US Ecommerce Fraud Statistics2023-06-29T14:07:48-05:00
The eCommerce industry has exploded over the last few years. The pandemic accelerated this already historical growth. While this trend bodes well for eCommerce retailers across virtually every industry, the news isn’t all good.
Unfortunately, the booming eCommerce industry has become a prime target for the fraudulent activity carried out by cybercriminals.
According to the Federal Bureau of Investigation, internet fraud is defined as “the use of internet services or software with internet access to defraud victims or to otherwise take advantage of them.”
These bad actors can use many different methods to perpetrate their crimes. They can surreptitiously access a company’s network through their credit card processing software, a compromised email account, or a variety of other weak points.
Below, we’ll outline some important facts about eCommerce fraud in the U.S. We also identify some steps that you can take to protect your online business from these malicious cybercriminals.
Quick Key Facts About eCommerce Fraud Statistics in the USA
As one of the premier eCommerce platforms in the world, BigCommerce knows a thing or two about eCommerce fraud. According to one of their recent articles, online retailers cumulatively face over 206,000 cyberattacks per month. While the majority of these attacks are unsuccessful, even a single breach can be incredibly costly.
In fact, U.S. eCommerce retailers have been facing a 7.3% year-over-year increase in fraud costs. LexisNexis found that every dollar a company loses to fraud costs them $3.36 due to merchandise replacement, redistribution, interest, and other fees. Naturally, some of these costs must be passed on to consumers.
If you want to guard against eCommerce fraud effectively, you must understand what you are up against. While each instance of fraud is somewhat unique, criminals typically rely on one of several common tactics to take advantage of your business.
The most common types of eCommerce fraud are:
Basic Credit Card Fraud
The least sophisticated type of eCommerce fraud is basic credit card fraud. This occurs when a criminal uses stolen credit card info to make purchases. These individuals can make the purchase on the dark web and send the goods to a “reshipper” to minimize their risk of being caught. They will usually mask their IP using internet proxies or a virtual private network (VPN).
Another tactic involves shipping the goods to a nearby vacant house or P.O. Box. The thief may have a proxy pick up the package. When the victim files a claim with their credit card company, your eCommerce store will have to do a chargeback for the funds. The victim will get their money back, the criminal will make off with the goods, and your company will be forced to assume the loss.
As the name suggests, triangulation fraud involves three stages. The cybercriminal will create an online storefront that offers brand-name items at extremely low prices during stage one.
Unwitting consumers flock to the site in hopes of getting a great deal. The online store is designed to steal information such as credit card numbers, addresses, and names.
After accumulating enough consumer data, the fraudsters will visit legitimate eCommerce sites. They will purchase the items that the customers ordered on their fake websites and ship it to them.
This tactic is designed to mask fraudulent acts that will be perpetrated during phase three of the triangulation scheme.
The criminals will use all of that stolen consumer data to purchase additional items and ship those products to themselves. Triangulation fraud often goes undetected because consumers were expecting to see a charge for the original purchase on their credit cards.
In this type of fraud, criminals will intercept packages after purchase but before it is shipped.
For instance, a fraudster may purchase goods from a major merchant like Amazon and request that the items be shipped to the address on file.
They will then call or email customer service and request that the shipping address be altered to another location.
Certain payment processing platforms provide specific responses for every type of credit card decline. They will display a specific message if the expiration date or security code is incorrect. This allows fraudsters to determine what information they are missing when attempting to use stolen credit card information.
For example, if they determine that they are only missing the expiration date information, they can repeatedly try different dates until the payment is processed.
eCommerce merchants can avoid contributing to this type of fraud by using more advanced credit card processing technology. This will also help them protect their assets and their customers.
Identity theft occurs when a criminal obtains a consumer’s personal information and uses this data to open fraudulent credit cards in their name. They will then make purchases on various eCommerce stores.
Criminals will often max out these cards rather quickly to purchase a large volume of valuable products.
If one of these fraudsters decides to make several thousand dollars of purchases solely on your eCommerce store, this can drastically impact your profitability.
Account Takeovers or Phishing
By allowing customers to create accounts on your website, you can expedite the checkout process and encourage more spending. However, storing customer data can also make your store a target for account takeover or phishing attacks.
Phishing is a widely used tactic that is designed to trick consumers into giving up their personal data.
Often, phishing involves sending fake emails to consumers. The email will purport to be sent from a customer service department of a store such as Amazon. Once the hacker obtains the customer’s username and password, they will log in to their account and change the sign-in information. They will then make fraudulent purchases on those accounts.
Also known as “friendly fraud”, chargeback fraud is usually committed by your average consumer, not a professional hacker. This type of fraud occurs when one of your shoppers makes a purchase, receives their items, and then requests a refund from their credit card company. The credit card company will then send this request through the card issuer, issuing a refund to the consumer.
