Accepting an online payment is an inherently risky activity for an e-commerce retailer. “Card-not-present” transactions, where a physical card is not swiped, are sitting ducks for fraudsters.  But these types of payments are obviously necessary for any online business to succeed, including us at Affirm.

At Affirm, we mostly deal with stolen identity fraud, but stolen credit card numbers are also a big risk for e-commerce sellers. When a purchase is made using a stolen payment instrument (stolen credit card or debit card) and the victim notices the unauthorized transaction, they file a chargeback. Here the merchant can end up being responsible for the payment amount, cost of goods/services and also the chargeback fees, so it's important for an e-commerce retailer to proactively defend against fraud to protect the bottom line. 

The biggest fraud industries

Fraudsters aren’t just trying to steal product. They want to make money by looking for ways to monetize their work. Therefore, they focus on products that have a large resell market like;

1.    Jewelry/watches

2.    Electronics/mobile phones

3.    Gift cards/money services

Most retailers work with third-party companies which offer fraud protection as a service to evaluate their transactions. Sometimes they even offer to be held accountable for any fraud that occurs on the transactions  they approved. Signifyd and Sift Science are two of the prominent players in this space. Payment processors like Stripe and e-commerce platforms like Shopify have also started offering fraud solutions to their merchants while others provide alerts so merchants can make informed decisions. Similarly, Affirm provides fraud protection to our merchants against unauthorized transactions.

These and other fraud prevention businesses look for patterns in transaction behavior and payment history to spot fraudulent purchases. They build machine learning solutions, write targeted fraud rules, or utilize manual review from fraud experts to flag suspicious transactions.

Some of the key signals of fraud are:

• Velocity of attempts

• Multiple transactions linked to a fraud ring network (sharing IP address, payment instrument, phone, email, device etc),

• Out of pattern behavior

• A mismatch in addresses

• Inconsistent phone or email information

Even if an e-commerce business is working with fraud service providers offering fraud protection, it is still important for them to keep an eye out for fraud themselves.

Below are three of the most common and trending fraud schemes e-commerce businesses should be aware of.

1. Shipping address change

This was one that we actually dealt with at Affirm. Here, a fraudster takes out a loan with a stolen identity; using the victim's real address for billing and shipping to pass by our fraud checks and gets approved for the loan. After approved and processed, the fraudster calls the merchant and changes the shipping address so the product is delivered to them instead of the victim, bypassing our fraud team.  As a merchant, you should watch closely for any requests for shipping address changes and work with your fraud service providers and processors to verify that these transactions are not fraudulent.

To combat this, Affirm works with the merchant to flag any indication of shipping address changes.  These alerts help us to identify suspicious transactions and block them as needed. Fraudsters are getting smarter and they try to change the shipping address by contacting shipping companies (FedEx, USPS, UPS etc.) directly. But we have tools for identifying these workarounds as well.

What you should look out for: Shoppers changing their shipping address frequently.  There might be a genuine use case of changing the shipping address once an order is placed but keeping an eye will help in identifying fraudulent transactions.

2. Refunds to a different payment instrument

In this method, a fraudster makes a high volume purchase with a stolen card.  Their plan is to return some or all of the product and ask for a refund. The trick is the fraudster will ask the retailer for a refund to a different payment instrument, wire the money, or send gift cards to the fraudster. With this, they are able to steal cash from the business instead of just the physical product. Fraudsters are always looking to monetize.

The owner of the credit card upon seeing unauthorized transaction files a chargeback and merchant ends up taking multiple losses. In the event when they overpay and ask for partial refunds, the merchant ends up losing on not only the refund amount but also goods that were shipped. Smaller merchants get excited when they see a big purchase, but they need to be wary of too good to be true orders. It could be an indication of fraud.  

What you should look out for:  Returns that ask for refunds on a different payment instrument than the original order. Overpayment and then asking for partial refunds or too good to be true orders from an unknown buyer.

3. First party fraud

Liar Buyer fraud occurs when the actual cardholder makes a purchase and later on tries to dispute the transaction. The dispute might not be intentional fraud, a person might have forgotten or doesn’t recognize the transaction. Or it can be deliberate, where the fraudster is trying to get away with a free item. As a merchant, you might still be hit with the chargeback fee.  Merchants can avoid accidental chargebacks by having a clear descriptor in credit card statements. It can be difficult to detect bad intent in these types of cases, but out of pattern behavior can indicate something suspicious. To protect against disputes it's also worthwhile to have “signature on delivery” or shipping to verified address.

What you should look out for:  Out of pattern behavior or an unverified shipping address.

As an e-commerce retailer, it's important to be aware of the changing landscape of fraud. Know the common schemes and keep an eye out for new trends or patterns.  Use this information to inform your third-party provider about any suspicious transaction you see occurring across your site. You should work as a team to protect your business and your customers.

If and when a fraud charge slips through, you should keep good records of delivery to prove shipment of the product in order to get your loss, chargeback, and refund covered from the third-party provider.