E-commerce businesses need a well-rounded payments strategy in order to thrive, which involves addressing the risks associated with e-commerce fraud. This requires planning for what you can’t control, as well as optimising what you can, in order to protect your business and customers from potential losses, improve payment processes, and create a positive customer experience.
We explain the various types of e-commerce fraud and how to plan for, prevent, and respond to them as part of a holistic payments strategy below. By incorporating robust fraud prevention measures into your payments system, your business can make informed decisions and maintain a secure environment for customers.
What’s in this article?
- What is e-commerce fraud?
- Types of e-commerce fraud and how they work
- Identity theft
- Credit card fraud
- Chargeback fraud
- Phishing and social engineering
- Account takeover fraud
- Refund fraud
- Affiliate fraud
- Counterfeit or fake products
- Dropshipping fraud
- Identity theft
- Best practices for preventing e-commerce fraud
What is e-commerce fraud?
E-commerce fraud is a form of cybercrime that occurs with online customer transactions. Malicious actors deceive businesses and customers to gain unauthorised access to personal and financial information, conduct fraudulent transactions, or otherwise exploit the online retail environment for their own gain. This type of fraud can cause significant financial losses for both businesses and their customers, as well as reputational damage to the businesses and industries involved.
Types of e-commerce fraud and how they work
As e-commerce rapidly increases, businesses are grappling with new challenges, including the evolving landscape of e-commerce fraud. Protecting your business and customers from fraudulent actors is now necessary for any business that accepts online payments.
More details on the various types of e-commerce fraud and insights into their mechanisms and repercussions are below. These are important to know in order to combat threats effectively. By staying informed and being proactive about the growing threat of e-commerce fraud, businesses can safeguard their reputation, revenue, and customer trust.
Identity theft
What it is
Identity theft occurs when a fraudulent actor uses someone else’s personal information – such as their name, address, or credit card details – to make unauthorised purchases or open accounts.
How it works
Criminals acquire personal information through various means, including data breaches, phishing attacks, and social engineering. They then use this information to impersonate the victim and conduct transactions or create new accounts in their name.
Affected businesses
Any business that operates online and collects customer data is at risk, including online retailers, subscription services, and financial institutions.
Credit card fraud
What it is
Credit card fraud is a type of e-commerce fraud that involves the unauthorised use of a credit card to make purchases online. It occurs when a fraudulent actor obtains a victim’s credit card information and uses it to make fraudulent purchases.
How it works
Fraudulent actors obtain credit card information using methods such as hacking, phishing, or skimming devices – all tools used in e-commerce fraud to gain unauthorised access to personal or financial information.
- Hacking involves using technical knowledge and tools to access a computer system or network without authorisation. This is done by exploiting software vulnerabilities or using brute-force attacks to guess passwords.
- Skimming devices are physical devices that are installed on ATMs or credit card machines to steal credit card information. These devices are often small and discreet and can be difficult to detect. Fraudulent actors may also use overlay skimmers that fit over the top of card readers, or skimmers that can steal information from chip-enabled cards.
We’ll discuss phishing in more detail below.
Once obtained, fraudulent actors use this data to make unauthorised purchases, create counterfeit cards, or sell the information to other criminals.
Affected businesses
All businesses that accept credit or debit card payments are susceptible, including online retailers, payment processors, and digital content providers.
Chargeback fraud
What it is
Chargeback fraud, also known as "friendly fraud", occurs when a customer makes a purchase using their credit card, receives the product or service, and then disputes the charge with their credit card company to obtain a refund. This type of fraud is sometimes labelled as "friendly" because the customer may not have malicious intent, but rather disputes the charge for invalid reasons.
How it works
Chargeback fraud can occur in a few different ways. For example, a customer may dispute a charge, claiming that they never received the product, when in fact they did receive it. Alternatively, a customer may dispute a charge claiming that the product was defective or not as described, when in fact it was as described and not defective.
Affected businesses
Online retailers, digital content providers, and subscription-based services are the businesses that are most commonly affected by chargeback fraud.
Phishing and social engineering
What it is
Phishing and social engineering tactics involve fraudulent actors using deceptive emails, messages, or websites to trick users into providing sensitive information or credentials, which they can then use to commit fraud.
How it works
Phishing and social engineering tactics are commonly used in e-commerce fraud to trick customers into divulging personal and financial information. These tactics work by exploiting a victim’s trust or emotional state to gain access to their sensitive data.
Phishing attacks are usually in the form of fake emails or messages that appear to come from a trusted source, such as a bank, e-commerce store, or social media platform. The message may ask the recipient to provide personal or financial information, such as login credentials or credit card details, by clicking on a link or downloading an attachment.
