How To Prevent eCommerce Fraud

There are anonymous hackers all over the globe who work around the clock trying to bypass your company’s security defenses. Larger organizations likely have the resources to defend themselves against eCommerce fraud and other malicious attacks, but this doesn’t mean they’re immune to breaches, as we’ve witnessed in the news.

This isn’t always true for smaller companies. Inc. reports that an estimated 60% of small businesses go under within six months of being breached.

While it’s not possible to protect yourself against all online threats, below are some of the most common types of eCommerce fraud – plus tips on how to help minimize exposure.

1. Card testing fraud

Criminals often test stolen cards by running tiny transactions first. While it may be attractive to overlook a few lost pennies here and there, every dollar in direct theft can translate up to $3 in hidden costs due to fees and penalties.2

Protect yourself by using fraud management filters to set minimum transaction amounts for online orders. If your lowest-priced item is $2, the smallest approved transaction should be that amount or higher.

2. Stolen credit card fraud

If you sell physical goods, watch for this scam. Thieves use stolen cards to buy products before having them sent to a reshipper for collection. However, using fraud filters can help you flag orders where the billing and shipping addresses don’t match. The sale might be a legitimate one, but it won’t go through until you’ve had time to investigate.

3. Account takeover fraud

Cybercriminals can do a lot of harm if they gain access to your customers’ or employees’ login credentials. Fortunately, you can help limit this practice by:

• Restricting employee access to sensitive data on a need-to-know basis (also known as the principle of least privilege)
• Mandating longer passwords for all logins – complete with symbols, numbers, and mixed-case letters
• Requiring two-factor authentication (2FA) in which employees and customers must pass additional verification steps (beyond the usual username and password)

4. Chargeback fraud

Also known as “friendly” fraud, this scam involves customers who buy from you online pretending that:

• They didn’t place the order
• The package never arrived.
• The package arrived damaged.

Proving that you’re in the right can be tough, which is why chargeback fraud results in $30 billion in annual losses for online businesses. You can help reduce the frequency of this scam by:

• Making it easier for customers to request refunds with a clear return policy
• You are adding tracking and signature requirements to outgoing packages so you can verify delivery independently.
• Disabling guest checkout to make anonymous online ordering impossible

Even with a huge budget and an experienced security team, thwarting every cyberattack is not always possible. It is figuratively an arms race, with criminals constantly devising more inventive methods of bypassing security protocols and gaining access to sensitive information. However, those who build the strongest defenses have the best chances of avoiding the worst attacks.

For a more comprehensive overview of eCommerce fraud prevention tips and strategies, see the accompanying resource.

This information is provided for informational purposes only and should not be construed as legal, financial, or tax advice. Readers should contact their attorneys, financial advisors, or tax professionals to obtain guidance concerning any particular matter.

1. “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself,” Inc., 7 May 2018
2. “CNP Fraud Costs US Merchants $3.36 for Every $1 of Direct Fraud Loss,” CardNotPresent, 30 July 2020
3. “13 Scary Chargeback Facts,” Chargebacks911, 20 October 2020

Fiserv, an eCommerce platform provider, created an infographic.