(4 min. read) Take a look at Part 1 of our real-world case study examining a high-volume eCommerce partner and our battle against sophisticated order fraud. If you enjoy it, we’ll be publishing Part 2-5 next week!
— Alexander Hatala (@Zingiest0) August 25, 2021
eCommerce fraud is something that most stores have dealt with and will continue to deal with for the foreseeable future. eCommerce fraud, sometimes called eCommerce carding, is a war between vendors and criminals, with each side creating and utilizing more advanced and sophisticated techniques each day. This case study will take a closer look at one of our partner’s eCommerce store and their six month battle with targeted and sophisticated fraud. While there are many types of eCommerce fraud, we will take a look at order fraud in this case study.
What is Order Fraud in eCommerce (or Purchase Fraud, Carding Fraud)?
Order fraud is one of the most widespread forms of cybercrime. Quite simply, it’s when a criminal uses stolen or unauthorized debit or credit cards to purchase products. Often, the fraudsters will ship the stolen merchandise to a ‘drop’ location, sometimes an empty home address or an oblivious associate to pick up his stolen goods. This leaves the merchant with numerous issues such as dealing with chargebacks, inventory issues, consumption of valuable time, and profit loss.
Not All eCommerce Fraud Can Be Stopped
If you’re running a high-volume online store, it’s probably safe to say fraud will happen, no matter the steps you take and the prevention methods you use. When tackling fraud, the goal should be to eliminate as much fraud as possible without sacrificing existing profit margins or man-hours. When you implement anti-fraud measures, your team must understand the cost-benefit of each action you take.
Basic eCommerce Fraud Detection and Prevention
Before looking at advanced measures, let’s first quickly overview the basic, standardized methods of combatting eCommerce fraud. These should be setup by default and only disabled for particular cases.
- Address Verification Service (AVS)
- CVV handling or filtering
- Order amount thresholds (manual review for large orders)
- Hourly and daily velocity filtering (limits on X amount of orders from the same account or IP address)
Let’s take a look at some more advanced techniques used by criminals and prevention measures stores can take if your eCommerce store deals with sophisticated fraud. We will be examining our partner’s six month battle against advanced eCommerce fraud.
Below is a quick summary of our partner’s store:
- Total Products: 6,000
- CMS Platform: Customized Woocommerce
- Monthly Unique Page Views: 1 – 2 million
- Monthly Transactions: 11,000 – 20,000
- Average Order Value: $220
- Industry: Sports & Recreation Goods
During the height of the fraud attacks, our partner experienced revenue loss was as high as $15,000 each week.
An Overview of Fraud Detection and Prevention
Billing and Shipping Mismatch Fraud
The most basic detection of eCommerce fraud is a billing/shipping address mismatch. Some smaller retailers choose to disable a separate shipping address entirely, but this is not an option for more serious stores. Again, fighting fraud is about cost-benefit analysis, and in most cases the profit loss from legitimate orders would be too much. Additionally, some stores decide to automatically hold orders for manual review that have a shipping mismatch. This is time-consuming, wasting many valuable man-hours of the customer support team. For our partner, this was not an option either.
Solution: Automatically tag orders with a shipping mismatch and alert internal teams to pay slightly more attention when pulling up these orders. This isn’t a solution, but it supplements the additional anti-fraud measures below.
Certain Products at Higher Fraud Risk
Fraudsters steal products that are worth their time. Items that are easy to resell and have high demand are more appealing. This is likely true for eCommerce stores that have over 100 SKUs. In our partner’s case with 6,000 SKUs, we took a look.
Solution: Our team analyzed a year’s worth of previously confirmed fraud and mapped out all the SKUs with a fraud risk rate double of other products. Orders containing these products were also tagged.
Billing Shipping Mismatch + Popular Fraud Products = A Quick Win
With our two tagging systems in place, we observed our partner’s operations for the next week. Afterward, we confirmed with the customer support team that 95% of all orders that had a shipping mismatch while containing a tagged product were, indeed, fraud. Our teams decided to implement holding all orders that matched these conditions for manual review.
This anti-fraud prevention method worked well, was highly accurate, and didn’t waste too much time of our partner’s team. Considering less than 3% of all orders were double-tagged, it was clear the benefit outweighed the cost (cost in this case manually reviewing 10-15 individual orders a day.
This technique we created for our partner eliminated a good portion of active fraud, however more advanced fraud continued to occur, and more advanced anti-fraud measures needed to occur. We will cover more advanced techniques in our eCommerce Fraud case study Part 2.