Social engineering tactics are more nuanced and can involve a range of tactics, such as building a relationship with the victim, playing on their emotions or fears, or using social manipulation to gain access to their information. For example, a fraudulent actor might create a fake social media profile and befriend the victim, gaining their trust over time before asking for sensitive information.
In the context of e-commerce fraud, phishing and social engineering tactics are used to steal personal and financial information, such as login credentials or credit card details. Fraudulent actors may then use this information to make unauthorised purchases, steal money from bank accounts, or commit identity theft.
Affected businesses
All businesses operating online are potential targets, as phishing and social engineering attacks can target employees or customers to gain access to sensitive data or systems. These types of fraudulent attacks can affect businesses of all types and sizes, but fraudulent actors target some industries more often than others. Here are a few examples of businesses where phishing and social engineering scams occur more often:
- E-commerce businesses
- Financial services companies
- Healthcare organisations
- Government agencies
- Educational institutions
Account takeover fraud
What it is
Account takeover fraud is a type of e-commerce fraud that occurs when a fraudulent actor gains unauthorised access to a customer’s online account and uses it to make purchases or carry out other fraudulent activities. This type of fraud is often accomplished through phishing attacks or social engineering tactics that trick the victim into revealing their login details or other sensitive information.
How it works
Fraudulent actors use various techniques like phishing, data breaches, or brute-force attacks to obtain login credentials. Once they have access to the account, they may change the shipping address, make purchases, or even sell the account information to other criminals.
Affected businesses
Any business with customer accounts – for example, online retailers, marketplaces, or subscription-based services – can be targeted by account takeover fraud.
Refund fraud
What it is
Refund fraud occurs when a fraudulent actor poses as a customer and requests a refund for a product or service that they never purchased – often by providing fake order details or using stolen account information.
How it works
There are several ways that refund fraud can occur:
Returning stolen or counterfeit items for a refund
A person may steal or obtain counterfeit items and then return them for a refund to the retailer. The retailer may issue the refund without realising that the item is stolen or counterfeit.Claiming a refund for a product that was never purchased or received
A person may claim a refund for a product that they never actually purchased or received. This can be done by providing a fake receipt or order confirmation.Returning used or damaged items as new for a refund
A person may use or damage a product and then return it as new for a refund. The retailer may not realise that the product has been used or damaged and issue the refund.Double-dipping by claiming a refund from both the retailer and the credit card company
A person may claim a refund from both the retailer and the credit card company for the same purchase. This can be done by claiming that the purchase was fraudulent and then returning the product for a refund.
Affected businesses
Online retailers, digital content providers, and subscription-based services are most vulnerable to refund fraud.
Affiliate fraud
What it is
Affiliate fraud occurs in affiliate marketing programmes, where a business pays affiliates a commission for promoting its products or services. Affiliate fraud happens when affiliates engage in fraudulent activities to earn commissions that they are not legitimately entitled to.
How it works
Criminals use tactics like click farms, bots, or fake accounts to generate artificial traffic, clicks, or sales that inflate their commission earnings. There are several types of affiliate fraud, including:
Cookie stuffing: Cookie stuffing involves placing cookies on a user’s computer without their consent to inflate the number of clicks or sales attributed to the affiliate.
Ad fraud: Ad fraud occurs when affiliates create fake websites or engage in click fraud to generate false impressions or clicks on ads, which they receive a commission for.
Fake leads: Affiliates may submit fake leads or customer information to earn commissions that they are not entitled to.
Brand bidding: Brand bidding involves affiliates bidding on a business’s branded keywords in search engines, driving up the cost of advertising and reducing the effectiveness of the business’s campaigns.
Affected businesses
Any business that participates in affiliate marketing programmes can be affected by affiliate fraud. However, some types of businesses are more vulnerable to affiliate fraud than others. E-commerce businesses are particularly vulnerable to affiliate fraud, as their sales are often generated through online channels, making it easier for fraudulent actors to manipulate click-through rates and leads. For example, online retailers that offer a commission to affiliates for driving traffic to their website or generating sales are more susceptible to affiliate fraud.
Counterfeit or fake products
What it is
Counterfeit or fake products are often intentionally produced and sold under false pretences, often using a brand name or trademark without the authorisation of the original manufacturer or owner. These products can range from luxury goods, such as designer handbags and watches, to everyday items, such as electronics, cosmetics, and pharmaceuticals.
Counterfeit products can be difficult to distinguish from the real thing, and customers may unwittingly purchase them online, believing that they are buying a genuine product. This not only results in financial losses for the customer but can also have serious health and safety implications – particularly in the case of counterfeit pharmaceuticals, cosmetics, and electronic devices.
