Fraudsters can use identity theft to commit another crime or as an end goal in itself. Credit card information gets stolen in 41% of identity fraud cases. For example, a criminal might steal credit card information to purchase more goods online or open fake accounts. Fraudsters will also impersonate real customers to create fake accounts and trigger fraudulent transactions.
Clean fraud involves using stolen credit card information to impersonate cardholders without alerting businesses that a particular account has been compromised. This allows criminals to purchase goods online without raising suspicion.
Fraudsters can get hold of credit and debit card details by tricking people into making purchases on a fake website, intercepting messages between the two parties of a transaction, or buying them on the dark web.
When fraudsters are part of an affiliate program that generates commission, they can manipulate traffic or signups to make the company running the program think they’re getting actual attention and business when they’re not.
This can be as simple as refreshing a webpage multiple times or sending multiple spam emails or pop-ups.
Triangulation fraud requires the cooperation of three different parties: a fraudster, a customer, and an e-commerce site.
The fraudster sets up a storefront that sells high-demand goods at competitive prices. Once customers place orders on the fraudster’s website, the fraudster uses stolen credit card numbers or other types of payment data to purchase legitimate goods from your e-commerce website.
While the fraudster’s store customers may be receiving real goods for an unbelievably low price, the victims are those whose credit card information has been stolen. Your business also loses as you end up shipping real items our to the fraudster.
Phishing scams are as old as the internet itself. A phishing scam is often based on email solicitations asking for sensitive account information.
Recently, there has also been an increase in scammers posing as e-commerce retailers. They send emails disguised as order or delivery confirmations and ultimately aim to extract sensitive account data or lead victims to a fraudulent site.
Links in phishing emails often go to trap sites loaded with viruses, malware, or other hacking-related misfortunes. Experts recommend hovering over suspicious links rather than clicking on them immediately.
Pagejacking is when hackers create a fraudulent web page that mimics an existing site. More advanced cases involve pagejacking a high-ranking site and siphoning off its search engine traffic.
Pagejacking can also go hand-in-hand with “mousetrapping,” in which a page prevents users from exiting by opening a new window every time the user tries to close the browser or flooding their computer with endless pop-ups.
As far as e-commerce is concerned, pagejacking is another effective technique for phishing, for example by mimicking a site’s login page to collect usernames and passwords.
In addition to the very real consequences for customers, the last thing an e-commerce brand wants is their customers second-guessing their store’s legitimacy due to a fraudulent impersonator.
Chargeback fraud is a scam where scammers purchase large online orders from merchants and then cancel their payments after the goods have been shipped. They keep the merchandise without paying for it.
Popular techniques include calling the bank and telling them that they had their identity stolen, or pretending that the delivery never arrived. Even in the best situations when the scam is caught in time, the merchant still has to waste time and resources investigating a false claim.
To make matters worse, merchants also have to differentiate so-called “friendly fraud” from actual chargeback fraud. Friendly fraud is when a legitimate customer accidentally causes a chargeback fraud, such as missing a package delivery or entering the wrong payment details. Merchants, meanwhile, are stuck in the dark about whether a chargeback had malicious intentions or was just an accident.
Card testing fraud
Card testing (also called card cracking) is one of the most widespread e-commerce fraud tactics. In this scenario, cybercriminals either steal credit card data themselves or purchase stolen credit card data on the dark web.
They then test the credit cards online by making small purchases to see if they can use the card to complete a transaction.
Once they know that the credit card number works, they begin making larger purchases.
Account takeover fraud
Gaining access to a user’s account online is not uncommon, but it happens less frequently across e-commerce stores than through other gaming or content sharing sites.
Some examples of how accounts get hacked include purchasing stolen passwords or security codes on the dark web or successfully orchestrating a phishing scam against a specific user. Once they have gained access to a user’s account, they can make fraudulent transactions on the merchant’s site and withdraw funds.
Account takeover fraud can be costly both in terms of a store’s reputation as well when it comes to the loss of customers. Having a secure platform and giving users easy tools to secure their accounts helps merchants combat account takeover fraud.