While physical retail might be making a comeback, it will be hard for retail storefronts to compete with the convenience, variety, and availability of the worldwide web. Unfortunately, online office supply sales are no exception to the rule. While overall sales have continued to increase as companies begin to return to normal operations, online purchases have continued to outpace those in physical retail establishments.
But the continued and growing reliance on digital purchases has opened up a bigger problem for companies; online security and the risk of company data falling into the wrong hands.
Online shopping has been available for years. But the rapid growth and significant boost seen since the end of 2020 has also made businesses offering online sales options even more of a target than before. With more traffic, fraudsters see more opportunities to attack unsuspecting businesses and their customers. In some cases, legitimate businesses are even willing to resort to underhanded tactics to take down the competition.
When Online Stores Crash
There have been multiple instances in the news where online retailers are flooded with so much website traffic that it causes long wait times or even completely crashes the site. If a company or page has been featured in a popular show or showcased heavily, this might be real business reaching levels overwhelming the host server. But for print management, services, and supplies that serve the needs of corporations and business offices, attracting that much website traffic is highly unlikely. The more likely scenario is a Distributed Denial of Service Attack or DDoS.
A DDoS attack employs utilizes bots to significantly raise traffic on an eCommerce site to the point where it crashes or stops performing normally. For businesses looking to take out the competition, the disruption in regular service can degrade client confidence in the company’s ability to meet convenience and supply expectations. In 2021, there were a record-breaking 9.84 million DDoS attacks in the USA.
For cybercriminals, the tactic can be used as a diversion to mask other, more nefarious activities such as planting malware or backend hacking to steal data. The fallout for small eCommerce from a DDoS attack can reach as high as $50,000 per incident.
Other Types of Online Fraud
While DDoS is one of the most common tactics used against online stores, there are several other ways criminals attempt to take advantage of businesses and their customers.
- Interception fraud is an order placed as usual with a matching shipping address and stolen credit card information. However, the actual purchaser intercepts the order by calling the shipping company or customer care representative to change the final delivery address once the order is accepted.
- Account takeover fraud occurs when criminals log into a customer’s account. They have usually gained access to the account by purchasing passwords from the dark web or through phishing schemes. Once logged into the account, criminals will make orders or change customer details.
- Triangulation fraud is performed by setting up a storefront with pricing that will attract customers. They then use stolen credit card numbers to purchase goods from other eCommerce sites to fulfill their orders. As a result, their customers receive their goods, but the original store and the owners of the stolen credit cards are victims of fraud.
- Friendly fraud is based on standard customer care practices for legitimate grievances. For example, criminals will order a product and then cite a problem with the product or delivery to either request their money back from the business or initiate a chargeback directly with their payment processor.
Identifying Commercial Fraud
Many online store platforms have the technology to help guard against the most common forms of fraud. However, office printer industry businesses should be aware of the critical signs of criminal eCommerce behavior to add an extra layer of protection for the company and its customers. Some things to look out for include:
- Inconsistent order details are a big signal of potential fraud. For example, if the zip code and city don’t match or the IP address of the shopper and their email address don’t match, it is most likely a sign of attempted fraudulent activity.
- When a client suddenly places a larger than average order, it is a giant red flag. It might be good to contact the customer to confirm the quantity and other details before processing the transaction.
- Customers usually order using a specific IP address. Therefore, anytime a customer logs in from a new IP, it is advisable to require additional login steps and follow up with the customer for an order confirmation.
- If a customer was not initially set up with multiple shipping addresses and is suddenly expanding the number of delivery locations, it could be a sign of criminal activity.
- The timeframe is another item to watch closely. Criminals usually utilize bots and will trigger a series of activities in a short timeframe, such as multiple orders, multiple credit cards, or initiating several declined transactions in a row.
With the rapid increase in online shopping platforms and the ongoing move of consumers to digital channels, fraudsters are thriving on attacking businesses and their customers. Those who are new to the eCommerce space are especially vulnerable. Therefore, companies planning to operate or already use an online store should make sure they are training staff and taking steps to secure themselves and their customers.