Resources / Glossary
Fraud Prevention Glossary
Fraud and abuse prevention is constantly evolving. Inconsistent definitions lead to confusion, misaligned strategies, and missed risk. This fraud prevention glossary gives ecommerce merchants and CX teams clear, practical definitions of the most important terms used across fraud prevention, chargebacks, policy abuse, and post-purchase abuse.
Account Takeover
Account takeover refers to the unauthorized access and control of someone else’s online account by a fraudster. It involves the fraudulent acquisition of login credentials, such as usernames and passwords, to gain unauthorized access to an individual’s or organization’s account across various platforms, including email, social media, banking, or ecommerce.
Address Verification Systems
Address verification systems (AVS) are tools or services used by financial institutions to validate the accuracy and legitimacy of a provided address. The primary purpose of AVS is to help merchants prevent fraud. This used to be the gold standard and the banks thought that if a card was stolen, the thief would have no way of knowing the correct billing address. However, because of the explosion of data breaches, AVS verified addresses are often sold alongside stolen card credentials such as credit card number, expiration date, and CVV code. So while AVS data can be a helpful tool in fraud prevention, it can no longer be solely relied upon.
Affiliate Fraud
Affiliate fraud, also known as affiliate marketing fraud, refers to deceptive practices aimed at manipulating or abusing affiliate marketing programs for financial gain. In affiliate marketing, businesses reward affiliates (publishers or marketers) for driving traffic or generating sales through their promotional efforts. However, fraudsters exploit this system to fraudulently earn commissions or benefits without legitimate referrals or actions.
Botnets
Botnets are networks of hijacked computers and devices, controlled by an attacker known as a “botmaster.” These infected devices, called “bots,” are used to perform various malicious activities, such as launching Distributed Denial of Service (DDoS) attacks, sending spam emails, stealing data, or spreading malware without the knowledge or consent of their owners. Botnets leverage the collective computing power of the compromised devices to execute large-scale cyber attacks, making them a significant threat in the cybersecurity landscape.
Boxing
Similar to product swaps, boxing occurs when a fraudster submits a claim to return the purchased item, but the original item is not returned. A criminal committing return fraud by boxing will purchase a high-value item and then return an inferior product of significantly less or no value. For example, the fraudster may buy a TV and replace the original contents with plywood to maintain the weight of the original product, thinking they’ll automatically be credited their refund once the return label is scanned (prior to inspection).
Bracketing
Bracketing is a return fraud scheme that involves a consumer purchasing multiple versions of an item (e.g., different sizes or colors) with the intention of keeping only one and returning the rest. This practice, while not always fraudulent, can be exploited by shoppers to essentially “try before they buy” at the expense of the retailer, leading to increased returns, handling costs, and logistical challenges, especially when done excessively or with fraudulent intent, such as returning used or damaged items.
Bricking
Bricking is a return fraud scheme that involves tampering with a device to make it non-operational before returning it. Fraudsters deliberately damage items to render them unusable, and then seek a return or refund under the pretense that the item was defective upon receipt. The returned item, now ‘bricked’ or rendered useless, causes a loss to the merchant.
Brute Force Attack
A brute force attack is a type of cybersecurity attack in which an attacker attempts to gain unauthorized access to a system, account, or encrypted data by systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This method is typically used when the attacker has no prior knowledge of the target’s password or key.
Buy Now Pay Later (BNPL) Fraud
Buy Now Pay Later (BNPL) fraud refers to fraudulent activities or scams involving the use of Buy Now Pay Later services. BNPL services (e.g., Affirm, Klarna, Afterpay) allow consumers to make purchases and defer payment, typically in installments, instead of paying the full amount upfront. While BNPL options provide convenience and flexibility for consumers, fraudsters exploit these services by using stolen credit card information or avoiding repayment.
Buy Online, Pick Up In Store
Buy Online Pickup In Store (BOPIS), also known as Click and Collect, is a retail fulfillment model that allows customers to purchase products online and pick them up at a physical store location. It offers convenience and flexibility to consumers by combining the ease of online shopping with the immediacy of in-store pickup. However, like any retail transaction, BOPIS can be vulnerable to fraud. Fraudsters use BOPIS to avoid having products shipped to a physical address, which could raise suspicion.
Card Skimming
Card skimming is a type of credit card fraud in which criminals use a small, inconspicuous device known as a skimmer to steal card information from unsuspecting victims. Skimmers are typically placed on legitimate card-reading devices, such as ATMs, gas station pumps, point-of-sale (POS) terminals, and other payment systems. When a person inserts their credit or debit card into the compromised machine, the skimmer captures the card’s magnetic stripe data, including the card number and sometimes the cardholder’s name and other details.
Card Testing Fraud
Card testing fraud, also known as credit card testing or carding, is a type of fraudulent activity where fraudsters test the validity and usability of stolen or compromised credit card information. The purpose of card testing is to determine which stolen card details are still active and have available credit or funds. Card testing can be easily identified based on the velocity of attempts with a common trait being all orders are coming from the same IP address. If undetected, card testing can run up overwhelming gateway fees if basic bot prevention software is not installed on a merchant’s website.
Card-Not-Present (CNP) Transaction
Card-not-present (CNP) fraud is a type of payment card fraud that occurs when a credit or debit card is used for a transaction in which the physical card is not present. In CNP transactions, a fraudster uses the victim’s card without their authorization. The fraudster will make purchases using the victim’s card details, such as the card number, expiration date, and the card’s security code (e.g., CVV), but the card itself is not swiped, inserted, or physically presented to a merchant. CNP fraud is commonly associated with online and phone transactions, as well as mail-order and catalog purchases.
Card-Not-Present Fraud (CNP Fraud)
Card-not-present (CNP) fraud is a type of payment card fraud that occurs when a credit or debit card is used for a transaction in which the physical card is not present. In CNP transactions, a fraudster uses the victim’s card without their authorization. The fraudster will make purchases using the victim’s card details, such as the card number, expiration date, and the card’s security code (e.g., CVV), but the card itself is not swiped, inserted, or physically presented to a merchant. CNP fraud is commonly associated with online and phone transactions, as well as mail-order and catalog purchases.
Cart Abandonment
Cart abandonment, or checkout abandonment, refers to the situation where a website visitor adds items to their online shopping cart but leaves the website without completing the purchase. It is a common occurrence in ecommerce and can have a significant impact on a retailer’s revenue.
Chargeback Fraud
Chargeback fraud, also known as “friendly fraud,” occurs when a consumer makes a purchase with their credit card and then requests a chargeback from the issuing bank after receiving the purchased goods or services, falsely claiming the transaction was unauthorized or the item was never received. This deceitful practice not only results in the merchant losing the revenue from the sale but also often incurs additional fees and can damage their reputation with credit card processors.
Chargeback Management
Chargeback management refers to the process of effectively handling and resolving chargebacks, which occur when a customer disputes a charge on their credit or debit card and requests a refund from the card issuer. Chargebacks can be a complex and time-consuming aspect of managing payment disputes, and effective chargeback management aims to minimize financial losses, identify business processes that need improvement and save on labor costs.
Chargeback Representment
Chargeback representment is the process by which merchants can dispute chargebacks. When a customer files a chargeback, claiming that a transaction was unauthorized, fraudulent, or unsatisfactory, the merchant has the opportunity to provide evidence and arguments to challenge the chargeback and recover the funds. During representment, the merchant gathers relevant documentation, such as sales receipts, shipping records, proof of delivery, customer communication, and any other evidence supporting the validity of the transaction. This evidence is then submitted to the merchant’s payment processor or acquiring bank, who acts on behalf of the merchant in presenting the case to the customer’s bank or credit card company. The goal of chargeback representment is to prove that the charge in question is legitimate and therefore should not be reversed.
Chargebacks
Chargebacks occur when a customer disputes a charge with their financial institution. Often, chargebacks are a result of an unauthorized charge due to fraudulent activity. Less frequently, a chargeback can also result from merchant error, such as accidentally running a charge through twice, or by a legitimate customer who is dissatisfied with the product or service.
Checkout Abandonment
Checkout abandonment, also known as cart abandonment, refers to the situation where a customer adds products to their online shopping cart but leaves the website or abandons the purchase before completing the checkout process. It is a common phenomenon in ecommerce and can result in lost sales opportunities for businesses.
Credential Stuffing
Credential stuffing is a cyberattack method in which attackers use stolen username and password combinations from one data breach to gain unauthorized access to user accounts on various online services. This attack leverages the fact that many people reuse the same credentials (usernames and passwords) across multiple websites and services. When one of these websites is breached and user data is exposed, cybercriminals take these stolen credentials and attempt to access other accounts using the same username and password combinations.
Credit Card Fraud
Credit card fraud, also known as card-not-present fraud, refers to fraudulent activities that occur during the checkout process of an online transaction. It involves the unauthorized use of someone else’s payment information to make purchases without their knowledge or consent. Credit card fraud is particularly common in ecommerce and online shopping scenarios where the physical presence of the payment card is not required.
Credit Grooming
Often used in synthetic identities, credit grooming occurs when a fraudster opens a new account and starts by making small, legitimate purchases to build a positive transaction history and credit record. Once the synthetic identity has sufficiently established a credit history, the fraudster may use the fake identity to make other fraudulent purchases.
Curbside Pickup Fraud
Curbside pickup (or “Buy online, pickup at curbside”) fraud involves deceptive practices aimed at exploiting the curbside pickup services offered by retailers. In this type of fraud, individuals may engage in various schemes to obtain goods without legitimate payment or to take advantage of the convenience of curbside services for illicit gains. Common tactics include using stolen credit card information to make online purchases for curbside pickup, falsely claiming non-receipt of items to obtain refunds, or manipulating the pickup process to deceive retailers. Curbside pickup fraud exploits the streamlined nature of these services, making it challenging for retailers to verify the authenticity of orders and prevent fraud. Retailers can respond by implementing stricter security measures, enhanced verification processes, and increased vigilance to protect against curbside pickup fraud.
