eCommerce Fraud : How To Secure Your Entire Customer Journey Using Behavioral Metrics

warehouse ecommerce

There are a lot of interesting new developments in eCommerce every day. Customers need ever more personalized options, fast gratification, and fewer obstacles when checking out. Hence, providing seamless customer experience is now possible for merchants.

The sad truth is that whenever there are significant opportunities, opportunists are bound to rise to take advantage of them. However, fraudsters are inventing more complex methods of stealing eCommerce sales.

Merchants might unknowingly become more exposed to some types of abuse and fraud

when satisfying consumer expectations. With regards to fraud prevention, frictionless customer service might be an obstacle.

Friendly fraud, phishing, and chargeback fraud are some of the fraud types shops currently struggle with, but new and increasing types of fraud to keep on top of are emerging.

eCommerce Fraud Statistics of 2021

What’s even more predictable is that worldwide eCommerce sales are predicted to hit $4.9 trillion by 2021, as 59.5% of the global population have internet access and more people choose convenience-focused shopping. However, as seen above, we predict that worldwide payment fraud would result in a $40.62 billion dollar loss for businesses by 2027.

  • Additionally, both companies and customers have reported a rise in ecommerce fraud, with 20% of fraud victims saying that the occurrence occurred within the previous year.
  • Global payments fraud tripled from $9.84 billion in 2011 to $32.39 billion in 2020. The anticipated 2027 cost is $40.62 billion, double that of 2020.
  • After COVID-19, the FDP market will grow from $20.9 billion in 2020 to $38.2 billion in 2025. (Markets and Markets, 2020).
  • Every month, online retailers face 200,000 web attacks
  • Midsize businesses saw a 43% to 48% monthly increase in successful fraud attempts, while small and midsize merchants saw a 27% increase.
  • According to the survey, 47% of businesses had experienced fraud in the previous two years.
  • Every month on the 15th and 30th, retail websites receive over 75,000 daily attacks. Paychecks typically arrive on the same day as purchases, boosting online sales.
  • By 2023, firms will have spent about $9.6 billion on fraud detection. Not companies, but payment service providers and banks are pushing this.
  • Individuals aged 20 to 29 had the most fraud cases (33% of the total), followed by adults aged 70 to 79, (13 percent of the total).
  • About 20% of the victims said they’d been scammed in the past year.
  • A bit over half of those polled said they have encountered Internet fraud. Contacting individuals via mobile spam calls (18%), door-to-door sales (13%), postal letters (13%), or stores (5%).
  • Concerns about credit card theft and sensitive data exploitation are shared by 21% of customers.

eCommerce fraud touchpoints

Fraud occurs both at the time of the transaction and after the checkout. As the complete client experience unfolds, it’s occurring simultaneously. Whenever a connection is established between a seller and a customer, the chances of fraudulent activity increases. The list is not pretty extensive but let’s take a look at some of the examples:

Creating an online account 

Online shopping is made easy thanks to the simple account creation procedure, the opportunity to earn loyalty points, and the availability of special discounts. It can be a wonderful site for synthetic identity fraud, but it is also an excellent place for that crime.

In other words, these fraudsters create a completely fabricated fake person by combining authentic identity information (such as legitimate email addresses and burner phones) with completely bogus information such as non-existing email addresses, nonexistent social security numbers, and stolen identities.

Fraudsters set up new internet identities by utilising phoney identities and pre-existing credit histories. After the fraudsters have taken their leave, the subsequent bill payments will follow their tracks, laying bare their financial footprint. The acts are real, but the person’s identity is a fabrication.

Merchants struggle with synthetic identities because they must give consideration to humans. So they feel putting the focus on customer experience above going after the “bad apples” is key.

Updating existing account 

Our initial fraud touchpoint addressed the fraudsters who established phoney accounts. This new fraud touchpoint focuses on honest individuals and companies who are put at risk as a result of lawful activities.

