What is The Anatomy Ecommerce Fraud Protection?

--- title: The Anatomy Ecommerce Fraud Protection source_page: https://www.sardine.ai/blog/ecommerce-fraud-protection canonical: https://www.sardine.ai/blog/ecommerce-fraud-protection format: text/markdown date: 2024-07-24T00:00:00.000Z author: Eduardo Lopez description: Discover the complexities of e-commerce fraud protection and prevention. In-depth insights, types of scams, warning signs, and expert tips for prevention --- **Quick links:** [Human page](https://www.sardine.ai/blog/ecommerce-fraud-protection) · [Home](https://www.sardine.ai) · [Customers](https://www.sardine.ai/customers) · [Blog](https://www.sardine.ai/insights/blog) · [Demo](https://www.sardine.ai/demo) --- # The Anatomy Ecommerce Fraud Protection **Author:** Eduardo Lopez · **Published:** 2024-07-24T00:00:00.000Z · **Categories:** Fraud, Product Discover the complexities of e-commerce fraud protection and prevention. In-depth insights, types of scams, warning signs, and expert tips for prevention Key Takeaways: Prevent Ecommerce Fraud Understanding fraud in ECommerce is crucial. The eCommerce fraud detection market is projected to reach $103 billion within the next two years, highlighting the escalating challenge of fraudulent activity in online retail. In fact, it is projected that e-commerce sales worldwide will reach $6.4 trillion by 2024. Furthermore, in 2024, retailers faced substantial losses, with $103 billion lost to fraudulent returns and claims—approximately 15% of the projected $685 billion in returns last year. Senior fraud professionals must use effective strategies to protect their platforms and improve their outcomes. The better you understand the intricacies of eCommerce fraud, the better you will be able to find and vet eCommerce fraud solutions for your company. Understand your fraud risk: Assess and understand the specific risks your organization faces. Awareness of these risks is the first step in developing comprehensive ecommerce fraud prevention,‍ Recognize unique warning signs: Become proficient in identifying the unique warning signs of different types of e-commerce fraud. This enables timely detection and effective prevention, helping to mitigate potential threats before they cause significant damage.‍ Build a comprehensive fraud strategy: Develop and implement a thorough fraud prevention strategy that leverages modern technology, AI, and your human intelligence. ‍ Fraud in e-commerce has been around since the start of online shopping. It started with stolen credit card information and unauthorized transactions. But, as security measures improved, fraudsters adapted and developed more sophisticated methods. Today, everything from account takeover (ATO), fake accounts to affiliate and loyalty abuse are common and rising threats to e-commerce businesses. To prevent Ecommerce fraud, you need to understand how it spans many stages of the customer journey. These include account creation, login, transaction, and post-transaction activities. How can merchants spot and stop these many types of eCommerce fraud? In this article, you will learn: The most common attack methods used by e-commerce fraudsters. Warning signs that fraud is occurring on your e-commerce site. Effective strategies for detecting and preventing e-commerce fraud. Let's dive into the complexities of e-commerce fraud management. ‍Each phase presents unique vulnerabilities that fraudsters exploit. Understanding your Ecommerce Fraud Risk Now, you’re probably thinking, “Why is it so important to differentiate between types of fraud?” Here’s the thing: Each type of fraud requires a tailored approach to detection and prevention. A one-size-fits-nobody strategy is ineffective. Consider the different stages of the customer journey: Account opening: When a user first creates an account Login: Every time a user tries to access an account Payment: Everything between checkout, authorization, and settlement Post-transaction: After transaction, but within chargeback and return window The attack patterns-data we use to detect, and challenges all vary. Understanding these details helps us use targeted defenses, so this knowledge is crucial. Let’s break down common risks and the warning signs associated with each event in the customer journey. Account opening Fake or duplicate accounts Fraudsters use a mix of stolen and fake identities to create fake accounts. This can involve simple burner emails and phone numbers to more complex methods using official tax IDs and legal documents. But for traditional ecommerce, fake accounts are usually going to be tied to promo/referral abuse, evading blocklists or restrictions, manipulating reviews, using stolen cards, or running scams. Fake or Duplicate Accounts - Warning Signs: Multiple accounts created from the same IP address. Unusual or incomplete information in account registration details. High volume of new accounts in a short period. Logins Account takeover (ATO) Fraudsters gain unauthorized access to a customer's account through phishing, credential stuffing, or social engineering. Once they have control, they can make unauthorized purchases, change account details, or withdraw funds. What is Phishing and Social Engineering? Through deceptive practices, criminals trick individuals into revealing sensitive information, frequently via misleading emails or fake websites. These tactics often create a sense of urgency or offer enticing rewards, persuading users to disclose their personal or financial information unwittingly. Account takeover (ATOs) are a significant concern for any merchant