In the realm of e-commerce and digital payments, there are various scenarios in which consumers, vendors, and other service providers can be defrauded or risk financial loss. Some of the most common cases include purchasing goods with stolen cards, false claims about undelivered goods, and account takeovers.
How fraudulent activity affects e-commerce stakeholders
Firstly, fraud leads to loss of consumers' funds and financial loss on our end if we refund a consumer who already received the product. Secondly, consumers lose a lot of time and peace of mind when mitigating such losses. They may have to report the matter to different agencies, deal with lots of documentation and wait as bureaucratic and investigative processes unfold.
Thirdly, as an e-commerce marketplace often targeted by fraudulent actors, our support teams can lose time to false claims, while they could be helping consumers with actual challenges. Subsequently, resolution time becomes more inconsistent, and the consumer experience deteriorates.
Additionally, consumers lose confidence in the brand if fraud becomes rampant on an e-commerce platform. And those that are unclear and ineffective in how they prevent fraud or resolve these cases can get tied up in litigation, further damaging their brand reputation and costing them more money.
What makes fraud tricky to combat?
While we know the common examples of fraud and their effects, protecting consumers is quite challenging since we don’t always fully control the starting point. For instance, fraud is commonly initiated through:
Theft of phones and bank cards – Once a fraudster has your phone, they can easily use your e-commerce apps, especially if you stay logged in. And if they have your bank card, they can use your card number and CVV/CVC to shop through a different consumer account.
Sim cloning – This can happen when you momentarily leave your phone unattended. The cloner will access your sim card's communications, including SMSs with sensitive information like an OTP. This could also enable them to change login credentials and masquerade as the account owner when communicating with an e-commerce service provider.
Social engineering – In this case, someone uses deceit, usually by pretending to be a support agent of an e-commerce service provider. They target unknowing consumers who aren't very tech-savvy and feed them a story about how their account has an issue, and they need to submit certain information to solve this issue. Once they have all the information, they take over the account and transact without the owner’s consent.
Hacking – Account owners who frequently use public Wi-Fi and other unsecured networks can easily have their information stolen. There are several prepackaged and straightforward software tools that malicious actors use to hack people’s devices and access their accounts.
Others place malware/spyware on your device and wait patiently as it periodically relays information such as keystrokes, clicks and screen recordings that reveal passwords to the hacker. This prolonged approach enables them to learn your patterns covertly and strike at the perfect moment when you have maximum funds.
Cyber Security
How Jumia tackles fraud
With JumiaPay handling an ever-increasing volume of transactions involving Jumia platforms and other businesses, the stakes couldn't be higher. More people transacting means there’s more to steal, and also, the larger the number of people involved, the higher the likelihood of having more fraudsters in the mix. On that note, here are some of the measures we take to protect consumers:
Awareness campaigns – We repeatedly emphasize that Jumia staff will never ask you for private and sensitive information relevant to transactions, such as a card number, CVV/CVC, OTP and other PINs. This message is also indicated on various pages where consumers occasionally submit their information.
Continuous authentication policies – Whenever there’s an attempt to log in to a JumiaPay account from a new device, a new OTP is sent to the account owner. This helps prevent fraudulent actors from accessing a consumer’s account if they gain the username and password since they won’t have the new required code.
Machine Learning techniques – Within the JumiaPay platform, we've embedded technology that uses machine learning to scrutinize information and patterns related to various transactions automatically. Eventually, we can gauge the possibility of fraud and the risk associated with each transaction.
We can then choose to preempt the transaction or permit it with extra attention, depending on what’s most appropriate. This is all done with minimal manual input. And as always, we have SSL and other industry-standard web and app security layers to ensure the secure transfer of transaction information.
Post-transaction evaluation – Even after transactions are completed, we revisit them to determine whether any crucial attributes may have been overlooked. And with some of them already labeled, we can quickly zoom in on the most high-risk ones and ensure that we are prepared for the next step if a consumer reaches out with a complaint.
This evaluation also helps us differentiate between suspicious and actual fraudulent activity, such as a sudden transaction of a large amount or of a repetitive nature.
Consumer support – We also have a well-versed team of agents whom you can quickly contact when having trouble with your account. For example, if you’re failing to log in or make a transaction, or if you’re seeing transactions you didn’t make in your history, we are always ready to resolve any disputes.
Trust is everything in e-commerce. consumers need to be sure their funds will make it to the correct entity only when desired. Vendors and other service providers also want to know that they are fulfilling orders being made rightfully, so they don't get into trouble later.
So to keep empowering businesses and consumers by facilitating digital payments between them, we constantly identify loopholes that fraudsters could exploit. In addition, our team continues to develop automated and manual solutions that address fraud before, during and after the act.
**************************
Fabio Costa
Fraud and Risk Manager, JumiaPay
Fabio Costa is an experienced Fraud & Risk Manager at JumiaPay, where he plays a critical role in developing effective risk management strategies. With extensive experience in multiple fields, including Business Control and Analysis, Fabio brings a wealth of knowledge to his role.
Before joining Jumia in 2021, Fabio worked as an Anti-money laundering and financial fraud analyst in various Swedish Fintech companies, honing his expertise in Risk and Fraud management.
Fabio holds a Bachelor's degree in Management from ISCTE-IUL, Portugal and two Master's degrees in Marketing and International Business Strategy from ISCTE, Portugal and Linnaeus University, Sweden respectively.