Internet security is everyone’s problem. With any confidence, everybody heard about hackers, data and money thefts. But are you ready to answer right now from which side your business can be threatened? Can you name the main vulnerabilities of your online store off-hand? A hundred to one it will be a failure.
We have all been asked hard-hitting questions. What do we prefer to do in such a case? Sure, we choose to leave it until all reasonable time, one day we successfully forget about it and everything falls into place or is unraveling.
We have decided it’s about time to leave your comfort zone and get this thing straightened out. Learn about the latest e-commerce fraud types, the most notable cases in 2017 and how to protect your online store and all the customer segments against malicious activities. We offer you to make sense of it all.
- What is computer fraud? What is e-commerce fraud?
- 6 juicy cybersecurity attacks we hope you didn’t meet with in 2017
- E-commerce fraud types
- E-commerce fraud detection
- E-commerce fraud prevention tools
- What should I do when experienced e-commerce fraud as a merchant?
- What were we to tell?
What is computer fraud? What is e-commerce fraud?
“It will take a brave Chief Executive or Director of Finance of any organisation to argue that the impact of fraud on their organisation is less than what this report finds to be the case – more than two thirds of the exercises that were reviewed showed losses of more than 3% of expenditure, with the 19 year average running at 5.85% and this figure rising by 28% since 2007”.
Partner and Head of Forensic and Counter Fraud
Services for Crowe Clark Whitehill LLP and Visiting
Professor and Chair of the Centre for Counter Fraud
Studies at the University of Portsmouth.
Relying on 18 U.S. Code § 1030 – Fraud and related activity in connection with computers,
computer or Internet fraud presupposes the following conditions:
(6) whoever who has an intent to defraud traffics (passwords, private information) using which a protected computer or system can be accessed without authorization; where it affects interstate or foreign commerce; whoever who does this with an intent to extort money or things of value from any person or impairs the confidentiality of data obtained as a result of the unauthorized access to a protected computer or system.
* Only sample information is presented here. To see a complete chapter with all the references, follow the link.
Simply defined, computer or Internet fraud presumes an intentional criminal use of a protected computer¹ and the Internet.
¹ Today the term ‘protected computer’ is defined by the US courts as any computer connected to the Internet, which is invoked by the Commerce Clause.
Widely, a fraud action has various forms. E-commerce fraud or purchase fraud is one of the forms computer fraud may take. The definition assumes a criminal who accesses private merchant’s system intentionally for with a view to illegal business transactions.
So, we offer you to look at the latest data to calculate to what losses we came in 2017!
According to the latest ACFE Report on Occupational Fraud, more than 50% of respondents (500+ randomly selected CFEs) have stated e-commerce fraud significantly increased in previous 12 months in reference to the fraud level they had inspected before.
In line with the Online Fraud Benchmark Report 2017, the respondents (466 businesses from the U.S. and Canada) verified that an average annual e-commerce fraud affects all the order lines. Thus, the financial loss made:
- 0.9% in web store order channel;
- 0.8% in mobile;
- and still about 0.3% in phone/mail channel.
It’s not that bad: However, the reports have also demonstrated e-commerce businesses achieved some success standing against fraud.
Sophisticated and start-up online businesses continue controlling losses due to fraud while reducing the number of suspicious orders through the manual review and up-to-date technical solutions.
Still, don’t jump to conclusions. Just think about it, how can you choose a suitable protection solution if you have:
- a foggy notion of e-commerce fraud types;
- no idea of your system vulnerabilities?
6 juicy cybersecurity attacks we hope you didn’t meet with in 2017
Take a break: Make a cup of hot black coffee, sit back and relax as you have rather chilling statistics ahead of you. This is not a place for the faint of heart.
E-commerce fraud further divides into multiple types and subtypes. But before continuing this conversation let’s look at the thing that is worth special attention.
