As the number of people shopping online increases, so too does the number of online fraud attacks. This doesn’t just make e-commerce store owners and online shoppers vulnerable, but the rising number of children who are browsing online, too.
The Growth of Online Fraud
In October 2015, in a bid to increase security, U.S. retailers moved to debit and credit cards that were chip-enabled (EMV). However, this had an adverse side effect, causing a rise in other fraudulent activities, including card-not-present (CNP) scams. As a result of this, after the EMV migration, online fraud attacks grew by 11%.
Figures revealed by a PYMNTS report demonstrated that, in the last quarter of 2015, for every 1,000 e-commerce transactions conducted, there were 27 fraud attacks. This was an 11% increase on the third quarter, and a massive 215% increase on the first quarter. Perhaps more worryingly still, the stats also uncovered that for every $100 spent, $4.79 is at risk of an online fraud attack.
These frightening figures were added to by another study, which was conducted by Javelin Strategy & Research. Here, it was discovered that, in 2016, there was a 16% rise in identity fraud cases, which cost U.S. consumers $16 billion in losses. The total number of consumers in the U.S. who were affected was 15.4 million; a rise in nearly 2 million from 2015. Again, the EMV rollout appears to be part of the reason, as there was a 40% increase in CNP fraud.
Experts estimated that, in 2016, e-commerce would lose $6.7 billion to fraud.
Types of Online Fraud
Even though there are a number of different types of online fraud, there are two main categories that these scams fall into – account takeover and identity theft.
Account takeovers occur because a lot of customers are provided with accounts by e-commerce stores, which store their purchase history, financial data, and personal information. By using various phishing schemes, scammers hack into these accounts and steal this information. A common example of this is when an email is sent to a customer by a fraudster, which tricks them into revealing their username and password. The scammers then use this information to log into the customer’s account, alter their password, and start making unauthorized purchases.
In the cases of identity theft, fraudsters will hack into e-commerce stores’ databases, despite companies taking a number of precautions to try and prevent this from happening. When scammers gain access to these databases, they can steal usernames, passwords, debit or credit card details, and other personal data. And, in more severe cases, they will sell these details to other criminals, who will use them to create accounts with e-commerce stores and make further online purchases. Sadly, this can be hard to manage as people don’t always check their credit card statements frequently, and they’re unaware an account has been opened in their name.
How Can Store Owners Protect Themselves from Online Fraud?
Even though fraud rates are high, store owners can still actively prevent fraudsters from scamming their websites. Below, we’ll discuss some of the best processes and tools that can be put in place to protect businesses and their customers:
- Complying with Payment Card Industry Data Security Standard (PCI-DSS) – This helps to make sure store owners have secure systems in places, and customers can trust stores with their details. Furthermore, to gain this certification, store owners must utilize risk management and advanced fraud technology, conducting fraud checks by using the latest algorithms.
- Using Address Verification Systems (AVS) – This checks the billing address matches the registered address that the card issuer has, which is why merchants should ask for both of these addresses.
- Conducting a Card Verification Value (CVV) check – This is the three-digit code detailed on the back of most cards (or the four-digit code on the front of American Express cards). Unless a thief has the card in their possession, it cannot be easily retrieved, so by asking for this information, it allows online stores to add another layer of security to their payment requests.
- Checking the billing address country with the IP address country – Online stores should closely scrutinize any transactions that are being conducted in a different country to the billing address. For example, if a customer’s billing and shipping address were in America, but the IP address was in Sweden, the customer’s identity should be checked. There may be an innocent explanation for the difference (i.e. the customer shopping while they’re on holiday), however, it’s better to be safe than sorry.
- Getting tougher with password requirements – It won’t take long for a hacker to guess a four-letter password, which is why e-commerce stores should encourage their customers to use complex passwords. These should have at least eight characters, one capital letter, and one special symbol (e.g. %?!*#).
- Keeping software and platforms up to date – Security patches are repeatedly provided by software manufacturers, which is why it’s important that store owners are regularly updating their operating systems. This will protect them from malware, viruses, and any discovered vulnerabilities.
- Detecting abnormal activity – Customers can quickly become frustrated with sites that have many layers of security. That’s why retailers need to detect abnormal shopping behaviors so they can react accordingly, requesting additional security checks only when it’s necessary. To do this, they’ll need to understand fraudulent and legitimate shopping behaviors, being familiar with payment methods, international holidays, and various markets.
How Can Parents Protect Their Kids When They’re Online?
According to a study conducted by the University of Texas, children are 35 times more likely than adults to have their identity stolen. And, even though you might not let your child shop online, it’s crucial that you protect their identity, and yours, because scammers could set up accounts using these details. However, there are a number of ways you can protect your entire family’s identity.
Don’t Give Your Child’s SSN Number Away
Some organizations may ask for your child’s SSN number. This may seem like a no-brainer, but don’t share this information unless it’s for a legitimate reason – e.g. insurance, health care, or government services. And, if you do have to give it, don’t do it online.
Tell Your Child to Type Links Rather than Click Them
Because of the number of people cloning websites, it’s important your child knows the difference between g00gle.com and google.com. Teaching them to type a link in rather than clicking on one will protect them from harmful sites that have been cloned to steal people’s information.
Check Your Child’s Credit Report
Obviously, your child shouldn’t have a credit score because this will only be created by the major credit bureaus when you receive or apply for a form of credit. However, if scammers manage to get hold of your child’s identity, they can create accounts in their name. Therefore, if you check for their credit score once a year, it will alert you to any fraudulent activity that’s being conducted in their name.
If you do find a credit report in their name, you can have this frozen by contacting the major credit bureaus. This will prevent scammers from opening up any more accounts in their name, while also protecting your child’s credit score for the future.
Break the Rules When You Create Passwords
Complicated passwords just aren’t enough anymore, especially when the website you’re using asks a very easy question that enables you to reset your password, i.e. “What’s your mother’s maiden name?” So, create answers to these security questions that aren’t right. For example, if your maiden name is White, have your kid say it’s Green.
Use a Different Device to Your Child
If you can, have separate computers, tablets, etc. for them and you. That way, if their device does get breached, your personal data won’t be compromised. It also allows you to place various parental controls on their device, without disrupting your own online experience.
Teach Them to Keep Things Private
To make sure your child’s not giving out any information that they shouldn’t, teach them to keep all personal information to themselves. This private information includes who their friends and family are, where their neighborhood is, Information about themselves, and anything that could be used to identify them.
To make this fun, the Center for Identity at The University of Texas at Austin created the “Beat the Thief Game.” If a player shares safe information, they gain points. But if they share unsafe information, the thief gets closer and closer until they “steal” the characters information. This offers you a fun way of teaching your kids what they can and can’t share online.
Whether you’re a store owner, online shopper, or parent, being vigilant about online fraud is essential. As we’ve seen with the EMV roll out, scammers will always find another way to steal identities and commit fraud. That’s why it’s imperative everyone who’s involved in the online world is on top of these latest scams, so they can protect themselves as much as possible.