When this occurs, you will be responsible for refunding the consumer. Many times, the shopper will not contest the charge for weeks or even months. They hope your business will simply refund them and not dispute the claim.
Average Percentage of Fraudulent Monthly Transactions on eCommerce Businesses
The next section will assess the average percentage of monthly fraudulent transactions on eCommerce businesses. The businesses are classified as either “small” or “mid-to-large.”
The mid-to-large-sized retailers are grouped based on the types of goods they sell as well. For the purposes of this article, a small eCommerce store is defined as a retailer with less than $10M in annual sales, while a mid-range or large retailer is defined as an entity with $10M+ in annual sales.
Small eCommerce Retailers
In their “True Cost of Fraud” study, LexisNexis researchers found that small U.S. e-retailers experienced an 8.4% increase in fraudulent transactions between 2019 and 2020.
These retailers were experiencing an average of 83 fraudulent transactions per month in 2019. That number rose to 90 transactions in 2020.
While small eCommerce retailers experienced the least significant increase, it is still vital that these entities take steps to protect themselves from fraud by using reputable credit card processing services.
Large eCommerce retailers selling physical goods experienced a much larger uptick in fraudulent transactions. Successful fraud attacks rose from 356 to 407, which translates to a 14.3% increase. Over the course of a year, that totals over 600 instances of fraud per eCommerce business.
Mid-to-Large Sized eCommerce Retailers Selling Digital Goods
Of the three categories of eCommerce retailers examined during the LexisNexis study, large companies that sell digital goods were hit the hardest. Retailers that sell products in this category experienced a 37.1% increase in successful fraudulent transactions per month. Between 2019 and 2020, the number of transactions rose from 474 to a staggering 650.
How Much Money Do Online Merchants Lose to eCommerce Fraud Every Year?
As you can see, the frequency of eCommerce fraud is rapidly increasing. Criminals are becoming more skilled at perpetrating these attacks as well. The result is that eCommerce retailers are losing tens of thousands of dollars every single year. In total, online payment fraud losses for eCommerce retailers are projected to exceed $20B this year.
While the exact losses associated with each successful fraud event will vary, online retailers lose an average of 7.6% of annual revenue to fraud-associated expenses. In light of this fact, online retail merchants must implement proven fraud prevention tips, but more on that below.
How Much Does an Average Online Business Spend Monthly to Combat eCommerce Fraud?
Currently, online businesses spend about 8% of their monthly revenue to combat eCommerce fraud. This number holds true for small and large eCommerce retailers, regardless of the type of products they sell. There were no notable differences between the retailers that sell physical goods and those that sell digital products.
Impact of COVID-19 on eCommerce Fraud
The coronavirus pandemic was directly linked to an increase in both the frequency and cost of eCommerce fraud. According to LexisNexis, every dollar of merchandise or funds that criminals obtained via fraudulent activity translated to $3.60 in losses for merchants. Prior to the pandemic, this figure was at $3.13.
COVID-19 drastically changed the behaviors of average consumers. Buyers are relying more on mobile channels for online shopping and payment processing. In response, many eCommerce merchants rapidly augmented their capabilities so that they could accept payments made using contactless payment and digital wallets. Unfortunately, many of these merchants cut corners at the expense of cybersecurity.
The volume of fraud attacks increased by 140% post-pandemic in terms of frequency. On average, eCommerce retailers experience roughly 824 attacks per month. This is up from just 344 attacks per month pre-pandemic.
eCommerce Fraud Prevention Tips for Online Businesses
There are several ways that online businesses can guard against eCommerce fraud, including:
Conduct Regular Cybersecurity Audits
As an eCommerce business owner, you should regularly conduct cybersecurity audits. You can conduct these audits independently. However, the more effective approach is to partner with a cybersecurity firm and allow them to conduct the audit.
A third-party auditor will be able to approach the problem objectively. They may uncover weaknesses that you and your team have overlooked. At a minimum, you should conduct these audits bi-annually. If you are overseeing a massive operation, quarterly audits may be needed for optimal fraud prevention.
Merge Cybersecurity and the Digital Experience
Many eCommerce retailers continue to view fraud prevention and the user experience as separate concerns. However, the best approach is to integrate these two aspects of your operations.
LexisNexis found that the organizations that utilized this tactic were able to drastically decrease the number of successful fraud attacks that they experienced. Specifically, organizations that used a multi-solution layered approach decreased fraud attacks from 1,280 to 372.
These entities were using 7 different security solutions on average. A few examples include risk assessment technologies, biometrics, multi-factor authentication, etc. The purpose of a multilayered approach is to eliminate vulnerabilities that fraudsters may attempt to exploit. While it is impossible to eliminate every vulnerability, the fewer weaknesses that your business has, the more successful you will be at mitigating fraud.