— theshadowbrokers (@shadowbrokerss) June 28, 2017
The group of hackers committed high-profile ransomware attacks through bugs and exploits in commercial products like Windows OS for information pilfering.
The #UK government will fine companies in "critical industries" up to £17 million if they have woefully inadequate #cybersecurity defences. It's to ensure companies in 'critical industries' are ready for the next #WannaCry.https://t.co/4o4TmvAOYC pic.twitter.com/f8z59fIw1y
— SkillRecruit (@SkillRecruit) January 30, 2018
The ransomware caused such consequences due to Windows OS Shadow Brokers vulnerabilities, EternalBlue. And though the MS17-010 patch for the bug was released in March many companies didn’t apply it in time.
Petya/ NotPetya/ Nyetya/ Goldeneye
— InfoSec World (@InfoSec_World) January 9, 2018
The ransomware was more advanced than WannaCry. Primarily, it affected sensitive payment system.
— WikiLeaks (@wikileaks) March 31, 2017
The documentation of spying operations and hacking tools utilized by the CIA and published on WikiLeaks revealed iOS, Android, Windows vulnerabilities used for tracking device’s location and turning smart gadgets into listener-in.
— Jeremy Griffith (@RenegadeCoder94) January 18, 2018
Cloudflare, a security services company, announced that a bug in its platform caused random leakage of potentially sensitive customer data. Though the exposed data was stated to have no chances to be efficiently monetized, the leakage created risks.
Aadhaar-Scam With ICICI Bank
— ICICI Bank (@ICICIBank) October 9, 2017
Fraudsters identified themselves as bank officials and trickled the customers to pass their OTPs.
It begs the question: Will companies be better prepared for 2018?
2017 was filled with #cybersecurity issues including #wannacry, #petya, #spectre, #cloudbleed, #meltdown, #ransomware, #cyberbreaches, and countless #hacks… Do you think companies will be better prepared for 2018? Leave a comment with your thoughts and predictions!
— Cyber London (CyLon) (@CylonLab) January 9, 2018
82 percent of Twitter responders suppose ‘No’. Well, we’ll see.
E-commerce fraud types
Turning to the e-commerce fraud types and forms it may take, let’s look at oldy-moldy statistical data.
The most frequent online crime types recognized in the UK are:
- computer viruses (13K);
- hacking (4K) and website vandalism (4K);
- online theft of money (3K);
- theft of information (1K):
It’s not that bad: Phishing didn’t get to the statistics. Probably, users have become better-educated and don’t fall into the attacks anymore.
The overall picture of e-commerce distribution shows more than 50% of online payment fraud is accounted for the US. Where the most affected retail segment is airlines (49%). Certain security experts assure it was evoked by the simplification of the payment system and difficulties associated with tracking a large number of orders during the holiday season:
Basing on Card-Not-Present Fraud around the World by U.S. Payments Forum report, the US, Belgium, and France are the countries where e-commerce sphere affects the largest rates of fraud attacks.
The Online Payment Fraud Whitepaper by Juniper Research, proved once again the US and the North America region in bulk undertook the highest e-commerce fraud attacks level.
We can only guess at the reasons: the countries with more developed economy and improved living standards split up the largest share of global e-commerce and, therefore, take all the heat. Where the most influenced merchant type is a subscription service:
The study undertaken by the Riskified group says the travel sphere underwent major e-commerce fraud attacks last year. The electronics, cosmetics, fashion and home sectors stick together staying half behind traveling. In some way, the continuous growth of the travelling industry and its global economic contribution explains the top position in the stats:
Referring to the mentioned Juniper Research, among top merchants affected by fraud transactions are previously mentioned airlines, money transfers, which affect the entire e-commerce sphere, and computers/electronics:
That’s rich: Catch up on reading to learn how to secure it.
The Main Types of E-commerce Fraud
If moving away from the statistics and turning to CFEs (Certified Fraud Examiner) opinion about e-commerce fraud types, the specialists usually highlight two of them: account takeover and identity theft.