offering wallets for cash, rewards, or loyalty points. Fraudsters will often sell these compromised accounts, cash out points, or use rewards to purchase a product they'll later resell or return. ATO Warning Signs: Sudden changes in account information (e.g., email address, password). Logins from unfamiliar devices or locations. Unusual purchasing behavior from an established account. Credential stuffing Reusing stolen credentials to gain access to user accounts, typically using some type of bot or automation script to quickly test user credentials at scale. With the increasing frequency of data breaches and big data leaks in the news lately, pressures from credential stuffing is expected to grow. These recent data breaches allow bad actors to easily test and access numerous accounts. We’ve built a free service in Sonar to check for this risk. The new red flag service will check if an account’s credentials exist on the dark web and return a “true” if they’re found. When added to these warning signs, we hope this helps manage risk of compromise. Credential Stuffing Warning Signs: Multiple failed login attempts in a short timeframe. Logins from various locations for a single account. High rate of account lockouts due to failed login attempts. Account Sharing Fraud Real users share their accounts for many reasons, often to take advantage of promotions or to game the system. Account sharing can signal buyer-seller collusion, promo exploitation, or gaming reviews. Or maybe someone just really wants to watch that Netflix show without buying a membership. Account SharingWarning Signs: Multiple devices and IP addresses accessing the same account simultaneously. Frequent changes to account settings. Unusual activity patterns not consistent with typical user behavior. Payment Frauds Transaction fraud Fraudsters use stolen credit card information to make unauthorized purchases. This type of fraud is also known as credit card fraud or card-not-present (CNP) fraud. Transaction fraud can also include fraudulent chargebacks and falsely claiming that items were never received. Transaction Fraud Warning Signs: High-value transactions from new or recently created accounts. Multiple purchases in quick succession using different credit cards. Orders placed with mismatched billing and shipping addresses. Card Testing Fraud Fraudsters use small transactions to check if stolen card details are valid. They do this before making larger purchases. Again, fraudsters will use bots to test these stolen card details, often targeting merchants with low-cost SKUs. Catching these attempts early can prevent further fraud across different merchants. Card Testing Fraud Warning Signs: Numerous low-value transactions from the same IP address. Multiple declined transactions followed by a successful one. Unusual spike in small transactions. Promo, affiliate, and loyalty abuse Fraudsters exploit promotions, affiliates, and loyalty schemes. They do this to gain money illegitimately. We see individuals referring themselves or connected accounts, using mobile device farms, or creating fake accounts to exploit promotions, discounts, and payouts. Warning Signs: Multiple accounts redeeming the same promotional code. Sudden increase in loyalty points redemption. Abnormal patterns in affiliate sign-ups and conversions. Post-transaction Fraud Refund Fraud Customers exploit refund and return policies. They use them to get refunds for items they have used, damaged, or never purchased. Refund fraud has surged in 2024, with fraudsters exploiting the dispute process and return policies. The Merchant Risk Council has even advised merchants to add refund fraud KPIs like Refund Rate, Repeat Refund Requests, and Refund Amount as a Percentage of Sales into their fraud monitoring. Refund Fraud Warning Signs: High return rate for expensive items. Returns of items that appear worn or previously used. Frequent return requests from the same customer. Chargeback Fraud Real customers make a purchase. Then, they exploit the chargeback process to claim fraudulent refunds. Similar to refund fraud, chargeback abuse involves disputing legitimate transactions to get a refund while keeping the goods or services. Chargeback Fraud Warning Signs: High volume of chargebacks from the same customer. Disputes raised soon after delivery confirmation. Disputing multiple transactions over a short period. Disputes on high-value items without contacting customer support first. Buy-Online-Pick-Up-In-Store (BOPIS) Fraud Fraudsters exploit the ease of BOPIS to make fraudulent purchases. They grab items quickly before detection. BOPIS fraud is common because items can often be picked up without showing ID or simply by showing a screenshot of the order. This makes it easy for fraudsters to commit triangulation fraud and intercept orders. BOPIS Warning Signs: Multiple pickup locations for a single payment method or account. High-value orders placed shortly before store closing times. Frequent use of different credit cards for BOPIS transactions. Understanding these fraud types through the user journey will help businesses. It will help them assess their e-commerce fraud risk and make targeted strategies to protect against these threats. Red Flags for Ecommerce Fraud Detection As eCommerce continues to expand, it’s crucial for businesses to recognize the signs of potential fraudulent activities. Early detection of these red flags can save a significant amount of money and resources. Key indicators include: Frequent large purchases from new or unknown accounts. Multiple orders shipped to the same address from