Dark Web
The dark web is a part of the internet that is intentionally hidden and not indexed by traditional search engines. It is a subset of the deep web, which includes all web pages not indexed by search engines, but the dark web specifically refers to websites and online content that are intentionally concealed and typically associated with illegal or illicit activities.
Device Intelligence
Device intelligence refers to the use of data and analytics to gather information about devices used by individuals, such as smartphones, tablets, or computers, in order to assess their risk profile, detect fraud, and enhance security. By analyzing various attributes and patterns associated with a device, fraud solutions ingest device intelligence along with the other data they collected, or have at hand to identify anomalies, suspicious activities, or potential risks.
Digital Wallet Fraud
Digital wallet fraud refers to fraudulent activities that specifically target digital wallet services like Apple Pay, Paypal, Google Pay. Also known as mobile wallets or e-wallets, digital wallets are applications or platforms that allow users to store payment information, make online transactions, and conduct in-store payments using their mobile devices or other electronic devices. While digital wallets offer convenience and security, they can also be vulnerable to various types of fraud. Digital wallets obscure customer payment information and oftentimes don’t require standard authentication, making it easier for fraudsters to use stolen credit cards and harder for merchants to have the evidence they need to fight chargebacks.
Distributed Denial of Service (DDoS)
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular functioning of a network, service, website, or online application by overwhelming it with a flood of internet traffic. The objective of a DDoS attack is to render the target system or network unavailable to its users, causing downtime, slowdowns, or service disruption. Cybercriminals might launch a DDoS attack on a targeted organization’s network to divert the attention of IT and security teams while simultaneously carrying out a separate fraud scheme, such as attempting to steal sensitive data or conduct financial fraud. The DDoS attack serves as a smokescreen to distract from the actual fraudulent activities. This is a tactic employed by cybercriminals to create chaos and confusion, making it more challenging for security personnel to detect and respond to multiple threats simultaneously.
Fake Tracking ID (FTID)
Fake Tracking ID (FTID) is a package redirection scam that involves manipulating the tracking information on a label. Shipping companies only require the tracking information on a label to scan it. Scammers will manipulate the label to maintain scan functionality, which often triggers a refund issuance, while ensuring it gets lost. This manipulation varies in sophistication, ranging from intricate alterations to simple “cut and paste” methods. The tracking will often show as delivered to a random warehouse, designated for pickup, or will get lost once it passes the label scan at distribution. Ultimately, the recipient (if there is one) will have no idea who the package belongs to as the rest of the label, including return address, has also been edited.
False Declines
False declines, also known as false positives or wrongful rejections, occur when legitimate transactions are mistakenly declined or rejected as fraudulent. False declines can have a significant impact on both merchants and customers. For merchants, false declines result in lost sales, customer dissatisfaction, and potential damage to their reputation. Customers may experience frustration, inconvenience, and a loss of trust in the merchant’s payment system.
First-Party Fraud
First-party fraud refers to deceptive activities conducted by individuals using their own identities during the online purchasing process. This type of fraud involves intentionally providing false or misleading information by the legitimate account holder to exploit the system and gain financial benefits. Examples of first-party fraud in ecommerce include submitting fake payment details, manipulating personal information, or falsely claiming non-receipt of goods or services to obtain refunds or chargebacks.
Flipping
Flipping is a fraudulent scheme where criminals exploit online marketplaces to make illegitimate profits by making purchases using stolen credentials to flip or immediately list the goods for resale.
Fraud as a Service
Fraud as a Service (FaaS) is a cybercrime model where individuals or groups offer various fraudulent activities or services for a fee. For return fraud, professional refunders are paid a percentage to guarantee a return. These fraudsters will use a variety of methods to carry out their crimes — including fake tracking ID, innys, or item not received/did not receive — for those willing to pay for these services. Fraud as a Service is really hard to detect as the customer service calls seem very legitimate.
Fraud as an Enterprise
“Fraud as an enterprise” refers to a systematic and organized approach to fraudulent activities conducted by a group or organization with the intent of generating illicit profits. This concept involves treating fraud as a business model, complete with organizational structures, roles, and processes designed to maximize financial gains through deceptive and unlawful means. In such enterprises, individuals or groups collaborate to orchestrate various types of fraud, including financial fraud, identity theft, and other illicit activities. These criminal enterprises often exhibit characteristics similar to legitimate businesses, such as hierarchies, specialized roles, and division of labor, aiming to optimize efficiency and reduce the risk of detection. The term underscores the sophistication and scale of modern fraud operations, which can rival legitimate enterprises in terms of organization and strategic planning. Law enforcement and cybersecurity efforts often target such organized fraudulent activities to disrupt their operations and prosecute those involved.
Fraud Detection
Fraud detection refers to the process of identifying and detecting fraudulent activities or behaviors within a system or organization. It involves using various techniques, technologies, and analytical methods to identify patterns, anomalies, or suspicious activities that may indicate fraudulent behavior. Effective fraud detection helps in early identification and mitigation of fraud risks.
Fraud Prevention
Fraud prevention refers to the proactive measures and strategies implemented by individuals, organizations, and financial institutions to detect, deter, and mitigate fraudulent activities. Fraud can take various forms, such as identity theft, payment fraud, account takeover, or deceptive practices. Implementing effective fraud prevention measures is crucial to protect individuals and businesses from financial losses, reputational damage, and legal consequences.
Fraud Rings
Fraud rings are organized groups of criminals who collaborate to commit financial crimes, such as identity theft, credit card fraud, and loan fraud. These rings target ecommerce vulnerabilities and operate with a structured hierarchy, dividing tasks among members to efficiently execute large-scale fraudulent schemes. By working together, they can cause more significant financial damage than individual fraudsters, targeting both consumers and institutions across various sectors.
Fraud Risk Management
Fraud risk management refers to the strategies, processes, and measures implemented by organizations to identify, assess, mitigate, and monitor the risks associated with fraud. It involves the proactive identification of potential fraudulent activities, the implementation of controls and safeguards to prevent fraud, and the continuous monitoring and detection of fraudulent behavior. Effective fraud risk management helps organizations protect their assets, reputation, and stakeholders from the financial and operational impacts of fraud.
Fraudster
A fraudster is an individual or entity that engages in fraudulent activities, intentionally deceiving others for financial gain or other malicious purposes. Fraudsters employ various tactics to deceive and exploit victims, often through dishonest or illegal means. Their actions may involve identity theft, payment fraud, account takeovers, or other forms of fraudulent activities. Fraudsters are skilled at manipulating individuals or systems to achieve their fraudulent objectives, and they often target vulnerable individuals, businesses, or financial institutions. It is important to stay vigilant, protect sensitive information, and report any suspicious activities to authorities or relevant institutions to combat fraud and protect against potential harm caused by fraudsters.
Friendly Fraud
Friendly fraud, also known as chargeback fraud or friendly chargeback, occurs when a customer makes a legitimate purchase using their credit card or payment method but later disputes the charge and requests a chargeback from their bank or credit card company, claiming that the transaction was unauthorized or fraudulent. Unlike traditional fraud, friendly fraud involves the original account holder themselves initiating the fraudulent chargeback.
Gift Card Fraud
Gift card fraud refers to any deceptive or unauthorized activity involving gift cards, whether as a product or a payment method. Fraudsters exploit vulnerabilities in gift card systems to steal balances, launder money, or facilitate broader scams. This can include draining funds from legitimate gift card holders, purchasing gift cards with stolen credit cards, or tricking victims into buying and handing over gift card details under false pretenses. Because gift cards are often treated like cash and lack strong consumer protections, they are a prime target for scammers looking to commit fraud while staying anonymous.
Glitchmas
“Glitchmas” is a term used by criminals to describe the opportunity they find during the holiday season to exploit the chaos and staffing challenges, such as new or temporary employees, that merchants face. This period is seen as an ideal time for fraudsters to take advantage of the increased vulnerabilities in security and oversight, executing scams and fraudulent activities more easily amidst the festive hustle and bustle.
Identity Theft
Identity theft refers to the illegal acquisition and use of someone else’s personal information, such as their name, social security number, credit card details, or other identifying data, without their knowledge or consent. The purpose of identity theft is usually financial gain, and it can have severe consequences for the victims.
Inny Fraud
“Innys” or “innies” is a colloquial term referring to individuals who possess the capacity to aid criminals in committing fraud, often leveraging their access to products, packages, or software through their employment. These individuals may include friends, relatives, or recruits seeking a share in the unlawful gains orchestrated by a criminal mastermind.
Interception Fraud
Interception fraud, also known as man-in-the-middle (MITM) fraud, occurs when an unauthorized third-party intercepts and manipulates communication between two parties engaged in a transaction or data exchange. The fraudster positions themselves between the legitimate sender and receiver to eavesdrop on or alter the information being transmitted, or intercept a package during shipment.
IP Address Geolocation Tracking
IP address geolocation tracking is a method used to determine the approximate geographic location of an internet-connected device based on its IP address. Every device connected to the internet is assigned a unique IP address, which can provide information about the general location of the device. IP geolocation tracking is often used for various purposes, including fraud detection, targeted advertising, content localization, and website analytics.
Item Arrived Damaged
A fraudulent ‘item arrived damaged’ claim occurs when a customer deceitfully asserts that a product they received was damaged during shipping or delivery. For example, falsely claiming a leaky battery was delivered to secure an instant refund or replacement that can be used for illegitimate resale or to gain two items for free.
