While cybercriminals rarely take a day off, there’s no denying that when the holiday season approaches, their window to strike widens and their potential rewards become far greater.
In fact, with ACI Worldwide projecting that global eCommerce spending will increase by 27% this holiday season as COVID-19 forces consumers to move their shopping online, the threat of fraud also rises.
ACI’s research, for instance, has already reported a $9 increase in the average ticket price for fraud attempts for the first nine months of the year compared to the same period in 2019.
While this might seem trivial at first glance, the costs add up quickly. The National Retail Federation reported that theft and fraud cost retailers $62 billion in 2019, up from $51 billion the previous year.
Although the techniques used by bad actors today to rack up these numbers are growing more sophisticated, one of their most popular weapons is ‘Domain Spoofing’, a common form of phishing that occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees.
This can be done by sending emails with false domain names that appear legitimate, or by setting up websites with slightly altered characters to lure consumers onto fraudulent webpages and ultimately, prompt them to enter financial details or other sensitive information.
A simple yet undeniably damaging approach, it’s one that every consumer and business needs to be on the lookout for this holiday season.
Especially when you consider how COVID-19 and the impact it has had on how people work and the shop has led to a dramatic uptick in cybercriminal activity — in particular, phishing attempts.
Google, for example, reported that in just one week in April, they saw more than 18 million daily malware and phishing emails related to COVID-19.
Meanwhile, massive phishing campaigns like the ones that attempted to deliver Trickbot and Emotet trojans, sparked mass anxiety and even drew official warnings from governments in France, Japan, and New Zealand.
Why Does eCommerce Fraud Happen?
Here are a few reasons why eCommerce fraud happens:
Ease – eCommerce fraud is much easier compared to physical fraud where they would have to break into homes, offices, cars, etc. Here, hackers even buy stolen credit cards on the dark web and do frauds.
Anonymity – Another reason why it’s common is anonymity. Hackers can execute these frauds from behind a screen without risking meeting anyone in person.
Evasion – Since eCommerce fraud is carried out across borders it gets challenging for the police to trace. Also, usually, it’s done in small amounts from multiple victims, which makes it difficult for the police too.
Types Of eCommerce Fraud
To understand eCommerce fraud prevention you will also need to know about the different kinds of eCommerce fraud:
Credit Card Fraud – In credit card fraud, the fraudster uses a stolen credit card information to make online purchases from a web merchant.
Affiliate Fraud – In affiliate fraud, the criminal games the system and defrauds the online merchant through fake activity to either generate false commissions or to increase the amount of these commissions.
Chargeback Fraud – In chargeback fraud, the criminal takes advantage of a refund received by the customer to duplicate it and receive that amount themselves.
Phishing/Account Takeover – When hackers trick customers into giving them important details like user name, pin, password, etc. with the help of phishing techniques.
Interception Fraud – In Interception Fraud, criminals make purchases with stolen credit cards for the actual address of the card owner, but later intercept and change the delivery address.
Triangulation Fraud – This is a three-way fraud where the criminals create a fake online store to accept purchases in the first step, steal the credentials to make the actual purchase from an authentic store and ship to the customers in the second step, and use the credentials to make additional purchases for themselves from the same store in the third step which usually remains undiscovered for a long time.
The Struggle To Stomp Out Fraud
With the above in mind, it’s vital that all businesses and every consumer are cognizant of the dangers that domain spoofing and other forms of phishing represent.
But the truth is, the simplicity of its approach makes it especially difficult to prevent.
That’s because although most consumers are aware of the dangers of this type of fraud, even the most highly aware people are going to click on links if they fit into the context of their everyday life.
For example, when researchers at Friedrich-Alexander University in Germany conducted a study amongst university students to find out what drove people to click on links from phishing emails, 27% of clickers explained that they did so because they could identify with the situational context given in the message.
Curiosity, they said, also played a factor.
Of course, this isn’t even to mention the fact that domain spoofing attempts are becoming more and more manipulative, with attackers utilizing company logos, branding, and the overall design and aesthetic of a legitimate business in their emails and on their fraudulent websites.
Additionally, with 3.1 billion domain spoofing emails sent by scammers every day, the odds of falling victim unfortunately increase.
In fact, according to the Federal Trade Commission, over 96% of companies operating today suffer from domain spoofing attacks in one form or another, while the FBI reports that these types of attacks have cost consumers and businesses $26 billion over the past six years.
Optimizing Your Online Presence To Battle ‘Brand Jacking’
With the stakes this high, it’s simply not an option for brands to ignore the threats that this type of fraud poses for themselves and their customers.
And this is particularly true for the businesses navigating the stresses of moving online due to COVID-19 for the very first time.
While it’s easy for these types of brands to mistakenly call phishing a one-way problem, the truth is that if a business isn’t using an authenticated email, their domain name is at an increased risk of being ‘brand-jacked’ and used to scam their customers and ultimately, damage their reputation and steal their money.
With the holiday season promising to give brands a much-needed boost in what’s been a tumultuous year for many bottom lines, it’s vital that they take the necessary steps to protect themselves and their customers from bad actors.
The good news is, the solution is often as simple as the problem itself.
For example, keeping domain names short and void of unnecessary characters, symbols, and of course, misspellings is an easy and effective way of reflecting brand authenticity and legitimacy.
Brands can also differentiate themselves from fraudsters by utilizing high-quality graphics, developing superior content, and delivering first-rate user experiences.
As we know, UX is fast becoming a key differentiator for businesses looking to set themselves in an increasingly competitive eCommerce environment.
