Content Marketers » Publish Your Business Blog, Videos and Events on ALL EC » Save 25% Today!
Welcome Guest | Sign In
ECommerceTimes.com
salesforce commerce cloud

Telltale Signs of E-Commerce Fraud

By Ori Eisen
Feb 25, 2009 4:00 AM PT

In a time of economic crisis, there tends to be an increase in the number of people that turn to criminal activity. Although petty crime is usually one area that shows a significant upswing, an additional form of criminal activity on the rise is fraud.

Telltale Signs of E-Commerce Fraud

Before you can stop fraud, you need to know how to define it in order to properly identify it. Fraud is defined as the use of deception to obtain money or something else of value. Although typically carried out online, some fraudsters pursue the riskier physical fraud in which they interact with people face-to-face.

When fraud is carried out online, however, fraudsters can orchestrate an attack on a much larger scale, allowing them to sit back and wait for the goods to arrive.

Define and Identify

To identify fraud, there are some red flags that all businesses should be aware of. Some of the red flags include the following:

  • Order velocities -- Defined as multiple orders placed within the same day, hour or minute, they typically appear from one device, one address, one card or one user ID.
  • Risky street addresses -- Often, you can accurately estimate the level of risk of carrying out an order by utilizing the Google Maps Street View to determine the location of the shipping address. If the address looks like an abandoned building, making a call to validate the card holder really made the purchase is advised.
  • Anonymous/free email accounts -- These email accounts illustrate a higher percentage of fraud activity than those associated with a paid Internet service provider or a company email address.

Types of Fraud

There are a number of different types of fraud. Here we provide you with a brief description of some types most frequently encountered within the e-commerce industry:

  • Card-not-present fraud -- Also known as "CNP fraud," this is the basic form of fraud carried out online. A purchase can be made with just the card number; no physical card is needed.
  • Gift Card Fraud (card purchased in store) -- To avoid being caught by initial fraud screening technology, the fraudster pools together several small denomination gift cards to purchase a bigger ticket item online. Typically, the gift cards are purchased with stolen credit card information.
  • Gift Card Fraud (card purchased online) -- This type of fraud is frequently carried out with the utilization of a fake email account. Since the purchase of a gift card online requests only an email address in order to receive a confirmation code, this allows the fraudster to purchase many gift certificates on one [stolen] credit or debit card and send the gift card credits to multiple email addresses. Typically, the fake email accounts are set up with free email services.
  • Friendly Fraud -- This type of fraud is carried out by someone who places an order online and follows up with a complaint. Usually stating that they never made the purchase or did not receive the merchandise, this is one of the most difficult types of fraud to detect since it crosses into both the online and physical realms. Because of friendly fraud, fraud will never be completely eliminated.

Fraud in the E-Commerce Industry

Fraud ranks as one of the biggest problems within the e-commerce industry. Fraud rings pose the biggest threat as this technique utilizes the latest technology with one purpose in mind: Get away with as much fraud as possible. Fraudsters are getting better at fraud ring activities, as well, causing merchants to find it difficult to link transactions in order to find fraud. Many merchants ranked fraud rings as one of the biggest challenges to fighting online fraud.

An additional emerging threat to the e-commerce industry is the challenge of m-commerce, or mobile commerce. Mobile device users are generally less protected when accessing a merchant's Web site, frequently due to the merchant's establishment of "light" versions of the Web site, ironically designed to attract more mobile users. Merchants typically have not yet considered the potential new security threat or established stronger user-authentication on this platform, and fraudsters know it.

Possible Solutions

At this point, you're probably wondering if there is even anything that can be done to stop fraud before a company or a legitimate customer becomes a victim. There is. Although fraud may be one of the biggest threats to the e-commerce industry, there exist a number of solutions which focus on utilizing the technology and techniques that are readily available today. Depending on the type of goods/services that are sold, there are two approaches:

  1. Digital goods (such as music, software and video) -- These items are delivered in real-time, making it critical to assess the order quickly to determine the likelihood of fraud. Because the goods must be released almost instantly, it is recommended to fulfill any order not immediately deemed fraudulent. Re-screening the order later enables a more thorough investigation. If upon further investigation the order is found to be fraudulent, the card should be credited back for the goods that were purchased. This protects the victim from the charge and the company from eventual chargeback.
  2. All other goods -- Since these orders are processed and then scheduled to ship, there is time to allow the fraud detection screening system to fully assess the risk of an order, and then sort-out questionable orders for further review. With this system in place, fraudulent orders can be stopped before being processed. This protects the legitimate customer or fraud victim, and eliminates the fees associated with a future chargeback for the company.

Basically, to protect yourself and your customers from becoming victims of fraudulent activity, utilize every aspect of today's technology to protect the e-commerce venue, including those offered by card issuers. Today's leading technology enables the use of tagless/covert device ID, risk engines tuned for the environment they support, and link analysis tools for finding additional instances of fraud.

Every device with Web access leaves a digital fingerprint. With device ID technology, the digital fingerprint of these devices is captured and stored, enabling any Web accessible devices to be equally monitored among primary e-commerce orders for fraudulent activity. This information can then be referred to with link analysis; by linking similar transactions, it helps the company determine the risk-level associated with a transaction.

It is fair to assume that with the proper tools in place, an enterprise can screen fewer than five percent of all orders while capturing upwards of 85 percent of all fraud (minus friendly fraud). This also plays an important role in the number of chargebacks.

It is important to note that there is no silver bullet to prevent fraud. Some type of fraud will always exist, as evidenced by the presence of friendly fraud. In order to protect both customer and company, it is best to implement a layered security approach to identify potential fraud first and then investigate orders that appear suspicious. This enables both a real-time and time-delayed system to be employed, in addition to human intelligence. This will assist you in achieving maximum security online.


Ori Eisen is founder and chief innovation officer of 41st Parameter, a fraud detection and prevention firm.


Facebook Twitter LinkedIn Google+ RSS
salesforce commerce cloud
How do you feel about Black Friday/Cyber Monday this year?
I'm excited to find great deals and plan to do some serious shopping on BFCM.
I'll watch for BFCM sales, but I intend to drastically curb my spending this year.
BFCM has become a season -- I no longer feel driven to look for bargains on those specific days.
I plan to have most of my holiday shopping done *before* BFCM.
I detest the holiday sales hype and will avoid shopping on BFCM.
salesforce commerce cloud