E-commerce Fraud is Booming – Part 1

Cybersecurity Awareness Month 

The Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) work together every October to spread the word about how important cybersecurity is to everyone, especially retail store owners. This year’s theme is “Do Your Part. #Be CyberSmart.”  

In October, Retail Science is featuring two stories on cybersecurity. The first story looks at what types of cybercrime target retail businesses. The second story offers independent business owners suggestions on how to combat the problems and run successful and secure stores.  

Pandemic Fuels E-commerce and Fraud Growth 

Like it or not, the pandemic reshaped the retail landscape and spurred e-commerce growth like nothing before. Because of it, the use of online sales spread faster than the virus and e-commerce fraud increased just as fast. Data shows that cybercrime cost the world more than $1 trillion in 2020. All this means is that retailers using both online and in-store sales are dealing with more fraud in more forms than ever. 

Gone are the days when merchants only had to worry about counterfeit bills and bad checks. Nowadays, consumers can purchase items with a wave of their watch which is just one of an array of payment options that must be monitored. 

Retail Dive reported that Juniper research found that e-commerce retailers could lose over $20 billion this year through new forms of e-commerce fraud. That’s an 18% increase over 2020 when the pandemic caused online sales to skyrocket reaching nearly $791 billion. That accounts for nearly 14% of all retail sales. 

It’s not getting any better, either. Credit agency Transunion reported in August that suspected online fraud over the first four months of 2021 more than doubled the previous year.  

Ransomware, identity theft, friendly fraud, account takeovers, and “pharming” are just a few of the dangers facing online shoppers and merchants this year and in the future. Some are new, some have just evolved with time. 

The result has given birth to what has been labeled as a global Fraud Economy. So, increasing your awareness of the issue and your store’s network security budget might just protect your e-commerce growth and profits against e-commerce fraud. 

Identity theft 

To the average shopper, identity theft may seem like a consumer-focused hazard with fraudulent purchases made against their ill-gotten credit credentials. However, as merchants well know, the “purchased” merchandise is effectively stolen from stores. 

Consumers aren’t typically liable for credit card fraud in cases of stolen identity. Most often, once fraudulent purchases are made with stolen credentials, credit card companies cancel the old card and issue the consumer a new one. 

Consumers have additional protection from the Fair Credit Billing Act, which limits their liability of a lost or stolen credit card to $50. 

The result is, merchants or banks are left to foot the bill for fraudulent purchases depending on the nature of the transaction. Banks are usually responsible in cases of either stolen or forged credit cards being used to make purchases in stores. 

Merchants are likely to be liable for fraudulent purchases made on older magnetic card swipe payment terminals. They’re also are often liable in “card-not-present” transactions which make up an increasingly large percentage of e-commerce transactions today. This is when stores take credit card numbers either over the phone or on e-commerce sites for a purchase. So, when a merchant is a victim of this kind of fraud, they not only lose the sale money, but the item is also essentially stolen. 

Friendly fraud 

Friendly fraud is another name for chargebacks. This is when a consumer deliberately steals from a merchant by making a purchase and then claiming to the bank or credit card company it was a fraudulent charge to their account.  

In these cases, merchants can not only lose the merchandise, they can be hit with fees that can range from $20 to $100 per transaction. Additionally, they can be fined up to roughly $10,000 if the monthly chargeback rates exceed predetermined levels. Merchants can have their accounts terminated by credit card processors if their chargeback rates become problematic, too. As a result, they would be unable to process credit or debit purchases and would essentially be limited to cash-and-carry sales. 

Pharming is growing 

By now, pretty much everybody has heard of “phishing” – the practice of sending out bogus emails to gain information or access to websites or business networks. Well, now we have “pharming,” a much more evolved form of phishing. It involves the redirection of website traffic from a legitimate site, like your e-commerce website, to fake sites. These sites can be used to steal usernames, passwords and other personal information. The can also load malware onto the operator’s computer. 

Pharmers most often target websites of banks, online payment platforms, or retail e-commerce sites. 

Retail in the crosshairs 

The Verizon 2020 Data Breach Investigations Report says 43% of cyberattacks target small businesses. Accenture Security adds that only 14% of small businesses are equipped to deal with an attack. 

Pharmers and other e-commerce fraudsters are prevalent in retail today because, many merchants are new to online sales and not sophisticated in their operations or vulnerabilities. This inexperience led to fraudsters increasing their take in 2020. As internet traffic surged and the amount of money spent online nearly doubled, the average value of attempted fraudulent purchases rose 69% since 2019. 

eMarketer predicts that e-commerce growth in the U.S. will reach nearly 14% in 2021. While that’s less than the 18% growth of 2020, its cumulative effect means e-commerce will be roughly 30% over two years. Those figures means it will account for more than 15% of the $5.8 trillion in retail sales forecast for 2021. 

“E-commerce volume increasing from $600 billion to $800 billion means there’s a lot larger surface area of risky transactions,” he said.  says Johnny Ayers, CEO of Socure, a digital identity verification company. 

Digital payments are expected to grow to $11.3 trillion by 2026. 

The lodging industry was hardest hit with fraud in 2020 with a 71% year-over-year increase. Professional marketplaces – like Etsy and eBay – saw a 67% increase. Omnichannel retail was a not-too-distant third with a 50% bump over 2019. 

E-commerce continues to soar 

Despite all the additional e-commerce fraud red flags, people are shopping and selling online more than ever. In May, Amazon reported its best first quarter ever with a net revenue increase of 44% to $108.5 billion. 

“As the pandemic continues to push more brick-and-mortar businesses online, merchants should expect the high traffic there will drive a rise in several risk areas,” said Jason Cheung, fraud product manager at Digital River, an integrated solution provider. 

New merchant programs associated with e-commerce spurred the growth. Buy Online Pick Up In-Store (BOPIS), curbside pickup, click-and-collect, and Buy Online, Return In-Store (BORIS) all added to online shopping. This all also added to the potential for both online and in-store fraud. 

Data from eMarketer shows that U.S. click-and-collect sales more than doubled from 2019 to 2020. And it represented just 9.1% of e-commerce sales during this period, it was responsible for 20% of domestic e-commerce growth. 


As e-commerce continues to grow and more brick-and-mortar stores incorporate it into their regular sales processes, protecting valuable digital information and systems will become increasingly important. 

The second part of this series will offer suggestions on how to ensure your stores operate as efficiently and safely as possible.   

brian bullock