different accounts. Rapid transactions from a single IP address, indicative of card testing. Mismatched billing and shipping addresses, particularly for high-value items. Multiple failed payment attempts, signaling potential credential stuffing. Unusual account activity, such as sudden login attempts from foreign locations Unusual account activity. Merchants can catch fraud by spotting warnings and implementing monitors. They can do so before it causes any significant financial damages. Basic fraud detection techniques Unusual login activity Unexpected locations are a concern. They can indicate unauthorized access. Login attempts are from an unfamiliar or unexpected geographic location. Odd hours are login attempts during unusual hours. For example, late at night. They may signal fraud. Repeated failed logins could suggest a bot. It is trying to gain access through credential stuffing. Example: A customer's account shows login attempts from different countries within a short period. This activity is flagged, and the account is temporarily locked for verification. Unauthorized account changes Email and password changes can be sudden. They happen without the customer's initiation and can be a red flag. Security features are disabled. This may indicate an attempt to weaken account protection, such as turning off two-factor authentication. Example: An account suddenly has its email address changed and two-factor authentication disabled. These actions prompt an immediate review. Anomalous purchase patterns A sudden spike in expensive purchases. This is especially true if they deviate from the customer's usual buying patterns. Someone placing multiple orders in quick succession may be testing cards. They may also be a fraudster using stolen card information. Example: A customer who typically makes small purchases suddenly places several high-value orders within an hour. This triggers a manual review to verify legitimacy. Shipping and billing address discrepancies Differences between billing and shipping addresses, especially for high-value items. PO box addresses often hide delivery locations. This can reduce traceability. Example: An order is placed with a billing address in one state and a shipping address in another, and an IP address in another. Intermediate detection techniques Rapid checkout and unusual behavior Customers rapidly moving through the checkout process, without spending time on product pages, may be attempting to avoid detection. People who repeat paste information, like credit card numbers, during checkout, may be using automated scripts. Example: A customer quickly navigates the site and checks out within minutes, pasting the credit card information. Suspicious device attributes Recognizing patterns in device usage, such as multiple accounts using the same device. Identify the true location and true IP of a device, not just the apparent IP address (as it may be behind a VPN or proxy), making it easier to flag suspicious activity. Example: Device fingerprinting reveals that using a proxy or VPN multiple accounts are being accessed from the same device, suggesting potential multi-account fraud. Risky behavior patterns Analyze typing patterns, mouse movements, and touchscreen to spot fast navigation. Identify many failed logins and inconsistent interactions, which can indicate fraudulent activity. Example: A customer’s interaction speed and rhythm differ significantly from their usual behavior, triggering an alert for potential fraud. Expert detection techniques Pre-auth transaction monitoring Monitor transaction volumes, amounts, and frequencies to detect anomalies. Analyze payment methods and flag transactions using newly added or unusual payment methods. Example: A rule-based system combined with a ML model using multiple sources of data flags transactions involving large amounts shipped to new addresses, prompting further verification. This is just a start to building a comprehensive fraud management strategy There's a common belief that crafting an effective fraud strategy is only for those with extensive resources and vast experience. Many believe it's daunting. They think it's only for large companies with fraud departments. This thinking can paralyze small businesses and individual fraud experts, causing them to shy away from building a comprehensive fraud prevention strategy. But this mindset is flawed. Many people mistakenly believe that effective fraud prevention is only accessible to large corporations with substantial budgets. They think that without a massive investment in technology and personnel, their efforts will be useless. With modern technology, AI, and human intelligence, you can develop strategies that are clear and effective. How Sardine thinks about building a comprehensive e-commerce fraud strategy At Sardine, we specialize in fraud prevention. We provide solutions designed by operators for operators. We understand the unique challenges and pressures that developing a comprehensive fraud strategy places on your business and your fraud team. Here’s how we think about an e-commerce fraud strategy. 1. The entire customer journey matters A user may look low risk at onboarding but suddenly use a VPN, proxy, or emulator at checkout and appear to be on an entirely new IP address. This could indicate an account takeover or simply a change in behavior. Running a check once isn’t enough. User risk will change over time, so your data and monitoring need to adapt to that. 2. Advanced bot detection can save you from huge downstream issues Historically bot detection was left to the Infosec team, while the fraud team looked at payments; in the middle is a chasm of opportunity for conversion optimization and fraud detection. Advanced bots can steal item descriptions and images to create counterfeit pages, in turn, spiking chargebacks. Or they might rapidly create new accounts (new account fraud or NAF). Read our blog on advanced bot detection. 