Cybercriminals who engage in fraudulent activities for profit can be manipulative and innovative. They seek opportunities to undermine the structures put in place to ensure consumers’ transactions are safe, orderly, and trustworthy. The number of online payments has dramatically increased since the onset of the pandemic. According to Juniper Research, marketing research, and consulting service, in 2020, there were 2.6 billion digital wallet users—by 2025, there will be 4.4 billion globally.
While online payments are convenient and have accelerated the growth in eCommerce transactions, digital payments can also give criminals access to consumer’s data. Anti-fraud measures are constantly updated, yet it can be challenging to stay ahead of the next major breach. Omnichannel retailing has eliminated many barriers and restrictions that separated digital and in-store experiences. However, open access to financial data has increased the number of attacks and prompted thieves to devise new types of fraud to circumvent the system.
Juniper’s Research report, “Fighting Online Payment Fraud in 2021,” detailed a broad range of fraudulent activities that criminals are using to profit from consumers and merchants illegally. Retailers aware of these scams are in a better position to secure their businesses and are less likely to become a victim. These are the types of fraud highlighted in the Juniper Research report.
Silent Fraud—To fly under the radar and avoid detection by malware, fraudsters attempt to prevent detection by taking small sums of money from thousands of accounts. When added together, the total amount will be more considerable than one large theft.
Clean Fraud—Retailers receive fraudulent checks that seem to be legitimate. The bank account information printed on the check is valid. The criminal has stolen all of the victim’s information required to make a purchase. This type of fraud is hard to detect since there are no obvious red flags. Merchants can ask more questions, yet this can cause a scene and disrupt the purchasing process.
Account Takeover—Thieves try to access consumers’ funds by adding their information to the account as registered users. These steps can include adding their name, switching an email account, or changing the customer’s physical address.
Friendly Fraud—Happens when a retailer receives a chargeback because the consumer denies making the credit card purchase or says they never received the order. However, the goods and services have been received. The transaction may have been initiated by a family member or acquaintance who has access to the person’s credit card information.
Affiliate Fraud—Occurs other companies fraudulently use their lead or referral programs to inflate their profits by submitting false leads based on factual customer information. They may also make misleading claims about their web traffic to increase their payout from merchants.
Reshipping—Fraudsters make purchases with stolen credit cards and then recruit an innocent person to package and reship the merchandise. The unknowing participant, or “mule,” has a legitimate shipping address so the merchant would not suspect criminal activity.
Botnets—The “botmaster” controls a network of infected machines designed to facilitate various crimes. The fraudster may use them on eCommerce platforms to make transactions with stolen credit card or identity information. The consumer’s transaction appears to be initiated since the location seems to match the credit card being used. The infected computer does not trigger a red flag because everything looks to be in order.
Phishing—Criminals send official-looking emails from real businesses requesting personal information from consumers such as passwords, log-in details, and account numbers.
SMS Phishing or Smishing occurs when fraudsters reach out to mobile phone users in an attempt to acquire personal information such as an online banking password or ATM PIN.
Whaling is a version of phishing that “spears” a specific group of customers or employees by sending target messages that appear to come from the affected parties’ company, organization, or fellow staff members. Often referred to as “spear-phishing these messages are opened in the belief that the sender can be trusted.
Pharming—Customers unknowingly enter their credit card and personal information on an illegal website.
Triangulation—Credit card information is stolen when valid customers purchase through online auctions, ticketing sites, and online ads. Typically, the criminal posts merchandise at a deeply discounted price to prompt consumers to make a purchase. The fraudster continues the cycle by using other stolen credentials to purchase the item from a legitimate website to ship to the customer. Neither the consumer nor the merchant is aware that they have been scammed. The criminal then continues to repeat the cycle of deception.
Pagejacking—Thieves copy legitimate websites and use them to steal customer’s payments. This technique is sometimes associated with SEO campaigns that attack a client’s website through their content management system.
Identity theft and scams have gotten worse during the pandemic. While better identification verification methods may help the situation shortly, retailers must stay alert and take preventive measures to safeguard sensitive data and information.