Item Not Received (INR)
“Item Not Received” (INR) fraud refers to fraudsters falsely claiming that they did not receive the purchased item with the intention of obtaining a refund or a replacement item without paying for it.
Man-in-the-Middle (MitM) Attacks
Man-in-the-middle (MITM) attacks occur when an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. This type of cyber attack allows the attacker to eavesdrop on, manipulate, or steal sensitive data exchanged during the communication, such as login credentials, personal information, or financial details, without the knowledge of the legitimate parties involved.
Manual Review
Manual review is a process in which a human reviewer assesses and evaluates certain transactions, accounts, or activities manually, rather than relying solely on automated systems or algorithms. Activities include looking up shipping addresses, spending time on Google, and sometimes reaching out to customers in an attempt to verify their identity.
Merchant Fraud
Merchant fraud, also known as merchant-based fraud, refers to fraudulent activities committed by merchants or businesses themselves. It involves deceptive practices aimed at unlawfully obtaining financial gain or exploiting loopholes in payment processes. Merchant fraud can take various forms and negatively impact both consumers and other businesses. For example, a common merchant fraud scheme involves fraudsters creating a fake online store that sells products but never delivers them or delivers a cheaper item in lieu of the higher priced product the customer intended on purchasing.
Money Laundering
Money laundering involves using online transactions to disguise the origins of illegally obtained money. In ecommerce, criminals exploit merchants to move money through various accounts by buying and selling goods or services, often with inflated prices, to make the funds appear legitimate. This method complicates tracking the money’s original source, making it a challenging issue for law enforcement and financial institutions to detect and prevent.
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or two-step verification, is a security process that requires users to provide two or more different authentication factors to verify their identity when logging into an account, system, or application. MFA adds an extra layer of security beyond traditional username and password authentication by making it significantly more difficult for unauthorized users to gain access.
Order Missing Some Items
“Order missing some items” is a claim that customers assert when an item is missing from their order or that they received an empty box. Such claims are infrequent but can indicate potential return fraud. If such claims become more prevalent, consider it a red flag and possible that your business is being promoted by fraudsters on forums as an easy target. These claims pose a challenge to disprove, highlighting the importance of vigilant fraud detection measures.
Payment Gateway Fraud
Payment gateway fraud refers to fraudulent activities that target payment gateways, which are the technology infrastructure used to facilitate secure online payment transactions. Fraudsters exploit vulnerabilities in payment gateways to carry out unauthorized transactions, gain access to sensitive payment information, or manipulate payment processes for their financial gain.
Payments Fraud
Payments fraud in ecommerce is the criminal act of using illegitimate financial or login credentials to purchase goods or services on the internet. Fraudsters may use stolen credit card numbers to complete a purchase or obtain a cardholder’s store login credentials and take over an existing account using the cardholder’s saved payment information. Legitimate cardholders may also commit ecommerce fraud in the form of fraudulent chargeback claims.
Phishing
Phishing is a type of cyberattack or social engineering technique where attackers attempt to deceive individuals into revealing sensitive and confidential information, such as login credentials, financial details, or personal information. This is typically done by posing as a trusted entity or individual through various means, often through email, but also through other communication channels like text messages, social media, or phone calls. The goal of phishing attacks is to trick the victim into taking specific actions that benefit the attacker, such as clicking on a malicious link, opening a malicious attachment, or providing sensitive information.
Post-Gateway Fraud Prevention
Post-gateway fraud prevention refers to the set of security measures and strategies employed to detect and prevent fraudulent activities after they have passed through a payment gateway or other critical points in an online transaction process. While pre-gateway fraud prevention focuses on identifying and blocking potentially fraudulent transactions in real-time before they are processed, post-gateway fraud prevention comes into play after the transaction has been approved and processed. Post-gateway fraud prevention is crucial for identifying and addressing fraudulent transactions that may have initially gone undetected during the authorization process.
Pre-Gateway Fraud Prevention
Pre-gateway fraud prevention refers to a set of security measures and strategies designed to detect and prevent fraudulent activities before they reach a payment gateway or other critical points in an online transaction process. The objective is to identify and block potentially fraudulent transactions in real-time, reducing the risk of financial loss and protecting both consumers and businesses from various forms of payment fraud.
Product Swaps
Similar to boxing, product swaps happen when a fraudster submits a claim to return the purchased item, but the original item is not returned. A criminal committing return fraud via product swap will purchase a high-value item and then return a similar, non-authentic item.
Promo Abuse
Promo abuse, or promo fraud, refers to deceptive practices involving the misuse or unauthorized application of promotional offers, discount codes, or coupons by fraudsters to obtain merchandise below market value. This type of fraud can include creating fake coupons, exploiting loopholes in promotional offers, or using stolen information to illegitimately claim discounts. Businesses can suffer significant losses from such activities, impacting their revenue, damaging brand reputation, and undermining the trust of genuine customers.
Referral Fraud
Referral fraud, also known as referral program fraud or referral abuse, occurs when individuals or fraudsters manipulate referral programs or systems to fraudulently gain benefits, rewards, or incentives. Referral programs are designed to incentivize existing customers or users to refer new customers or users to a business or platform. However, fraudsters exploit these programs by engaging in deceptive practices to generate fake or invalid referrals.
Refund Abuse
Refund abuse is a form of fraud where consumers exploit a merchant’s return policy to gain financially without valid cause. This can involve returning items that have been used, falsely claiming an item was not received, or using a product before returning it for a full refund. Such practices cause financial losses for businesses and can lead to stricter return policies, affecting genuine customers.
Reseller Fraud
Reseller fraud, also known as reseller abuse, is the unauthorized sale of products or services through online marketplaces. Reseller fraud happens when a reseller distributes a product without having an official relationship or agreement with the original merchant.
Reshipping
Reshipping scams involve fraudsters tricking individuals into forwarding packages, often under the guise of legitimate employment. The scam typically starts with an offer to work from home as a “shipping coordinator,” where the victim receives goods purchased with stolen credit cards and then ships them to addresses, usually abroad. This process helps criminals launder stolen goods by obscuring the items’ origin and final destination, leaving the unsuspecting participant exposed to legal action and negative financial consequences.
Return Fraud
Return fraud, sometimes called returns fraud or refund fraud, is a type of retail fraud where scammers unlawfully exploit a return policy to gain a financial advantage or merchandise for free. It can involve returning stolen goods for a refund or store credit, using counterfeit receipts, or purchasing items to use temporarily before returning them for a full refund.
Risk Scoring
Risk scoring is the process of assigning a numerical score to evaluate the level of risk associated with a particular transaction or customer within an ecommerce business. This scoring system helps businesses identify and prioritize high-risk transactions or customers, allowing them to take appropriate actions, such as approving, reviewing, or rejecting transactions. Risk scoring is a crucial component of fraud prevention and risk management in online retail.
Smishing (SMS Phishing)
Smishing, a term that combines “SMS” with “phishing,” is a type of phishing scam that targets victims through text messages rather than emails. In smishing attacks, scammers send fraudulent messages that appear to be from reputable sources, such as businesses or trusted financial institutions, aiming to deceive recipients into providing sensitive personal information, such as passwords, credit card numbers, or social security numbers. These messages often contain urgent or enticing prompts that encourage the recipient to take immediate action, typically by clicking on a malicious link or replying with personal information.
Social Engineering
Social engineering is a manipulative technique used by cybercriminals to deceive shoppers or employees of organizations into divulging confidential information, granting unauthorized access, or performing actions that compromise security. It exploits human psychology and trust to gain access to sensitive data or systems. Social engineering attacks rely on deception and manipulation rather than technical vulnerabilities.
Software Trojan Horses
A software trojan horse is a malicious software program that disguises itself as a legitimate and benign application to deceive users into unwittingly installing it. These cyberattacks predominantly target software capable of processing refunds, including returns and customer support applications, with the goal of facilitating swift refunds on behalf of professional refunders.
Spear Phishing
Spear phishing is a highly targeted form of phishing attack where the attacker customizes their message based on specific characteristics of the recipient, such as their name, job position, or other personal information. The goal is to trick the individual into revealing confidential information or performing actions that compromise security, such as downloading malware or providing access to secure systems. This personalized approach makes spear phishing much more effective than broader phishing attempts, as the tailored communication appears more legitimate and trustworthy to the target.
Subscription Fraud
Subscription fraud, also known as subscription-based fraud or account takeover fraud, occurs when an individual or a fraudster gains unauthorized access to someone else’s personal or financial information to fraudulently sign up for subscription services or accounts. The fraudulent party takes advantage of the victim’s identity or payment details to initiate subscriptions without their knowledge or consent. With subscription fraud, attackers will also try to manipulate loopholes in the integration between subscription and fraud prevention solutions in an attempt to bypass fraud detection.
Synthetic Identity Fraud
Synthetic identity fraud involves the creation of false identities by combining real and/or fictitious information to establish fraudulent accounts or conduct deceptive financial transactions. Unlike traditional identity theft, where an individual’s existing personal information is stolen, synthetic identity fraud fabricates entirely new identities. Perpetrators often use a mix of genuine and fictitious data, such as combining a real social security number with a fabricated name or address. The goal is to create an identity that appears legitimate to financial institutions, allowing fraudsters to open credit accounts, obtain loans, or engage in other financial activities without immediate detection. Synthetic identity fraud is challenging to detect because the identities involved may not correspond to real individuals, making it difficult for traditional identity verification methods to flag suspicious activities. This type of fraud poses a significant threat to financial institutions, businesses, and consumers alike.
