eCommerce Fraud - Time to get Smart
In the eCommerce industry, you need to take measures to protect yourself from fraud. One constant fact is that there will always be people looking to get something for nothing, unscrupulous men and women whose only goal is to either rip off your business or its customers.
Understanding how fraudsters work and operate is a piece of essential knowledge for merchants that want to stay steps ahead of fraudsters and to prevent fraudulent activities from happening, it requires knowledge of how fraudsters will attempt to gain merchandise or funds from the merchant.
There are a couple of differences between low and highly sophisticated fraud attempts, and in this blog post, we will try to dive briefly into some of them.
Less sophisticated attacks
These attacks typically come in short-lived bursts and reuse known bad fraud signals such as causing a large volume of activities or manipulate multiple fraudulent accounts using the same script. But over the years, these signs of attacks are easier for merchants to detect and prevent, which is why fraudsters had to create more stealthy attacks to be successful.
The stealthy Attacks
These fraud attacks take great measures to ensure that the fraudulent activity blends in with all other normal users and these give a longer duration of time to operate at a low rate, staying under the radar. Because of these methods, the attacks can cause more damage because they can go unnoticed for a long time.
Almost normal users
The longer the fraudster can go without being detected or shut down by the company the more they stand to gain. The DataVisor Fraud Index Report gives one example of a high sophistication attack, where they observed fake accounts registered using a rare email domain. Aside from the simultaneous sign-up activity, the accounts appeared normal and performed many normal activities. Upon closer inspection, abnormal behavior could be detected. Each user account logged in from multiple geographic locations, with each login originating from a different location. A user might be in Cambodia one moment, then Argentina next, then in Algeria after that. Ultimately, each user logged in from as many as ten different countries. Viewed together, this group of users originated from hundreds of locations all over the world. It is likely the fraudster behind the attack leveraged proxy services that have a presence in residential or mobile network ranges.
Smart Moves to Adopt
There are a couple of things that merchant should keep in mind before searching out fraudulent behavior:
a. Find out what is normal for your customers
Take some time and do some analysis. Get a true understanding of how your customers sign up for accounts, how they interact with your online store and their buying character. This will give you a good idea of what behavior is completely normal and what should be looking into.
b. Watch out for jumping of geographical locations
Fraudulent accounts usually do not stay in the same geographic location. It will jump across networks located in different countries. For example, fraudsters might register from mobile networks in the U.S., then log in from an ISP in Malaysia to edit the user’s profile information then log back in from a U.S. network. This kind of behavior is very rare for normal global users.
c. New or different doesn’t always mean fraud
If there is a spike in new or different behavior in your monitoring, make sure to take an in-depth look at it before assuming it is a fraud. For example, new email domains or a rare user-agent string are often likely fraudulent. However, not all unusual-seeming behavior is abnormal. It all depends on the context. Such as “new” versions of an iOS release which might appear to be peculiar at first instance.
d. Get Professional Help
You can never be too careful when it comes to preventing fraud attacks on your store. getting around the clock protection is very important to help when you are not online to monitor every transaction.
The best scenario would be to prevent fraud from occurring. The first step is to monitor and check every order, being careful with the matching of IP, email and shipping addresses. Pay attention to international transactions, since most credit card fraud cases are from foreign buyers. So pay attention if the billing and shipping addresses don’t match. And last but not least, equip your business with VPCART Fraud Alert.
In any case, the best defense for your online business is being aware of the threats that are out there and knowing what to look for.
It is impossible to stay 100% safe, but by using these tips, and by being vigilant and smart, it will help you decrease the chances of becoming a victim of a fraud.