The holidays are getting close – and we’re close to covering all the stuff you need to know to get your new eCommerce store ready for its first holiday sales season. So far, we’ve focused on fun and important topics like holiday deals you can offer and wrapping your holiday orders to delight your customers.
Now, we need to discuss an issue that — like Scrooge, the Grinch, or that one uncle who has no filter — can drain the joy from your holiday season: eCommerce fraud.
It’s sad but true that among the holiday merrymakers looking for gifts there may be scammers placing orders with other people’s credit cards, and that can siphon away your holiday season profits.
In this post, we’re going to let you know why eCommerce fraud can be a big problem even for small online stores. And we’re going to talk about your options for putting fraud protection in place or beefing up the protection you already have, so you and your customers can enjoy the season.
Why is fraud a problem for online stores?
There are two things about eCommerce fraud that every new online store owner should know.
- Most online fraud isn’t committed by random people placing orders for things they want for themselves. It’s a big, organized criminal enterprise that will wipe out an estimated $12 billion in eCommerce revenue worldwide this year.
- Your website can’t fly under the radar just because it’s new or small. Once it’s on the internet, fraudsters using specialized search techniques to look for targets can find it, even if they’ve never seen your social ads or blog posts.
That means any eCommerce store on the web—especially a small store without the kind of anti-fraud resources— can be a target for fraud. And that can get expensive fast.
Here’s why. When a cardholder discovers that someone made a purchase in your store with their card, they’re going to report it to their card issuer. Then the card issuer is going to charge that purchase back to you. That’s called a chargeback, and it’s a four-letter word in the eCommerce world.
Chargebacks – the fraud-related lump of coal in your holiday season stocking
When you have a chargeback, that’s not good, because you need to:
- Dispute the chargeback if you can prove that the customer really did place the order—and do it before the card company’s deadline.
- Pay a chargeback fee ($20 to $100 per fraudulent order).
So, fraud can make more work for you during your busy season. And it costs you money – the cost of the stolen order plus the chargeback fee. Even if you dispute the chargeback and win, the chargeback fee isn’t refundable.
Why dispute the chargeback, then? Because if you get too many chargebacks, your payment processor can charge you more to handle your transactions. They can even cancel your account on short notice if your chargeback ratio gets too high too quickly—like if your shop is swarmed by fraud bots. So disputing chargebacks can help you keep your business healthy in the long run.
How many chargebacks is too many? In general, if the number of chargebacks in one month is more than 1% of your total orders, you’re in the danger zone and need to improve your fraud protection right away. But each card brand has its own way of calculating chargebacks, so make sure you understand the rules for each kind of card you accept.
Options for fraud protection during the holidays and beyond
Screening every order for fraud isn’t something that eCommerce store owners have the time or expertise to do. So how do you keep fraudsters from placing orders on your site?
1. Pick payment methods that include fraud screening
Most online payment options, like Square, Stripe, Google Pay and others, screen orders for fraud. The details vary from one service to another, but in general, your payment processors will cancel or refuse to approve orders that they flag as fraud attempts.
2. Consider adding third-party fraud protection
In addition to the basic fraud screening provided by your payment services, you may want to beef up your security with a fraud prevention service. There are a couple of reasons why paying for extra fraud protection can make sense:
- Specialist fraud prevention services keep up with the latest techniques that fraudsters use to rip off stores, like account takeover attacks that impersonate good customers to slip past basic fraud controls.
- Some fraud services offer a chargeback guarantee or insurance, so that if fraud gets through, your store isn’t responsible for paying the chargeback fees.
You can usually find fraud-control services that partner with your eCommerce platform in their app store. For example, if you search WooCommerce extensions for “fraud,” you’ll find lots of payment gateways with fraud screenings built in, but you’ll also find add on services like WooCommerce Anti-Fraud.
WooCommerce Anti-Fraud generates a score for each order that shows you how risky it is and why it’s risky.
Users can choose to automatically reject orders above a certain risk score or to review them before deciding whether to reject or approve.
The Magento 2 marketplace offers several third-party fraud protection options. Some of these services, like Signifyd and ClearSale, offer subscription plans that cover the cost of any fraud-related chargebacks that slip through their filters. They also offer scores, usually in combination with detailed customer information.
Some fraud protection services allow merchants to store information on good customers, fraudsters and fraud attack methods, like this fraud policies screenshot from Signifyd.
3. Require strong passwords on customer accounts
If your store lets customers create accounts, make sure they have to use a strong password, and encourage them to only use that password for their store account. These practices reduce the risk of fraudsters taking over their account and going shopping with their stored information.
4. Watch out for shipping fraud
Shipping fraud happens after an order has been approved, and it’s on store owners, their customer service team and their shipping partners to watch for it.
Here’s how it works. An order comes in that looks low risk, so it gets approved. Then the customer calls customer service or the shipping carrier and asks for the package to be sent to a different delivery address than the one they used for the order. They may have an excuse like they entered the wrong delivery address out of habit, or they’re moving soon, etc. It could be a legitimate request, but it could also be a fraudster who knew that using the real delivery address would raise fraud flags during the order screening.
Another shipping fraud approach is placing an order and then calling customer service to ask for the package to be sent using the customer’s “preferred” shipping carrier. Again, this could be a legitimate request, but it could also be a fraud scheme run by a team that has an “inside” person at the preferred carrier.
How can you tell if the request is real or fraud? You can’t. The safest way to handle these requests is to offer the cancel the current order and let them place it again with the correct delivery information. That lets your fraud program re-screen the order, and some fraudsters may not even try. It’s also a good policy to stick with the shipping carriers you select instead of adding others on request—and to ask that your shipping partners contact you if a customer asks them to reroute an order.
OK, that’s enough discussion of the Ghost of Christmas Fraud. Now that you know how to protect your store from scammers this holiday season, it’s time to think about how you’re going to host a lot holiday shoppers in your store.
Our next post on how to rock your eCommerce store’s first holiday season will show you how to make sure your site is ready to handle spikes in site traffic and keep your customer data secure. Watch for it soon!
Protect your eCommerce website from hackers, malware, and more with Sitelock, starting at just $1.99/month.