Fraudsters can acquire access to eCommerce accounts by orchestrating account takeover fraud (ATO). In all of these scenarios, stolen security codes and passwords or the use of a phishing or malware assault can all serve as ways of entry. Data breaches over the years have offered scammers a cornucopia of PII that may be used in the ATO.

When they have gained control of the account, the fraudster will use data like phone numbers, emails, and addresses to update more subtle pieces of information like bank account information and then use expensive purchases with the goal of reselling the items or benefitting from personal use. It is not until the theft is detected that people are aware of the compromise.

A known type of identity theft, an ATO incident may cause tremendous harm to a business’s image.

Payment authorization

You have probably noticed “pending charge” on your credit card account while using an internet tool. If that is the case, you are witnessing how payment authorisation works.

 After customers have paid for their items, in a very short period of time, a complex sequence of events plays out amongst several parties including the retailer, payment processing gateway, payment processor, and the issuing bank.

The point of first contact is where scammers may take advantage. When criminals get stolen credit card details or purchase them over the dark web, this type of fraud happens.

Bots are used to test large numbers of credit card numbers on very modest transactions since people who handle card purchases may not know the credit card number or limit even if it’s genuine. Because tiny purchases go undetected, these early ones typically go unreported as well. 

Fraudsters learn when credit card numbers work, so they use these numbers more often to do more expensive transactions.

When bigger purchases have been made, retailers and consumers both tend to notice that card testing fraud has occurred. Many purchases may have been made at that moment as a result of fraud.

Order fulfillment

Pick-up in-store for online orders was an experiment prior to the advent of omnichannel in 2020.

ACI Worldwide claims that BOPIS-based ordering prior to COVID-19 increased retail sales by 70% and BOPIS-based order value by 58% in 2020. Because it was the year in which the highest number of merchants first adopted BOPIS delivery, 2020 was also the year in which the most merchants utilised BOPIS shipping.

There is nothing to not love. By shopping online, customers save time, money, and the inconvenience of shipping and picking up packages in a store.

While this is an opportunity, the fraudsters lurk in the shadows and wait to pounce when the opportunity presents itself. The overall BOPIS fraud attempt rate has grown, from 4.6 percent for other delivery channels to 7 percent, thanks to BOPIS growth.

Scammers simply take possession of the goods by utilising the fraudulent credit card they used to order it.

As a result, many businesses have to employ additional checkpoints, such as separate shipping and billing addresses, distance computations, and other suspicious behaviours, to screen customers before allowing them to make an order.

Not wishing to risk harming the client experience, retail employees frequently do not go through standard identity verification procedures to verify that the individual presenting the identification actually exists. Because of this, the criminal might end up having all of their money in their pockets at the same time.

Customer retention and loyalty

Retention is also one of merchants’ major objectives. A loyalty program is a merchant tool that can help to retain customers. It’s important to design a strong loyalty programme , since this may help retain customers while reducing the amount of money that you spend on finding new customers.

In addition, this virtual goldmine of important data gives organizations the opportunity to continually innovate and improve their customers’ experiences. This approach provides customers with increased attention, valuable rewards, and the chance to establish a connection with the merchant.

This can’t be a zero-sum game, can it? The engagement of a third party — particularly, the fraudster — into the loyalty equation has therefore only begun. On the other hand, compared to the balances of their credit cards and checking accounts, people aren’t very keen on checking their loyalty account balances.

Synthetic identity fraud is used by criminals to utilise or steal credit, points or other forms of value, which they may redeem or steal via loyalty programme fraud. The most often employed tactics for these con artists are to redeem gift cards and resell them on the black market, receiving the remainder of their purchase price.

Because loyalty programs contain several additional data points on its consumers, fraudsters have free access to personal information. Because they have access to their customers’ personal information, such as their age, number of people in their household, and annual income, scammers have unfettered access to personal information about consumers, including their date of birth, marital status, and other demographic details.


When the policy is customer-friendly, it increases the probability that customers will purchase. Returns are a convenient target for fraudsters since returns are easy to manipulate. In general, each time a fraudster abuses a merchant’s return policy, fraud is being committed.

