Online Payment Fraud refers to any illegal transaction committed by criminals online with the goal of stealing a person’s money or sensitive information.
Fraudsters or scammers are highly intelligent individuals who are capable of detecting a card owner’s information without the consent of the card holder. Nowadays, eCommerce businesses and their buyers are the main targets of various online scams.
This kind of cybercrime can be executed in several ways, including the following:
This type of fraud is very common and it has victimized several unsuspecting customers. Identity theft is executed by acquiring a buyer’s personally identifiable information (PII) such as credit card/debit card number, card verification value, name, address, user accounts, email accounts, IP addresses, personal devices and other important data.
Fraudsters steal PII by installing malicious software in a person’s computer. The sensitive and personal information obtained are then used to purchase products online without the knowledge of card holders.
Phishing is a method wherein cybercriminals send emails. These emails may appear to be safe and authentic because the cybercriminals or scammers would disguise as representatives from a legitimate financial institution or trusted organization.
The aim of phishing is to lure receivers into opening attachments or clicking on links which requires updating their PII. This method is made possible by phishing kits which is installed on a server, enabling fraudsters to send out malicious emails.
It is also known as ‘Friendly Fraud’, which occurs when a customer demands for a chargeback from their issuing bank upon receiving their order.
Reasons for chargeback request can either be because the customer is unsatisfied with the product or their card was stolen. As a result, the claimant will receive a refund while keeping the purchased goods, and the merchant will be held liable for the transaction.
Clean Fraud is one of the most dangerous types of payment fraud. It often targets merchants by making payment transactions seem legitimate.
Clean Fraud is usually operated by using stolen credit card information to purchase items online. In addition, before bigger purchases are performed, cheap test purchases are carried out to ensure the efficiency of the strategy.
Triangulation Fraud is a complex type of online payment scam. Its method is quite complicated, that it involves the unknowing participation of unsuspecting and well-meaning online sellers.
The setup often involves an unsuspecting customer or buyer, a fake seller, and a trusted eCommerce website. In most cases, the fraudulent seller does not even realize that they are already engaged in a scam.
This type of fraud usually begins with an employer, or the mastermind posting an ad where aspiring online sellers are encouraged to sell a list of items.
The employer hold stolen credit card information which they use to purchase the items on their list. Items are ordered on legitimate eCommerce websites using the stolen credit card information.
Meanwhile, the unknowing online sellers will post the items online. Next, a customer makes a purchase, and the online seller forwards the information to the employer.
The employer will then place the order for that specific item on the eCommerce website using the credit card information they have stolen. The employer likewise sends tracking information for the item to the online seller.
In the end, the customer receives their order without any idea that the item was in fact, acquired through fraudulent means.
With the exception of the employer, all other parties involved in a Triangulation Fraud are the ones at the receiving end of the scam’s consequences.
eCommerce websites may be obligated to provide a chargeback and retrieve the order, while the online seller may not be able to sell once again in the future despite being unaware of their involvement in the said fraud.
Most importantly, the individual who owns the stolen credit card information, along with their issuing bank, will have to work together to settle the unauthorized purchases executed by the fraud’s mastermind.
Here is another possibility that could take place in a Triangulation Fraud:
Once the customer provides their credit card information, their card will be charged for the real price of the product; thus, the credit card charge will be higher compared to what has been promised.
This way, the fake seller will earn at least 30% to as high as 100% commission.
In this type of fraud, the fraudster lists a high-quality product on an auction site such as Amazon or Ebay at a bargain price. A customer will be lured to make a purchase by providing their PII.
The problem is that the product does not exist and the buyer will be charged without ever receiving the goods that they paid for.
What are Preventive Measures that can be done to prevent Fraud?
1. Address Verification Service (AVS)
In Address Verification Service (AVS), customers who pay using their credit card need to verify their billing address using their ZIP code.
AVS, which is widely used in card-not-present (CNP) transactions, will then validate the numeric portions of the address provided by the card bearer to ensure that the information matches with the address that was provided with their issuing bank.
The result will help merchants decide whether to accept the transaction or if additional verification is needed.
2. Card Verification Value (CVV)
CVV is the security code that is normally found on the back of the card. It contains three to four digits that a customer has to provide during online shopping.
Payment Security Industry (PCI) prohibits businesses from storing the security code. It is an effective security measure that prevents fraud.
3. Run Security Checks with Antivirus Software
Use business-grade anti-malware and anti-spyware which have the ability to detect and remove malicious software and spyware programs. These types of software are great in cleaning any damage left on a computers’ database.
Moreover, businesses are highly encouraged to update their operating system to the most recent version because the unsupported ones do not possess the capability to receive security updates. Hence, perpetrators can gain sensitive information without difficulty.
4. Payer Authentication (3D Secure)
This is an additional layer of protection for Visa and MasterCard cardholders as a security code or one time PIN is sent via email or text. Payer Authentication prevents unauthorized charges and chargebacks.
eCommerce businesses are then highly encouraged to activate 3D Secure in their security system to boost the protection of their customers.
5. Code 10
For any activity that may seem suspicious, it is essential to make a Code 10 call that alerts the card issuer without the knowledge of the customer, making it a private transaction.
As soon as Code 10 Authorization Request is placed, the concerned merchant will be directed to a specialist who will ask ‘Yes’ or ‘No’ questions that will help the specialist decide whether the card should be kept or if the transaction should be completed.
6. Monitor Transactions
Existing customers’ and repeat buyers’ information should not vary every time that customers purchase on a merchant’s store. If there is inconsistency in the customer’s billing and shipping information, it may be a warning that there are suspicious transactions going on.
There are also specific tools that can be utilized to track IP addresses, operating systems, internet connections and browsers which assess risk.
Do you know of any other types of E-Commerce Fraud that should have been included in this list? Share your thoughts in the comments!