3. Pre-authorization is a key moment in time Everything that happens before a transaction is a critical signal. If a user is copying and pasting their credentials, that could be a key sign of a credential-stuffing attack. Focussing on everything happening here (like bot detection, user device, and behavior) can deliver substantial ROI. Read our blog on pre-auth fraud prevention. 4. Passive detection is how to balance conversion with detection Payments leaders are often wary of adding step-up verification or any new friction at checkout because they know it harms conversion. Looking for other risk signals coming from the user, their device, their behavior, or checking email and telephone history before the transaction can give much of the benefit without the additional friction. 5. All fraud problems are data science problems Good fraud detection requires as much high-quality data about a user and their context as possible. If you can match a user's card to the name they’ve entered, that can help screen out stolen cards quickly without additional friction. Sardine has this capability, and it’s one we’ve pushed our partners to be able to deliver because we focus on where the data science brings real value to e-commerce companies. Read our blog about Sardine's data engineering-led risk platform. 6. Fraud rules should be easy to create, test, and change. Your fraud risk and tolerance are unique to you and your business and change over time. You need the ability to quickly create, edit, and change rules without that being a support request to your vendor or an IT project. Read our blog about the Sardine rules engine. 7. Fraud Prevention Tools should be complete, yet adaptable The solution to one-size-fits-nobody is to be adaptable and configurable. Sardine’s rule dashboard is designed to make it simple to bring your own machine learning model, or use the platform as a feature store for your model. As much as possible the dashboard should be easy to use, the APIs clean and be something your fraud analysts want to use. The Sardine suite of tools, including APIs, dashboards, rules, and machine learning models, analyze a wide range of pre-authentication signals. We process billions of data points with behavior-based ML models. This lets us accurately discern user intent and tell real users from fraudsters. If you need help with fraud prevention and want to learn more about Sardine, schedule a session with one of our experts. ‍ Ecommerce Fraud FAQsWhat are the most common types of eCommerce fraud? The most common types of eCommerce fraud include transaction fraud (using stolen credit card information for unauthorized purchases), chargeback fraud (falsely disputing transactions after receiving goods), identity theft (stealing personal information to impersonate individuals), and account takeover (gaining unauthorized access to a customer’s account). How can businesses prevent eCommerce fraud? Businesses can prevent eCommerce fraud by implementing secure payment gateways, employing strong authentication measures, monitoring transactions for unusual activities, using fraud detection tools, and educating employees on recognizing signs of fraud. Regularly updating and reviewing these measures is also crucial. What is chargeback fraud, and how does it occur? Chargeback fraud, often known as friendly fraud, occurs when a customer disputes a legitimate transaction after receiving the product. Customers may falsely claim they did not receive the item, that it was damaged, or that they do not recognize the charge. This results in a refund while they retain the product, leading to financial losses for the merchant. How do fraudsters conduct account takeover fraud? Account takeover fraud typically occurs when fraudsters gain access to a legitimate user’s account through phishing attacks, credential stuffing, or exploiting security vulnerabilities. Once they gain access, they can change account details, make unauthorized purchases, or steal sensitive personal information. What steps should I take if I suspect fraud on my eCommerce site? If you suspect fraud, immediately review recent transactions, investigate suspicious accounts, and monitor for unusual activities. It’s important to have a plan in place for quickly addressing potential fraud, which may include temporarily suspending suspicious accounts, contacting customers for verification, and reinforcing your fraud prevention measures. Are there specific warning signs that indicate potential fraud? Yes, some common warning signs include frequent large purchases from new accounts, mismatched billing and shipping addresses, multiple accounts originating from the same IP address, rapid checkout behavior, and several failed payment attempts. Recognizing these patterns can help in identifying and preventing fraudulent activities. How can technology help in combating eCommerce fraud? Technology plays a critical role in combating eCommerce fraud through the use of automated fraud detection tools, machine learning algorithms that analyze transaction patterns, and secure payment solutions that offer layered security features. Implementing these technologies can significantly enhance a business’s ability to detect and respond to fraud in real time. ‍

