Online shopping is the process of buying goods and services from merchants over the Internet. Since the emergence of the World Wide Web, merchants have sought to sell their products to people who spend time online. Shoppers can visit web stores from the comfort of their homes and shop as they sit in front of the computer. Consumers can buy a huge variety of items from online stores, and just about anything can be purchased from companies that provide their products online. Books, clothing, household appliances, toys, hardware, software, and health insurance are just some of the hundreds of products consumers can buy from an online store. Many people choose to shop online because of the convenience. For example, when a person shops at a brick-and-mortar store, he/she has to drive to the store, find a parking place, and walk throughout the store until that person locates the products in need. After finding the items that the person wants to purchase, he/she may often need to stand in long lines at the cash register. In contrast, online shopping helps consumers avoid these disadvantages. A person only has to log onto the Internet, visit the store’s website, and choose the items desired. The items are held in a virtual shopping cart until ready to make the purchase. Online stores seldom close.
Despite the convenience, not everyone chooses to purchase items and services online. Some people like the idea of physically going to a store and experiencing the shopping process. They like to touch the merchandise, try on clothing, and be around other people. Online shopping doesn’t permit shoppers to touch products or have any social interaction, and it also doesn’t allow them to take the merchandise home the same day they buy it.
Other people may worry about shopping online because they fear their credit card information will be compromised. Since it’s necessary to provide credit card information when purchasing products online, individuals can become victims of identity theft. Using secure servers can help, but it’s no guarantee that credit information will remain private. Another reason some consumers avoid shopping online is the fact that they worry that the products they purchase are not accurately portrayed in the website’s picture or that they will be of lesser quality. It’s also impossible to try on apparel bought over the Internet, so a consumer has to rely on body measurements to make sure the clothing will fit properly. If the clothing arrives in the mail and it’s too small, it must be mailed back, which is a potential inconvenience that some shoppers may not wish to face.
E-commerce fraud is called payment fraud and is any type of illegal or false transaction. E-commerce is undoubtedly the biggest part and contributor to online business. Day by day the E-commerce sector is evolving, getting more influence and growing revenues. But unfortunately, growing revenues comes with the price of increasing fraud. As of today, one of the most concerning things for eCommerce businesses is online fraud. As a merchant, if a person is running an E-commerce business it is necessary to take precautions against online fraud. E-commerce fraud is an illegal transaction performed on an E-commerce platform by a criminal or fraudster by using stolen payment information for online transactions without the account owner’s knowledge. It is also known as purchase fraud. It can be done by using a false identity, stolen credit card, fake cards, and details, false personal and card information, etc.
The number of online shopping frauds registered with the National Consumer Helpline has jumped nearly six times from 977 cases in FY17 to 5,620 cases in FY20 till November 2019, taking the total count of cases since FY17 to 13,993. Needless to say, E-commerce places are flooding with various reasons for fraud to take place. Here are some of them:
- The remote working scenario can help increase sales and distribution fraud.
- Counterfeit and damaged products can be put in distribution to meet the increased demand.
- Third-party vendors and resales and their conflicts of interest.
- Tampering with inventory management.
- Cyber fraud
- Hiring unethical employees / hiring employees without doing a proper background check.
With everything going digital and with the help of AI, fraudsters are becoming intelligent, deriving new ways, and becoming more sophisticated with every passing year. With advanced technologies, it is easy to steal data and buy information. Online aliases are making it hard to detect and catch the culprit. In comparison, time and resources constraints on gathering the evidence and prosecutions are not so much.
TYPES OF ECOMMERCE FRAUDS:
1) Identity theft:
Identity theft or identity fraud takes place when an impostor obtains and uses personally identifiable and financial information of another person. This is a form of illegal impersonation. It is the unauthorized use of personal and financial data. This fraud not only affects customers but equally affects the merchant, as customers can place a refund request.
Customers may feel that their personal and financial data is vulnerable and cannot be shared on eCommerce websites or web shops are less likely to checkout. This can cost a store dip in reputation. Account takeover is a form of identity theft, in which the fraudster gains access to the user’s account and engages in fraudulent activity. This can be done by a variety of methods, like purchasing and hacking details like passwords, and security codes, implementing phishing schemes, etc.
2) Chargeback fraud:
This is also known as friendly fraud. In this type of fraud, the customer keeps the goods/products purchased online from the eCommerce shop but still asks for a refund stating the purchase was never made or payment was made twice or the item was never received. Having a clear refund, reshipping, tracked shipping, and return policies for the e-store may help to reduce this ‘friendly’ fraud.
3) Clean fraud:
This fraud is done with a stolen credit card from a genuine user and is used to make an online purchase. The stolen card and cardholder’s information is used to commit fraud which looks like a legitimate purchase made by verified customers.
