The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.
More businesses have moved their operations and stores online in the past few months, which also means more opportunities for fraud. As online fraud becomes more prevalent and sophisticated, it requires more consideration from business owners.
You can help prevent some of this fraud by staying diligent. Below, learn the most prevalent types of ecommerce fraud trends. And more importantly, how you can help protect your business from them.
Ability to self-detect and protect: Difficult.
Merchant app fraud is when a fraudster downloads your mobile app and pays for goods or services using stolen credit card information.
Merchant app fraud costs businesses twice. One, goods that have been purchased are now gone. And two, because it’s a stolen card, the cardholder will dispute it with the bank and the business will have to refund the cost.
What you can do.
You can manually check for purchases of products prone to fraudulent transactions and you can also look out for purchases significantly above your store’s average transactional value.
But a sophisticated fraud protection tool is key. A good fraud protection tool looks at many items: transaction velocity (how many transactions are being done by this particular mobile app), card number stored with the mobile app, and the device the customer is using. It flags any abnormalities in these data points and can help prevent fraudulent transactions from even taking place.
Ability to self-detect and protect: Difficult
Good news: Chip and PIN technology has made traditional debit and credit card fraud more difficult and expensive to pull off at brick-and-mortar retailers.
Bad news: More fraud has shifted toward online transactions. According to Go Compare, more than a quarter of all fraud took place online last year, and 27% of victims didn’t know or remember how they were hacked.1
How it happens.
Digital payment fraud can take many forms:
What you can do.
One of the most effective ways to combat digital payment fraud is to have a sophisticated fraud protection tool that keeps up with the pace of evolving fraud trends. You can get a fraud protection tool on your own or you can look for a payment processor that already includes that benefit.
Either way, the tool you choose should use machine learning technology to learn from every transaction and adapt to ever-shifting fraud patterns.
Ability to self-detect and protect: Difficult.
Businesses often try to increase their customer base by offering special promotions to gain new customers. They usually offer incentives (free meal, £10 off, etc.). Fraudsters take advantage of a special promotion multiple times by using amounts of Personally Identifiable Information (PII) data and stolen cards to create new accounts with your online store.
What you can do.
Look for multiple accounts being created with the same email address or phone number. When you spot one, reach out to the customer and see if they can provide additional information. Or if you don’t want to chance it, terminate the loyalty account.
You can also look at your chargebacks. If there’s a consistent phone number/email address reporting a chargeback, that’s a red flag.
Ability to self-detect and protect: Medium.
Compromised business email fraud is when criminals pose as trusted employees or partners to steal company money. There's been a dramatic increase in cases of business email compromise fraud in recent years so don’t take this lightly.
How it happens.
a. The perpetrators access your company's network through a spear-phishing attack and by using malware.
b. They then spend weeks or even months studying your company's vendors, billing systems, and even your employees' style of communication and travel schedules to make sure their fraudulent emails appear authentic.
c. When it's time to strike, the scammers send emails from your executives' email addresses to employees who have access to company finances. They request wire transfers (to what are actually fraudulent bank accounts).
d. Since the email sounds and looks like the executive and the bank accounts look like they belong to the company's trusted partners, employees often unwittingly comply and send the money.
What you can do.
The best way to combat business email compromise is company-wide education. Make sure everyone knows how to spot and report a fraudulent email. Be wary of emails that stress the time sensitive nature of the transfer (Do it ASAP) or instructions to be secretive (Hush, don’t tell anyone about this transfer).
Even better - establish a stringent and regulated process for requesting and receiving money.
Ability to self-detect and protect: Medium.
Account takeover is when fraudsters use stolen login credentials to make fraudulent transactions. Criminals have realised that stealing a user's account access can be more lucrative than typical transaction fraud. In fact, in 2019, 57% of businesses have experienced increased losses associated with account opening and account takeover.2
How it happens.
a. Through data breaches, phishing, or hacking, fraudsters steal your login credentials to gain access to your financial accounts.
b. Then they add themselves as an authorised user or change the contact email or address.
c. From there, they set up a one-time or ongoing funds transfer from your company account to their account. A fraudster may even use your account to make fraudulent purchases with one of your frequent suppliers and then ship directly to themselves.
Also, watch out for your loyalty rewards or points. Fraudsters know victims are much less likely to track loyalty and rewards points usage than they are to track bank and credit card statements. Betting on it going unnoticed for a while, they use your points to make unauthorised purchases.
What you can do.
Also audit your accounts every day so you can detect unfamiliar transactions and report them more quickly to your bank. They may be able to catch the fraudster stopping damage and the transaction.
New schemes happen all the time. Monitor fraud trends, educate your team, and work with partners that can help prevent fraud.
PayPal monitors every transaction every second of every day. This guards against fraud and other scams, like phishing and identity theft. With PayPal’s advanced tools and advanced encryption, you can connect with customers around the world with less worry.
Simply complete the form to receive valuable info and actionable tips for your business. Plus, you'll hear from fellow merchants who use PayPal to help reach their goals.
If you accept cookies, we'll use them to improve and customise your experience and enable our partners to show you personalised PayPal ads when you visit other sites. Manage cookies and learn more