Back

Blog

Fraud, Product

The Anatomy Ecommerce Fraud Protection

Eduardo Lopez

Jul 24, 2024

Contents

Key Takeaways: Prevent Ecommerce Fraud

Understanding fraud in ECommerce is crucial. The eCommerce fraud detection market is projected to reach $103 billion within the next two years, highlighting the escalating challenge of fraudulent activity in online retail.

In fact, it is projected that e-commerce sales worldwide will reach $6.4 trillion by 2024. Furthermore, in 2024, retailers faced substantial losses, with $103 billion lost to fraudulent returns and claims—approximately 15% of the projected $685 billion in returns last year.

Senior fraud professionals must use effective strategies to protect their platforms and improve their outcomes. The better you understand the intricacies of eCommerce fraud, the better you will be able to find and vet eCommerce fraud solutions for your company.

Understand your fraud risk: Assess and understand the specific risks your organization faces. Awareness of these risks is the first step in developing comprehensive ecommerce fraud prevention,‍
Recognize unique warning signs: Become proficient in identifying the unique warning signs of different types of e-commerce fraud. This enables timely detection and effective prevention, helping to mitigate potential threats before they cause significant damage.‍
Build a comprehensive fraud strategy: Develop and implement a thorough fraud prevention strategy that leverages modern technology, AI, and your human intelligence.

‍

Fraud in e-commerce has been around since the start of online shopping. It started with stolen credit card information and unauthorized transactions. But, as security measures improved, fraudsters adapted and developed more sophisticated methods. Today, everything from account takeover (ATO), fake accounts to affiliate and loyalty abuse are common and rising threats to e-commerce businesses.

To prevent Ecommerce fraud, you need to understand how it spans many stages of the customer journey. These include account creation, login, transaction, and post-transaction activities.

How can merchants spot and stop these many types of eCommerce fraud?

In this article, you will learn:

The most common attack methods used by e-commerce fraudsters.
Warning signs that fraud is occurring on your e-commerce site.
Effective strategies for detecting and preventing e-commerce fraud.

Let's dive into the complexities of e-commerce fraud management.

‍Each phase presents unique vulnerabilities that fraudsters exploit.

Understanding your Ecommerce Fraud Risk

Now, you’re probably thinking, “Why is it so important to differentiate between types of fraud?”

Here’s the thing: Each type of fraud requires a tailored approach to detection and prevention. A one-size-fits-nobody strategy is ineffective.

Consider the different stages of the customer journey:

Account opening: When a user first creates an account
Login: Every time a user tries to access an account
Payment: Everything between checkout, authorization, and settlement
Post-transaction: After transaction, but within chargeback and return window

The attack patterns-data we use to detect, and challenges all vary. Understanding these details helps us use targeted defenses, so this knowledge is crucial.

Let’s break down common risks and the warning signs associated with each event in the customer journey.

Account opening

Fake or duplicate accounts

Fraudsters use a mix of stolen and fake identities to create fake accounts. This can involve simple burner emails and phone numbers to more complex methods using official tax IDs and legal documents. But for traditional ecommerce, fake accounts are usually going to be tied to promo/referral abuse, evading blocklists or restrictions, manipulating reviews, using stolen cards, or running scams.

Fake or Duplicate Accounts - Warning Signs:

Multiple accounts created from the same IP address.
Unusual or incomplete information in account registration details.
High volume of new accounts in a short period.

Logins

Account takeover (ATO)

Fraudsters gain unauthorized access to a customer's account through phishing, credential stuffing, or social engineering. Once they have control, they can make unauthorized purchases, change account details, or withdraw funds.

What is Phishing and Social Engineering? Through deceptive practices, criminals trick individuals into revealing sensitive information, frequently via misleading emails or fake websites. These tactics often create a sense of urgency or offer enticing rewards, persuading users to disclose their personal or financial information unwittingly.

Account takeover (ATOs) are a significant concern for any merchant offering wallets for cash, rewards, or loyalty points. Fraudsters will often sell these compromised accounts, cash out points, or use rewards to purchase a product they'll later resell or return.

ATO Warning Signs:

Sudden changes in account information (e.g., email address, password).
Logins from unfamiliar devices or locations.
Unusual purchasing behavior from an established account.

