Introduction
One business segment which has seen continuous growth in the last decade is E-commerce despite of weak economy. While the E-Commerce business continues to grow, few people understand the risk associated with E-Commerce and IT. The growth trend of E-commerce attracts educated and knowledgeable criminals who design new scheme to defraud merchants and their customers. Fraud techniques are constantly evolving and new data breaches are reported every day.
Fraud in E-Commerce environment
The fraud in E-commerce environment would be different from the regular fraud which takes place in the regular business environment. There are several reasons for the same. The exchange or the trading is not physical. The initial transaction are made through internet. There is no internally accepted method for verifying the integrity and accuracy of the information that flows through the World Wide Web. Secondly the payment of money happens through the electronic mode. The money is generally transferred by the use of credit card / debit card or electronic online fund transfers.
In the first situation, the users have a perennial problem to make judgement call regarding the reliability of the information provided in the Internet and acting on them. The second situation provides for a enforcement and jurisdictional problem for the investigating agencies and the judicial bodies.
If we want to categorize the fraud based on the method in which fraud can be committed, at each process level can be analyzed in the following manner [1]:
a. Order placement processing: Unauthorized fake orders, orders placed to block/ black entities in the system in the absence of adequate vendor due diligence, fake documents for the registration of vendors, inadequate vendor background check resulting in third party fraud.
b. Network Operations: Phishing fraud (change of customer & identity), system manipulation (redemption of coupon even on cancellation of order), execution of order without adherence to the payment terms
c. Payment fraud: Payment gateway may be vulnerable to hacking, non-receipt of payment for cash on delivery, tampering of products in order to return it, charge back initiated without returning the product
d. Logistics / Delivery fraud: Leakage/ misappropriation theft of goods from warehouse, product intentionally misplaced / replaced and not delivered, delivery of defective / counterfeit product.
The management of E-Commerce business is required to take proactive step to combat the risk of fraud. The primary importance of the management would be the following:
a. Protecting against the theft of customer data
b. Prevent unauthorized use of consumer data in fraudulent transactions
c. Knowledge of counterfeit product sold through the market place
d. Robust revenue assurance framework to mitigate the risk
In the above cases, there are tools and services available for even the smallest merchants to reduce the costs of defending against these threats.
Any organization, which are undertaking the E-commerce, should be aware of the threats and vulnerability and should have mechanism to respond effectively to any attack which happens. To mitigate the known frauds, the organization should develop a comprehensive fraud risk mitigation policy. This policy should be made known to the organization through effective employee training and developing fraud response management plan.
Apart from various manual checks which can be implemented by the organization, there are various tools in the market for detecting and preventing fraud. With the new technology, E-commerce merchants have the opportunity to implement fraud management programs using any one of these three functions. [2]
1. Automated transactional risk scoring
Specific logic and settings can help to distinguish normal purchase behavior from risky transactions. Fraud risk is calculated based on multiple data factors and assigned a numeric score for each transaction.
2. Real – time categorization and resolution
Transactions with risk scores exceeding certain thresholds – determined by either the merchant or the fraud solution provider – can be automatically placed into different category for further action.
3. Post-purchase transaction management
Interface for reviewing transactions that fall between the “accept” and “reject” threshold, so that member of merchant’s staff can determine the appropriate activity on the transaction with single dashboard. The dashboard can include multiple tools and features as per the requirement.
4. Adjusting fraud rules and parameters
Fraud trends evolve rapidly and detection tools needs an equally quick response to remain effective. These tools should be referenced against reports and analytics on a regular basis.
By integrating fraud management tools into check out processes, even a small E-commerce businesses are empowered. Fraud management becomes an intuitive, practical, controllable business process.
Conclusion
Whether the retailer business is small, medium or big business protection from cybercrime needs constant attention. Even without putting a fraud expert on the payroll, an E-commerce operation can take steps to effectively minimize the risk of transaction fraud at checkout.
E-commerce retailer should consider implementing these best practices:
a. End to end encryption and tokenization to protect the customer’s payment being stolen
b. Training of the employees to make them understand the risk of not implementing the real time screening both payment information and anti-fraud intelligence from other sources.
c. Enable proactive security measures. Configuring right kind of anti-fraud logic in early stages of business
References:
1. E-Commerce Industry in India published by Deloitte
2. Strategies for reducing the risk of E-commerce fraud; A first data white paper; October 2010.