The Latest Types of Ecommerce Fraud Attacks You and Your Business Need to Watch Out for in 2021

Ecommerce security image

With the stress of the approaching new year, the uncertainty that characterizes the world around us, and the ongoing concerns over the health and safety of people everywhere, the last thing you and your business should have to worry about is an ecommerce fraud attack. Alas, these cyber-crimes never take a holiday. As a matter of fact, it’s not unusual to see ecommerce fraud attacks increase in frequency during chaotic times as opposed to time that are “normal” and relatively uneventful. That’s why it’s in your best interest to be on high alert as we head into 2021 — for the protection of yourself, your business, and of course, your customers.

2021’s Newest Ecommerce Threats

As we head into 2021, indicators seen in the final months of 2020 give us a good idea of what to expect from ecommerce fraud attackers in the new year. From malware bots to manipulated accounts and all sorts of fraudulent tricks in between, these four ecommerce fraud attacks are showing all the signs of being 2021’s biggest threats to you and your business’s sales.

Luckily, we know enough about these new ecommerce threats to be able to break them down threat by threat, give an overview of what each one is and how they implement their attacks, as well as disclose what you can do to steer clear of them in the coming months. Read on to learn more.

Transaction Payment Fraud Attacks

As you may or may not know, an “attack vector” is the term used to describe the way or the method a malicious hacker gains access to a network or server. Typically, as far as ecommerce goes, a detected attack vector will almost always result in a chargeback. But, if one of these ecommerce fraudsters succeeds in their mission, they can gain access to a user’s payment information and charge them money under the name of your business, making it appear like they made a purchase when they’re actually being defrauded. Experts call this attack vector a transaction payment fraud attack. You can avoid these kinds of attacks by implementing additional identity verification (like security questions or codes) and one-time passwords that regenerate with each new login.

Malware Bot Attacks

Malware bots are nothing new, unfortunately, but the innovative ways that hackers continue to use them is what makes them a near-constant threat. This attack vector is as old as the world of internet hacking itself, and there are no signs showing that malware bot attacks are going to stop in the new year. Because these malware bots are in an almost constant state of newness (due to the ways hackers update them to bypass security measures), it’s important that you and your business implement tried-and-true malware bot protection measures. This includes added layers of security that scan and check for common recurring IP addresses and other malware bot giveaways.

Account Takeover Attacks

This attack vector and the one that follows both have to do with hackers infiltrating accounts in order to carry out their ecommerce fraud attacks. Account takeover attacks, also known as ATO attacks, have proven to be particularly meddlesome in recent months: Hackers will get into an account and make changes to lock the account owner out, giving them full access to financial information and allowing them to wreak havoc on ecommerce sites the owner frequents. To prevent these account takeover attacks, ecommerce vendors can use behavioral biometrics to look for key differences between a user’s normal behavior and the behavior they’re displaying because of a hack.

Fake Account Attacks

Last but not least, there is the attack vector known as the fake account attack. This particular method is hard to detect using things like traditional security measures because it’s not an account credited to a frequent site visitor, nor is it a simple matter of stolen passwords or usernames. This is a tactic hackers heading into 2021 will probably use frequently. The reason fake account attacks are so problematic is that they create fake accounts using a stolen identity that can easily trick your standard security measures. By combining fake email addresses, names, and phone numbers with real financial information stolen from users, hackers can move stealthily and remain relatively undetected unless you’re utilizing behavioral biometrics in combination with a keen eye that knows how to detect strange or uncommon behavior on your site.

How Can You and Your Business Stay Safe From Ecommerce Fraud Attacks in 2021?

If you’re looking to protect yourself and your business from these ecommerce fraud attacks in 2021, the best thing to do is work with experts on both your payment processing and fraud prevention. Fraud Wrangler provides a chargeback and fraud protection service that reduces chargebacks and prolongs the life of merchants like you. We also partner with National Merchants Association, a merchant advocate and payment processor who provides trusted expertise and the experience to prevent ecommerce fraud attacks from happening to you. National Merchants Association and Fraud Wrangler work together not only to protect you from these new ecommerce fraud attacks but also the countless other methods and techniques utilized by hackers all over the world daily.

Connect with us today to learn more about keeping your business safe from ecommerce fraud attacks in 2021.

8 Best Practices for Preventing Ecommerce Fraud in 2021

Fraud image

It is an unfortunate reality that scammers take advantage of crises like COVID-19, using the world’s distraction to their advantage. With more consumers shopping online than ever before, e-commerce fraud attempts have been off the charts. Compared to 2019 data, most sectors of retail saw a dramatic rise in transactions during March 2020, with Europe and North America in the lead for ecommerce fraud. For this reason, it is more crucial than ever that merchants learn the most up-to-date strategies and best practices for keeping scammers at bay.

