If only all fraudsters looked like Leonardo DiCaprio. Gif credit: TIA / Catch Me If You Can (2002)
We may still get the occasional email from a Nigerian prince asking for friendship and money, but that doesn’t mean we can overlook modern-day fraudsters. As retail moves to the digital space, scammers are less interested in sending emails and more with attacking online checkout pages.
Payment fraud is a major vulnerability for ecommerce platforms. While it’s easy to physically deal with a dodgy customer, it’s hard to keep bad customers at bay when they’re hiding behind a screen. A report by analytics firm Pymnts states that 8.6 percent of sales globally were affected by fraud. That suggests that retailers in Q2 2016 could expect to lose US$8 for every US$100 to fraud, four times the value from 2015.
The anatomy of payment fraud
Fraud comes in many forms. As payment methods have evolved in the last decade, so have fraudsters’ methods. Some hackers could use an online store as a front for phishers, using the platform’s legitimacy to obtain sensitive information. Others set up fake payment sites mimicking real ones to collect financial information.
A fake checkout page set up by CW Cargo Sourcing, a “logistics company” based in Nairobi, Kenya. Photo credit: Sucuri
If a site is particularly vulnerable, it may even be subject to a man-in-the-middle attack. This occurs when an unauthorized third party positions itself between the sender of sensitive data and the recipient of the data. So while a payment platform is collecting information, a hacker sees the information being transferred.
Hackers may also resort to malicious redirection. Ecommerce hosting platform Prestashop once found malicious code embedded into an active theme file, which redirected users to a fake checkout page. Another redirection method uses Domain Name System (DNS) spoofing. Because the DNS is integral to converting domain names to an IP address, an attacker feeding the DNS with false information could lead to a redirect. So while visitors believe that they’re going to their favorite shopping site, they may be diverted to a fake site where they’re vulnerable to attack.
Once the information is obtained, hackers can commit synthetic identity theft, in which the attacker impersonates someone using their personal information. Malicious attackers often target customers, but could also pose a threat to ecommerce merchants. If a fraudulent order is accepted, the merchant could stand to lose not only merchandise but also be slapped with a chargeback fee, which occurs when a purchase is forfeited.
Such attacks could be detrimental to a business, especially if they get out of hand, observes Don Bush, vice president of marketing at fraud detection service Kount.
Step one to recovery
Photo credit: Pexels
While it’s useful to understand the forms fraud could take, one of the biggest struggles ecommerce players face is the detection of such fraud. In a Kount report, nearly four out of every 10 merchants said the biggest challenge to managing fraud risk on mobile is figuring out if they even have a mobile fraud problem in the first place.
Fraud detection may also be difficult because they only receive the chargeback fee some time after the purchase has been made. This could be as long as one to three months after the original purchase, by which time they can’t audit the transaction.
To mitigate fraud, online retailers should take it upon themselves to look out for obvious red flags. According to Jamie Salvatori, founder of Vat19, red flags could be as simple as an unbalanced ratio of money spent on shipping versus the value of the goods, or a shipping address that is in a different country as the billing address.
The onus is on ecommerce players to keep their customers safe on their site.
But detecting fraud is not always so easy, especially when fraudsters become more sophisticated with their approach.
“Most merchants are not fraud experts, so the signs of fraud may not be readily apparent,” says Don. “Fraudsters have learned to mask themselves so well that is very difficult for merchants to determine good orders from bad orders.”
This is why fraud experts work closely with payment systems to support merchants. One of Kount’s clients is payment platform Braintree, a PayPal company, which have 1000’s of merchants relying on them to safely process transactions.
One method to detect fraud employs artificial intelligence. Don remarks that Kount uses machine learning to link similar data together, enabling it to learn the likely characteristics of a fraudulent order. For example, their Persona technology can track if an individual is using credit card numbers associated with dozens of other individuals. If all these individuals have made purchases within the same time span, they’re likely to be fraudulent transactions.
After probable characteristics are determined, big data is used to processes large amounts of data to determine whether the transaction fits the fraud model. Artificial intelligence helps process data as quickly as a fraction of second, allowing the merchant to react instantly without having to wait for the chargeback fee.
Looking ahead at fraud
Apart from looking for basic red flags, the best way for ecommerce platforms to keep fraudsters at bay is to have the support of a fraud-detection system in your payment system. As long as customers continue to demand convenience in their online shopping experience, the onus is on ecommerce players to keep their customers safe on their site.
“Reconciling accounts is a foreign concept to them,” says Don. “They could be victims of fraud for months and never know.”
Mobilise your payments, globalise your business with Braintree. Accept credit / debit cards, PayPal, Apple Pay and whatever’s next with a single integration into your app or website.
This post Why fraud affects online stores more than you realize appeared first on Tech in Asia.
from Tech in Asia https://www.techinasia.com/ecommerce-fraud-guide
via IFTTT
No comments:
Post a Comment