Online retailers are losing a huge chunk of their earnings to fraudsters. How can you protect your brand from this threat?
The Internet provided companies a better way to market and sell their products. By putting up online shopping platforms, they can reach more customers and provide them with a hassle-free way to shop. Combine this with 24/7 availability and door-to-door delivery and you have the makings of a successful brand.
Ecommerce—the umbrella term covering all web-based commercial transactions—thus presents entrepreneurs with a lot of opportunities. But it also comes with risks, many of which are unique to digital brands.
One of the biggest threats is online fraud. In 2014, fraudulent schemes by cybercriminals robbed businesses of $16.31 billion worth of revenues. This means companies lose 5.7 cents for every $100 they earn.
This new breed of crime is difficult to ward off, as they take on many forms. Here are the four main types of fraud you must be aware of.
1. Identity theft
This one is perhaps one of the most common form of online scams. Identity theft is the illegal acquisition of a person’s private information: name, birth date, address, credit card details, and others. Criminals then disguise themselves under this new identity to conduct illicit transactions. For instance, they can order items using a false name or use someone else’s credit card details to pay.
Fraudsters steal a new identity in various ways:
• Pharming. Criminals redirect Internet users to a fake website that’s been designed to look like a legitimate one. This allows them to siphon customers’ account details, such as usernames, passwords, and account numbers. After stealing these bits of data, fraudsters will then be able to take over an existing account and use it for online shopping.
• Phishing. Here, attackers pretend to be a reputable person or organization in order to trick other people into revealing their private data. Using email, instant messaging, and other channels, phishers may send messages that contain links or attachments. When clicked on, these would install malware on the recipient’s device, allowing criminals to collect personal information about the user.
• Man-in-the-middle attacks. Also called MITM, this one is generally more sophisticated than the two discussed above. Under this method, attackers place themselves between customers and businesses (or customers and financial firms) to copy credit card or login data. At times, they may also alter the messages or information exchanged during the transaction.
This type of ecommerce fraud can be difficult to spot, as they’re carried out by customers themselves. They start by ordering items and paying for them using their debit or credit cards. In fact, they make it a point to follow all your policies so you won’t even get a clue that they’re up to something suspicious.
The real crime happens right after you’ve shipped their orders. Customers may call you back to claim that their credit card details were stolen and then ask for a chargeback. Being an accommodating brand, you may agree to give them back their money. Thus, in the end, they get to keep your products without paying for them.
3. Clean fraud
When skilled cybercriminals commit a clean fraud, it’s almost impossible to detect, as they often leave no traces of any illicit activity. To do this, they closely study the fraud protection measures being adopted by an online shopping website. This familiarity lets them go around or find loopholes in a store’s web security features.
The truth, however, is that they also use another person’s credit card details to make purchases. To make sure they won’t get caught, they first collect a lot of details about the card’s owner. They may even verify that the credit card works by buying cheap items online so they can confidently make bigtime purchases later.
4. Triangulation fraud
A triangulation fraud, which combines several identity theft techniques, has three phases. First, a fake ecommerce website is created, luring in buyers by offering high-quality goods for extremely low prices. Typically, however, there’s a caveat: customers can only pay with their credit cards to acquire the item or gain more perks such as free shipping. The bogus website would then collect information about the customer.
Here’s where the second phase comes in. Once the customers’ names and credit card details have been stolen, they would be used by the fraudster to place a legitimate order on the shop’s real website. The items would then be shipped to the original customer. At this point, both the brand and the customer still don’t know they’ve become victims of an online scam.
During the third phase, the attackers make additional purchases using the stolen card data. This series of illegal activities often go unnoticed for a long period, which results to bigger profit losses for brands.