Triangulation Fraud
Triangulation fraud involves three parties — the fraudster, the unsuspecting legitimate shopper and the ecommerce store. An online storefront is created by the fraudster, often on eBay or Amazon, that offers high-demand goods at extremely low prices. The store collects payment for the goods it sells. The fraudster then uses other stolen credit card data and the names collected in orders on his online storefront to purchase goods from a legitimate website and ships them to the customers that purchased on his new online storefront. This type of fraud can usually be identified by the products that are targeted as well as some investigative work by locating the unsuspecting shopper who can identify the storefront where the stolen goods were purchased.
Velocity Checks
Velocity checks, also known as velocity limits or velocity rules, in the context of cybersecurity and fraud prevention, are mechanisms used to monitor and control the rate at which certain actions or transactions can occur within a system or application. These checks are employed to detect and prevent fraudulent or malicious activities, such as account takeovers, card-not-present (CNP) fraud, or Distributed Denial of Service (DDoS) attacks, by limiting the frequency or speed of these actions.
Verification Checks
Verification checks refer to the process of verifying the accuracy, authenticity, or eligibility of certain information or individuals. These checks are commonly used in various contexts, such as online transactions, account registrations, employment screening, identity verification, and more. Verification checks help ensure that the provided information is valid and reliable, reducing the risk of fraud or misuse.
Vishing (Voice Phishing)
Vishing, a portmanteau of “voice” and “phishing,” is a scamming technique wherein fraudsters use phone calls to trick individuals into divulging personal, financial, or security information. Unlike traditional phishing attacks that rely on email, vishing calls may appear to come from legitimate institutions, such as banks or government agencies, exploiting the perceived authenticity and urgency of voice communication to persuade victims to act against their interests.
Wardrobing
Wardrobing refers to a form of fraud or unethical behavior associated with the misuse of a product return policy when the purchaser temporarily uses the item and then returns the goods for a refund. Wardrobing items are typically clothing or fashion items and the item is sometimes used for work, a special event, or even just for a photo op (think #OOTD posts on Instagram).
Website Spoofing
Website spoofing refers to the malicious act of creating a fake website or webpage that mimics the design, interface, and functionality of a legitimate site. The purpose of spoofed sites is usually to deceive visitors into believing they are interacting with the real website or ecommerce brand, often with the intent of stealing sensitive information such as login credentials, financial data, or personal identity details. Spoofed websites can be strikingly similar to the originals, employing similar URLs (often with subtle misspellings or character substitutions), logos, layouts, and content to trick users. This technique is commonly used in phishing attacks, where attackers lure victims to these fake sites through deceptive emails or social media messages, exploiting their trust to gain unauthorized access to accounts, commit fraud, or distribute malware.
Account Takeover
Account takeover refers to the unauthorized access and control of someone else’s online account by a fraudster. It involves the fraudulent acquisition of login credentials, such as usernames and passwords, to gain unauthorized access to an individual’s or organization’s account across various platforms, including email, social media, banking, or ecommerce.
Address Verification Systems
Address verification systems (AVS) are tools or services used by financial institutions to validate the accuracy and legitimacy of a provided address. The primary purpose of AVS is to help merchants prevent fraud. This used to be the gold standard and the banks thought that if a card was stolen, the thief would have no way of knowing the correct billing address. However, because of the explosion of data breaches, AVS verified addresses are often sold alongside stolen card credentials such as credit card number, expiration date, and CVV code. So while AVS data can be a helpful tool in fraud prevention, it can no longer be solely relied upon.
Affiliate Fraud
Affiliate fraud, also known as affiliate marketing fraud, refers to deceptive practices aimed at manipulating or abusing affiliate marketing programs for financial gain. In affiliate marketing, businesses reward affiliates (publishers or marketers) for driving traffic or generating sales through their promotional efforts. However, fraudsters exploit this system to fraudulently earn commissions or benefits without legitimate referrals or actions.
Botnets
Botnets are networks of hijacked computers and devices, controlled by an attacker known as a “botmaster.” These infected devices, called “bots,” are used to perform various malicious activities, such as launching Distributed Denial of Service (DDoS) attacks, sending spam emails, stealing data, or spreading malware without the knowledge or consent of their owners. Botnets leverage the collective computing power of the compromised devices to execute large-scale cyber attacks, making them a significant threat in the cybersecurity landscape.
Boxing
Similar to product swaps, boxing occurs when a fraudster submits a claim to return the purchased item, but the original item is not returned. A criminal committing return fraud by boxing will purchase a high-value item and then return an inferior product of significantly less or no value. For example, the fraudster may buy a TV and replace the original contents with plywood to maintain the weight of the original product, thinking they’ll automatically be credited their refund once the return label is scanned (prior to inspection).
Bracketing
Bracketing is a return fraud scheme that involves a consumer purchasing multiple versions of an item (e.g., different sizes or colors) with the intention of keeping only one and returning the rest. This practice, while not always fraudulent, can be exploited by shoppers to essentially “try before they buy” at the expense of the retailer, leading to increased returns, handling costs, and logistical challenges, especially when done excessively or with fraudulent intent, such as returning used or damaged items.
Bricking
Bricking is a return fraud scheme that involves tampering with a device to make it non-operational before returning it. Fraudsters deliberately damage items to render them unusable, and then seek a return or refund under the pretense that the item was defective upon receipt. The returned item, now ‘bricked’ or rendered useless, causes a loss to the merchant.
Brute Force Attack
A brute force attack is a type of cybersecurity attack in which an attacker attempts to gain unauthorized access to a system, account, or encrypted data by systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This method is typically used when the attacker has no prior knowledge of the target’s password or key.
Buy Now Pay Later (BNPL) Fraud
Buy Now Pay Later (BNPL) fraud refers to fraudulent activities or scams involving the use of Buy Now Pay Later services. BNPL services (e.g., Affirm, Klarna, Afterpay) allow consumers to make purchases and defer payment, typically in installments, instead of paying the full amount upfront. While BNPL options provide convenience and flexibility for consumers, fraudsters exploit these services by using stolen credit card information or avoiding repayment.
Buy Online, Pick Up In Store
Buy Online Pickup In Store (BOPIS), also known as Click and Collect, is a retail fulfillment model that allows customers to purchase products online and pick them up at a physical store location. It offers convenience and flexibility to consumers by combining the ease of online shopping with the immediacy of in-store pickup. However, like any retail transaction, BOPIS can be vulnerable to fraud. Fraudsters use BOPIS to avoid having products shipped to a physical address, which could raise suspicion.
Card Skimming
Card skimming is a type of credit card fraud in which criminals use a small, inconspicuous device known as a skimmer to steal card information from unsuspecting victims. Skimmers are typically placed on legitimate card-reading devices, such as ATMs, gas station pumps, point-of-sale (POS) terminals, and other payment systems. When a person inserts their credit or debit card into the compromised machine, the skimmer captures the card’s magnetic stripe data, including the card number and sometimes the cardholder’s name and other details.
Card Testing Fraud
Card testing fraud, also known as credit card testing or carding, is a type of fraudulent activity where fraudsters test the validity and usability of stolen or compromised credit card information. The purpose of card testing is to determine which stolen card details are still active and have available credit or funds. Card testing can be easily identified based on the velocity of attempts with a common trait being all orders are coming from the same IP address. If undetected, card testing can run up overwhelming gateway fees if basic bot prevention software is not installed on a merchant’s website.
Card-Not-Present (CNP) Transaction
Card-not-present (CNP) fraud is a type of payment card fraud that occurs when a credit or debit card is used for a transaction in which the physical card is not present. In CNP transactions, a fraudster uses the victim’s card without their authorization. The fraudster will make purchases using the victim’s card details, such as the card number, expiration date, and the card’s security code (e.g., CVV), but the card itself is not swiped, inserted, or physically presented to a merchant. CNP fraud is commonly associated with online and phone transactions, as well as mail-order and catalog purchases.
Card-Not-Present Fraud (CNP Fraud)
Card-not-present (CNP) fraud is a type of payment card fraud that occurs when a credit or debit card is used for a transaction in which the physical card is not present. In CNP transactions, a fraudster uses the victim’s card without their authorization. The fraudster will make purchases using the victim’s card details, such as the card number, expiration date, and the card’s security code (e.g., CVV), but the card itself is not swiped, inserted, or physically presented to a merchant. CNP fraud is commonly associated with online and phone transactions, as well as mail-order and catalog purchases.
Cart Abandonment
Cart abandonment, or checkout abandonment, refers to the situation where a website visitor adds items to their online shopping cart but leaves the website without completing the purchase. It is a common occurrence in ecommerce and can have a significant impact on a retailer’s revenue.
Chargeback Fraud
Chargeback fraud, also known as “friendly fraud,” occurs when a consumer makes a purchase with their credit card and then requests a chargeback from the issuing bank after receiving the purchased goods or services, falsely claiming the transaction was unauthorized or the item was never received. This deceitful practice not only results in the merchant losing the revenue from the sale but also often incurs additional fees and can damage their reputation with credit card processors.
Chargeback Management
Chargeback management refers to the process of effectively handling and resolving chargebacks, which occur when a customer disputes a charge on their credit or debit card and requests a refund from the card issuer. Chargebacks can be a complex and time-consuming aspect of managing payment disputes, and effective chargeback management aims to minimize financial losses, identify business processes that need improvement and save on labor costs.
Chargeback Representment
Chargeback representment is the process by which merchants can dispute chargebacks. When a customer files a chargeback, claiming that a transaction was unauthorized, fraudulent, or unsatisfactory, the merchant has the opportunity to provide evidence and arguments to challenge the chargeback and recover the funds. During representment, the merchant gathers relevant documentation, such as sales receipts, shipping records, proof of delivery, customer communication, and any other evidence supporting the validity of the transaction. This evidence is then submitted to the merchant’s payment processor or acquiring bank, who acts on behalf of the merchant in presenting the case to the customer’s bank or credit card company. The goal of chargeback representment is to prove that the charge in question is legitimate and therefore should not be reversed.