Credential stuffing

Reusing stolen credentials to gain access to user accounts, typically using some type of bot or automation script to quickly test user credentials at scale. With the increasing frequency of data breaches and big data leaks in the news lately, pressures from credential stuffing is expected to grow.

These recent data breaches allow bad actors to easily test and access numerous accounts. We’ve built a free service in Sonar to check for this risk. The new red flag service will check if an account’s credentials exist on the dark web and return a “true” if they’re found.

When added to these warning signs, we hope this helps manage risk of compromise.

Credential Stuffing Warning Signs:

Multiple failed login attempts in a short timeframe.
Logins from various locations for a single account.
High rate of account lockouts due to failed login attempts.

Account Sharing Fraud

Real users share their accounts for many reasons, often to take advantage of promotions or to game the system. Account sharing can signal buyer-seller collusion, promo exploitation, or gaming reviews. Or maybe someone just really wants to watch that Netflix show without buying a membership.

Account SharingWarning Signs:

Multiple devices and IP addresses accessing the same account simultaneously.
Frequent changes to account settings.
Unusual activity patterns not consistent with typical user behavior.

Payment Frauds

Transaction fraud

Fraudsters use stolen credit card information to make unauthorized purchases. This type of fraud is also known as credit card fraud or card-not-present (CNP) fraud. Transaction fraud can also include fraudulent chargebacks and falsely claiming that items were never received.

Transaction Fraud Warning Signs:

High-value transactions from new or recently created accounts.
Multiple purchases in quick succession using different credit cards.
Orders placed with mismatched billing and shipping addresses.

Card Testing Fraud

Fraudsters use small transactions to check if stolen card details are valid. They do this before making larger purchases. Again, fraudsters will use bots to test these stolen card details, often targeting merchants with low-cost SKUs. Catching these attempts early can prevent further fraud across different merchants.

Card Testing Fraud Warning Signs:

Numerous low-value transactions from the same IP address.
Multiple declined transactions followed by a successful one.
Unusual spike in small transactions.

Promo, affiliate, and loyalty abuse

Fraudsters exploit promotions, affiliates, and loyalty schemes. They do this to gain money illegitimately. We see individuals referring themselves or connected accounts, using mobile device farms, or creating fake accounts to exploit promotions, discounts, and payouts.

Warning Signs:

Multiple accounts redeeming the same promotional code.
Sudden increase in loyalty points redemption.
Abnormal patterns in affiliate sign-ups and conversions.

Post-transaction Fraud

Refund Fraud

Customers exploit refund and return policies. They use them to get refunds for items they have used, damaged, or never purchased. Refund fraud has surged in 2024, with fraudsters exploiting the dispute process and return policies. The Merchant Risk Council has even advised merchants to add refund fraud KPIs like Refund Rate, Repeat Refund Requests, and Refund Amount as a Percentage of Sales into their fraud monitoring.

Refund Fraud Warning Signs:

High return rate for expensive items.
Returns of items that appear worn or previously used.
Frequent return requests from the same customer.

Chargeback Fraud

Real customers make a purchase. Then, they exploit the chargeback process to claim fraudulent refunds. Similar to refund fraud, chargeback abuse involves disputing legitimate transactions to get a refund while keeping the goods or services.

Chargeback Fraud Warning Signs:

High volume of chargebacks from the same customer.
Disputes raised soon after delivery confirmation.
Disputing multiple transactions over a short period.
Disputes on high-value items without contacting customer support first.

Buy-Online-Pick-Up-In-Store (BOPIS) Fraud

Fraudsters exploit the ease of BOPIS to make fraudulent purchases. They grab items quickly before detection. BOPIS fraud is common because items can often be picked up without showing ID or simply by showing a screenshot of the order. This makes it easy for fraudsters to commit triangulation fraud and intercept orders.

BOPIS Warning Signs:

Multiple pickup locations for a single payment method or account.
High-value orders placed shortly before store closing times.
Frequent use of different credit cards for BOPIS transactions.

Understanding these fraud types through the user journey will help businesses. It will help them assess their e-commerce fraud risk and make targeted strategies to protect against these threats.

Red Flags for Ecommerce Fraud Detection

As eCommerce continues to expand, it’s crucial for businesses to recognize the signs of potential fraudulent activities. Early detection of these red flags can save a significant amount of money and resources.

