After rising only slightly from year to year between 1993 and 2006, mobile payment fraud losses quadrupled in the next ten years. The magnitude of these losses underscores the need for effective customer verification, and also highlights the fact that online fraud schemes are both pervasive and effective. So, total protection requires both an effective defense and a clear understanding of how these online frauds operate.
To supplement your trusted identity verification service (because you do have one, don’t you?), it’s important for business owners to familiarize themselves with their online opponents.
This category is by far the largest e-commerce scam. Identity theft is actually an umbrella term which includes:
- Traditional identity theft,
- Pharming (sending browsers to fraudulent websites),
- Phishing (sending fake emails to obtain money), and
- Account theft.
Most of these transactions involve credit cards, since it is rather easy to conclude a “card not present” transaction.
In that same vein, it’s also rather easy to copy someone else’s identity. Once expert fraudsters have even a tiny bit of personal information, they can extrapolate the rest. The data need not even be protected personal information, as an online account password normally suffices.
In what is essentially reverse identity theft, legitimate customers order goods or services online, claim their information was stolen, initiate a chargeback, and keep what they purchased. Friendly fraud is especially common in adult, gambling, and other quasi-legal or moral services.
Shipping destination is often a telltale indicator of friendly fraud. Identity thieves will obviously not use the same shipment address as the one the customer normally uses, but for the most part, friendly fraudsters use their own addresses.
This moniker is also entirely unfitting, but the name has stuck. Clean fraud is essentially very sophisticated identity theft, and it is “clean” to the extent that the fraudsters leave very few clues behind. Normally, to pull off this scam, the fraudster must have specific analytics about the company’s fraud detection services and some specific knowledge about the data’s true owner.
Clean fraudsters often use test runs. They make extremely small purchases to see if their deception works, and then the sky is the limit.
Scammers often combine affiliate fraud with a form of phishing. These individuals convince others to click on a certain link or visit a certain site. The activity holds no value for the searcher, but the scammer gets a small financial reward. Since affiliate fraud is not a payment-systems matter, it’s not as closely regulated and much more widespread.
As the name implies, triangulation fraud involves three elements:
- A fake online storefront that offers huge merchandise discounts to harvest information,
- Legitimate transactions using stolen credit card data which send those goods to the target, and
- Further use of the newly-stolen information.
Because of this scheme’s complex nature, the scam often goes undetected for quite some time and damages are much higher.
This one isn’t unique to e-commerce. A merchant takes the order, retains the payment information, never ships the good, and either sells or reuses the information. Merchant fraud is especially common in international transactions.
Knowing your enemy makes fraud prevention easier.