What is online fraud?
Ecommerce is in its core about selling products and services over the Internet. In this online environment, there is no physical interaction between the buyer and seller. Due to the lack of face-to-face interaction, it is the perfect environment for fraudsters to conduct fraudulent transactions. The fact that they can easily present themselves as another person and obtain another's identity or payment credentials provides the opportunity to conduct fraud.
Online fraud – in the context of ecommerce – relates to transactions initiated over the Internet which are not performed by the legitimate account or cardholder and results in financial losses for the seller or the legitimate account or cardholder.
Types of Fraud
There are several types of online fraud to be distinguished. The most common online fraud relates to card-not-present fraud, whereby a debit or credit card is fraudulently used. The card information needed to conduct an online card payment can be obtained through "account takeover", by stealing a card or card information, or through means of identity theft.
Another category of fraud is called 'friendly' fraud. This is where the card or payment details have not been compromised but the consumer still attempts a chargeback. Friendly fraud can be reduced via a clear and generous refund policy and pro-active customer support.
Fraud Risk Per Online Payment Method
Online Bank Transfers: in general, online bank transfers require strict authentication of the legitimate owner when accessing the home banking application. Compared to other payment methods, online bank transfers do not pose a great fraud risk to the merchant. Even in the case of fraud, the merchant can not be hold accountable.
Normally online bank transfers require two-factor authentication, which provides identification of users by means of the combination of two different components which can be either
- something that the user knows (e.g. password, pin code, the answer to a security question);
- something that the user possesses (e.g. cap-reader, mobile phone);
- something that is inseparable from the user (e.g. fingerprint).
For fraudsters it is quite difficult to obtain these two components at the same time and use it to initiate fraudulent payments. Online bank transfers can not be reversed by the account holder and are not eligible for chargebacks for fraudulent or dispute reasons. Merchants benefit from payment guarantee as they can not be held accountable in case of fraud (the bank of the buyer/account holder will bear the costs). With respect to monitoring fraud on online bank transfers, there are not that many parameters for the merchants to use for automated scrubbing.
However, despite the payment guarantee, merchants have some moral responsibility to monitor purchasing and payment behavior to detect fraudulent activity. The merchant's ordering and PSP system should recognize irregular behavior and generate warnings – for example – when many orders are being purchased in a short period of time by the same buyer, or individual order amounts greatly differ from the average order value.
In contrary to online bank transfers, card payments pose a substantial fraud risk to merchants. Important to recognize for merchants selling online and accepting debit or credit card payments, is the fact that fraudulent card transactions can be reversed by means of a chargeback. This means that an online seller can loose both the products and the money which can result in severe financial losses. There is a clear difference between the fraud risk on debit cards and credit cards.