Chargebacks
Chargebacks occur when a customer disputes a charge with their financial institution. Often, chargebacks are a result of an unauthorized charge due to fraudulent activity. Less frequently, a chargeback can also result from merchant error, such as accidentally running a charge through twice, or by a legitimate customer who is dissatisfied with the product or service.
Checkout Abandonment
Checkout abandonment, also known as cart abandonment, refers to the situation where a customer adds products to their online shopping cart but leaves the website or abandons the purchase before completing the checkout process. It is a common phenomenon in ecommerce and can result in lost sales opportunities for businesses.
Credential Stuffing
Credential stuffing is a cyberattack method in which attackers use stolen username and password combinations from one data breach to gain unauthorized access to user accounts on various online services. This attack leverages the fact that many people reuse the same credentials (usernames and passwords) across multiple websites and services. When one of these websites is breached and user data is exposed, cybercriminals take these stolen credentials and attempt to access other accounts using the same username and password combinations.
Credit Card Fraud
Credit card fraud, also known as card-not-present fraud, refers to fraudulent activities that occur during the checkout process of an online transaction. It involves the unauthorized use of someone else’s payment information to make purchases without their knowledge or consent. Credit card fraud is particularly common in ecommerce and online shopping scenarios where the physical presence of the payment card is not required.
Credit Grooming
Often used in synthetic identities, credit grooming occurs when a fraudster opens a new account and starts by making small, legitimate purchases to build a positive transaction history and credit record. Once the synthetic identity has sufficiently established a credit history, the fraudster may use the fake identity to make other fraudulent purchases.
Curbside Pickup Fraud
Curbside pickup (or “Buy online, pickup at curbside”) fraud involves deceptive practices aimed at exploiting the curbside pickup services offered by retailers. In this type of fraud, individuals may engage in various schemes to obtain goods without legitimate payment or to take advantage of the convenience of curbside services for illicit gains. Common tactics include using stolen credit card information to make online purchases for curbside pickup, falsely claiming non-receipt of items to obtain refunds, or manipulating the pickup process to deceive retailers. Curbside pickup fraud exploits the streamlined nature of these services, making it challenging for retailers to verify the authenticity of orders and prevent fraud. Retailers can respond by implementing stricter security measures, enhanced verification processes, and increased vigilance to protect against curbside pickup fraud.
Dark Web
The dark web is a part of the internet that is intentionally hidden and not indexed by traditional search engines. It is a subset of the deep web, which includes all web pages not indexed by search engines, but the dark web specifically refers to websites and online content that are intentionally concealed and typically associated with illegal or illicit activities.
Device Intelligence
Device intelligence refers to the use of data and analytics to gather information about devices used by individuals, such as smartphones, tablets, or computers, in order to assess their risk profile, detect fraud, and enhance security. By analyzing various attributes and patterns associated with a device, fraud solutions ingest device intelligence along with the other data they collected, or have at hand to identify anomalies, suspicious activities, or potential risks.
Digital Wallet Fraud
Digital wallet fraud refers to fraudulent activities that specifically target digital wallet services like Apple Pay, Paypal, Google Pay. Also known as mobile wallets or e-wallets, digital wallets are applications or platforms that allow users to store payment information, make online transactions, and conduct in-store payments using their mobile devices or other electronic devices. While digital wallets offer convenience and security, they can also be vulnerable to various types of fraud. Digital wallets obscure customer payment information and oftentimes don’t require standard authentication, making it easier for fraudsters to use stolen credit cards and harder for merchants to have the evidence they need to fight chargebacks.
Distributed Denial of Service (DDoS)
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular functioning of a network, service, website, or online application by overwhelming it with a flood of internet traffic. The objective of a DDoS attack is to render the target system or network unavailable to its users, causing downtime, slowdowns, or service disruption. Cybercriminals might launch a DDoS attack on a targeted organization’s network to divert the attention of IT and security teams while simultaneously carrying out a separate fraud scheme, such as attempting to steal sensitive data or conduct financial fraud. The DDoS attack serves as a smokescreen to distract from the actual fraudulent activities. This is a tactic employed by cybercriminals to create chaos and confusion, making it more challenging for security personnel to detect and respond to multiple threats simultaneously.
Fake Tracking ID (FTID)
Fake Tracking ID (FTID) is a package redirection scam that involves manipulating the tracking information on a label. Shipping companies only require the tracking information on a label to scan it. Scammers will manipulate the label to maintain scan functionality, which often triggers a refund issuance, while ensuring it gets lost. This manipulation varies in sophistication, ranging from intricate alterations to simple “cut and paste” methods. The tracking will often show as delivered to a random warehouse, designated for pickup, or will get lost once it passes the label scan at distribution. Ultimately, the recipient (if there is one) will have no idea who the package belongs to as the rest of the label, including return address, has also been edited.
False Declines
False declines, also known as false positives or wrongful rejections, occur when legitimate transactions are mistakenly declined or rejected as fraudulent. False declines can have a significant impact on both merchants and customers. For merchants, false declines result in lost sales, customer dissatisfaction, and potential damage to their reputation. Customers may experience frustration, inconvenience, and a loss of trust in the merchant’s payment system.
First-Party Fraud
First-party fraud refers to deceptive activities conducted by individuals using their own identities during the online purchasing process. This type of fraud involves intentionally providing false or misleading information by the legitimate account holder to exploit the system and gain financial benefits. Examples of first-party fraud in ecommerce include submitting fake payment details, manipulating personal information, or falsely claiming non-receipt of goods or services to obtain refunds or chargebacks.
Flipping
Flipping is a fraudulent scheme where criminals exploit online marketplaces to make illegitimate profits by making purchases using stolen credentials to flip or immediately list the goods for resale.
Fraud as a Service
Fraud as a Service (FaaS) is a cybercrime model where individuals or groups offer various fraudulent activities or services for a fee. For return fraud, professional refunders are paid a percentage to guarantee a return. These fraudsters will use a variety of methods to carry out their crimes — including fake tracking ID, innys, or item not received/did not receive — for those willing to pay for these services. Fraud as a Service is really hard to detect as the customer service calls seem very legitimate.
Fraud as an Enterprise
“Fraud as an enterprise” refers to a systematic and organized approach to fraudulent activities conducted by a group or organization with the intent of generating illicit profits. This concept involves treating fraud as a business model, complete with organizational structures, roles, and processes designed to maximize financial gains through deceptive and unlawful means. In such enterprises, individuals or groups collaborate to orchestrate various types of fraud, including financial fraud, identity theft, and other illicit activities. These criminal enterprises often exhibit characteristics similar to legitimate businesses, such as hierarchies, specialized roles, and division of labor, aiming to optimize efficiency and reduce the risk of detection. The term underscores the sophistication and scale of modern fraud operations, which can rival legitimate enterprises in terms of organization and strategic planning. Law enforcement and cybersecurity efforts often target such organized fraudulent activities to disrupt their operations and prosecute those involved.
Fraud Detection
Fraud detection refers to the process of identifying and detecting fraudulent activities or behaviors within a system or organization. It involves using various techniques, technologies, and analytical methods to identify patterns, anomalies, or suspicious activities that may indicate fraudulent behavior. Effective fraud detection helps in early identification and mitigation of fraud risks.
Fraud Prevention
Fraud prevention refers to the proactive measures and strategies implemented by individuals, organizations, and financial institutions to detect, deter, and mitigate fraudulent activities. Fraud can take various forms, such as identity theft, payment fraud, account takeover, or deceptive practices. Implementing effective fraud prevention measures is crucial to protect individuals and businesses from financial losses, reputational damage, and legal consequences.
Fraud Rings
Fraud rings are organized groups of criminals who collaborate to commit financial crimes, such as identity theft, credit card fraud, and loan fraud. These rings target ecommerce vulnerabilities and operate with a structured hierarchy, dividing tasks among members to efficiently execute large-scale fraudulent schemes. By working together, they can cause more significant financial damage than individual fraudsters, targeting both consumers and institutions across various sectors.
Fraud Risk Management
Fraud risk management refers to the strategies, processes, and measures implemented by organizations to identify, assess, mitigate, and monitor the risks associated with fraud. It involves the proactive identification of potential fraudulent activities, the implementation of controls and safeguards to prevent fraud, and the continuous monitoring and detection of fraudulent behavior. Effective fraud risk management helps organizations protect their assets, reputation, and stakeholders from the financial and operational impacts of fraud.
Fraudster
A fraudster is an individual or entity that engages in fraudulent activities, intentionally deceiving others for financial gain or other malicious purposes. Fraudsters employ various tactics to deceive and exploit victims, often through dishonest or illegal means. Their actions may involve identity theft, payment fraud, account takeovers, or other forms of fraudulent activities. Fraudsters are skilled at manipulating individuals or systems to achieve their fraudulent objectives, and they often target vulnerable individuals, businesses, or financial institutions. It is important to stay vigilant, protect sensitive information, and report any suspicious activities to authorities or relevant institutions to combat fraud and protect against potential harm caused by fraudsters.
Friendly Fraud
Friendly fraud, also known as chargeback fraud or friendly chargeback, occurs when a customer makes a legitimate purchase using their credit card or payment method but later disputes the charge and requests a chargeback from their bank or credit card company, claiming that the transaction was unauthorized or fraudulent. Unlike traditional fraud, friendly fraud involves the original account holder themselves initiating the fraudulent chargeback.
