The type of eCommerce fraud that can harm your business
In collaboration with PayU
With an estimated R9 billion in revenue, 2016 has been an explosive year for South African online retailers. As more consumers catch up with internet shopping, the industry will continue to gain value – in fact, growth prospects put eCommerce profits in the region of R53 billion by 2018.
Running a successful online store is, of course, a risky business. Now that eCommerce in South Africa is picking up steam, the sector is becoming increasingly vulnerable to cyber criminals who attack businesses and their customers via email messages, websites, chat rooms, message boards and social networks.
To illustrate how the stakes have been raised in cybercrime, Peter Hart Davis, security officer for PayU South Africa, described it as a big business with an evil twist, during a recent interview on Lotus FM. These criminals are organised, and operate in a professional manner such as having helpdesks and hotlines. In the interview, Davis also pointed out that South Africa has previously not been as much under threat as other countries, but that the fact that South Africa is seen as new to the game actually makes local businesses a more attractive target for cyber criminals.
In order to secure their online business against cybercrime, business owners should be aware of the different types of eCommerce fraud, to alleviate the risk of losing profits.
Here is a list of the most common types of eCommerce fraud compiled in collaboration with PayU:
1. Credit card fraud
Credit card fraud refers to the illegal withdrawal of funds from a credit or debit card account during a transaction. Scammers may have the physical card present or they may have stolen a customer’s credit card data via skimming devices or malware, or by hacking into a business. When fraudulent charges occur the online store is responsible for refunding the customer’s money, and thus loses income.
2. Identity theft
Identity theft occurs when criminals steal a customer’s personal information and masquerade as the customer to commit online fraud. With the stolen identity they can create fake IDs, open bank accounts, or take loans. They can also place orders at an online store under the fake name and then pay with the victim’s credit card or debit the cardholder’s account.
3. Phishing
Phishing is a type of identity theft where criminals create fake websites that imitate an established online company. Customers are usually directed to the fake website when they click on a link sent via email or a banner ad. Phishing attacks can take the form of a fake bank asking a customer to update their details online, or simply a fake shopping site. When customers land on the new page, they are then asked to provide or update their banking details, which the scammers will use to access the customer’s account or make fraudulent credit card purchases.
4. Chargeback fraud
This type of online scam is also known as friendly fraud. It happens when a customer makes a legitimate purchase with their credit card but then demands a refund from the issuing bank after receiving the goods, alleging that their identity has been stolen. When the bank reverses the payment, the merchant is responsible for the refund since they approved the transaction. Even though they have received the chargeback, the customer never returns the goods.
In South Africa, payment fraud is on the rise, with the South African Banking Risk Information Centre (SABRIC) reporting that credit card fraud increased by 13% from R331 million in 2015 to R374 million in 2016, with debit card fraud increasing by 3.1% for the same period.
As the fraud landscape rapidly evolves, online merchants need to protect themselves from trending cons while shielding their business from new scams in the future. The variety of online fraud means that online businesses require diverse security solutions, including a CPI compliant payment gateway, HTTPS connections, encrypted data transfers, anti-virus updates and web application firewalls.