4) Phishing:
In phishing personal information of a genuine user like user id, card number, password, or other credit card information is collected via a fraudulent SMS or an email and used to make an online purchase illegally or without the owner’s knowledge.
In this type, the user generally gets an SMS or email requesting personal data or a false link to install the malware to obtain this personal data. The fraudster often pretends to be a trusted company or source to ask for such information.
5) Triangulation fraud:
In this type of fraud, the fraudster creates a fake online shop offering goods/ products at cheap prices. These web shops are used to collect credit card data from the customers who visit the site. When the order is placed, the fraudster orders the product from the real website/merchant using the stolen credit card information and has sent that product to the customer. The fraudster gains the payment for the goods and the customer ends up paying twice. Once for the fraud store and once for the actual price to the real merchant.
What one can do in such a situation?
“Knowledge” is perhaps the best tool when it comes to avoiding problems with shopping and providing personal details online. It is important to pay attention – and wherever possible try to order from large, reputable stores that have a history of providing good customer service. With the online marketplace being so competitive, these retailers must maintain the highest standards for security and customer satisfaction. You can often read comments from others that have ordered from a store or online seller and these can be a useful guide. A good way to make sure that webpages requesting your personal details are secure is to check for the “https://” (rather than “https://”) at the beginning of the URL – the “s” tells you that the page is using an encrypted protocol to safeguard the information that is entered.
When it comes to phishing attempts, you should never send any personal information via email. If you have any doubt as to whether a request for personal information or order confirmation is legitimate, do not respond. Instead, log into the website that is allegedly making this request and check the order or account status through the site itself, or contact the website customer service number and speak to an operator to confirm the request.
LEGISLATION:
Under the IT Act, 2000 as changed by Information Technology (Amendment) Act, 2008. Section 43(a), 43(b), and 43(g) read with section 66 are applicable, and sections 420, 467, 468, and 471 of IPC,1860 are applicable. The victim can enlist a complaint in the closest police station where the above crime has been carried out or where he comes to think about the said crime.
Section 66C – Identity theft using passwords, digital signatures, biometric thumb impressions or other identifying features of another person for fraudulent purposes. An example is – when a criminal obtained the login and password of an online trading account and transferred the profit to his account by doing online transactions in the trading account in an unauthorized manner. The criminal was charged under Section 66C.
Section 66D – Cheating by Personation Using Computer Resources. Punishment if found guilty can be imprisonment up to three years and/or up to Rs 1 lakh fine. An example: A criminal who posed as a woman and tried to seduce a businessman to extort Rs 96 lakh from him by creating a fake email Id and trapping him in a cyber relationship. The criminal was arrested and charged under Section 66D and various other IPC sections.
Section 66F – Acts of cyber terrorism. Guilty can be served a sentence of imprisonment up to life! An example: When a threat email was sent to the Bombay Stock Exchange and the National Stock Exchange, which challenged the security forces to prevent a terror attack planned on these institutions. The criminal was apprehended and charged under Section 66F of the IT Act.
PUNISHMENT:
If crime is proved under the IT Act, the accused shall be punished which may extend to three years, or with a fine which may extend to five lakh rupees, or both.
As per section 77-B of the IT Act, 2000 the above offence shall be cognizable and bailable while in Section 268 of the IPC is applied along with other sections the said offence is non-cognizable, bailable, non-compoundable with permission of the court before which the prosecution of such offence is pending by any magistrate.
CASE LAW:
- Shri Umashankar Sivasubramaniam v/s ICICI Bank: (Petition No. 2462/2008)
In this case, a customer of ICICI Bank named Mr. Umashankar Sivasubramaniam lost Rs. 6.46 lakhs through Phishing. The petitioner received an email in the month of September 2007 from ICICI, asking him to reply with his internet banking username and password or else his account would non-exist. After the reply to this mail, he witnessed a transfer of Rs. 6.46 lakhs from his account to that of a company that withdrew Rs. 4.6 lakhs from an ICICI branch in Mumbai and retained the balance in its account.
On April 12th, 2010, the adjudicator of Tamil Nadu, Sri PWC Davidar pronounced a landmark judgment in respect of a complaint lodged with him under ITA 2000 by the award and directed the bank to pay the customer the amount fraudulently transferred in the Phishing transaction along with expenses & interest amounting to a total of Rs. 12.85 lakhs.
Though now there are ample laws and regulations to deal with Cybercrime, there is a need to update these laws as rapid technological developments are taking place and criminals are inventing new techniques of committing cybercrime. Coordination amongst law enforcement agencies at the National and International level also needs to be intensified for effective cybercrime control.