The eCommerce industry in the Philippines is an interesting scene. As more and more online stores open their doors each year, the number of people who shop online grows. In fact, the Philippine e-commerce market is projected to be worth $24 billion by 2025. This is mainly due to the COVID-19 pandemic, which caused Filipinos to study and work from home. With the expansion of eCommerce in the country, one thing has the potential to fracture it: e-commerce fraud. But what exactly is it, and how can detection help prevent fraudsters from committing it?
With the advent of online retail, the chances of cybercriminals and dishonest customers committing fraud continue to grow. In this article, we’ll go over the important facets of e-commerce fraud: types, detection, and prevention techniques.
What Is E-commerce Fraud?
eCommerce fraud is a type of online fraud conducted over the internet. The culprit commits the act through commercial transactions to achieve personal and financial gain. This fraudulent activity targets online business owners while the fraudster hides anonymously to prevent detection.
This illegal activity, also known as payment fraud, happens for three reasons: ease, anonymity, and evasion. Because of the technology today, it’s easier for e-commerce fraudsters to commit fraud through the internet. Some just need access to the dark web to acquire stolen credit cards and use them to make money. Their anonymity also makes it easier for them to commit the crime. They can make a bunch of fake accounts, log in to them, do the crime, and not get caught. And because they can hide under different accounts and personas, they can evade e-commerce fraud detection.
E-commerce Fraud in the Philippines
The COVID-19 pandemic is undeniably one of the major causes of why online commerce has been on the rise. Think of any products and services, search them online, and you can avail them through their website or mobile app. However, since we do more online transactions, e-payments go in and out by millions and billions. Fraudulent individuals find it as a gold mine.
In the Philippines, e-commerce fraud has risen rapidly. During the peak of the COVID-19 pandemic, there was an uptick in reports of online scams targeting local businesses and consumers. In a 2021 article, it was reported that online fraud had targeted 44% of Filipino consumers. The study also found that most online scams were aimed at people in generation Z and the millennial generation. eCommerce fraud against businesses also increased by 31% in 2021, compared to the pre-pandemic level from March 11, 2019, to March 10, 2020. According to the article, digital fraudsters in the nation were most likely to target the telecom, logistics, and finance industries. Scammers have been reported to use fraudulent credit cards to buy high-end phones and resell them on the black market.
Reports on e-commerce fraud in the country were also detected during the holiday season. During the 2022 holiday season, a study found that the Philippines accounted for 4% of the 15% of global e-commerce transactions that were likely to be fraudulent. The common types of fraud recorded in the study were fake promotions showcasing non-existent giveaways and account takeovers.
Types of E-commerce Fraud
Because fraud attacks in e-commerce happen online, tracing the individuals who orchestrated them is challenging. The next best thing to do is to take preventive measures by detecting accounts most likely to engage in fraudulent activities. And with e-commerce fraud prevalent not just in the Philippines but worldwide, everyone must first be aware of the types of fraud to prevent it from happening.
The following are the most common types of e-commerce fraud detected around the world:
Phishing or Account Takeover Fraud
When an unauthorized user, whether human, bot, or botnet, logs into a user’s account using stolen credentials, this is called account takeover fraud. Account takeover fraud not only results in monetary losses but also harms brands’ reputations and can permanently lose the faith of loyal customers. The dark web demand for stolen email addresses, passwords, and other confidential personal information increase this non-financial credentials fraud. A fraudster can access and exploit legitimate consumer accounts if they learn the correct login and password. Criminals who get access to a system have the potential to make unauthorized withdrawals from a bank account or loyalty account, access sensitive customer information, or make purchases.
In the first quarter of 2022, a survey from Statista recorded that phishing attacks were the most frequent fraudulent scheme that targeted Filipino consumers.
E-Gift Card Fraud
E-gift card fraud occurs when a criminal buys a gift card using stolen credit card or bank account information; the thief profits by selling the e-gift card to unsuspecting customers. The criminal then takes the buyer’s money and banking details. At the same time, the person whose credit card information was used to buy the e-gift card calls their bank or card issuer to report the fraudulent purchase. A chargeback is issued to the retailer as a result of the argument. Because the perpetrators of e-gift card fraud don’t need to deliver the cards physically to an address, this e-commerce fraud is hard to detect. Hence, businesses incur substantial costs while dealing with cases of e-gift card fraud.
In the same Statista survey from 2022, e-gift card fraud was the second most common scam that Filipinos had to deal with.
Affiliate Fraud
Affiliate fraud refers to deceptive practices undertaken only to earn commissions for an affiliate. Affiliates receive a percentage of the revenue from customers they refer to online retailers. Affiliates direct customers to the merchant’s website using a unique, trackable link provided by the retailer. When a customer follows an affiliate link and makes a purchase, the retailer pays the affiliate a commission, a percentage of the sale price. Affiliate fraud occurs when dishonest parties trick an online store into paying them for fictitious purchases or other actions.