☝We can talk about the case of an account takeover if a fraudster intentionally acts like a real customer, such that he/she gains control over an account and makes an unauthorized financial/information transaction with the aim to drive a material benefit.
Any private ‘account’ can be posed at the risk: bank, credit card, store, email, accounts of other services. One of the main reasons the type has acquired such scales is the global presence of “one-click payment” possibility. E-commerce businesses and retailers are at a growing risk to experience the threat as the companies deal with a user accounts and/or membership systems. Thus, in 2017 the e-commerce losses due to account takeover have made up $2.3 billion.
☝The form of fraudulence presupposes intentional theft of another person’s confidential information in order to commit financial transactions on an e-commerce website (somewhere else) on behalf of the person.
In e-commerce, the transactions are normally paid for by the retailer. One of the commonest subtypes is chargeback fraud. Identity theft can be realized through the use of retailers’ and the vendors’ private data. In this case, we talk about merchant identity fraud.
E-commerce Fraud Subtypes
Now, when you learnt about the main e-commerce fraud types and the global highest penetration rates we proceed with the numerous subtypes:
Credit Card or Card-Not-Present Fraud
The fraud takes place when whoever intentionally uses your credit card or credit card account to purchase something you haven’t authorized. A fraudster, in this case, steals your credit card account number, PIN or security code to make a financial transaction without a physical credit card. The merchants or payment processing services who don’t comply with the PCI DSS (Payment Card Industry Data Security Standard) are in a high-risk group to be affected by the fraud form.
Revealed: The convicted TJX hacker Albert Gonzalez case. Sentenced to terms of 20 years of jail, Gonzales had stollen 90+ million credit/debit card numbers from TJX and other retailers.
Hacking occurs when whoever tries to intentionally exploit a computer system, a private network or commit an unauthorized access to a protected computer/system with an illicit purpose. It doesn’t necessarily take place via computers, but also smartphones, tablets, all the newest mobile devices, security systems and any other gadgets connected to the Internet.
Revealed: A Lauri (not) Love’s Story. If the hacker refuses to accept a plea deal, he will have to pay $9m (£6.8m) in fines and will be sentenced to a prison term of up to 99 years.
The type has inherited a lot from pure hacking. As the name is self-explanatory, the type involves three complicated steps for the fraudulent activity:
- (a victimized customer) The first step is a complicated process, which includes the creation of a fake online store and storing private customers’ data. All too often, there are mirror copies of official e-commerce websites. Besides, they shouldn’t necessarily be small online stores. As a fact, the fraudsters choose such stores as eBay to commit the triangulation fraud (e.g.: an auction to sell an item fraudsters don’t own yet);
- (an official e-store) Once a ‘victim customer’ placed an order, the hacker executes ‘pure fraud’ on the legal online store site to ship the product to the customer using another stolen credit card information;
- (a fraudster) After the execution, a fraudster collects money as well as a database with genuine information utilizable for further speculations. The legal online store and a ‘victim customer’ stay out of business.
Revealed: The eBay Community write about what they know. A customer’s story about pet flea protection for $126.00 he has never ordered.
We can talk about clean fraud when a fraudster utilizes a stolen credit card data in a way that excludes a possibility to ‘be caught with the goods’. When this occurs a fraudster tries to steal as much information about the cardholder as possible to pass any transaction procedure staying unwitnessed. The type of fraudulence is the most difficult for identification, as the information utilizable by the malicious user is genuine.
Revealed: Olympus scandal for $529m. Ex-chairman Tsuyoshi Kikukawa and 15 others are liable for $529m.
If a fraudster manipulates the information stored by the affiliate link given to a company by a retailer to make the retailer pay far more the financial capacities, this is affiliate fraud. The type can be committed either by a real person using fake profiles or by utilizing an automated process. It’s no exception when a fraudster employs the symbiosis of the approaches to avoid being banned beforehand.