Key indicators include:

Frequent large purchases from new or unknown accounts.
Multiple orders shipped to the same address from different accounts.
Rapid transactions from a single IP address, indicative of card testing.
Mismatched billing and shipping addresses, particularly for high-value items.
Multiple failed payment attempts, signaling potential credential stuffing.
Unusual account activity, such as sudden login attempts from foreign locations
Unusual account activity.

Merchants can catch fraud by spotting warnings and implementing monitors. They can do so before it causes any significant financial damages.

Basic fraud detection techniques

Unusual login activity

Unexpected locations are a concern. They can indicate unauthorized access. Login attempts are from an unfamiliar or unexpected geographic location.
Odd hours are login attempts during unusual hours. For example, late at night. They may signal fraud.
Repeated failed logins could suggest a bot. It is trying to gain access through credential stuffing.

Example: A customer's account shows login attempts from different countries within a short period. This activity is flagged, and the account is temporarily locked for verification.

Unauthorized account changes

Email and password changes can be sudden. They happen without the customer's initiation and can be a red flag.
Security features are disabled. This may indicate an attempt to weaken account protection, such as turning off two-factor authentication.

Example: An account suddenly has its email address changed and two-factor authentication disabled. These actions prompt an immediate review.

Anomalous purchase patterns

A sudden spike in expensive purchases. This is especially true if they deviate from the customer's usual buying patterns.
Someone placing multiple orders in quick succession may be testing cards. They may also be a fraudster using stolen card information.

Example: A customer who typically makes small purchases suddenly places several high-value orders within an hour. This triggers a manual review to verify legitimacy.

Shipping and billing address discrepancies

Differences between billing and shipping addresses, especially for high-value items.
PO box addresses often hide delivery locations. This can reduce traceability.

Example: An order is placed with a billing address in one state and a shipping address in another, and an IP address in another.

Intermediate detection techniques

Rapid checkout and unusual behavior

Customers rapidly moving through the checkout process, without spending time on product pages, may be attempting to avoid detection.
People who repeat paste information, like credit card numbers, during checkout, may be using automated scripts.

Example: A customer quickly navigates the site and checks out within minutes, pasting the credit card information.

Suspicious device attributes

Recognizing patterns in device usage, such as multiple accounts using the same device.
Identify the true location and true IP of a device, not just the apparent IP address (as it may be behind a VPN or proxy), making it easier to flag suspicious activity.

Example: Device fingerprinting reveals that using a proxy or VPN multiple accounts are being accessed from the same device, suggesting potential multi-account fraud.

Risky behavior patterns

Analyze typing patterns, mouse movements, and touchscreen to spot fast navigation.
Identify many failed logins and inconsistent interactions, which can indicate fraudulent activity.

Example: A customer’s interaction speed and rhythm differ significantly from their usual behavior, triggering an alert for potential fraud.

Expert detection techniques

Pre-auth transaction monitoring

Monitor transaction volumes, amounts, and frequencies to detect anomalies.
Analyze payment methods and flag transactions using newly added or unusual payment methods.

Example: A rule-based system combined with a ML model using multiple sources of data flags transactions involving large amounts shipped to new addresses, prompting further verification.

This is just a start to building a comprehensive fraud management strategy

There's a common belief that crafting an effective fraud strategy is only for those with extensive resources and vast experience.

Many believe it's daunting. They think it's only for large companies with fraud departments. This thinking can paralyze small businesses and individual fraud experts, causing them to shy away from building a comprehensive fraud prevention strategy.

But this mindset is flawed.

Many people mistakenly believe that effective fraud prevention is only accessible to large corporations with substantial budgets. They think that without a massive investment in technology and personnel, their efforts will be useless.

With modern technology, AI, and human intelligence, you can develop strategies that are clear and effective.

How Sardine thinks about building a comprehensive e-commerce fraud strategy

At Sardine, we specialize in fraud prevention. We provide solutions designed by operators for operators. We understand the unique challenges and pressures that developing a comprehensive fraud strategy places on your business and your fraud team.

Here’s how we think about an e-commerce fraud strategy.

1. The entire customer journey matters

A user may look low risk at onboarding but suddenly use a VPN, proxy, or emulator at checkout and appear to be on an entirely new IP address. This could indicate an account takeover or simply a change in behavior. Running a check once isn’t enough. User risk will change over time, so your data and monitoring need to adapt to that.