Gift Card Fraud
Gift card fraud refers to any deceptive or unauthorized activity involving gift cards, whether as a product or a payment method. Fraudsters exploit vulnerabilities in gift card systems to steal balances, launder money, or facilitate broader scams. This can include draining funds from legitimate gift card holders, purchasing gift cards with stolen credit cards, or tricking victims into buying and handing over gift card details under false pretenses. Because gift cards are often treated like cash and lack strong consumer protections, they are a prime target for scammers looking to commit fraud while staying anonymous.
Glitchmas
“Glitchmas” is a term used by criminals to describe the opportunity they find during the holiday season to exploit the chaos and staffing challenges, such as new or temporary employees, that merchants face. This period is seen as an ideal time for fraudsters to take advantage of the increased vulnerabilities in security and oversight, executing scams and fraudulent activities more easily amidst the festive hustle and bustle.
Identity Theft
Identity theft refers to the illegal acquisition and use of someone else’s personal information, such as their name, social security number, credit card details, or other identifying data, without their knowledge or consent. The purpose of identity theft is usually financial gain, and it can have severe consequences for the victims.
Inny Fraud
“Innys” or “innies” is a colloquial term referring to individuals who possess the capacity to aid criminals in committing fraud, often leveraging their access to products, packages, or software through their employment. These individuals may include friends, relatives, or recruits seeking a share in the unlawful gains orchestrated by a criminal mastermind.
Interception Fraud
Interception fraud, also known as man-in-the-middle (MITM) fraud, occurs when an unauthorized third-party intercepts and manipulates communication between two parties engaged in a transaction or data exchange. The fraudster positions themselves between the legitimate sender and receiver to eavesdrop on or alter the information being transmitted, or intercept a package during shipment.
IP Address Geolocation Tracking
IP address geolocation tracking is a method used to determine the approximate geographic location of an internet-connected device based on its IP address. Every device connected to the internet is assigned a unique IP address, which can provide information about the general location of the device. IP geolocation tracking is often used for various purposes, including fraud detection, targeted advertising, content localization, and website analytics.
Item Arrived Damaged
A fraudulent ‘item arrived damaged’ claim occurs when a customer deceitfully asserts that a product they received was damaged during shipping or delivery. For example, falsely claiming a leaky battery was delivered to secure an instant refund or replacement that can be used for illegitimate resale or to gain two items for free.
Item Not Received (INR)
“Item Not Received” (INR) fraud refers to fraudsters falsely claiming that they did not receive the purchased item with the intention of obtaining a refund or a replacement item without paying for it.
Man-in-the-Middle (MitM) Attacks
Man-in-the-middle (MITM) attacks occur when an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. This type of cyber attack allows the attacker to eavesdrop on, manipulate, or steal sensitive data exchanged during the communication, such as login credentials, personal information, or financial details, without the knowledge of the legitimate parties involved.
Manual Review
Manual review is a process in which a human reviewer assesses and evaluates certain transactions, accounts, or activities manually, rather than relying solely on automated systems or algorithms. Activities include looking up shipping addresses, spending time on Google, and sometimes reaching out to customers in an attempt to verify their identity.
Merchant Fraud
Merchant fraud, also known as merchant-based fraud, refers to fraudulent activities committed by merchants or businesses themselves. It involves deceptive practices aimed at unlawfully obtaining financial gain or exploiting loopholes in payment processes. Merchant fraud can take various forms and negatively impact both consumers and other businesses. For example, a common merchant fraud scheme involves fraudsters creating a fake online store that sells products but never delivers them or delivers a cheaper item in lieu of the higher priced product the customer intended on purchasing.
Money Laundering
Money laundering involves using online transactions to disguise the origins of illegally obtained money. In ecommerce, criminals exploit merchants to move money through various accounts by buying and selling goods or services, often with inflated prices, to make the funds appear legitimate. This method complicates tracking the money’s original source, making it a challenging issue for law enforcement and financial institutions to detect and prevent.
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or two-step verification, is a security process that requires users to provide two or more different authentication factors to verify their identity when logging into an account, system, or application. MFA adds an extra layer of security beyond traditional username and password authentication by making it significantly more difficult for unauthorized users to gain access.
Order Missing Some Items
“Order missing some items” is a claim that customers assert when an item is missing from their order or that they received an empty box. Such claims are infrequent but can indicate potential return fraud. If such claims become more prevalent, consider it a red flag and possible that your business is being promoted by fraudsters on forums as an easy target. These claims pose a challenge to disprove, highlighting the importance of vigilant fraud detection measures.
Payment Gateway Fraud
Payment gateway fraud refers to fraudulent activities that target payment gateways, which are the technology infrastructure used to facilitate secure online payment transactions. Fraudsters exploit vulnerabilities in payment gateways to carry out unauthorized transactions, gain access to sensitive payment information, or manipulate payment processes for their financial gain.
Payments Fraud
Payments fraud in ecommerce is the criminal act of using illegitimate financial or login credentials to purchase goods or services on the internet. Fraudsters may use stolen credit card numbers to complete a purchase or obtain a cardholder’s store login credentials and take over an existing account using the cardholder’s saved payment information. Legitimate cardholders may also commit ecommerce fraud in the form of fraudulent chargeback claims.
Phishing
Phishing is a type of cyberattack or social engineering technique where attackers attempt to deceive individuals into revealing sensitive and confidential information, such as login credentials, financial details, or personal information. This is typically done by posing as a trusted entity or individual through various means, often through email, but also through other communication channels like text messages, social media, or phone calls. The goal of phishing attacks is to trick the victim into taking specific actions that benefit the attacker, such as clicking on a malicious link, opening a malicious attachment, or providing sensitive information.
Post-Gateway Fraud Prevention
Post-gateway fraud prevention refers to the set of security measures and strategies employed to detect and prevent fraudulent activities after they have passed through a payment gateway or other critical points in an online transaction process. While pre-gateway fraud prevention focuses on identifying and blocking potentially fraudulent transactions in real-time before they are processed, post-gateway fraud prevention comes into play after the transaction has been approved and processed. Post-gateway fraud prevention is crucial for identifying and addressing fraudulent transactions that may have initially gone undetected during the authorization process.
Pre-Gateway Fraud Prevention
Pre-gateway fraud prevention refers to a set of security measures and strategies designed to detect and prevent fraudulent activities before they reach a payment gateway or other critical points in an online transaction process. The objective is to identify and block potentially fraudulent transactions in real-time, reducing the risk of financial loss and protecting both consumers and businesses from various forms of payment fraud.
Product Swaps
Similar to boxing, product swaps happen when a fraudster submits a claim to return the purchased item, but the original item is not returned. A criminal committing return fraud via product swap will purchase a high-value item and then return a similar, non-authentic item.
Promo Abuse
Promo abuse, or promo fraud, refers to deceptive practices involving the misuse or unauthorized application of promotional offers, discount codes, or coupons by fraudsters to obtain merchandise below market value. This type of fraud can include creating fake coupons, exploiting loopholes in promotional offers, or using stolen information to illegitimately claim discounts. Businesses can suffer significant losses from such activities, impacting their revenue, damaging brand reputation, and undermining the trust of genuine customers.
Referral Fraud
Referral fraud, also known as referral program fraud or referral abuse, occurs when individuals or fraudsters manipulate referral programs or systems to fraudulently gain benefits, rewards, or incentives. Referral programs are designed to incentivize existing customers or users to refer new customers or users to a business or platform. However, fraudsters exploit these programs by engaging in deceptive practices to generate fake or invalid referrals.
Refund Abuse
Refund abuse is a form of fraud where consumers exploit a merchant’s return policy to gain financially without valid cause. This can involve returning items that have been used, falsely claiming an item was not received, or using a product before returning it for a full refund. Such practices cause financial losses for businesses and can lead to stricter return policies, affecting genuine customers.
Reseller Fraud
Reseller fraud, also known as reseller abuse, is the unauthorized sale of products or services through online marketplaces. Reseller fraud happens when a reseller distributes a product without having an official relationship or agreement with the original merchant.
Reshipping
Reshipping scams involve fraudsters tricking individuals into forwarding packages, often under the guise of legitimate employment. The scam typically starts with an offer to work from home as a “shipping coordinator,” where the victim receives goods purchased with stolen credit cards and then ships them to addresses, usually abroad. This process helps criminals launder stolen goods by obscuring the items’ origin and final destination, leaving the unsuspecting participant exposed to legal action and negative financial consequences.
Return Fraud
Return fraud, sometimes called returns fraud or refund fraud, is a type of retail fraud where scammers unlawfully exploit a return policy to gain a financial advantage or merchandise for free. It can involve returning stolen goods for a refund or store credit, using counterfeit receipts, or purchasing items to use temporarily before returning them for a full refund.
Risk Scoring
Risk scoring is the process of assigning a numerical score to evaluate the level of risk associated with a particular transaction or customer within an ecommerce business. This scoring system helps businesses identify and prioritize high-risk transactions or customers, allowing them to take appropriate actions, such as approving, reviewing, or rejecting transactions. Risk scoring is a crucial component of fraud prevention and risk management in online retail.
Smishing (SMS Phishing)
Smishing, a term that combines “SMS” with “phishing,” is a type of phishing scam that targets victims through text messages rather than emails. In smishing attacks, scammers send fraudulent messages that appear to be from reputable sources, such as businesses or trusted financial institutions, aiming to deceive recipients into providing sensitive personal information, such as passwords, credit card numbers, or social security numbers. These messages often contain urgent or enticing prompts that encourage the recipient to take immediate action, typically by clicking on a malicious link or replying with personal information.
