Four Cyber Fraud Facts That Every Merchant Should Know
Cyber Fraud Facts You Should Know
Table of Contents
What Is Cyber Fraud?
Before diving into cyber fraud and what you can do to protect yourself, it’s important to first define fraud. Fraud is a loose term that’s thrown around the ecommerce and payment industry and has become almost synonymous with any form of crime online. Although almost all forms of fraud are serious criminal offenses, labeling all crimes as “fraud” is ineffective for both learning about it and preventing it. The definition of fraud is the wrongful or criminal deception intended to result in financial or personal gain. It might seem granular, but for all intents and purposes, consider fraud as a form of trickery for financial advantage or payout.
Additionally, fraud can happen both online and offline. Online fraud, also referred to as cyber fraud, is the topic of interest for this blog. Below is a list of some common forms of online fraud. This list is not exhaustive but will act as a good prelude before diving into the insights for merchants.
Common Types of Online Fraud
Also known as stolen card fraud or transaction fraud, clean fraud is when a fraudster steals your customer’s credit card and impersonates them while making purchases on your website. The fraudster can turn around and sell these goods, or simply sell the credit card. A stolen credit card can sell for anywhere from $5-$150, so bulk sales of credit cards can be quite lucrative.
Sometimes referred to as friendly fraud, chargeback fraud is when a legitimate purchase is made but then disputed at a later date with the purchaser’s bank. This dispute with the bank, known as a chargeback, is hard to identify as malicious or unintentional and is very easy to get away with, as the merchant foots the cost in the form of a chargeback fee, not the banks.
Phishing attempts involve fraudsters using email or texts to trick you into visiting malicious websites where you’re coerced into exposing confidential or personal information like passwords or account numbers. Oftentimes, phishing is most effective when the fraudster falsely threatens legal action or some other consequence if merchants don’t take action and provide the desired information.
Online security attacks such as malware or botnets are sophisticated programs or code that are inserted into a user’s computer through vulnerabilities on their website or through a suspicious download. These programs allow fraudsters to hijack your computer and record keystrokes, view your screen, or even take control of your machine. Malware is very dangerous and is the focal point of cyber security initiatives.
Four Cybercrime and Online Fraud Facts
1. Fraudsters Are Rarely Caught, so Prevention Is Key
The unfortunate truth about cybercrime and online fraud is that the perpetrators are rarely caught. Fraudsters can create untraceable identities with fake email accounts and can inflict damage while maintaining anonymity. Additionally, fraudsters can be from anywhere, even abroad. This makes tracing and prosecuting even harder, as police are rendered helpless when working across borders. Even if their identity could be discovered and they were located in the United States, the effort it would take to solve the case is rarely justified by the stakeholders involved.
Take, for instance, a fraudster who steals one of your customer’s credit cards and goes on a spending spree. The credit card company will identify the suspicious activity, suspend the card, and inform the cardholder. Because the payment was fraudulent, the merchant is obligated to refund the purchase in full. In this case, both the cardholder and card company are satisfied with the outcome – they got their money back after all – so most won’t file a police report. It’s then up to the merchant to file a report since they had to foot the cost, but again, most will be satisfied with simply filing an insurance claim and recuperating their losses.
Because there’s very little hope for fraudsters paying the price for their actions, it’s much more effective to invest resources in fraud prevention than fraud investigation after the fact. So, it’s up to the merchants to preemptively protect themselves from fraud; it’s the most effective approach!
2. Many Gateways Offer Advanced Cyber Fraud Protection Tools
Since payment gateways authorize the transfer of funds, they’re one of the most important lines of defense against payment fraud. Most gateways incorporate industry-standard fraud prevention tools such as card verification values (CVV), device analysis to ensure no VPNs or proxies are being used, and email validation. Although these tactics are valuable and absolutely necessary for every merchant, they have their flaws and can be circumnavigated by experienced fraudsters. As a supplement, gateways offer advanced fraud detection and prevention suites that contain more sophisticated tools for combating fraud. Examples of this service include Authorize.net’s Advanced Fraud Detection Suite, Stripe’s Stripe Radar, USA ePay’s Fraud Modules, and more. These gateways tap into their database of historical card data while using state-of-the-art fraud detection techniques to filter out fraudulent transactions without ruining your customer experience.
