Instead, they use middlemen whose details are used to make the purchases and who then forward the goods.
Clean frauds name is misleading, because theres nothing clean about it. Another technical method is known as pharming, in which manipulated browsers direct unsuspecting customers to fraudulent websites. So what does this fraud look like, exactly? A study asked 274 merchants from various industries in six countries precisely this question. This is where criminals who use stolen payment data to pay for their purchases dont want to have them sent to their home addresses. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.
Merchant fraud is another method which must be mentioned. Instead of having to come up with a completely new identity to do this, they simply take over an existing one. Alternative payment methods are also attracting criminals. Then, however, they deliberately initiate a chargeback, claiming that their credit card or account details were stolen. These involve hackers muscling in on communications between customers and merchants (or between customers and banks) in order to siphon off login data.
According to 69 per cent of the merchants surveyed, sales via third-party websites like Amazon, Alibaba or eBay are particularly susceptible to fraud. Almost exactly the same number (51 per cent) have great difficulty in maintaining an overview of the various fraud prevention tools in different countries. The number of fraud cases has increased by 19 per cent compared to 2013, and this is the fourth successive time that fraud growth has exceeded e-commerce growth. The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. Out of every $100 in turnover, fraudsters currently snatch 5.65 cents.
We havent even mentioned the opportunities involved in intercepting credit cards sent by mail, for example, or in copying credit cards in restaurants and hotels or at cash machines. Already, though, the true extent of the identity theft problem is apparent.
In fourth place is what the merchants surveyed refer to as friendly fraud. The basic principle of clean fraud is that a stolen credit card is used to make a purchase, but the transaction is then manipulated in such a way that fraud detection functions are circumvented. A great deal of correct information is then entered during the payment process so that the fraud detection solution is fooled. Here, credit cards are the most popular target, as a fraudster does not need much to carry out a card not present transaction.
E-commerce revenue is constantly increasing, but the number of fraud cases, as well as the percentage of fraud in online transactions, is increasing faster still. This fraud method is particularly prevalent with services, such as those in the gambling or adult milieus.
The second corner of the fraud triangle involves using other stolen credit card data and the name collected to order goods at a real store and ship them to the original customer. The first is a fake online storefront, which offers high-demand goods at extremely low prices. Phishing, on the other hand, simply involves using fraudulent websites, emails or text messages to access personal data. Often, all that is required to appropriate someones identity is a stolen password. This sounds friendlier than it really is: using this method, customers order goods or services and pay for them preferably using a pull payment method like a credit card or direct debit. These are followed by mobile sales (mentioned by 64 per cent) and sales via their own online shops (55 per cent).
In clean fraud, criminals use sound analyses of the fraud detection systems deployed, plus a great deal of knowledge about the rightful owners of their stolen credit cards. Its very simple: goods are offered at cheap prices, but are never shipped. The falsified shop collects address and credit card data this is its only purpose.
Karsten Witke, Head of Payment Services Risk, PPRO Group
While the increase itself is nothing new (there has been more e-commerce fraud every year since 1993), the rate is impressive. This can be done either using a fully automated process or by getting real people to log into merchants sites using fake accounts. They are reimbursed but they keep the goods or services. In most cases, additional bait is added, like the information that the goods will only be shipped immediately if the goods are paid for using a credit card. According to 58 per cent of those surveyed, the major challenge in fraud prevention is a lack of system integration to provide a unified view of all their transactions across all markets. Much more know-how is required here than with friendly fraud, where the only goal is to cancel the payment once a purchase has been made.. The payments are, of course, kept. Language barriers, as well as the difficulty of keeping international tabs on individual customers, pose additional fraud management challenges.
Fraud methods vary depending on the sales channel, and the fact that most merchants aim to achieve multi-channel sales does not make the situation any easier.
Image Credit: Gustavo Frazao / Shutterstock
Leave a comment on this article
Fraud is not exclusive to credit card payments, however. In traditional identity theft, the criminals goal is to carry out transactions using a different identity. This can be used to take over an existing account with an online shop in most cases, the payment data is already stored in the account.
Friendly fraud also tends to be combined with re-shipping. Before clean fraud is committed, card testing is often carried out. Criminals are becoming more sophisticated in their use of malware to command online banking logins via phones, tablets and computers, using the stolen bank account details to make fraudulent payments. This enables them, for example, to order items online under a false name and pay using someone elses credit card information or by debiting another persons account. It is not specific to any particular payment method, but this is, of course, where no-chargeback payment methods (most of the push payment types) come into their own.
More International Fraud
On average, the merchants who participated in the study do business in 14 countries. This method of fraud also exists in wholesale. 52 per cent also see increased international transactions as a challenge. But what types of fraud exist and more importantly how can we protect ourselves against them?
The Nilsen Reportuses the example of card-based payments to illustrate the point: Internet payment fraud is constantly increasing, and is, apparently, unstoppable.
In order to commit identity theft or appropriate someones identity, fraudsters target personal information, such as names, addresses and email addresses, as well as credit card or account information. The most common types of fraud are explained below.
According to the study, the most common types of fraud causing concern among merchants are identity theft (71 per cent), phishing (66 per cent) and account theft (63 per cent). This type of fraud is payment-method-neutral, but extremely widely distributed.
During triangulation fraud, the fraud is carried out via three points. This is easier to do and usually much faster.
Of course, hacker attacks on e-commerce providers and stealing customer data also fall under this fraud category, as does using malware on computers to commit identity theft by spying out sensitive data. This involves making cheap test purchases online to check that the stolen credit card data works.
There are two variations of affiliate fraud, both of which have the same aim: to glean more money from an affiliate program by manipulating traffic or signup statistics. Man-in-the-middle attacks are even more sophisticated