Credit card frauds – is your Magento eCommerce protected?

Is the e-commerce market important?

Long story short – yes! The total global share of consumers who shopped online in 2020 was 85% globally. This means that the vast majority of customers are using online shopping. The covid-19 pandemic greatly boosted this trend. 

Customers learned it’s safer – in both health and payment aspects – faster and much more comfortable than regular shopping. In most countries, online shopping offers customers additional benefits like the possibility to return bought products in a specified timeframe.

Global credit, debit and prepaid card purchases and ATM withdrawals generated $41.962 trillion in total in 2020. The global eCommerce market was valued at $9.09 trillion in 2019 and is expected to grow at a compound annual growth rate of 14,7% from 2020 to 2027 according to Grand View Research. 

Expansion of 4G and introduction of 5G may boost this trend even further. 

Surely it is a valuable and expanding market. But there is a catch…

Market losses due to Credit Card Fraud

Increasing sell volume and value is unfortunately followed by increasing market losses due to fraud. The Nilson Report shows that Card Fraud losses were $28.58 billion in 2020. This means that 6.81 cents per $100 are lost due to card fraud. The same report predicts that fraud volume will hit $49.32 billion by 2030.

The fraud problem is worldwide, but the US alone is the source of one-third of global losses. US sellers face on average over 1700 fraud attempts daily, where over 50% are successful. This means that successful fraud attempts outnumbered failed ones in 2021!

E-commerce frauds victims

There are at least three categories of credit card victims – clients, retailers and banks. Scammer, after successful fraud, gains some goods – either physical or digital. Those goods are paid with a credit card connected to the unaware victim. 

If the victim realizes this and the chargeback procedure is possible, then the store owner may lose both the goods and the payment. In some types of fraud, this is the usual outcome. 

The scammer tricks the buyer to pay for the goods, which are posted to the post box where the scammer picks them up. After some time the buyer notices the fraud and either uses chargeback, calls the police or both. In the end, payment is usually reversed and the seller is left with no merchandise or money.

Client as an eCommerce fraud victim

In eCommerce, clients are prone to many fraud attempts. Research says that even 70% of customers don’t feel safe buying online! Clients may be lured to the fake shop with unusually low prices or by a spam email with some kind of phishing, fake lottery win, where covering just a small shipment fee should give a new phone or car. Then of course credit card details and identity is stolen. 

What to pay attention to as an e-commerce client

As a client, it is vital to check the stores and the sites we’re visiting. It’s good to make i.e. Google feedback check, to see other customers’ reviews, it’s good to check if the store is a registered enterprise and its owner is known. Additional payment options are also usually a good sign. Often the fake shop provides only one payment option saying that any other is “temporarily unavailable”.

Secure lock meaning

It’s also vital to remember that the “secure lock” has nothing to do with the store’s credibility. It simply means that our connection is encrypted so no third party can get access to the data we’re sending to the server, but it says next to nothing about the server or the store owner.

Homograph attacks

Not long ago homograph attacks were possible (now they should be prevented by updated browsers). A homograph attack is an attack, where the domain looks exactly like the domain you intend to visit, but is different. It is based on using characters other than Latin alphabet characters. The most known example is the apple.com homograph. It is harmless, as it was made for proof of concept purposes.

This is NOT an apple.com page!

E-commerce business partners for security

The rule of thumb is, that the more security features a store offers, the better. It can be a client protection programme, offering a wide variety of payment options or cooperating with security companies like i.e. Subuno. Magento as an Adobe product is very respected and safe constantly being improved. 

The store owner (or any seller) as a fraud victim

Selling with eCommerce platforms might be very challenging. Usually, the law very extensively protects buyers’ rights, even at the seller’s cost. It is quite common that e-shop loses both – sold goods and the payment in the fraud process.

As an entrepreneur, it is vital to take appropriate countermeasures. Appropriate means reasonably priced, fast, transparent for the client and – most importantly – effective. All of the above is provided by the Magento and Subuno combination. 

Subuno fraud prevention module for Magento 2

At Panda Group we’ve developed a module connecting Subuno and Magento for better e-commerce transactions security. For more information please read the article Subuno fraud prevention module for Magento 2

We highly recommend such solutions as they prevent fraud in the automatic process improving sales results and reliability of the store.