How it works
Counterfeit or fake e-commerce products are sold in a few different ways. Some fraudulent actors will create websites or online stores that look legitimate and offer products at a discounted price. These products may be labelled as "authentic" or "genuine" but are actually cheap knock-offs made to look like the real thing. The fraudulent actors may use stolen images and descriptions from the legitimate product’s website to make their fake products look more convincing.
Another way that fraudulent actors may sell counterfeit products online is by hijacking legitimate listings on marketplaces like Amazon or eBay. They may create a fake account and offer a counterfeit version of the product for a lower price than the legitimate seller. When a buyer purchases the counterfeit product, the fraudulent actor sends it directly to the buyer, but because the product is not genuine, the buyer may end up with a low-quality (or even unsafe) product.
In some cases, fraudulent actors may also create their own counterfeit brands, complete with fake logos, packaging, and advertising. These counterfeit brands are designed to look like legitimate products and may be sold on websites or through social media platforms.
To carry out these fraud schemes, fraudulent actors may trick customers by using a variety of tactics, such as fake reviews or testimonials, misleading product descriptions, and false claims of authenticity. And because e-commerce fraud is not limited to a single type of fraud in each scenario, fraudulent actors may also use stolen personal information or credit card details to make fraudulent purchases.
Affected businesses
Any business that produces or sells products with high value or brand recognition can be vulnerable to counterfeit or fake product fraud in e-commerce. However, some businesses are more vulnerable to this type of fraud than others. Here are a few examples:
- Luxury goods: Luxury goods are particularly vulnerable to counterfeiting due to their high value and brand recognition. Fraudulent actors often create fake versions of popular luxury brands like designer handbags, watches, and clothing.
- Electronics: Electronic devices like smartphones, tablets, and laptops are also commonly counterfeited because of their high demand and market value.
- Pharmaceuticals: Counterfeit pharmaceuticals are a significant problem in e-commerce, particularly for medications that are expensive or difficult to obtain. These fake drugs may contain harmful or ineffective ingredients.
- Beauty products: Beauty products such as cosmetics, fragrances, and skincare are also frequently counterfeited. These fake products may contain harmful ingredients and can cause skin irritation or other health issues.
- Sporting goods: Sporting goods, such as athletic shoes and clothing, are often counterfeited due to their popularity and high resale value.
- Auto parts: Auto parts, such as brake pads and airbags, are commonly counterfeited, and these fake products can pose a serious safety risk to customers.
Dropshipping fraud
What it is
A drop-shipper is a retailer who does not keep physical inventory of the products that they sell. Instead, they fulfil orders by purchasing products from a supplier or manufacturer, which ships the product directly to the customer on behalf of the retailer. This allows the retailer to avoid the costs and complexities of storing and managing inventory and to focus on marketing and selling products.
Dropshipping fraud occurs when a drop-shipper engages in deceptive practices to scam buyers or other businesses in the supply chain. This can involve various fraudulent activities, such as misrepresenting the quality or availability of products, failing to fulfil orders, charging excessive fees or prices, or using stolen credit card information to make purchases.
How it works
A drop-shipper may create fake websites or social media accounts, pretending to be a legitimate retailer, and take payment from customers for goods that they have no intention of delivering. They may also manipulate product descriptions and images to make it appear as if they are offering a high-quality product, when in reality it is low quality or non-existent.
Drop-shippers may also engage in price gouging, where they inflate the cost of goods to make a larger profit, or use false advertising to lure customers into buying products that do not meet their expectations. In some cases, they may even resort to stealing the identity of a legitimate business to gain access to its supply chain or customer base.
Affected businesses
Online retailers who use dropshipping as a fulfilment method are most susceptible to this type of fraud.
Best practices for preventing e-commerce fraud
Despite the diverse tactics that fraudulent actors use to defraud e-commerce systems, businesses aren’t powerless to defend themselves. There are effective best practices for preventing e-commerce fraud, including:
- Using secure payment gateways
- Implementing strong authentication methods
- Monitoring transactions and user behaviour
- Setting up fraud detection rules and filters
- Employing address and card verification systems
- Keeping software and systems up to date
- Training employees and building internal fraud awareness
- Encrypting and protecting customer data
- Monitoring chargebacks
- Connecting with other businesses and industry organisations
- Utilising biometrics and behavioural analytics
By following these best practices, businesses can reduce their exposure to e-commerce fraud and create a safer online shopping environment for their customers. For a more thorough look at these anti-fraud best practices for e-commerce businesses, read more here.
The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.