As we delve deeper into the world of e-Commerce fraud, we are beginning to understand that for most fraudsters, obtaining data is just half the battle. They must be careful not to become too greedy and get carried away, as such mistakes can deprive them of success.
As cybersecurity evolves, so do criminals. They are knowledgeable about how to “fly under the radar” and which techniques to employ to evade detection by businesses. Once fraudsters have obtained a victim’s credentials (including first name, last name, address, credit card information, username, password, and other details), they will attempt to monetize them in various ways.
Fraud monetization techniques
- Disguised transactions: More experienced criminals often target merchandise that will not raise suspicion, such as camping equipment, baby strollers, power tools, or even printer toners. As businesses buy toners frequently, they can utilize this familiarity to disguise their activities, often hiding behind email domains that mimic legitimate business. Typically, they will steer clear of items that are subject to heightened scrutiny, such as gaming consoles, cell phones, and computers.
- Address manipulation: When orders ship to an address different from the billing address, they often raise suspicion of fraud. For merchants dealing with physical goods, the shipping address provided by the buyer can be a rich source of information. With some additional effort, it’s possible to calculate the distance between two postal codes. You may find that orders shipping within a few miles of the billing address are comparatively safer than those shipping hundreds of miles away. Fraudsters typically have a couple of options:
- They may opt to ship to the same billing address, track the order, and steal it from the location once it is delivered
- Alternatively, they might complete the purchase with identical billing and shipping addresses to avoid suspicion, then place a call before delivery to change the address. Another option is to place orders in low-crime areas.
- Microtransactions and selling online accounts: Another way to cash in is through micro-purchases, such as online gift cards (typically $25 or less), iTunes song downloads, App Store purchases, and microtransactions within video games. Online video accounts with rare features, which can be purchased using stolen credit cards, are also available for sale. Depending on the value of the items associated with these accounts, they can be sold for a couple of hundred dollars or more.
- Air travel schemes: In this scenario, airplane tickets are purchased in both the cardholder’s name as the primary owner and a fraudster as an additional passenger. These tickets are usually bought several months in advance to evade detection and are then changed to a more recent date, sometimes with a change of destination as well.
Building a fraud protection strategy
There are several approaches that online retailers use to identify e-Commerce fraud. Just keep in mind that e-Commerce fraud is only as successful as the competence and creativity of the perpetrators. As retailers strengthen their defenses against online criminal activity, online fraudsters step up their game and come up with clever ways to scam their victims.
These are the most typical warning signs that e-Commerce companies should look for:
- Addresses and zip codes/IP addresses that do not match
- Orders larger than what the customer typically spends and requests for expedited shipping
- Unusual IP locations
- Multiple back-to-back purchases, especially with deliveries to different addresses
- Multiple declined orders
For these reasons, e-Commerce companies should seek to implement multiple layers of defense. While many businesses are continuously adopting new strategies to fight fraud, such as biometrics, 3D Secure (3DS), email and phone verification, device fingerprinting, and various anti-fraud solutions, a single system may be bypassed by well-organized and resourceful fraudsters. To put up a stronger defense, businesses must implement multiple barriers to better protect their ecosystem.
Telesign assists e-Commerce companies by providing intelligence and verification around phone numbers. Intelligence helps businesses understand the risk of a phone number entering their ecosystem to effectively identify and block harmful interactions, while streamlining the process for authentic users. Verification enables businesses to securely onboard new users, protect account access, and ensure that users are legitimate.
Having information about how a number behaves in the digital world is a powerful tool for the e-Commerce industry, as strong customer verification and being able to evaluate fraud risk throughout the entire customer journey isn’t just desirable—it is mission critical.
To learn more about ways to combat e-Commerce fraud, explore our e-Commerce hub today. Also check out our SE blog series for unique topics tackled by our Solutions Engineering team.