Italy is one of the countries most affected by online fraud, though the trend is increasing worldwide. With growth of cross-border ecommerce and online transactions in general, the phenomenon has accelerated even further.
However, there is a wealth of tools available to protect oneself and to respond to new scenarios that can arise. As far as merchants are concerned – who, in addition to having to deal with the economic side of fraud, may risk damaging their image – it is therefore essential to know the risks they may encounter. That way, they can best assess not only the resources needed for an adequate response but also, and most importantly, which prevention tools to put in place in order to avoid online fraud.
Peter Keegan, Operations Manager at Go Global Ecommerce, says that it is vital to keep up to date because, “If you’re constantly trying to get ahead of fraudsters, they in turn are always looking for new ways to get past the safeguards. Even if there is not a 100% foolproof solution for every type of risk, that does not mean that it is not possible or necessary to protect yourself.”
Online fraud: an overview
The latest report from the Italian Postal Police recorded an increase in online fraud of 27%, with more than 21,800 cases in 2020 alone. This trend is not only a concern for Italy. In the United States, for example, estimated losses of $40 billion were calculated over the same period, according to some online fraud reports. Furthermore, with global online transactions expected to grow by around 15% by 2023, it is reasonable to expect a correlated increase in online retail fraud. On the other hand, online sales in 2022 will be around 17% of the total, according to various estimates.
To fully understand the scenario that merchants are facing, all the more complex when dealing with cross-border transactions, it is necessary to bear in mind the different types of fraud that can affect ecommerce activity. As the market changes, so do the conditions under which fraudsters operate.
1. Card-not-present: This refers to fraud in which someone uses someone else’s credit or debit card details to make online purchases. Card data is vulnerable and can be fraudulently retrieved even without the physical card, or otherwise unwittingly given by an unwitting victim.
2. Account takeover (ATO): This is a form of online identity theft. The fraudster is able to gain access to the victim’s account and use it to make purchases or other transactions. A frequent and representative case is ‘phishing‘, whereby the victim is tricked into sharing their credentials by following links to fake but credible bank websites or similar services. This is the online scam with the steepest growth curve to date: around 30% of all online scams fall into this category.
3. Chargeback: Also known as “friendly fraud”, this is when the buyer requests a refund from the card company after a transaction, falsely claiming that they did not correctly receive the product they paid for.
4. Affiliation: Cookie stuffing and typosquatting are two of the most frequent distortions of affiliate relationships. It’s when a merchant agrees to pay a commission to a third party in exchange for their referral service, which directs web traffic to the shop’s website. In such cases, a profit is made by generating false activity on the merchant’s website, which then goes on to pay the commission without any real benefit having been obtained.
5. Triangulation: In this case, a fake website or replica of a real website is created, which attracts consumers with its low prices, perhaps for well-known or expensive branded products. The idea is to steal the card details entered by the victims, who believe that they are simply making a purchase.
5. VAT fraud or online VAT fraud: Also known as “carousel fraud” in its most complex form, it consists of carrying out a series of fictitious transactions between companies in different EU countries – sometimes through intermediary companies known as ‘cartiere’, which exist for the sole purpose of issuing invoices – with the intention of obtaining the corresponding VAT deductions. The payment of this tax is not required for B2B transactions between different European countries, but only where the product is consumed or in B2B transactions within national borders. Marketplaces may unknowingly find themselves victim to this scheme.
Protect yourself: expert advice
Fraud is a risk all merchants face that should not be underestimated: fraud can lead to costs in the form of refunds, legal fees, and investing in IT security. At the same time, consumers tend to associate negative experiences with the retailer, even though the retailer is not directly responsible. As Peter Keegan, Operations Manager at Go Global Ecommerce, explains, “When fraud happens, it happens at your shop, with your merchandise, and so you’re the one tainted by it.” That’s why it’s important to know how to report online fraud and how to report someone for online fraud. We asked Keegan for some tips so that you have all the tools you need to prevent online fraud.
Implement financial protection systems: A ‘liability shift’ occurs when the responsibility for a refund is shifted from the merchant to the card issuer, where the merchant has accepted a payment authenticated via the 3D Secure (3DS) protocol. Strong Customer Authentication (SCA) and the 3DS protocol thus relieve merchants of the risk of financial loss due to fraud, and for this, you need to make sure that you “comply with SCA standards, which means that you must be able to accept all versions of the 3DS protocol, that your ecommerce is fully capable of handling Strong Customer Authentication” or two-factor authentication.
As Peter Keegan explains, “The main risk for merchants is not so much financial liability as much as reputational damage where customers and payment and credit card processors are concerned. When an issuer starts investigating fraud and comes across, perhaps on more than one occasion, a particular merchant’s name, that merchant becomes the problem because that is where the fraud took place. The card issuer may bear the financial burden, but not the moral responsibility. This is the central issue today: the more frauds that take place against you, the more difficulties you will have later on with authorising payments. You need to protect your image.”
Look at the data: To prevent fraud during online payments, “Data is key.” You need to look for inconsistencies in the data. For example, you can check whether the person who made the payment is from the same country as the one where the card was issued. It is important not to neglect implementing these security measures. Also, in the case of a PayPal payment, for example, you should make sure that it is a verified account, that the address is also verified, and so on.
Relying on innovation: Automated systems can also be used for this purpose. One example is the AOM system, “A timed service that runs every 10 minutes. Each shop can set its own basic flow and, in terms of fraud control, filters can be set so that an order is not processed if there are failed payment attempts, for instance. There are many filters available, ranging from address checks to user history.”
Identifying the risk threshold: “It is up to retailers to define their comfort zone. Many establish a spending threshold and if the limit is reached, they proceed with more detailed checks. A common mistake is when, faced with receiving a large sum of money, excitement prevents basic checks taking place. You must remember that you never know who is on the other side.”
Innovation and knowledge
Nowadays, online fraud has less and less to do with card-not-present cases – where one essentially only needs the card number – and more and more to do with the appropriation of accounts. This change calls for greater attention from merchants who, armed with the financial protection provided by the European digital payments directives, may be neglecting standard controls.
Partnering with companies such as Go Global Ecommerce, who has an international team with extensive experience in cross-border ecommerce, can mark the turning point in a business’s growth path. Data analysis and the legal and logistical support Go Global Ecommerceprovides are, in fact, the main resources for immediately detecting and stopping fraud, thus safeguarding one’s position with respect to the risk index which banks use to classify companies. The aim is to continually adapt prevention measures to changes in the scenario, working at both a micro and macro level, thanks to the possibilities offered by data analysis. Innovation and knowledge help you win in the race against fraudsters.