Returned items totaled $428 billion, of which 5.9% were fraudulent and amounted to $25.3 billion, according to the NRF.

A significant number of false returns are conducted by individual filers. Although individuals misuse merchant return policies in a variety of ways, these are some of the ways they do it.

Placing large orders in order to obtain free shipping or other advantages, with the intention of returning a large percentage of the things purchased.

wardrobing is a customer return which refers to buying an item, wearing it, then returning the purchase as it is unused.

While return fraud is harmful, organized crime rings also known as OCRs are involved in far more serious kinds of return fraud. 

These organised criminals utilise credit cards to purchase items once they have gained access to a customer’s account via credit card theft or synthetic identity fraud. The product is returned without a receipt, and merchants may choose to apply credit or gift cards in exchange. 

Alternatively, merchants may choose to sell the returned merchandise to other businesses, individuals, or third-party gift card sellers.

There is an extra operational expense in processing returns, shipping, and replenishing inventory, as well as the lost income that comes from returned goods. There is a high level of sophistication involved in trying to combat identity theft and financial fraud, as organised crime rings utilise payment methods and new accounts to conceal their identities.

Securing customer journey through behavioral metrics

If customer journey touchpoints are riddled with fraud, the issue is to identify it before any losses occur.

Before returning fraudsters are able to reacquire stolen property, they must first obtain the stolen commodities.

Before customers can receive the products, they must first pay for them.

Before stealing loyalty points or paying for the purchase, they first have to either create a new account or update the previous one.

Prior to all of this, criminals go about their day-to-day business just like everyone else. The current session is beginning an ecommerce process.

Merchants may use machine learning models and fraud protection solutions to detect suspicious behaviors across the customer experience, and across all sessions.

Behavioral biometrics – An emerging trend in the market

While fraudsters have no problem mimicking actual consumers’ credentials, their conduct is more susceptible to manipulation. The correct user credentials are not always the deciding factor; it is how the user enters them that matters. This can be as distinctive as a fraudster’s fingerprints and just as distinct as a legal user’s well-known routines.

As the basis for a new and rising kind of fraud protection, behavioural biometrics is a novel way of detecting tiny “tells.”

How does it work?

Behavioral biometrics relies on machine learning to build up authentic user profiles as part of background processing. The approach incorporates new and previously undisclosed risks by validating existing good users first. Since it is behind the scenes and is therefore passive, it doesn’t irritate customers or merchants until it is determined that a session is risky.

How a fraudster becomes prey of behavioural biometrics

Predators lurking behind the scenes as fraudsters start an ecommerce activity.

It’s not high enough for the predator to pounce, but the keystroke dynamics and type speed raise a warning signal. The fraudster is attempting to establish a new account.

As the fraudster creates a new account with a fake identity, alarms go out since the biometrics are not those of a real client. It’s time to strike: run the unknown identity through extra fraud checks before allowing the order to be completed and fulfilled.

Behavioral biometrics adjusts to user behaviour and authenticates real shoppers rather than creating needless barriers. Merchants can also terminate fraudulent sessions, require users to re-authenticate, or suspend accounts. Finally, this real-time last barrier against a possibly fraudulent transaction helps retailers retain client experience.


The scammers will evolve along with the ecommerce sector. It’s possible to outwit the continuous cat-and-mouse game. Instead of only protecting the transaction, businesses must recognise that fraudsters disclose themselves with every keystroke and session.

Thankfully, advances in machine learning and behavioural biometrics enable merchants to identify and stop fraudsters before they cause $130 billion in losses by 2023.

Better customer service or better fraud detection and prevention? Now merchants may choose between the two. They need both.

If you’re a WooCommerce B2B store owner and want to enhance your productivity, then B2BWoo is the best option for you. It’s a one-stop-shop for your every WooCommerce B2B eCommerce solutions.

A writer by profession, Maria Ilyas is an eCommerce and digital marketing enthusiast and is always digging into the latest marketing trends, best practices, and growth strategies.