Ecommerce cybersecurity and fraud prevention are almost always handled by different teams, but that doesn’t mean they’re completely independent activities. When customer data is exposed in a cyberattack, criminals can use it to commit fraud. Fraudsters can steal employee credentials to expose customer data. Both kinds of incidents affect the bottom line and both can impact the company’s image with customers.
A recent study found that three-quarters of consumers will avoid a brand after a cybersecurity issue, and more than 40% assume that brands are to blame when an incident occurs. Another survey of online consumer attitudes found that 84% won’t go back to an ecommerce site after a fraud experience there. Because a problem in one area of your business can cause security or fraud issues in another, it can be helpful to take an end-to-end look at your security and fraud prevention practices to identify gaps and make improvements.
Supply Chain Security and Fraud Prevention
Security and fraud issues that target your supply chain partners can have ripple effects that damage your business. Key areas to review are:
Authenticity of materials and components. Counterfeit items in the supply chain are a growing problem for all kinds of products, from aircraft parts and medical devices to cosmetics. Resulting quality and safety issues can harm your customers and your brand’s reputation. Know your suppliers and understand how their physical and digital security practices work to protect the integrity of the products you sell.
Advertisement
Supplier cybersecurity. Attacking vendors to access other targets is a common cyberattack strategy. Ask for documentation of suppliers’ data security practices and incident response plans. Audit the data you share with suppliers to ensure you’re not putting sensitive customer data at risk.
Vendor communication. Organized fraud groups are increasingly skilled at impersonating vendors via email and even hijacking legitimate email threads to submit fake invoices and divert funds. Review your vendors’ email security practices and consider adding a confirmation step such as a phone call before paying invoices.
Marketing and Brand Impersonation Scams
Brand imposters are a growing problem for major brands, but no brand is immune in the digital age. Organized fraudsters use search and social media ads to deceive customers into clicking through to fake websites that steal their payment data, account login credentials or both. In fact, 16% of respondents from the consumer attitudes survey said they’d been the victim of social commerce fraud in the past year.
Technology makes it easy for criminals to spin up these imposter ads and sites at scale. One criminal ring set up more than 600 fake sites and created hundreds of fake social ads to bring in victims. Because of the speed and scope of these imposter campaigns, the only realistic way to protect your brand and your customers is through continuous, automated monitoring to detect unauthorized brand mentions and file takedown requests.
Website Security and Fraud Detection
Fraud on your website can cost you far more than the cost of the fraudulent order. North American retail and ecommerce businesses now lose a total of $3 for every dollar of fraud they experience, and as mentioned earlier, most customers won’t return to a site after a fraud experience. Preventing card-not-present and account takeover fraud on your ecommerce site requires a combination of resources, including order scoring processes (ideally backed by machine learning algorithms for increased accuracy over time) and expert review of flagged orders to prevent false declines.
Site security is also a concern. Regular scans for unauthorized scripts and other malicious code can prevent attackers from intercepting your customers’ data as they enter it, using it to commit fraud and putting your business out of compliance with data privacy regulations.
Shipping and Beyond
Unfortunately, the security and fraud risks continue after orders are approved. One is shipment diversion: when criminals place an order using stolen data or a hijacked account, they leave the default shipping address unchanged to avoid raising fraud flags. Once the order is approved, they call customer service to request a change to the delivery address so they can receive the stolen goods. To prevent this, your store can implement a policy of canceling such orders so the customer can place them again with the correct delivery data. This allows your fraud scoring tools a fresh look at the order.
So-called friendly fraudsters may claim that their orders never arrived so they can request a refund and keep the merchandise. Along with other types of friendly fraud, this common scam costs retailers $100 billion a year. The solution is to include tracking and delivery confirmation on your shipments so you have proof that they arrived.
Delivery tracking can also help prevent package theft, which is a widespread problem that erodes customer experience and can drive up your insurance costs. More than 40% of US consumers have had at least one package stolen before they could bring it inside after delivery. With real-time updates that let them know when to expect delivery, they stand a better chance of getting the package before someone else does.
Fraudulent returns also are an issue, costing U.S. retailers up to $35 billion in 2023. Wardrobing is a common tactic, in which fraudsters order an outfit, appliance or other special item, use it once and then return it as new. Reducing return fraud starts with ensuring that your return policies are clear and require the original tags and packaging. Analysis of your return request data can flag potential return fraud for review, and it can identify serial returners that you may choose to decline in the future.
A Holistic Approach
All of the improvement strategies here depend on a solid cybersecurity foundation that includes system monitoring, email security, endpoint management and incident response to prevent data loss that leads to fraud. A culture of communicating about security across your business is also valuable. Ideally, your supply chain, marketing, site, fraud prevention and customer service teams will share information to keep your data, your revenue and your customers safer.
Rafael Lourenco is EVP and Partner at ClearSale, a global card-not-present fraud protection operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives. Follow on LinkedIn, Facebook, Instagram and Twitter @ClearSaleUS.