A huge in-flux of people across Southeast Asia are shopping online, as 83% of internet users aged 16-64 in Sept 2019 within South East Asia reported purchasing a product on online platforms, according to a report by DataReportal, an online market research company.
The region’s e-commerce adoption rates are amongst the highest in the world. Statista, a company specializing in market and consumer data, showed that the value of online consumer goods purchased in Southeast Asia grew by more than 25 percent from 2018-2019.
Since 2020, as a result of the pandemic, hundreds of millions more customers have shifted their everyday monetary transactional activities online, mostly out of dire need with the imposition of social restrictions.
With SEA’s high mobile penetration rate and evolving digital payments, cybercriminals are rampant in taking advantage of this vast channel for exploitation. According to the Data Breach Index, online payment solutions are directly linked to the increase in fraud.
It says that more than 5 million customer information records are being stolen daily. This is a disturbing statistic that demonstrates how prevalent fraud is in internet transactions. We look at some common online payment scams and what merchants and customers can do to protect themselves.
Digital payments can be classified as card-not-present (CNP) transactions, and they are a huge target for cybercriminals because it is more difficult for merchants to verify that the actual cardholder is making the purchase, thereby making online payment fraud one of the most common types of fraud globally. The European Central Bank estimates that more than 60% of credit card fraud is associated with CNP transactions.
Phishing, identity theft, triangulation and remote access scams are high on the list of scams that result in theft of sensitive information for access to money.
In phishing and identity theft, the personal information of a genuine user like user id, card number, password, other credit card information is collected via a fraudulent SMS or email and used to make an online purchase illegally without the owner’s knowledge. AI-enabled bots generated from data breaches can be used for identity theft and account takeovers. Fake accounts are created with real information, making it difficult to track the account and to determine if the account holder is authentic. Scammers also use card holders’ negligence to exploit weak spots and get away with theft.
In triangulation, fraudsters create a fake online shop offering products at cheap prices, where they can collect credit card data from customers who visit the site. When customers order, the fraudster gets the product from the real website merchant using the stolen credit card information and sends that product to the customer. The fraudster gains payment for the goods and the customer ends up paying twice, to the fraud store and with the actual price to the real merchant. In these cases, customers will issue a complaint to their banks and merchants will usually be charged a chargeback, which is the amount that may be debited from the merchant’s account in case of a genuine complaint from the customer.
In remote access scams, scammers pretending to be IT troubleshooters working for popular companies may attempt to gain access to customer’s home computers and mobile devices remotely in the pretence of helping victims with their technical difficulties. Once they get remote access, they will perform several criminal activities, including steal the victim’s money, view or download sensitive information, or infect the victim’s device with viruses for future scams.
As an online merchant, you can take some measures to prevent and mitigate online fraud. You can use updated and high-quality software for running online stores, in addition to improved and reliable third-party payment processors with Address Verification System (AVS) and Credit code Verification (CVV) facilities. Make sure that all websites representing the online store are secured with HTTPS. You should apply fraud detection and management software to detect high-risk transactions. Analysing the risk factors with fraud risk assessment also helps while making online payment processes comply with rules, applicable laws, and regulations.
For customers, never provide remote access to an unsolicited caller. The vast majority of service providers will not request remote access to your device, especially if they were the ones that called you. Familiarise yourself with remote access scam techniques. Popular work tools such as Zoom and Slack now have remote access functionality built-in. Be wary of unknown parties attempting to call through these apps, and ensure that you know how to both identify and reject a remote access request. Be wary of any unexpected phone calls from telecommunications, technical support, or other major service providers. Do not provide personal information or access details to an unexpected caller, such as your email and username. Spreading awareness is the best thing that you can do to ensure the safety of your transactions and business.
Additionally, you can complain through these available channels provided by the Ministry of Domestic Trade and Consumer Affairs:
- e-Complaints (e-Aduan) portal at : http://e-aduan.kpdnhep.gov.my
- Whatsapp 0192794317
- Email: [email protected]
- Call their hotline at 1-800-886-800
- Visit the Ministry of Domestic Trade and Consumer Affairs