Revealed: The Shawn Hogan, the CEO of Digital Point Solutions, case. eBay paid him $28 million in affiliate marketing sales commissions.
Fee & Wire Transfer Scams
The scam is also known as ‘Nigerian Prince’. A criminal asks business company representatives for money in advance in return for a larger sum of money later. Target audiences of the criminals are businesses who provide services.
The fraudster contacts the business owner or representatives via email as a potential client. The criminal claims to order an impressive amount of work (service) or a prospective project from the company, but he/she cooperates with a 3d-party company and needs to pay for them too. However, due to some fictitious circumstances, they can’t do this right now (e.g.: the fraudster is abroad and has a limited number of international transfers, etc.).
Revealed: The original Nigerian prince version for $ 3,000,000 American Dollars.
Chargeback fraud is stated to be one of the simplest types of e-commerce fraud. Though, the form doesn’t necessarily include identity theft. The fraud occurs when a customer orders products from an e-commerce website using an easily-pulled payment method, for example, credit/debit card (it’s not an exception a malicious customer uses his/her genuine card).
When the items are shipped or out of the merchant’s control, the customer claims his identity was stolen and asks for a chargeback leaving the purchase for free.
Usually, the customer makes the notification on the last day to return. The process of verification takes time and many merchants choose to make the refund rather than develop a bad reputation of the company.
— Mike Bryant (@MichaelRo22ss) January 10, 2018
The type of fraud is much like the chargeback fraud. However, this form is committed without any malicious intent. In case of friendly fraud, a purchase is placed by a real customer and the chargeback is asked for something innocent (a stolen package, the odd spelling of a merchant’s name, etc.). However, in the end, the friendship costs a fortune.
Educate yourself: Other computer fraud subtypes we haven’t mentioned here are typical not only for e-commerce sphere: the change of mailing address, skimming, phishing and vishing, telephone fraud, mortgage refinance fraud, check fraud and others.
Specific Platform Vulnerabilities
Aside from the commonest e-commerce fraud types, you need to learn your platform vulnerability areas. Relying on the information about Magento platform weaknesses, we can state the cases of such fraudulence attacks as mass billing information theft from Magento stores in 2013, Kevin Mitnick attacks, and particular cases of computer fraud.
Magento is a web site, and since it is a web site, it uses technologies such as cookies, MySQL, PHP, etc. Such applications have their own weaknesses and vulnerabilities. Therefore, when developing a store or modules, it is necessary to consider typical problems such as various types of injections, hacking through cookies, and others.
Here is the list of the main web application vulnerabilities 2017, in the view of the Open Web Application Security Project:
E-commerce fraud detection
So, awareness of the latest e-commerce fraud types is essential. Though, it doesn’t excuse your online store from risks. All you need is to know how to timely detect the threats and prevent the undesirable results manually and with the use of advanced tools.
To recognize signs of suspicious activity, an experienced admin user monitors:
- orders with illogical or fake customer/order data. E.g.: customer’s forms with fake phone numbers or suspect email addresses (e.g.: 12345ASD@gmail.com – randomly generated combinations of numbers/letters); orders with suspicious address information (e.g.: a ZIP code doesn’t match the mentioned state/city);
- orders from first-time buyers with unusually large/high-priced purchase;
- customer’s history with multiple orders from different credit cards;
- large orders with duplicate products;
- customer’s order history with numerous declined transactions.
Described below are the simplest measures of manual review one can take to detect suspicious orders.
A. IP address verification
When noticing illogical or plain-speaking fake customer’s data and/or realizing the client is a first-buyer have a look at the IP address the order is placed from. A customer’s IP can be a useful detector of potential threats. Try to complete the next tasks while defining a suspicious customer geolocation:
- make sure the user’s IP address coincide with the billing address indicated in the customer’s form;
- confirm the IP doesn’t belong to a web hosting company;
- check the IP is not the address of a public proxy server.