Social Engineering
Social engineering is a manipulative technique used by cybercriminals to deceive shoppers or employees of organizations into divulging confidential information, granting unauthorized access, or performing actions that compromise security. It exploits human psychology and trust to gain access to sensitive data or systems. Social engineering attacks rely on deception and manipulation rather than technical vulnerabilities.
Software Trojan Horses
A software trojan horse is a malicious software program that disguises itself as a legitimate and benign application to deceive users into unwittingly installing it. These cyberattacks predominantly target software capable of processing refunds, including returns and customer support applications, with the goal of facilitating swift refunds on behalf of professional refunders.
Spear Phishing
Spear phishing is a highly targeted form of phishing attack where the attacker customizes their message based on specific characteristics of the recipient, such as their name, job position, or other personal information. The goal is to trick the individual into revealing confidential information or performing actions that compromise security, such as downloading malware or providing access to secure systems. This personalized approach makes spear phishing much more effective than broader phishing attempts, as the tailored communication appears more legitimate and trustworthy to the target.
Subscription Fraud
Subscription fraud, also known as subscription-based fraud or account takeover fraud, occurs when an individual or a fraudster gains unauthorized access to someone else’s personal or financial information to fraudulently sign up for subscription services or accounts. The fraudulent party takes advantage of the victim’s identity or payment details to initiate subscriptions without their knowledge or consent. With subscription fraud, attackers will also try to manipulate loopholes in the integration between subscription and fraud prevention solutions in an attempt to bypass fraud detection.
Synthetic Identity Fraud
Synthetic identity fraud involves the creation of false identities by combining real and/or fictitious information to establish fraudulent accounts or conduct deceptive financial transactions. Unlike traditional identity theft, where an individual’s existing personal information is stolen, synthetic identity fraud fabricates entirely new identities. Perpetrators often use a mix of genuine and fictitious data, such as combining a real social security number with a fabricated name or address. The goal is to create an identity that appears legitimate to financial institutions, allowing fraudsters to open credit accounts, obtain loans, or engage in other financial activities without immediate detection. Synthetic identity fraud is challenging to detect because the identities involved may not correspond to real individuals, making it difficult for traditional identity verification methods to flag suspicious activities. This type of fraud poses a significant threat to financial institutions, businesses, and consumers alike.
Triangulation Fraud
Triangulation fraud involves three parties — the fraudster, the unsuspecting legitimate shopper and the ecommerce store. An online storefront is created by the fraudster, often on eBay or Amazon, that offers high-demand goods at extremely low prices. The store collects payment for the goods it sells. The fraudster then uses other stolen credit card data and the names collected in orders on his online storefront to purchase goods from a legitimate website and ships them to the customers that purchased on his new online storefront. This type of fraud can usually be identified by the products that are targeted as well as some investigative work by locating the unsuspecting shopper who can identify the storefront where the stolen goods were purchased.
Velocity Checks
Velocity checks, also known as velocity limits or velocity rules, in the context of cybersecurity and fraud prevention, are mechanisms used to monitor and control the rate at which certain actions or transactions can occur within a system or application. These checks are employed to detect and prevent fraudulent or malicious activities, such as account takeovers, card-not-present (CNP) fraud, or Distributed Denial of Service (DDoS) attacks, by limiting the frequency or speed of these actions.
Verification Checks
Verification checks refer to the process of verifying the accuracy, authenticity, or eligibility of certain information or individuals. These checks are commonly used in various contexts, such as online transactions, account registrations, employment screening, identity verification, and more. Verification checks help ensure that the provided information is valid and reliable, reducing the risk of fraud or misuse.
Vishing (Voice Phishing)
Vishing, a portmanteau of “voice” and “phishing,” is a scamming technique wherein fraudsters use phone calls to trick individuals into divulging personal, financial, or security information. Unlike traditional phishing attacks that rely on email, vishing calls may appear to come from legitimate institutions, such as banks or government agencies, exploiting the perceived authenticity and urgency of voice communication to persuade victims to act against their interests.
Wardrobing
Wardrobing refers to a form of fraud or unethical behavior associated with the misuse of a product return policy when the purchaser temporarily uses the item and then returns the goods for a refund. Wardrobing items are typically clothing or fashion items and the item is sometimes used for work, a special event, or even just for a photo op (think #OOTD posts on Instagram).
Website Spoofing
Website spoofing refers to the malicious act of creating a fake website or webpage that mimics the design, interface, and functionality of a legitimate site. The purpose of spoofed sites is usually to deceive visitors into believing they are interacting with the real website or ecommerce brand, often with the intent of stealing sensitive information such as login credentials, financial data, or personal identity details. Spoofed websites can be strikingly similar to the originals, employing similar URLs (often with subtle misspellings or character substitutions), logos, layouts, and content to trick users. This technique is commonly used in phishing attacks, where attackers lure victims to these fake sites through deceptive emails or social media messages, exploiting their trust to gain unauthorized access to accounts, commit fraud, or distribute malware.
Account Takeover
Introduction to Account Takeover In ecommerce, an account takeover is when a fraudster gains unauthorized access to a shopper’s store account. They then use that account to steal someone’s identity, make fraudulent transactions, sell account data on the dark web, and destroy a company’s reputation The Federal Trade Commission (FTC) received more than 725,000 reports of impostor […]
Address Verification Systems
Address Verification Systems The Address Verification System was originally developed by Mastercard to combat an increase in card-not-present fraud. Since then, other major credit card companies have also adopted the address validation process. AVS gained popularity as one of the most commonly employed fraud prevention tools and is now widely used by ecommerce merchants. And as fraudsters […]
Affiliate Fraud
Many ecommerce businesses rely on thriving affiliate marketing programs to drive sales and revenue growth. In the United States and Canada, affiliate marketing drives around 16% of ecommerce sales and is utilized by over 80% of advertisers. With the growing success of such programs comes the risk of affiliate fraud. Nearly 30% of brands have reported fraudulent […]
Botnets
Botnets are a growing problem for ecommerce businesses, posing a significant threat to their online security and reputation. As ecommerce continues to rise, botnets are becoming increasingly sophisticated, allowing cybercriminals to launch large-scale attacks that compromise customer data, disrupt website functionality, and lead to significant financial losses. The impact on businesses and their shoppers is […]
Boxing
In today’s economic climate, even honest shoppers may be tempted to abuse return policies or participate in boxing due to financial difficulties, making it essential for retailers to understand the nuances of this fraud scheme. If you’ve noticed an uptick in return fraud, the consequences to legitimate customers can be infuriating. They end up with increased […]
Bracketing
Bracketing, a common shopping behavior, isn’t inherently harmful. In fact, it’s a natural result of eager shoppers seeking the perfect product, made easier by today’s convenient return policies. However, this convenience can also lead to careless shopping habits that ultimately hurt your business. It can also be exploited by scammers as a return fraud scheme. In this […]
Bricking
Bricking is a form of return fraud that poses significant challenges to businesses and has far-reaching consequences for customers. By intentionally damaging or rendering items unusable before returning them, fraudsters inflict financial losses and reputational damage on businesses. The impact of bricking is twofold: businesses face increased costs and reduced profits, while customers bear the […]
Brute Force Attack
Brute force attacks can have a devastating impact on your ecommerce business, resulting in lost revenue, stunted growth, and a damaged customer experience. They can lead to unauthorized access to customer data, data breaches, malware and ransomware infections, and loss of customer trust and reputation damage. In today’s competitive ecommerce landscape, protecting your online store […]
Buy Now Pay Later (BNPL) Fraud
Introduction BNPL stands for “Buy Now, Pay Later.” It is a financial service that allows shoppers to make purchases and defer their payment for those purchases to a later date, typically through installment payments. BNPL services like PayPal Pay Later, Afterpay, Affirm, Klarna, and most recently Apple Pay Later have gained popularity in recent years […]
Buy Online, Pick Up In Store
Introduction The global Buy Online, Pick Up In Store (BOPIS) market, including the closely related Buy Online, Pick Up at Curbside (BOPAC), is experiencing substantial growth, with projections indicating a staggering reach of over $700 billion by 2027. In 2022, U.S. shoppers notably contributed to this trend by spending over $95 billion through BOPIS transactions, accounting […]
Card Skimming
Card skimming, a pervasive form of credit card fraud, poses significant risks to both businesses and consumers. In addition to substantial financial losses, it can inflict reputational damage, erode customer trust, and precipitate a decline in sales. Moreover, compromised customers may suffer emotional distress and financial hardship as a result of sensitive information being divulged. […]
Card Testing Fraud
Introduction to Card Testing Fraud Credit card fraud is a prominent problem in the United States. The Federal Trade Commission (FTC) received almost 390,000 reports of credit card fraud in 2021, making it one of the most common types of fraud. However, this number doesn’t give a complete picture of the issue. According to the […]
Card-Not-Present
In the digital age, online shopping has become the norm, and card-not-present (CNP) transactions have become an essential part of ecommerce. However, with the rise of CNP transactions comes an increased risk of fraud and security breaches. In this blog post, we will delve into the world of CNP transactions, exploring what they are, the […]
Card-Not-Present Fraud (CNP Fraud)
Card-not-present (CNP) fraud is a type of payment card fraud that occurs when a credit or debit card is used for a transaction in which the physical card is not present. In CNP transactions, a fraudster uses the victim’s card without their authorization. The fraudster will make purchases using the victim’s card details, such as […]
Cart Abandonment
Even before the pandemic, online sales were seeing a massive boom. Forecasters predicted continued momentum moving beyond the pandemic, but 2021 and 2022 saw substantially smaller growth as numbers leveled out. Still, the gap between ecommerce sales growth and retail sales growth has narrowed, with ecommerce expected to grow 8.9% this year compared to 3.9% for total […]
Chargeback Fraud
Chargeback fraud poses a significant threat, ensnaring even the most legitimate shoppers who may inadvertently initiate fraudulent chargebacks without malicious intent. Confusion, misunderstandings, or frustration with the returns process can lead to unintentional chargebacks, with studies revealing that up to 80% of cases involve consumers seeking convenience rather than committing fraud. This innocent mistake can […]
Chargeback Management
Introduction Undisputed chargeback fraud is money left on the table. Unfortunately, too many merchants don’t even attempt to fight chargebacks because the win rate for in-house teams typically ranges from 20-40%. The time and resources required to fight chargebacks in-house can be costly and discouraging, but the good news is that there is hope — […]
Chargeback Representment
Chargeback representment is the process by which merchants can dispute chargebacks. When a customer files a chargeback, claiming that a transaction was unauthorized, fraudulent, or unsatisfactory, the merchant has the opportunity to provide evidence and arguments to challenge the chargeback and recover the funds. During representment, the merchant gathers relevant documentation, such as sales receipts, […]
Chargebacks
Chargebacks happen when a customer disputes a transaction directly with their bank or credit card issuer to reverse the transaction and credit the customer’s account. Instead of contacting the business directly for a refund, chargebacks typically occur when a customer disputes a charge due to fraud, non-receipt of goods or services, or a billing error. […]
Checkout Abandonment
Executive Summary Cart abandonment and checkout abandonment are often used interchangeably, but they represent two very different breakdown points in the ecommerce funnel. Treating cart abandonment vs checkout abandonment as the same problem leads merchants to apply the wrong fixes and miss the real sources of lost revenue. This refresh clearly defines the difference between […]
Credential Stuffing
Credit Card Fraud
Credit card fraud, also known as card-not-present fraud, refers to fraudulent activities that occur during the checkout process of an online transaction. It involves the unauthorized use of someone else’s payment information to make purchases without their knowledge or consent. Credit card fraud is particularly common in ecommerce and online shopping scenarios where the physical […]
Credit Grooming
Often used in synthetic identities, credit grooming occurs when a fraudster opens a new account and starts by making small, legitimate purchases to build a positive transaction history and credit record. Once the synthetic identity has sufficiently established a credit history, the fraudster may use the fake identity to make other fraudulent purchases.
