Education Ecosystem Blog

Online stores have become more popular in recent times as the wider population continues to increase their internet usage, spending most of their time online.

It is now incredibly easy to shop for your favorite pair of shoes and pay for them at the click of a button from the comfort of your home.

Darren Rainey, a UK-based cyber security professional who currently trains people on secure online practices, says that “sadly, as e-commerce platforms gain popularity, so do the fraudulent activities targeting online stores.”

Broadly, the most common types of online transaction frauds committed against e-commerce stores include the following.

• Information Theft: This involves fraudsters masquerading as legitimate customers, suppliers or business contacts, while in reality they are phishing sites seeking to steal information from online merchants.
• Hacking of Websites: Cyber criminals identify the weak spots of an e-commerce platform before gaining unauthorized access to the website with the aim of committing a crime. Hackers can do this through any device which is connected to the internet, from computers to smartphones, to tablets, and more.
• Online Money Theft: Since merchant stores ask for and receive money from their online customers, cybercriminals target the pay systems and fleece money as is transferred from one point to another.
• Computer Viruses: This occurs when cybercriminals instigate attacks on an e-commerce platform by sending viruses such as Trojans to weaken a website’s links and performance.

Additionally, here are some subtypes of e-commerce frauds that online merchants and users should be aware of.

• Credit Card Fraud

Since online merchant stores begin and complete their transactions online, they are susceptible to fraud attacks by cybercriminals who steal a customer’s credit card information such as the security code, password or PIN, credit card number and any other vital information required for the transaction, and make unauthorized payments on the customer’s account.

It is vital that online merchants comply with the mandated Payment Card Industry Data Security Standard (PCI DSS) to protect themselves and their customers from this type of cyber fraud.

• Triangulation Fraud

This type of hacking seeks to illegally access and store confidential customers’ data by creating fake online merchant stores. This is achieved when the fraudsters make mirror copies of the legitimate online merchant websites, thus avoiding raising any suspicion from customers.

When the customer makes an order on such a website, their product is shipped from the legitimate online store using credit card information stolen from a third party. This is an act of “pure fraud” against the merchant store.

• Clean Fraud

This refers to a case where fraudsters seek to steal as much information as they possibly can from a cardholder without being noticed. They then meticulously use data stolen from the unsuspecting cardholders without being caught.

This makes it difficult for the online merchant to identify malicious transactions on their websites as this type of fraud comes across as a genuine transaction from a legitimate user.

• Affiliate Fraud

This type of fraud occurs where a fraudster personally or through automated processes exploits affiliate links that retailers give to other sellers. In this case, the retailer can be forced to make more payments to affiliates.

• Wire Transfer and Fee Scams

This kind of scam, commonly referred to as the Nigerian Prince, works when a fraudster masquerades as a service provider and targets online merchants as a potential client acting on behalf of a third party.

The scam is carried out when the cyber criminals come up with a fictitious excuse to ask for money; generally, as a down-payment with a false promise to return a larger sum later.

• Chargeback Fraud

This kind of e-commerce fraud occurs when a cybercriminal, posing as an online customer, orders from a merchant’s store and pays for them using a seemingly genuine debit or credit card.

However, once the goods are released for shipment, the malicious customer raises a claim of identity theft and seeks a refund, and so is released from the transaction while still receiving the goods.

How to Identify Fraudulent E-commerce Platforms

As a merchant, it’s essential that you are aware of the e-commerce fraud types that could potentially affect your dealings. This will help you to avoid fraudsters wherever possible, and in the worst case scenario, quickly resolve any effects of a cybercrime.

Timeliness is key, as it will allow you to eliminate potential fraudulent activities and minimize the harm of those which do occur.

As an online shopper, on the other hand, being aware of fraud—the types, the consequences and how you can protect yourself—could save you from losing your money to cyber criminals.

Here are some guidelines for protection from online frauds.

• Verify IP Addresses

The IP address from which an order is placed goes a long way in separating the wheat from the chaff in terms of legitimate customer orders and the fraudsters.

For example, a customer’s suspicious geographical location should be a red flag and can be used to detect potential threats.

Does the billing address filled by the customer coincide with the registered user’s IP address? Some fraudsters use IP addresses of proxy servers for their fraudulent activities.

• Verification Of Email Addresses

Email addresses that have been used in previous fraud attempts can be found through search engines such as Google and Yahoo.

Blacklisted email addresses are often shared on different forums cautioning users against entering into any transactions with them.

• Verification Of Phone Numbers

Non-valid phone numbers are commonplace with fraudulent e-commerce platforms. If you cannot reach the customer on the phone numbers given, then you have a reason to be suspicious.

• Shipping Details Verification

If there are scant details related to the shipping company of an e-commerce platform, then there may be cause for alarm. In the same way customers should provide verifiable shipping addresses, e-commerce platforms should also give full disclosure of their shipping activities.

• Product Verification

A legitimate e-commerce platform should make it possible for customers to check the products delivered against their orders before the transaction is completely closed.

If possible, the online store should allow customers to review products before the deal is finally closed, especially where multiple products are being ordered.

• List of Fraudulent Ecommerce Merchants

Finally, the internet has a wealth of information about fraudulent e-commerce platforms. Make good use of it and keep details of suspicious online stores on a file.

This will help you to avoid dubious merchants, and who knows, you’ll probably dodge a bullet!

Wrapping up

As e-commerce frauds are increasing, you should stay alert and protect yourself from losing your hard-earned money.

Importantly, proper education in cyber security can be instrumental in guarding yourself from the online transaction frauds.

What other ways do you know of protecting against online payment frauds?

Please share in the comment section below.