In case you find one of the points coincided with your suspicious order information, contact the customer to check the authenticity. However, the verification doesn’t always work, as a customer can stay in another country at vacation and order products to his/her home address.
B. e-mail address verification
The simplest way to verify a suspicious email address is to check it via popular search engines like Google, Yahoo, etc. The search result can help you detect whether the address was used for any fraud attempts. The email can be mentioned in shared blacklists, on forums, blogs, e-commerce or any other media posts that speak about any fraudulent experience related to the email.
C. phone number verification
Make the ‘customer’s phone number’ obligatory for the application form. Then you’ll be able to check a suspicious order using the information. It’s not a secret, fraudulent customers normally fill in non-valid phone numbers. However, the statement requires deeper examination, because not all legal customers agree to give away their genuine phone numbers.
D. shipping address verification
Make sure the shipping address matches the billing address filled into the customer form. For this, you can apply any convenient digital map (e.g.: Google Map) to pin the addresses on the map and measure the distance between the two of them. If the addresses go beyond two different states, the order is more likely to be fraudulent.
Though, before drawing any conclusions you need to contact the customer. A simple example when the two addresses can significantly dispart is when a customer (billing address) who orders an item sends the ordered products as a gift to another person (shipping address).
Therefore, the case requires closer attention when multiple orders use different billing addresses but the same shipping one. (!) Multiple orders that have various billing addresses placed in different states but share the same shipping address is a typical case of e-commerce fraudulence.
E. multiple orders with duplicate products verification
Larger orders with duplicate product items normally arouse merchant’s suspicion. When receiving an order, which sufficiently differs in the order total, items quantity or recurring items from an average order in the store, verify the client’s identity in any possible way.
F. list of confirmed fraudulent customers
Keep all the available information aligned with previous fraudulent attempts/acts on a separate file. This can be email addresses, shipping locations, phone numbers and any other data. Checking the list of red-flag fraud attempts makes the processing of suspicious orders faster and more efficient.
That’s rich: Keep up with the latest Magento security updates.
G. Magento fraud detection
All the manual review methods of fraud detection normally suit any e-commerce platform. Magento admin users, as well as the users of other e-commerce platforms, should also regularly check the web server logs to timely disclose errors and suspicious activity. This can help to secure the store from financial and confidential information losses. Thus, Magento has offered an integration with Signifyd fraud protection system.
E-commerce fraud prevention tools
In line with the Online Fraud Benchmark Report 2017, among the most-adopted fraud detection tools are:
- CVN & AVS (88%);
- customer order history (72%);
- shared negative lists (27%) and customer’s geolocation information (56%).
Where the most effective antifraud tools are AVS, CVN, and device fingerprinting:
In the view of US Payments Forum specialists, CVN and AVS tools are the top performers as well:
The popularity of the fraud validation services is provoked by the insufficiency of the manual check. Besides, the market of antifraud tool services offers a whole list of ready-made security solutions to every taste and budget. The possibility to detect suspicious orders automatically simplifies order processing and reduces risks to fall on the hook of a criminal.
The latest technologies like machine learning allow merchants to speed up and widen the range of processed e-commerce fraud signals. Automated workflow offers to substitute the manual review with automate payment fraud check, suspicious devices blocking and fraudulent orders deleting. Insights dashboards allow for monitoring suspicious activities in a single interface, which simplifies the manual reviewing.
The fraud detection techniques and tools presented below are generally accepted in e-commerce sphere:
PCI compliance: fraud prevention policies & fraud monitoring
The Payment Card Industry Security Standards Council (PCI SSC) is an open global forum that develops and manages the PCI standards.
The SSL/early TLS migration deadline is 30 June 2018. To remind the industry of this important deadline we have launched a countdown clock on our homepage: https://t.co/W0tOny8spb pic.twitter.com/ClJPNFQQs6
— PCI SSC (@PCISSC) January 23, 2018
The council includes five founding credit card companies: American Express; Discover Financial Services; JCB International; MasterCard Worldwide; Visa Inc. and offers four different types of SAQ (A, B, C, D).
