Published: Posted on July 28, 2020
eCommerce is a modern and effective way to engage in the retail and wholesale business, but where there’s $$$, fraudsters who want to get a piece of the action won’t be far behind.
Affiliate marketing involves having 3rd parties recommend your products or your store in return for a commission or bounty on the sales that they help you to generate. Affiliates will promote your wares and share trackable links or coupons through their advertising efforts. You can create your affiliate program from scratch, or you can go through a major affiliate network to help attract affiliates. These affiliates can use whatever resources that they have, such as blogs, newsletters, and social media accounts, to promote your offerings to their audience. However, some affiliates may get you a bunch of sales that you think are legitimate, receive your commission payouts, and then return or chargeback the items that they nefariously purchased from you.
Solution: Firstly, be choosy about affiliates. Obviously, recruiting people that you know well, such as your long-term customers, well-established businesses, and social influencers with good reputations, are all safer than onboarding random affiliates. If you go through an affiliate network, there may be additional feedback about publishers. Regardless, set expectations that commissions will be paid out after a maturation period, such as 90 days. If, for instance, your affiliates are using stolen credit cards to place orders and earn commissions, chances are that the chargebacks will happen before you’ve paid out commissions.
Beyond organized criminal organizations and individuals that use stolen credit cards to place orders, there are shoppers that are known to abuse their right to chargeback an order that they received. This is very much like the credit card fraud scenario that we described; only this is done by the legitimate cardholder.
Solution: Vendors like Charebacks911, Chargeback.com, and Midigator can help you to efficiently and effectively respond to chargebacks that you might otherwise not take the time to dispute or might not win over technicalities.
For established eCommerce stores, it is more likely that there’s a healthy ad budget being used to attract targeted traffic. However, not all ad clicks are the same. You may be paying for bad traffic, which is a double-whammy, because not only are you out your advertising dollars, you also don’t have any orders to show for it. Keep in mind that professional click fraudsters aren’t just your competitors, occasionally clicking one of your digital ads. These are usually individuals or organizations that deploy bots to do so in an organized fashion.
Solution: Systems like NS8 can help to identify and block bot traffic that you’d otherwise be paying for from vendors like Google Ads.
Credit Card Fraud
Whether they’re individuals or modern elements of organized crime, there’s a risk that some orders that you’ll receive will be made with stolen credit cards. If you fulfill these orders, and a chargeback is placed by the owner of the credit card, you’ll be held responsible. This means not only will fraudsters have stolen your goods for which you won’t see payment, but you’ll also bear any additional costs, like shipping. You may also be responsible for chargeback fees assessed by your merchant processor, and if this happens often, you can expect other penalties or assessments to be applied to your credit card processing account since you’ll be considered a higher-risk account.
Solution: There are a wide range of solutions that can help you to identify and block bad traffic. Web hosts like JetRails deploy security measures that help block some bad traffic. Some checkout systems, like Bolt, include fraud protection. Additionally, there are a wide range of independent systems that can help block fraud, like ClearSale and NS8.
Credit Card Testing Fraud
Fraudsters need to know which of the stolen credit cards in their possession are active. In some cases, they can have significant lists of cards to test. In order to verify which cards they can abuse, they’re known to find eCommerce websites with gateways that they can abuse. This can include pining your gateway for a $0.00 authorization just to check which cards are live. The problem is that, not only can this abuse your website resources slowing down or tying up your site for real shoppers, it can cost you money. For instance, Authorize.net, a Visa company, has a list rate of $0.10 per transaction. While that may not sound like much, if a fraudster runs 500,000 authorizations through your gateway, you could wind up with a hefty bill to pay.
Solution: You’ll want to make sure that your payment gateway has some safeguards and policies in place to help protect you. You can also security related to your web-hosting layer, like a strong Web Application Firewall (WAF) with Bot Protection. You can even block traffic from sites that you don’t sell to, cutting down the number of potential origins for such an attack on your site and payment gateway.
From skimmers, spammers, and bots, to cybercriminals that use phishing, ransomware, malware, malicious redirects, content injection, or other types of attacks, there’s no shortage of security threats to an open-source eCommerce platform. These bad actors often seek to defraud you and or your customers.
Solution: An agency like Best Worlds can help to keep your site patches and otherwise secured. A host like JetRails can help keep your hosting up-to-date and monitored while managing a range of proactive and reactive security measures.
With returns fraud, you ship an item and get paid for the item, but then the shopper initiates a return. In some cases, this may seem quite normal and reasonable, however, there are criminals that will keep your items and ship back counterfeit goods. There are also shoppers that will habitually use and return your goods, or order new goods and return their old/broken items, which should likely violate your returns policy. In 2017, the National Retail Federation estimated returns fraud was a $15 billion dollar annual problem.
Solution: Create a strong return policy that balances customer expectations and protecting your bottom line. Then be vigilant about checking and verifying returns. That includes checking for patterns, such as customers that return items more frequently than average. If you don’t have a strong Return Merchandize Authorization solution helping you to track and manage returns, consider a system like ReadyReturns from ReadyCloud.
Both product ratings and reviews of your eCommerce store help shoppers make decisions about whether to trust your brand and which of your products are the best. However, competitors or other bad actors can take advantage of open review systems, creating user accounts on your website, and leaving fake reviews. This can drive down your sales. This has been a long-term problem that even the largest of eCommerce sites – like Amazon – have had to contend with.
Solution: Consider upgrading from Magento’s off-the-shelf reviews system to a more advanced system, like Trustpilot, ShopperApproved, YotPo, Annex Cloud, PowerReviews, Feefo, or Verified-Reviews. While each system is different, many offer features to help draw in your actual customers to leave reviews, and help alert you and give you a chance to mitigate bad reviews.
Social hacking is an old and effective method of going through the proverbial front door to commit theft. The perpetrators will impersonate you, your staff, or your vendors in order to request access to sensitive information, like your Magento admin credentials, hosting logins, or domain registration account information.
Solution: Only share credentials securely with individuals that you can identify. If you get a message requesting access to a secure system, call your vendor at the phone number on their website to verify the request. Make sure that you and your team members don’t feel pressured to give out such information.
Growing and successful eCommerce sites take a village to support. This includes a wide range of vendors, from payment processors to software publishers. Who can you trust with access to your site? Whose software is safe to install vs. a security threat? What if that agency that I hired turns out to hold my website hostage on their servers?
Solution: If you have trusted experts advising and guiding you, you can avoid a lot of common pitfalls. An agency such as Best Worlds, paired with web hosting experts like JetRails can help protect you from decisions that could otherwise significantly hurt your business.
About the Author:
Robert Rand, Director of Partnerships, JetRails.
Robert Rand is the Director of Partnerships at JetRails, a mission-critical ecommerce hosting service. Robert has over a decade of experience in helping merchants benefit from sound ecommerce and digital marketing strategies, assisting organizations of all types and sizes to grow and succeed via digital commerce. Robert is a frequent author and thought contributor in the ecommerce industry, and hosts The JetRails Podcast.