Bank’s fraud vulnerability

The issue is so important that even Anne Boden, CEO at digital challenger Starling Bank, called for cooperation between different sectors to clamp down on Authorized Push Payment (APP) fraud, also known as bank transfer fraud.

The general rule of thumb says that banks are mostly accountable for operations where credit cards were present. This includes illegal, scammed duplicates of the credit card.

I have no credit card, am I safe?

Credit card fraud is done with a big variety of tools. Some methods involve using stolen customer data, i.e. stolen credit card or getting access to a client’s account, where data is stored. 

Then the thief makes an order using stored credit card data. This is often filtered by banks based on unusual behaviour or by even card owners if they are aware of the leak and have their credit cards restricted. 

Identity theft

Unfortunately having no credit card does not make you invulnerable to eCommerce fraud! The most popular Credit Card fraud is based on identity theft. The thief steals the victim’s identity and creates a bank account on their behalf. 

This can be done in a wide variety of ways. Most popular are tempting the victims to make small money transfers to prove that they are owners of the bank accounts. That small transfer is used by the scammer to validate newly created bank accounts with the victim’s personal data. 

Other sources of personal data are leaks from stores or institutions. There are a lot more identity theft methods, but this is a story for another talk.

How to protect your store?

It is clear how dangerous and common credit card frauds are. It is vital to keep your store, and your business protected. Not only does that reduces your losses due to possible fraud but also increases your client’s trust and may help get bigger sales.

First, it is important to work with credible companies and experienced developers. The E-commerce platform is a combination of software, and server and secures third-party connections like financial institutions. Experienced developers and professionals know how to secure the server, and how to establish encrypted and trusted connections. 

They can also advise the best hosting platform and tools. The long history of successful implementations and satisfied customers like Panda Group has are great indicators of the company’s reliability.

Magento e-commerce platform security

Second, it is vital to pick the correct e-commerce platform. It has to be constantly updated and adapted to the newest challenges in the e-commerce market. Magento 2 is such a platform.

It is maintained by Adobe yet it provides open source code, which lets the community expand this product and verify its security. It gets the best of paid and open source software with regularly released security patches.

Last but not least it’s a great idea to use third-party solutions, which help with KYC (Know Your Client) and perform fast checks to find fraud Credit Cards. It makes the process fast, reliable and cheap, especially when you take into account lost time and money due to possible fraud.

Best practices against e-commerce fraud

The World Wide Web provides a huge variety of possibilities when it comes to setting up your store. You can choose between different CMS with different plugins, you can also pick an open or commercial software dedicated to your purpose. 

Magento e-commerce platform scalability and reliability

A good practice is to pick a tool, which may grow with your business. Magento provided by Adobe is a great tool for any size of eCommerce operation. You can start small with just a few products and expand your store to a multi-continental selling centre as your business grows. 

You can start with your e-shop on your own or you can pick a company to help with setup, configuration and styling. It is vital to work with SEO and SEM efficiently, so you can get more clients.

Transaction verification against fraud attempts

Picking a tool to verify your clients might be tricky. You need a solution suited for your traffic and purchase volume. Usually, tools like Subuno come with a few payment plans to choose from, depending on the number of requests. 

Usually, plans cover a number of requests and include a small fee for each additional request processed, so it is really important to use an anti-bot mechanism, i.e. captcha. That prevents malicious attempts from unfair competition or even random hackers looping the same request over and over increasing your bill vastly. 

A good tool for integrating Subuno with Magento 2 is delivered by Pandagroup for free and accessible on GitHub.

Secure hosting and monitoring

Last but not least choosing the correct hosting service and monitoring tools is also vital for eCommerce shops. High reliability and disaster recovery plan are a must in order to provide your shop continuous service.

Conclusion

There are a lot of things to consider, so it is a good idea to get help from an experienced company. Panda Group has several years of experience and almost 80 satisfied customers! We’ve done many integrations with Magento and we’re helping run stores ranging from local to global businesses. Feel free to contact us and talk about your project in detail.