Top fraud schemes threatening e-commerce

[harlan4096]

How cybercriminals can exploit your online store — and how to stop them.
 
According to Juniper Research data, global e-commerce turnover surpassed $7 trillion in 2024, and is projected to grow by 1.5 times over the next five years. But cybercriminal interest in this field is growing even faster. Last year, losses from fraud exceeded $44 billion — and they’re expected to reach US$107 billion within five years.

Any online platform — regardless of size or industry — can become a target, whether it’s a content marketplace, a hardware store, a travel agency, or a water park website. If you accept payments, run a loyalty program, and allow creation of customer accounts, fraudsters will definitely come knocking. So which attack schemes are most common, what kind of damage can they cause, and how can you stop them?

Account theft

Thanks to infostealers and various database leaks, attackers have access to billions of email-password combinations used on various sites. They can try these combinations on any other site with user accounts, on the assumption that humans often use the same password for different services. This attack method is known as “credential stuffing”, and if successful, attackers can place orders using the victim’s linked bank card or spend loyalty points. Criminals can also use compromised accounts to make fraudulent payments with other credit cards.

Testing stolen cards

Just as with login credentials, attackers may have a database of credit-card data stolen using malware. They need to test which cards are still valid and can process online payments — and for this, any e-commerce site will do. These “test” purchases are usually small. Working cards are then resold to other criminals, who go on to drain the funds in various ways.

From the store’s side, this looks like a customer adding a bunch of random inexpensive items to their cart and repeatedly trying to check out, each time with a different card. Even small stores can end up with hundreds of abandoned carts. Eventually, the payment gateway may block the store for exceeding the allowed number of failed payment attempts.

Buyer fraud

Sometimes real customers may complete an order, only to later tell their bank they never made the purchase — and demand a refund. This could be a case of deliberate fraud, or simply one family member using another’s card without permission — for instance, a teenager using a parent’s card. Although such incidents are usually small-scale, they can still cause serious damage — especially if the store becomes known in “lifehacker” communities as a site that easily refunds money.

Continue Reading...