Preventing Ecommerce Fraud Practice #1: Be Proactive about Identity Theft

As the most common type of ecommerce fraud, identity theft warrants special attention. Business identity theft threatens not only the financial health of the company, but the livelihood of its employees and customers.

Along with standard precautions like keeping personal information private, merchants need to go the extra mile. Simple safeguards can help:

  • Switch to digital statements to avoid mail fraud
  • Keep paper documents locked away
  • Use a secure VPN
  • Avoid letting employees share company passwords
  • Keep an eye on your business’ credit reports.

Preventing Ecommerce Fraud Practice #2: Use Address Verification (AVS)

Some credit card processors offer address verification services (AVS) to alert merchants of potentially fraudulent transactions. When the location where a card was issued does not closely match the customer’s billing address, merchants can decide whether to accept or reject the transaction based on the AVS code provided. While not sufficient on its own, AVS is a useful tool in conjunction with other ecommerce fraud prevention technologies like CVV validation and IP address verification.

Preventing Ecommerce Fraud Practice #3: Have Your Response Planned Out

Merchants are wise to decide on a plan of action before a suspicious transaction occurs. Depending on the type of fraud, a small business may need to freeze its credit, cancel or dispute a transaction, or take steps to protect its data. Studies show business owners detect fraud an average of 16 months later, leaving them with limited options to respond. Small businesses take a bigger financial hit than larger organizations that encounter fraud because there are typically fewer internal controls in place. Scheduling regular internal or external audits is one way to break this cycle.

Preventing Ecommerce Fraud Practice #4: Take an Industry-Specific Approach

Different industries deal with different flavors of fraud, and online sellers need to be especially careful with credit card transactions. Thus at the heart of ecommerce fraud prevention is transaction monitoring. In addition, merchants can mitigate confusion and deter fraud by being clear and communicative before, during, and after the checkout process. When scammers see a small business with crystal clear refund policies and a super-secure checkout process, they are less likely to try getting away with fraud.

Preventing Ecommerce Fraud Practice #5: Comply with PCI

The Payment Card Industry Data Security Standard (PCI DSS) is a requirement for all businesses allowing credit card payments. While it may seem like a tedious hurdle to jump, PCI compliance is designed to benefit businesses and protect them from data breaches.

Processors like NMA provide PCI compliance services to help merchants guarantee they are conducting business safely. In addition, NMA helps merchants set up quarterly scans to uncover security weaknesses in their system. Much like car insurance, PCI compliance is a small monthly investment that offers a hefty layer of protection.

Preventing Ecommerce Fraud Practice #6: Use CVV Verification

Card verification value (CVV) codes are fundamental elements of a secure checkout process. Depending on the card type and provider, they may also be referred to as CVV2, CVD, CVC, or CVC2. Requiring these codes during checkout prevents identity thieves from using credit cards they don’t physically have in their possession.

Some merchants fear that requiring CVV codes will reduce conversions and complicate the checkout process. However, there are many other ways to simplify checkout without taking a security risk.

Preventing Ecommerce Fraud Practice #7: Use a Fraud Protection Service

Fraud software is rapidly becoming a necessity for online sellers who don’t have the time or technology to closely monitor each transaction. With the help of AI and machine learning, fraud solutions are more sophisticated than ever before. Predictive and adaptive analytics techniques are allowing businesses to receive vital information before they process fraudulent transactions.

Fraud Wrangler is a security service for merchants who want to reduce chargebacks and detect fraud immediately. Fraud Wrangler’s five-layer system gives merchants the best chance of winning transaction disputes and keeping rightfully earned revenue.

Preventing Ecommerce Fraud Practice #8: Know the Red Flags

Every industry has its own red flags – occurrences that are statistically more likely to coincide with fraud. In the ecommerce world, these are:

  • Several orders of the same item
  • Different shipping and billing addresses
  • Multiple orders with different credit cards
  • Suspicious email addresses
  • Several declined transactions

In the end, detecting fraud requires merchants to use their gut instinct. If something doesn’t feel right, it probably isn’t. Sometimes fraud prevention is as simple as sending a quick email to a customer or checking them out on social media. The more red flags a merchant encounters, the more likely it is to be a dangerous transaction.

Final Thoughts

Fraud costs small businesses billions of dollars per year, and most of the time it is avoidable. By using common sense, online safety measures, and fraud prevention software, merchants can get ahead of fraud trends in 2021.

Fraud Wrangler provides a powerful suite of protection tools to help merchants stop fraud before it impacts their business. Sign up today and take action to protect your hard-earned revenues!

7 Industries Hit Hardest by Ecommerce Fraud During the Covid-19 Era

Travel image

A Health Crisis – and an Economic One

COVID has triggered both a health crisis and an economic crisis simultaneously. Millions of businesses have been shut down, and even more are treading water. For those that have been lucky enough to survive, adapting to new buying trends has been a job in itself. But on top of this, the rapid shift to ecommerce has created a rising tide of ecommerce fraud.