Credit Card or Payment Fraud
Also known as card-not-present (CNP) fraud, credit card fraud happens when a fraudster purchases from online vendors using stolen credit card details.
A typical scenario is a criminal searching a dark web marketplace for stolen credit cards. The perpetrator purchases the card data and then goes to an online store to buy a product or service using the stolen card number. The cardholder whose card was taken gets defrauded by this initial transaction. But, it eventually affects the store owner, who is forced to refund the transaction. Moreover, businesses might fall prey to card testing schemes, in which fraudsters utilize numerous valid and usable credit cards for testing purposes. These orders are typically small and low-risk, yet they can substantially impact a merchant’s business.
One sort of affiliate fraud known as “typosquatting” involves a fraudster registering domain names similar to common misspellings of a legal online store’s URL. The scammer then points the victim’s browser to the merchant’s website via an affiliate link disguised as the original.
Chargeback Fraud or Friendly Fraud
Another type of e-commerce fraud detection is chargeback fraud. Affiliate fraud can harm business performance and inventory levels. Scammers use this method to buy something online with a credit card, get the item, and then ask the credit card company for a refund. The payment processor will then demand a return of the purchase price from the merchant to the issuing bank. And when a bank requests a chargeback, the fraudulent customer is entitled to reimbursement from the original online retailer.
Buy Now, Pay Later Fraud
Customers may get the items and services they need right now with the help of “buy now, pay later” (BNPL) models, which allow them to make payments at their convenience. Unfortunately, the more online stores that provide this service, the more opportunities thieves have for fraud. A fraud detection tool, however, can make it less likely to happen with new BNPL transactions and when a customer changes payment methods.
Triangulation Fraud
Triangulation fraud is a three-stage e-commerce fraud technique. In the first phase, cybercriminals build a fraudulent internet store that often sells popular brand-name items at meager costs. The only reason for the site is to get people’s names, addresses, and credit card information.
In the next step, the fraudsters use the stolen customer information to go to an actual online store, buy the same item that the victim ordered from the fake online store, and ship it to the consumer.
The final stage is the payment received by the fraudsters. They use the information they stole to make more online purchases, which they mail to themselves. Most of the time, this type of online fraud goes undetected for longer than other types because the first purchase from the fake website doesn’t make the victim suspicious.
Interception Fraud
In interception fraud, criminals use stolen credit cards to make online transactions. They ship the products to the address on file for the credit card but intercept the shipment before its delivery. For example, a criminal might go to an online store like Lazada or Shopee and buy something with a stolen name, address, and credit card. After placing the order, the criminal calls customer service before the item has been sent out to change the delivery address to a place of their choosing.
How to Detect Fraud
Defend your business from different types of e-commerce fraud. By detecting fraud in an early stage, you can significantly reduce the strain on your team when performing manual reviews so they can focus on transactions that need further examination. Here are e-commerce fraud detection techniques you need to know:
- Inconsistent Order Data– Neither the city nor the zip code provided is correct. Another is that the shopper’s IP and email addresses don’t correspond.
- Higher- Or Lower-Than-Average Orders– Purchases from a regular customer that seem unusually excessive or low raise red flags.
- Unusual Location– The customer in the Philippines suddenly purchased an item from an IP address in an unusual location like India.
- Back-to-Back Multiple Purchases– The consumer processes multiple transactions in a short timeframe.
- Multiple Shipping Addresses– E-commerce fraud detection happens when several orders are placed under the same billing address, but the buyer specifies different shipping addresses for each shipment.
- Customers Ordering in Large Quantities– When a business receives orders for considerably larger amounts of a single product than typical, these transactions are probably fake.
- Multiple Orders From Many Credit Cards– Someone makes multiple purchases in a single day or over a prolonged period, using various credit cards
- Multiple Orders from a Certain Country– When an online merchant receives one order from a different country and subsequently receives multiple orders from that country within a week.
Most Filipinos lack adequate financial knowledge and are oblivious to the importance of fraud prevention. With this information, they will be better equipped to avoid falling victim to e-commerce fraud.
Best Practices for E-Commerce Fraud Prevention
When choosing a fraud prevention solution for e-commerce stores, it must boost your platform’s customer experience, identity verification, and fraud detection. It should be seamless without exerting any extra effort on either the platform or the user. How can you achieve this, then?
The following are e-commerce fraud prevention techniques you can apply to your business:
Follow PCI Standards
Ensure your online shop meets PCI standards. Businesses and their customers can benefit from the PCI standards established by the PCI Security Standards Council. There are over 400 types of tests specified by PCI, in addition to the 78 minimum and 12 key requirements. MasterCard, American Express, and Visa developed the PCI standards to safeguard customers’ financial information.
