Online shopping fraud (also known as e-commerce fraud) is a rising threat. To counter this a coordinated crackdown has seen 59 scammers arrested and new investigative leads triggered all across Europe as part of Europol’s 2022 e-Commerce Action (eComm 2022). 19 countries took part in the successful action, which was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council (MRC). Direct assistance was received from merchants, logistic companies, banks, and payment card schemes. Investigations are still ongoing in various countries, with more arrests expected in the coming weeks.
Online Payment Security
Online payments in Europe are generally very secure, mainly due to the wide implementation of Secure Customer Authentication (SCA). SCA is a European regulatory requirement aimed at reducing fraud and making online and contactless offline payments more secure. Broadly speaking customers shopping online may be asked to verify their identity with two factors during the checkout process.
To counter this criminals are continuously altering their techniques to unlock new ways of stealing money. eComm22 has identified the following threats to the e-commerce sector:
- Phishing, vishing (Voice phishing) and smishing (SMS phishing) fraud: These are techniques for fraudulently obtaining private information. The criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
- Account Takeover (ATO) Fraud: This is a form of identity theft in which the fraudster gets access to a victim’s bank or credit card accounts and uses them to make unauthorised transactions.
- Fake websites (also referred to as Triangulation Fraud): These are websites that are not legitimate venues designed to entice the visitor into revealing sensitive information, to download some form of malware, or to purchase products that never arrive. eComm22 highlighted their use to entice buyers with cheap goods. Sometimes these fake websites appeared in ads, or links were sent to a user’s email directing them to the website through a phishing attempt. The catch is that these goods don’t actually exist, or are never shipped.
How to Protect Against Online Shopping Fraud
Europol, in conjunction with European Law Enforcement and the MRC, has today launched an awareness campaign that will be promoted through the hashtag #SellSafe. This shares practical advice on how to outwit criminals trying to abuse the online shopping experience. The aim is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open online shops without the risk of cyberattacks.
Some key tips for online shoppers are:
- Never send your card number, PIN or any other card information to anyone by e-mail.
- Never send money to anyone you don’t know.
- Always save all documents related to your online purchases.
- If you are not buying anything, don’t submit your card details.
- Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
- For more information read Europol’s Tips And Advice To Avoid Becoming A Fraud Victim
Some key tips for e-business owners are:
- Ensure all your employees are aware of the fraud issues affecting online stores.
- Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
- Get to know your customers in order to be able to verify their payments.
- For more information read Europol’s advice on Safe Sales, Safe Revenue
The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, online shopping fraud. The 14th EAST EPTF meeting took place on 9 November 2022.