “Businesses should avoid the temptation of collecting more customer data than is absolutely necessary,” he writes. “This avoids inconveniencing your customers and the possibility of losing that data in a breach or a hack.”

Above all else, be prepared for when issues do occur. The team at Square recommends that brands maintain excellent records and keep all receipts. “If a customer initiates a dispute, your only available recourse is to provide proof that the order was fulfilled.”

Outsourcing Fraud Protection Is the Favored Choice

Even the biggest brands usually don’t handle fraud protection on their own. Most merchants believe outsourcing fraud protection offers excellent value for money, according to a Javelin study. Third-party experts reduce operational costs, adapt risk strategies more quickly and implement secure solutions faster.

It starts with your eCommerce platform. Security should be a priority when choosing your eCommerce platform, says entrepreneur and angel investor Andrew Medal. If your platform takes payments on your behalf, they should be the one working towards security standards like PCI. 

They should also act as a merchant of record and seller of record. This holds them financially liable to banks and responsible for shouldering the cost of chargebacks and other fraud-related fees. While it’s your responsibility to choose a platform that gives you as much protection from fraud as possible, you shouldn’t be held liable for their mistakes.

Images by: Kevin Ku, Aleksandr Davydov/©123RF.com, Antonio Guillem/©123RF.com