Gateways price their advanced fraud prevention offerings in a few different ways. The most common way is by scaling the price based on the number of transactions processed. This is a good option for merchants who run smaller operations that process relatively few transactions compared to bigger organizations. Other gateways offer their suite at a flat rate, which might prove beneficial for merchants who process a high volume of transactions. There’s no clear winner when it comes to fraud detection. Merchants should compare different tools and choose the one that best fits their needs based on industry verticals, amount of transactions, revenue, customer profiles, and more.
3. Consumers Care About Cyber Fraud and Expect Merchants to Do the Same
The increasing complexity of cybercrime and instances of fraud aren’t a secret. Consumers are taking risks when they make online purchases, and they know it. This has always been the case to some degree, but now they’re expecting businesses to go the extra mile for their safety. We know that customers desire more security guarantees from merchants, but we don’t know what their expectations and perceptions of security are. At the bare minimum, merchants should be PCI compliant. This will ensure that no breaches occur and your customer’s data is, in fact, secure. Additionally, ecommerce stores must be kept up-to-date so no plugins or outdated features create vulnerabilities that hackers can exploit.
Optimizing your checkout experience is another effective way to boost customer confidence about your ecommerce store’s security. Provide multiple secure payment options to customers so they can choose one they trust, and display the logos of reputable credit card brands during the payment stage at checkout. It’s been shown that more than 80% of consumers feel safer seeing logos of credit cards and other payment platforms displayed throughout their ecommerce experience, and around 40% of consumers have more confidence in sites that offer multiple payment options. Combined, these strategies can go a long way in delivering your promise to your customers.
4. The Most Effective Cyber Fraud Prevention Tool Is You
Fraud prevention technology and cybercriminals are in a constant state of evolution to get a leg up on each other. Gateways and security services can quickly release solutions to combat new forms of fraud, but they must be discovered first. Additionally, even though programs and automated security systems are becoming more effective by the year, they aren’t perfect. For merchants that want to maximize the security of their ecommerce store, the only steadfast solution lies in internal audits and due diligence by you and your employees.
According to Sift, there are a few interesting patterns that merchants can look out for while assessing fraud risk:
An order is 7x more likely to be fraudulent if the customer has multiple credit cards on file from different banks.
A customer with multiple billing zip codes within a week is 30x more likely to be a fraudster.
Transactions occurring at 2 am are 50% more likely to be fraudulent, while transactions at 4 am are 100% more likely to be fraudulent.
Although these are good metrics to use for assessing fraud risk, they don’t confirm that fraud has occurred. It’s entirely possible that one of your customers is a night owl, or likes shopping around for different credit cards. In the end, it’s up to the merchant to make a judgment call by combining these indicators with automated tools and common sense.
Prevent Cyber Fraud Pragmatically
Online fraud is a numbers game, and fraudsters will look for the path of least resistance while searching for a target. They’ll search for vulnerabilities due to lapsed judgment, oversight, or anything else that creates a weakness to be exploited. If, for example, a fraudster finds two merchants – one that’s PCI compliant and one that’s not – they’ll always try to crack the one that’s not secure first. It’s less effort, after all. The point here is that something is better than nothing, and every security measure counts. No safeguard is foolproof, so common sense and education are key to protecting yourself and your customers. Fraud can happen to anyone, and result in headaches for merchants who are unprepared,
The Evolve Payment team encounters online fraud attempts regularly – it’s here and growing – but fortunately for merchants, there’s no such thing as the “perfect scam.” If an email or transaction looks suspicious or too good to be true, chances are it is. Just like how you’d watch over your brick and mortar store while patrons come and go, ecommerce stores require the same treatment. If you want to bolster the security of your website and ecommerce store but don’t know where to start, Evolve Payment can be your resource. Don’t hesitate to reach out! Chances are we’ll provide peace of mind and save you money while preventing a couple of headaches in the process.