Relying on the SAQ compliance demands any vendor who processes millions financial transactions per year is obliged to pass an onsite audit held by a Qualified Security Assessor. The main twelve requirements for the compliance include such fraud preventive measures as:
- a secure network and its regular monitoring;
- protected cardholder data;
- a vulnerability management program;
- antivirus software and others.
By complying with the PCI rules, you acquire the necessary antifraud equipment and pass an independent audit. In case, you are not technically and materially ready to pass the time- and money-consuming procedure, you can make use of a third-party payment processor.
A reliable 3d-party payment processor
The choice of a third-party payment processor depends on many factors. The key aspects include:
- your business model;
- the industry you work in;
- your trading history;
- credit risks, and others.
When selecting an independent payment processor, pay attention not only to up-front/set-up/regular/chargeback fees, processing costs, deposit and settlement period but also to the full PCI DSS security compliance. This will help you eliminate storing customers’ confidential data, which reduces the number of e-commerce fraud attempts against your store system.
Hypertext transfer protocol is being continuously substituted with HTTPS that involves the usage of SSL certificate. SSL creates an encrypted connection between a web server and a web browser. Without the SSL certificate, any data transferred between a web server and a connected device is insecure.
The new secure protocol (HTTPS) is essential for all sites, not to mention websites that pass sensitive (private, confidential) data across the connection. HTTPS is no panacea for all problems, it’s just a way to protect your webstore against the сommonest attacks. Thus, for e-commerce sites that accept online card payments and normally store users’ credentials, the measure is a must-have. If you still haven’t initiated the implementation, see the required steps here.
AVS & CVV
As it has been already stated, the verification services dominate among other fraud detection tools. The mainstreaming is aroused by the fact that many banks approve financial transaction even if they realize the address information (Card Verification Value) doesn’t coincide with the data they have on file.
Using AVS (Address Verification System) and CVV rules taken together with a virtual terminal (point-of-sale system) automatically rejects suspicious transactions relying on the response codes returned by the bank. In such a way, only authorized cardholders are able to make a purchase, as the process of payment requires a CVV code placed on the back of most cards.
If you passed PCI SSC compliance rules, you know the latest software versions is one of the basic certification requirements. The e-commerce platform you use should release regular updates and PCI scans to protect your store against e-commerce fraudulence threats. The implementation of scheduled platform (and secondary software) updating prevents new vulnerabilities to fraud, viruses, and malware.
Mobile e-commerce apps protection
Security in mobile e-commerce apps, which gain pace and become even more popular among average customers than a store web version, is no less important. Without advanced security measures built-in mobile e-commerce apps, you are risking to ‘lose’ confidential information.
The e-commerce fraud prevention measures applicable for mobile e-commerce apps are the designing and timely update of security policy, the use of your own web-server for better traffic encryption, WAF (Web Application Firewall) enabling, constant testing and monitoring.
This e-commerce fraud prevention method is one of the most efficient. By implementing endpoint/double/phone authentication methods to the backend system you will make your platform stable to unwanted external interferences.
E-commerce fraud prevention measures for Magento
Firstly, see the Magento security checklist to protect your store from the fraud activities and find new approaches you haven’t used before. From the list, you’ll learn about the necessity of:
- well-timed updating;
- regular Magento backup;
- strong passwords;
- two-factor authentication;
- firewall usage;
- errors & suspicious logs;
- backend URL change;
- HTTPS usage and many more.
Then, look through the latest Magento security news from our developer’s and tester’s point of view. Find out about risks of SQL malicious injections via forms, URLs, cookies, etc. and get to know the way of solving the problem.
Learn how to lower the probability of fraud incidents using Magento security patches. Scan your Magento store with the latest security vulnerabilities tool and get how to install security patches. However, before proceeding with security patches installation, you are recommended to learn about Magento extensions and security patch compatibility.