But now, as the threat of fraud rises, it’s a must-have for consumers looking for seamless experiences that help them feel safe online, too.
A couple of ways to achieve this is for businesses to ensure that all of their information is visible on their website, and to create an avenue for customers to easily get in contact with staff, whether it’s to provide feedback or ask questions.
Something as simple as a branded email for instance (contact@business.store) compared to a non-branded email (systemtech@gmail.com), as well as public returns information, can have a huge impact on consumer confidence and grow their comfortability with making a transaction.
Likewise, by placing social proof at every stage of the customer journey — whether it’s testimonials, reviews, likes, or shares — brands can build trust with customers and encourage new ones to buy from them with confidence.
With 58% of consumers admitting that they expect to do more online shopping after the pandemic than they did prior, and as COVID-19 elevates their expectations for a seamless online experience, the influence of a brand’s existing digital footprint can’t be underestimated.
This is especially true when you consider the fact that most people will read up to ten reviews before making a purchase decision, and 54% will visit a website after reading positive reviews.
Here are some more ways you can prevent eCommerce fraud:
1. Conduct Site Security Audits Regularly
One of the most effective methods of eCommerce fraud prevention is to conduct site security audits regularly. Ask yourself questions like these:
- Are your plugins and shopping-cart software up-to-date?
- Is your SSL certificate currently working?
- Are you backing up your online store often?
- Are you using strong passwords for admin accounts, CMS, database, hosting dashboards, and FTP access?
- Are you scanning your website regularly for malware?
- Are you encrypting communication between your store, customers, and suppliers?
2. Ensure Your Store Is PCI Compliant
To operate an eCommerce store that accepts payments through credit cards, it must be PCI or Payment Card Industry compliant.
The PCI Security Standards Council develops and manages the PCI standards for compliance to ensure the security of transactions through credit cards in the payments industry.
Make sure that your eCommerce store and business processes meet all these PCI standards. Your store will typically be compliant if you operate a SaaS-based store.
3. Address Verification Service (AVS)
Credit card processors and issuing banks usually offer an Address Verification Service to identify suspicious credit card transactions in real-time and prevent credit card fraud.
It checks the billing address that is submitted by the customer with the cardholder’s original billing address that is on file with the issuing bank.
This check takes place as part of the store’s request to the payment processor for the authorization of the credit card transaction.
If the addresses don’t match, the system might either decline the transaction or flag it for investigation.
4. Card Verification Value or CVV
Card Verification Value or CVV is the three-digit security code that is on the back of VISA, MasterCard, and Discover debit and credit cards and the four-digit security code on the back of American Express debit and credit cards.
By demanding this for every purchase you can ensure that the customer physically has possession of the card and the chances of fraud are lower.
5. Hypertext Transfer Protocol Secure or HTTPS
HTTPS is just the secure version of HTTP, which is a primary protocol to exchange data between a customer’s web browser like Google and your eCommerce store.
HTTPS encrypts the data to protect sensitive information like customer names, addresses, and card details.
HTTPS can help you with eCommerce fraud prevention by not letting your transactions broadcast in a way that is easily viewed by hackers, fraudsters, and cybercriminals.
You can buy an SSL certificate for your online store to be able to use HTTPS.
6. Compare The IP Address With The Credit Card Address
Every order that is placed on your eCommerce store comes from a unique IP address, which is a string of digits separated by periods that identifies each device using the Internet Protocol to communicate on the web.
Detect the region or city where the purchase is being made, compare it with the IP address, and flag it if they don’t match and look suspicious.
7. Avoid Non-Physical Shipping Addresses
Fraudsters usually avoid detection by not providing their physical address, and by using a PO box or any other anonymous location. The police can’t go knocking if there is no door to knock on.
For eCommerce fraud prevention you can avoid shipping products to PO boxes or virtual addresses like those of freight forwarders.
Only authorize purchases and ship your products if the delivery address is that of a residential property or an office.
8. Anti Fraud Solution
Lastly, the most effective method for eCommerce fraud prevention is using a software solution that can help you detect and prevent online frauds. There are various software solutions available in the market and you can get the one that suits your budget.
Besides, every tool has its own process of installation and ongoing management. You can pick the one depending on whether you want the one with a hands-on solution, or involves expert hands.
Rudimentary anti-fraud tools – these tools perform a single specific function. They are integrated into eCommerce platforms and online shopping carts.
They use machine learning algorithms to detect fraudulent transactions through IP geolocation, conduct device fingerprinting, validate email addresses, and verify addresses.
Mid-level anti-fraud tools – these offer a wider variety of functions like chargeback guarantees, protections against new account fraud, auto declining of high-risk orders, and account takeover protection.
Top-level anti-fraud tools – besides everything that the other tools offer, these tools also offer outsourced case management, loyalty fraud management, expertise working with large merchants, policy abuse protection, automatic decisions, and a manual review of suspicious transactions to make sure that no good order is declined by the software by mistake.
Ensuring A Safe & Seamless Holiday Shopping Experience
The truth is, the risk of falling victim to fraudsters is prevalent year-round. But it’s fair to say that the holidays — and this season in particular — sees increased activity from cybercriminals.
At the end of the day, these malicious parties are highly motivated by money. And as we all know, consumer spending consistently skyrockets once the calendar turns to November.
So while determined hackers will continue to attempt to scam vulnerable businesses and consumers, there are simple steps that can be taken by both cohorts to protect their online brand, reputation, their personal information, and their money.