Skip to content

Types of e-Commerce fraud: a breakdown 

November 3, 2023

Retail e-Commerce revenue has displayed consistent growth since 2014, a trend further accelerated by the COVID-19 pandemic. Businesses are actively investing in digital technologies as consumers increasingly shift their purchasing activities online. This expansion of the digital landscape has, however, led to a surge in worldwide payment fraud, projected to incur losses of $40.62 billion for businesses by 20271. With 64.5% of the global population having internet access2 and convenience shopping gaining popularity, the appeal for fraudsters is undeniable. 

To streamline the purchasing process, businesses are aiming to minimize friction points, with an emphasis on fast fulfillment and reducing the data required for transactions. Yet, this very pursuit of efficiency creates fertile ground for various types of fraud. This situation poses a dual threat as fraudsters can negatively impact both a business’s reputation and finances, all while operating anonymously in the online environment. 

Let’s take a look at the various types of e-commerce fraud at play today.  

True fraud

Credit card fraud is an unfortunately common digital fraud scheme. All purchases made with stolen credit or debit cards are true fraud. In this type of fraud, the fraudsters use different tactics to avoid suspicion and detection. 

Friendly fraud

While payment card fraud continues to be a significant concern for both merchants and issuers, a more complex and costly challenge has emerged: friendly fraud. Instances arise where customers claim unauthorized purchases to secure refunds, or falsely assert non-receipt of goods via mail delivery. These are usually one-off fraud attempts, or they happen occasionally, and are not an act of an organized fraud.  

Larger online merchants are particularly susceptible to friendly fraud due to their eagerness to resolve issues promptly and maintain a positive customer relationship for future transactions. 

Friendly fraud encompasses both accidental and intentional fraudulent behavior, making it challenging to ascertain malicious intent. Cases where a cardholder deliberately seeks to defraud a company add another layer of complexity to risk management. 

Card testing

Card testing involves fraudsters using stolen cards to authenticate online payment systems. The aim is to verify card activity and acquire missing details, such as the card verification value (CVV) number. The intention is not to make purchases but rather to exploit the card’s validity. 

Certain online reservation services provide an ideal platform for card testing. These services initiate transactions to complete reservations and authorize payments. Automated bots can test different combinations of CCV numbers until a successful transaction occurs. These microtransactions often involve low values to evade scrutiny. Larger e-Commerce enterprises typically do not experience such microtransactions, relegating this form of fraud to minor service providers. 

Phishing

Another pertinent threat is phishing, a social engineering technique employed to obtain user information, including login credentials and credit card details. Perpetrators deceive victims by impersonating trustworthy sources via emails, instant messages, or text messages. By enticing recipients to click malicious links, attackers can unleash malware, initiate ransomware attacks, or reveal sensitive data. 

The implications of a successful phishing attack are severe, ranging from financial and identity theft to unauthorized transactions. Additionally, phishing serves as a gateway to infiltrate corporate or government networks, enabling larger scale cyberattacks. In such instances, compromised employees help attackers bypass security measures, introduce malware, or gain privileged access to secured information. 

Coupon abuse

Coupon abuse, also known as promo abuse, fraud is a type of fraudulent activity that involves the misuse or exploitation of coupons, vouchers, or promotional codes provided by businesses for discounts or special offers. This form of fraud occurs when individuals or groups take advantage of these promotions in ways that were not intended by the issuing company, leading to financial losses for the business.  

This type of fraud often goes hand in hand with artificially inflated traffic (AIT) attacks, a type of SMS fraud that generates high volumes of fake traffic via mobile applications or websites. AIT attacks have also become more popular recently. 

To learn more about ways to tackle some of these fraud types, talk to us today. Also check out our SE blog series for unique topics tackled by our Solutions Engineering Team. 

_______________________________________________________________________

  1. APP Scams Emerge as the Top Payments Fraud Threat With Fraudsters Changing Tactics, Finds ACI Worldwide Report: https://investor.aciworldwide.com/news-releases/news-release-details/app-scams-emerge-top-payments-fraud-threat-fraudsters-changing
  1. Worldwide internet user penetration from 2014 to July 2023: https://www.statista.com/statistics/325706/global-internet-user-penetration/