2. Advanced bot detection can save you from huge downstream issues

Historically bot detection was left to the Infosec team, while the fraud team looked at payments; in the middle is a chasm of opportunity for conversion optimization and fraud detection. Advanced bots can steal item descriptions and images to create counterfeit pages, in turn, spiking chargebacks. Or they might rapidly create new accounts (new account fraud or NAF).

Read our blog on advanced bot detection.

3. Pre-authorization is a key moment in time

Everything that happens before a transaction is a critical signal. If a user is copying and pasting their credentials, that could be a key sign of a credential-stuffing attack. Focussing on everything happening here (like bot detection, user device, and behavior) can deliver substantial ROI.

Read our blog on pre-auth fraud prevention.

4. Passive detection is how to balance conversion with detection

Payments leaders are often wary of adding step-up verification or any new friction at checkout because they know it harms conversion. Looking for other risk signals coming from the user, their device, their behavior, or checking email and telephone history before the transaction can give much of the benefit without the additional friction.

5. All fraud problems are data science problems

Good fraud detection requires as much high-quality data about a user and their context as possible. If you can match a user's card to the name they’ve entered, that can help screen out stolen cards quickly without additional friction. Sardine has this capability, and it’s one we’ve pushed our partners to be able to deliver because we focus on where the data science brings real value to e-commerce companies.

Read our blog about Sardine's data engineering-led risk platform.

6. Fraud rules should be easy to create, test, and change.

Your fraud risk and tolerance are unique to you and your business and change over time. You need the ability to quickly create, edit, and change rules without that being a support request to your vendor or an IT project.

Read our blog about the Sardine rules engine.

7. Fraud Prevention Tools should be complete, yet adaptable

The solution to one-size-fits-nobody is to be adaptable and configurable. Sardine’s rule dashboard is designed to make it simple to bring your own machine learning model, or use the platform as a feature store for your model. As much as possible the dashboard should be easy to use, the APIs clean and be something your fraud analysts want to use.

The Sardine suite of tools, including APIs, dashboards, rules, and machine learning models, analyze a wide range of pre-authentication signals. We process billions of data points with behavior-based ML models. This lets us accurately discern user intent and tell real users from fraudsters.

If you need help with fraud prevention and want to learn more about Sardine, schedule a session with one of our experts.

‍

Ecommerce Fraud FAQsWhat are the most common types of eCommerce fraud? The most common types of eCommerce fraud include transaction fraud (using stolen credit card information for unauthorized purchases), chargeback fraud (falsely disputing transactions after receiving goods), identity theft (stealing personal information to impersonate individuals), and account takeover (gaining unauthorized access to a customer’s account).

How can businesses prevent eCommerce fraud? Businesses can prevent eCommerce fraud by implementing secure payment gateways, employing strong authentication measures, monitoring transactions for unusual activities, using fraud detection tools, and educating employees on recognizing signs of fraud. Regularly updating and reviewing these measures is also crucial.

What is chargeback fraud, and how does it occur? Chargeback fraud, often known as friendly fraud, occurs when a customer disputes a legitimate transaction after receiving the product. Customers may falsely claim they did not receive the item, that it was damaged, or that they do not recognize the charge. This results in a refund while they retain the product, leading to financial losses for the merchant.

How do fraudsters conduct account takeover fraud? Account takeover fraud typically occurs when fraudsters gain access to a legitimate user’s account through phishing attacks, credential stuffing, or exploiting security vulnerabilities. Once they gain access, they can change account details, make unauthorized purchases, or steal sensitive personal information.

What steps should I take if I suspect fraud on my eCommerce site? If you suspect fraud, immediately review recent transactions, investigate suspicious accounts, and monitor for unusual activities. It’s important to have a plan in place for quickly addressing potential fraud, which may include temporarily suspending suspicious accounts, contacting customers for verification, and reinforcing your fraud prevention measures.

Are there specific warning signs that indicate potential fraud? Yes, some common warning signs include frequent large purchases from new accounts, mismatched billing and shipping addresses, multiple accounts originating from the same IP address, rapid checkout behavior, and several failed payment attempts. Recognizing these patterns can help in identifying and preventing fraudulent activities.

How can technology help in combating eCommerce fraud? Technology plays a critical role in combating eCommerce fraud through the use of automated fraud detection tools, machine learning algorithms that analyze transaction patterns, and secure payment solutions that offer layered security features. Implementing these technologies can significantly enhance a business’s ability to detect and respond to fraud in real time.

‍