Don’t Collect Too Much Sensitive Customer Data
Avoiding a mountain of customer data makes e-commerce fraud detection a breeze. Only collect the necessary information to finish the sale and send the product. Also, don’t ask for sensitive information like customers’ social security numbers or dates of birth. With this best practice, you will collect as little information as possible, protecting your store from data breaches.
Conduct Regular Site Security Audits
Regular site security audits are recommended if you want extra confidence in your site’s safety. Perform site security checks by doing the following:
- Check if the shopping cart software on your site is updated
- Ensure SSL certificates are up to date and working properly
- Comply with PCI standards
- Get your online shop backed up regularly
- Be sure that all of your administrative accounts, hosting dashboards, content management systems, databases, and FTP accesses use strong passwords
- Regularly scan your e-commerce store for malware
- Make sure communication between you and your customers is encrypted
Periodically Monitor the Site for Suspicious Activities
By keeping a close eye on any transactions made on your website, you can prevent any fraudulent activity. Watch for warning signs in your customers’ accounts and transactions, such as contradictory billing and shipping details and unusual customer locations. Use IP address tracking software to get alerts when a customer is connecting from a country prone to fraudulent activities.
Implement Multi-Factor Authentication
Requiring strong passwords for store accounts can lessen the risk of phishing attacks. However, safety still isn’t guaranteed with a strong password. To make your e-commerce site more secure, consider implementing multi-factor authentication. Multi-factor authentication (MFA) checks a user’s digital identity with two or more “factors” before letting them into a computer system, network, or set of files. On some websites that practice MFA, they ask users to provide a one-time pin sent to their registered mobile numbers before they can complete their purchase. Some also use email verification before customers can use their accounts on the online store. This e-commerce prevention technique provides more security so you won’t succumb to online hackers.
Use a Fraud Analytics Tool
Give your fraudulent users a hard time on your online platform without putting too much load on your team. You can rely on an intelligent, fast online fraud prevention solution that’s flexible, scalable, and accurate.
Find fraudulent users before they make a move with FindSocial by FinScore. Developed by the multi-awarded alternative data analytics company, FindSocial is an e-commerce fraud prevention tool that scans over 20 social media platforms using an e-mail address and mobile phone number from any country.
For high volumes of e-mails and mobile numbers, adding in the FindSocial API is the best way to go. But if you are looking for a quick look at a small list of e-mails and mobile numbers, you can access the FindSocial web-based portal.
Not only that, but FinScore also offers individuals alternative credit scoring to improve their creditworthiness. With this method, people can apply for a loan using data from telcos, their shopping history, and how they act on social media. Lenders can reach out to the underbanked and provide them with access to credit by using alternative credit scoring. Those who have historically been denied access to the credit system can benefit from alternative credit scoring by gaining access to low-interest loans.
Invest in an Address Verification Service
Consider investing in an address verification service (AVS) to prevent e-commerce fraud. Financial institutions that deal with credit card processing and issuance typically provide an AVS to monitor for and report potentially fraudulent credit card transactions. Addresses are compared between the issuing bank and the customer using AVS. After complete verification, the merchant submits a credit card authorization request to the payment gateway. The transaction can be canceled and investigated further if the addresses don’t match.
Make All Purchases Require a CVV Number
Visa, MasterCard, and Discover credit and debit cards have a 3-digit Card Verification Value (CVV) or Card Security Code (CSC) on the back. Having customers provide this code during checkout is a surefire way to verify that they own the credit card used in the transaction. With this, you’re more likely to detect and prevent e-commerce fraud, and you’ll be safer as well.
Use Hypertext Transfer Protocol Secure (HTTPS)
Most communication between a customer’s web browser and your e-commerce platform will occur over HTTPS, the encrypted variant of HTTP. HTTPS encrypts the data being sent over the internet to prevent unauthorized access to personal information like credit card numbers and addresses. If you run an online store, ensure that your transactions are encrypted using HTTPS so that hackers, cybercriminals, and fraudsters can’t intercept them.
Ensure the Credit Card Address and the IP Address Match
Every purchase made on your website is traceable to a specific public IP address. By looking at the IP address, you can tell what city or country a customer is from. This would raise a red flag if this city or region did not match the billing address associated with the credit card.
Make E-Commerce Fraud Detection Easier with Finscore
E-commerce fraud detection and prevention is an important matter to discuss now that more and more online stores are rising nationwide. Online fraud will likely happen to online merchants and customers who don’t know what they’re doing. E-commerce fraud can take many forms, so learning how to spot it and prevent it is the best way to avoid it.
Need more information regarding e-commerce detection and our fraud detection tool? Contact us any time, and we’ll gladly assist you