Curbside Pickup Fraud
Curbside pickup (or “Buy online, pickup at curbside”) fraud involves deceptive practices aimed at exploiting the curbside pickup services offered by retailers. In this type of fraud, individuals may engage in various schemes to obtain goods without legitimate payment or to take advantage of the convenience of curbside services for illicit gains. Common tactics include […]
Dark Web
Most ecommerce merchants have heard of the “dark web.” If you’ve ever wondered where a stolen credit card turns up after a cyberattack against a company or financial institution, the dark web is often the destination. What exactly is the dark web? What does it look like? How do you get there? Most importantly, do […]
Device Intelligence
Device intelligence refers to the use of data and analytics to gather information about devices used by individuals, such as smartphones, tablets, or computers, in order to assess their risk profile, detect fraud, and enhance security. By analyzing various attributes and patterns associated with a device, fraud solutions ingest device intelligence along with the other […]
Digital Wallet Fraud
Digital wallet fraud refers to fraudulent activities that specifically target digital wallet services like Apple Pay, Paypal, Google Pay. Also known as mobile wallets or e-wallets, digital wallets are applications or platforms that allow users to store payment information, make online transactions, and conduct in-store payments using their mobile devices or other electronic devices. While […]
Distributed Denial of Service (DDoS)
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular functioning of a network, service, website, or online application by overwhelming it with a flood of internet traffic. The objective of a DDoS attack is to render the target system or network unavailable to its users, causing downtime, slowdowns, or […]
Fake Tracking ID (FTID)
A Fake Tracking ID (FTID) is a return and refund fraud tactic in which a bad actor manipulates shipping or return tracking information to falsely indicate that merchandise has been returned to a merchant, even though the original item was never received back. FTID schemes exploit gaps between carrier tracking events, merchant return workflows, and […]
False Declines
The ecommerce industry continues to achieve year-over-year growth, making it increasingly critical for merchants to understand the significant impact of false declines on their bottom line. Recent studies highlight that false declines can pose a greater threat than fraud itself. These erroneous rejections not only result in immediate lost sales but also damage customer satisfaction […]
First-Party Fraud
First-party fraud is particularly insidious and challenging to detect among all the types of ecommerce fraud. It’s possible that even our favorite customers may have engaged in this type of fraud at some point as 35% of shoppers have admitted to committing first-party fraud, with 34% citing economic hardship as their reason for doing so. […]
Flipping
Fraud as a Service
Fraud as an Enterprise
Fraud Detection
Executive Summary Ecommerce fraud continues to evolve from isolated card abuse into identity-driven, automated, and post-purchase exploitation that spans the entire customer lifecycle. Effective fraud detection in 2026 requires stopping risk before authorization while maintaining visibility after checkout, where refunds, disputes, and account misuse often occur. NoFraud protects merchants at checkout with guaranteed fraud prevention, while Yofi delivers post-purchase intelligence to detect downstream abuse […]
Fraud Prevention
Introduction ecommerce fraud is a serious threat that compromises the security of online stores. Fraudulent transactions, account takeovers, and return fraud are just a few examples of malicious actions that can occur. From revenue losses and added fees to strains on resources, the compound effects add up. ecommerce losses from online payment fraud are estimated […]
Fraud Rings
Fraud Risk Management
Part of building and growing a successful ecommerce business is identifying areas of missed potential revenue and sources of revenue losses. That is precisely where fraud management plays an important role. What is Fraud Management? Fraud management in ecommerce is the process of handling the financial and operational aspects of detecting, preventing and reacting to […]
Fraudster
Friendly Fraud
Gift Card Fraud
Gift cards are one of the most popular gifting options worldwide, valued for their convenience and flexibility. Their growing popularity has also made them a prime target for fraudsters. Bad actors are finding new ways to exploit vulnerabilities in gift card systems to steal balances and carry out fraudulent schemes. According to a 2023 report […]
Glitchmas
Identity Theft
Inny Fraud
“Innys” or “innies” is a colloquial term referring to individuals who possess the capacity to aid criminals in committing fraud, often leveraging their access to products, packages, or software through their employment. These individuals may include friends, relatives, or recruits seeking a share in the unlawful gains orchestrated by a criminal mastermind. Examples of “innies” […]
Interception Fraud
IP Address Geolocation Tracking
Item Arrived Damaged
Item Not Received (INR)
Introduction “Item Not Received” fraud is one of the top strategies scammers use to commit friendly fraud. As many as 32% of friendly fraud cases are cited as “order not received.” This type of fraud can be difficult for businesses to detect. What is ‘Item Not Received’ Fraud? ‘Item not received’ (INR) fraud, also known […]
Man-in-the-Middle (MitM) Attacks
Manual Review
Merchant Fraud
Money Laundering
Multi-Factor Authentication (MFA)
Introduction The global multi-factor authentication market (MFA) has been steadily increasing over the years, with an estimated value of nearly 13 billion U.S. dollars in 2022. It is projected to double in value by 2027. What is Multi-Factor Authentication? Multi-factor authentication (MFA), which is closely related to two-factor authentication (2FA) — in that all 2FA is MFA, […]
Order Missing Some Items
Payment Gateway Fraud
Payments Fraud
Payments fraud in ecommerce is the criminal act of using illegitimate financial or login credentials to purchase goods or services on the internet. Fraudsters may use stolen credit card numbers to complete a purchase or obtain a cardholder’s store login credentials and take over an existing account using the cardholder’s saved payment information. Legitimate cardholders […]
Phishing
Phishing is a type of cyberattack or social engineering technique where attackers attempt to deceive individuals into revealing sensitive and confidential information, such as login credentials, financial details, or personal information. This is typically done by posing as a trusted entity or individual through various means, often through email, but also through other communication channels […]
Post-Gateway Fraud Prevention
Pre-Gateway Fraud Prevention
Product Swaps
Promo Abuse
Referral Fraud
Refund Abuse
Reseller Fraud
The surge in online shopping has undeniably brought convenience and variety to our fingertips. However, this ease of access is not without its pitfalls. As we navigate through endless online storefronts and marketplaces, a darker underbelly of the digital market emerges, one that preys on unsuspecting consumers: reseller fraud. According to the Federal Trade Commission, […]
Reshipping
Return Fraud
Between 2012 and 2022, the combined merchandise return rate for both ecommerce and brick-and-mortar stores nearly doubled. According to the National Retail Federation, retailers see an average of $145 million in returned goods for every $1 billion in sales. For ecommerce merchants, return rates are typically higher — with 2023 seeing a 17.6% return rate. […]
Risk Scoring
Smishing (SMS Phishing)
Social Engineering
Software Trojan Horses
Spear Phishing
Subscription Fraud
Automated subscription payments are an ecommerce dream. Once you’ve acquired a customer, they’re much more likely to repeatedly buy when subscribed. With customer acquisition costing up to five times more than retention plays, just a 5% boost in retention can yield a 25-95% increase in profits. Extremely popular post-pandemic, subscription-based businesses are booming in practically every […]
Synthetic Identity Fraud
Triangulation Fraud
Introduction Triangulation fraud is prevalent and appealing to fraudsters because it’s a clean transaction. There’s no need for them to warehouse, ship, or ever handle any products. Fraudsters essentially use the legitimate brand’s website for free fulfillment of orders purchased through their illegitimate online storefront. Triangulation fraud has been around for years, but NoFraud has […]
Velocity Checks
Verification Checks
Vishing (Voice Phishing)
Wardrobing
Website Spoofing