Staff training on their private data protection
The bad practice is when a new employee comes on the orientation day and signs up a company’s agreement of confidentiality and protection of information but has no notion of private data protection. The outdated state of affairs should be stamped out. All the staffers and freelance employees should know the way to make their private data unachievable for fraudsters. Staff training on their private data protection will help to make your business resistant to confidential data leakages.
What should I do when experienced e-commerce fraud as a merchant?
Take a break: Firstly, keep your head. You’ve already suffered from financial loss, harm caused to your reputation or brand image. Don’t bring the situation to the boil, as it definitely won’t help.
Nearly always e-commerce fraud is associated with technology and software. That is why it is so important to choose a reliable platform, good extensions, and themes, experienced developers and testers. Before launching an online store you need to take care of tomorrow and implement all the progressive technologies in advance.
And yet, once you experienced e-commerce fraud, you need to tackle the problem:
- prepare all the necessary documentation you can gather on the fraudulent transaction. Find all the information a criminal provided to you during the transaction and any post-sale data. Check who from the staff signed the delivery transaction(s);
- then you need to convey the information to the appropriate government authority. The choice of a right government authority hinges on your company’s size and the sum of money you’ve lost. The criminal case can attain local, national or international scale. The government agencies you can appeal to in the US are enumerated here;
- In case your business is registered outside the US, you need to find government authorities you can turn to in your place or address the support agencies, like INTERPOL or European Cybercrime Centre. Besides, you can contact the support team of the credit card company in use to ask for the money-back;
- The further actions depend on the response you’ll receive. For instance, if you lost an insufficient sum of money, in their view, they may refuse to investigate it. Besides, there isn’t much the government authorities can do regarding international fraudulence;
- Parallel to this, you should see specialists to understand what breaches or technical glitches were utilized to commit the fraudulence. Try to get rid of the issue to prevent the same mistake;
- Besides, it is worth to make security audit of the store, as where there is one problem, there are many of them;
- Apart from all the technical issues, you might have disregarded requirements for strong customers’ passwords, sensitive data encryption, and admin users’ carelessness.
Think over the new methods of fraud detection for your store. All that costs money but it’s much better to pay for protection rather than suffer from the money losses. Mitigate further fraud attempts by investing in new antifraud systems.
What were we to tell?
Fraud protection is not the least important, this should be a routine part of any online store activities. The current state of e-commerce fraud attacks volume has shown the US, the UK, France, Germany and other advanced countries were affected more than others. Any system is not perfect and has its specific vulnerabilities. Even the most advanced security software can undergo fraud attacks through a built-in vulnerability or cases caused by misfortune.
Sadly, the latest researches stated that payment fraud affects both card-present as well as card-not-present merchants. Though, if compare the losses of the two types of merchants results in 2017, card-not-present merchants suffered ten times bigger due to fraudulent activities that card-present ones: 3 bps to 38 bps.
As everyone knows and in line with the IT environments targeted by cyber attacks report, e-commerce comes first. Where 12% of the global cyber attacks were committed within the insurance and finance industries. Bowing to the customers’ opinions, more than 59% of the US respondents stated they are worried about their personal data when using mobile payments. As to the outcome of the survey undertaken in Finland, we learnt more than 47% of the respondents afraid of data misuse when applying online banking and 44% shared their concerns about the security of online payments.
Looking further ahead, mCommerce is stated to continue expanding its significance in global online retail. Mobile payments are supposed to grow further in 2018. According to the Businessinsider report, in-store mobile payments will hit $128 billion in 2021. And drawing on the Nilson Report, $31 billion will be lost to chargebacks by 2020.
No matter what kind of choice you’ll make, remember that your customers’ loyalty and respect are in your hands. Invest in the up-to-date security solutions, manage manual review and follow the latest e-commerce fraud news.