As merchants scramble to adapt and meet changing consumer needs such as the ability to shop for necessities from home, or the ability to have meals delivered, scammers are operating differently too. Studies show fraudsters are flocking to industries that are receiving higher traffic volumes to maintain anonymity and slip through the cracks. Unfortunately, this makes ecommerce companies a primary target for some of the most common online scam tactics.

1. Preventing Ecommerce Fraud in Travel

Data shows the travel industry has been hit harder than any other. Legitimate travel transactions all but disappeared at the height of quarantine. Thus travel companies saw an increase in fraud attempts and a drastic reduction in true customers. The travel industry has been one of several targets for card testing, a practice in which scammers test stolen cards to see if they can continue using them elsewhere.

2. Preventing Ecommerce Fraud in Retail

Many brick and mortar businesses have hastily made their way into ecommerce, which has set them up for both success and danger. While physical retailers have been able to survive by going digital, they’ve also become vulnerable to scammers who know they are ecommerce rookies. In the second quarter of 2020, humans rather than AI bots directed 1 out of every 5 ecommerce attacks.

For business owners in this unique position, National Merchants Association offers chargeback prevention education and high risk credit card processing at low fees. NMA is a merchant account that works for you, partnering with Fraud Wrangler, an AI-driven platform that alerts merchants of potential ecommerce fraud while collecting and analyzing critical transaction data.

3. Preventing Ecommerce Fraud in Online Gaming

When much of the global workforce received indefinite stay-at-home orders, it opened the floodgates for gaming fraud. Gamers using hacks to win tournament money is one insidious way scams have crept into the gaming industry. In-game fraud also rose as hackers discovered ways to employ bots to carry out repetitive tasks to earn money and prizes. A study by Arkose Labs revealed in-game fraud rose 60% from the first to second quarter of 2020. Findings revealed an average of 65 attacks per second occurring in the gaming industry.

4. Preventing Online Fraud in HR/Recruiting

Human resources is probably not the first industry most think of when it comes to ecommerce fraud. But HR and recruiting have been fruitful avenues for dishonest employees in 2020. From faking COVID to stretching the truth to receive financial aid or time off, some employees took advantage of the unusual circumstances. Unfortunately, already-suffering businesses took the financial hit. One factory shut down and sacrificed $175,000 in productivity losses from a false COVID report.

While HR fraud typically involves employees, recruitment fraud is the other side of the coin: Scammers post fake job descriptions hoping to score personal information from applicants. By playing the role of business owner, scammers can obtain social security numbers and other critical details for identity theft.

5. Preventing Ecommerce Fraud in Finance

The finance industry started off strong in 2020, with fraud incidents remaining low until the second quarter. Attacks were primarily human rather than bot-driven, and typically involved application fraud. Scammers attempted – and in some cases succeeded – in opening financial accounts with someone else’s personal information.

In one instance, a man was caught engaging in a loan fraud scheme, applying for COVID-related benefits that didn’t apply to him. Like many finance scammers, the man used unique sets of information to apply for both PPP and EIDL loans, resulting in a $196,900 payout.

6. Preventing Ecommerce Fraud on Media/Streaming Platforms

As with online gaming fraudsters, media fraudsters took advantage of quarantine free time to steal streaming services and create fake accounts. One example of this is music streaming apps, which have attracted fake musicians. Once signed up, individuals can manipulate play counts to earn money from the streaming platform.

Unsurprisingly, streaming platforms received significantly more mobile traffic during the second quarter of 2020. More mobile attacks have been reported in the media and streaming industry than any other, making it especially useful for these companies to invest in mobile security.

7. Preventing Ecommerce Fraud on Technology Platforms

Much like streaming platforms, tech platforms faced noteworthy human-driven fraud trends that rose 57% into quarter 2 of 2020. Tech-focused mobile attacks rose 27%. Scams abound on social media sites like Facebook and dating apps like Tinder. Because the technology industry encompasses so many types of businesses, fraud attempts are just as varied.

Fortunately, the tech industry is perhaps the most equipped to understand and handle ecommerce fraud with cutting-edge solutions. Tech professionals encounter everything from phishing attempts to identity theft and false payments, making fraud prevention technology a no-brainer investment.

Preparing for a New Era of Fraud

COVID has brought changes to nearly every facet of life for both businesses and consumers alike. But even as global health returns to normal, the multitude of fraud techniques being used online won’t disappear. All modern organizations will need a comprehensive fraud prevention plan that incorporates best practices and up-to-date technology.

At NMA, We Work For You® to establish the safest online business that meets the needs of your unique customers. Our payments experts work one-on-one to provide personalized merchant services that fit your business model. With some of the best rates in the industry, we look forward to helping you run a secure remote business. Learn more about the benefits of NMA membership and Payments Made Personal.