In December 2019, malware was discovered on the servers used to process payments made at Wawa convenience store locations. More than 850 stores were affected. The company took the necessary steps to secure its servers and issued a statement to apologize and inform customers.

Three weeks after the breach, the stolen credit card numbers were found for sale on the dark web.

It’s easier than ever to purchase that type of information, and criminals often bundle stolen data with guides that explain how to use it to commit fraud in an attempt to appeal to would-be fraudsters. In fact, this card-not-present (CNP) type of fraud is growing at a fast pace.

CNP fraud refers to fraudulent transactions where the retailer doesn’t have physical access to the card used, which includes online transactions. CNP fraud is expected to increase by 14% by 2023, and will cost retailers $130 billion between 2018 and 2023.

Consumers are aware of these risks. In 2018, 27% of customers said they abandoned an online transaction due to the lack of visible security features. Retailers need to reassure customers while facing increasingly sophisticated attacks and taking appropriate security measures.

Credit card fraud

There are different types of credit card fraud:

  • Some swindlers use shopping sites to test stolen information. They typically use bots to place a large number of orders and see which credit card numbers are valid.
  • Some criminals physically steal credit cards and use them to make online purchases. These fraudulent transactions are hard to spot since the perpetrator has access to the cards CVV number.
  • Stolen data obtained via phishing or malware can also be used to conduct fraudulent transactions. The information might be incomplete, but criminals are using increasingly sophisticated methods to obtain the information they need.

The purpose of credit card fraud is usually to obtain goods that the criminal can resell. Goods are sometimes shipped to the address of the fraudster, but some criminals use re-shippers who don’t know they’re handling stolen goods.

CNP fraud is costly for online retailers because they’re liable for verifying shoppers’ identity and legally have to reimburse the victim of a fraudulent transaction.

Criminals who commit chargeback fraud will perform a legitimate transaction and submit an unwarranted reimbursement claim. They might claim that the item was never received or is defective, or that the charge was made on a stolen card.

Phishing: 1 of every 99 emails

Social engineering and phishing emails are two of the most common methods scammers use to steal valuable information.

With one in 99 emails being a phishing attack, it’s a risk retailers can’t afford to ignore. Some attackers will spoof emails from financial institutions to obtain credit card numbers. Others use fake shopping site login pages to steal credentials and access stored payment information.

Using more advanced social engineering methods, it’s possible to spoof a phone number and impersonate a customer service representative from a financial institution. These calls can target customers as well as retailers’ customer service departments.

Interception fraud

Interception fraud is where a criminal orders goods with a stolen credit card and uses the address of the victim when they place the order.

The individual will then contact the retailer or the shipping service and request for the shipping address to be updated so they can intercept the package. In some cases, the criminal will target a victim who lives nearby so they can grab the package from the victim’s porch.

Identity theft

Identity theft scams are hard to identify due to their high level of sophistication. Identity theft hit an all-time high with 16.7 million victims in 2017 before falling to 14.4 million victims in 2018. Even though there are fewer victims, fraud losses are increasing.

Identity thieves operate by obtaining enough data to open credit lines in their victim’s name, take over existing credit accounts and even steal tax returns.

Criminals who open new credit lines in their victim’s name usually have time to make large purchases before the victim catches on.

Fraud prevention strategies

There are a few steps you can implement to protect yourself from retail fraud:

  • Verify that shoppers have physical access to a card by asking for the CVV number at checkout.
  • Don’t store the CVV number in customers’ online accounts.
  • Your own records can protect you from chargeback fraud. An order with a matching billing and shipping address can be a proof that the card wasn’t stolen.
  • Tracking numbers can prove that an order was delivered and protect you from chargeback scams where the fraudster claims they never received the item.
  • Educate employees about phishing and social engineering scams, and enforce strong security policies to protect shoppers’ data.

You can improve the outcome of your fraud prevention program by relying on ecommerce fraud prevention software. Machine learning fraud detection leverages billions of consortium transactions and outcomes to detect fraud at every stage of the customer life cycle, in real-time to detect unusual transaction patterns. addresses these problems with a comprehensive and flexible fraud prevention platform, including AI / Deep Learning models, consortium fraud data, highly customizable case management and advanced analytics.

Learn More