top of page

Fraud Detection In eCommerce: New Tactics For An Old Menace

Online theft is nothing new. In fact, it’s just as old as eCommerce itself. According to a recent FBI report on digital crime, the loss of revenue specifically as a result of online fraud was reportedly $10.3 Billion over a four year period between 2015 and 2019. That’s close to a quarter of the $42 Billion loss PwC recently estimated to have occurred as the result of total economic crime and fraud cases globally during 2020.

If you think fraud can’t happen to you as an Amazon seller, you may be in for a rude surprise. Earlier in August, federal authorities in New York announced the indictment of a four person ring who successfully manipulated Amazon’s vendor system to pay for unordered goods—all to the tune of some $19 Million.

That’s just one example of numerous fraud cases which Amazon has had to face over the past two years, ranging from counterfeit goods to outright bribery. The problem has become so pervasive that they’ve recently launched a new AI program called Amazon Fraud Detector which can identify both fake accounts as well as online payment fraud. But Amazon isn’t the only marketplace in which online scams are running rampant. A recent report from Coveware indicated that phishing and ransomware attacks against digital enterprises increased by 60 percent between the first and second quarter of 2020, with an average payout of $178,254.

Online payment fraud has been estimated to result in a cumulative loss of revenue totaling over $200 Billion by 2024. As eCommerce prepares for unprecedented sales in 2021, so will the potential for fraudulent manipulation. And both sellers and vendors alike need to know what to look for.

Common Online Frauds in 2021

Account Takeover Attacks

According to a Federal Trade Commission report released in early 2020, identity theft saw a 20 percent increase in 2019 with over 650,500 cases reported in the US over a twelve month span. Unfortunately, the COVID-19 pandemic has only accelerated account takeover attacks as remote workforces are now becoming standard. A reported 5,233 attacks on IoT and smart devices have been reported per month according to recent estimates from Symantec. But for businesses, chargebacks, customer disputes and brand damage as a result of account takeover attacks are just the tip of the iceberg. Without a customer claim, merchants frequently don’t realize identity theft has occurred. As little as 7 percent of identity theft cases are actually reported to authorities, resulting in $1.7 Billion in out-of-pocket costs from retailers.

Synthetic Identity Fraud

Closely linked to account takeover attacks has been a rise in interception fraud, where stolen account information is used to deliver goods to a third party drop off. But perhaps the most significant development in identity fraud in recent years has been the emergence of synthetic identity fraud (SIF). In SIF, the key personal information of victims is merged with a false set of data points to form an entirely new synthetic identity which can go virtually undetected by federal and state authorities.

The damage can be devastating. 1,632 high profile data breaches were reported in 2018, exposing sensitive information (including social security numbers) to potential theft; in particular on the dark web, where SIF thieves obtain the vast majority of their information. The AITE Group recently estimated that SIF will account for $1.2 Billion in losses in 2020, representing 15 percent of all credit card fraud. Unfortunately, that number may be far too conservative. As a result of anonymized IP addresses, mail drops and third party contact points utilized by thieves, SIF can be one of the more difficult forms of online security violations to recognize unless consumers review their credit scores regularly—a task 54 percent of Americans reportedly avoid.

Triangulation Fraud

Triangulation fraud occurs when a consumer orders online from an illegitimate third party seller who sets up a mock storefront, typically offering high demand products at discount prices. The seller will then use illegally obtained payment information to complete the purchase from a vendor, frequently recycling the initial order’s account information. The order is shipped by the merchant with neither the consumer or the legitimate vendor aware that any kind of scam has been committed—until months down the road, when chargeback fees and unauthorized purchases begin to appear. The higher the volume of transactions, the less time retailers and legitimate marketplaces have to administer security protocol. To make matters worse? Customers not only receive the item they ordered (at the expense of both retailers and victims), but are frequently apt to refer triangulation scammers to others because of their “bargain.”

How Sellers and Brands Can Help Minimize eCommerce Fraud

  • Establish a custom rules engine. Being active with your fraud detection policies requires actively monitoring a standard rule protocol. Suspicious activities including a high volume of traffic from the same IP address and inconsistent order data don’t just waste available bandwidth. They can frequently be a sign of malware attacks. Make certain your rules are up to date, including reviewing your SSL certificate regularly and tracking customer IP addresses to ensure a consistent match with billing information.

  • Use Address Verification Services. Address Verification Services (AVS) are readily available from banks and card processing services to authorize online transactions. Because scammers frequently use alternate billing addresses for shipping and payment, an automated AVS will scan and review transactions for inconsistencies. A thorough scan will also prompt consumers using an unrecognized IP address geographically different from their billing information to confirm via email any transaction.

  • Require Card Security Codes (CSC). A CSC, also known as a Card Verification Value, is the unique security code consisting of three digits (four for AmEx customers) on the back of every credit or debit card that ensures a physical card is in the possession of the holder. While it’s standard for any Amazon transaction, many off-Amazon storefronts can frequently neglect verification of CSC, leading to rampant identity theft and increased chargeback fees for merchants.

  • Only collect the necessary data to complete a transaction. Storing highly sensitive data including dates of birth and social security numbers is one of the easiest ways for hackers to trade and sell information. Even secure and encrypted protocol can be subject to data breaches—and that includes your SSL certificate. Insisting on only the bare minimum of customer information won’t necessarily mitigate a fraudulent transaction after it’s occurred. But it can reduce the likelihood of a customer experiencing it repeatedly in the future. And it can reduce your accountability, as well.


Color More Lines provides white glove, global account management of your eCommerce platforms so mission-driven companies can focus on new product development, branding and growth strategies. Find out more at Color More Lines.

10 views0 comments


bottom of page