Bulletproofing the Indian e-commerce business


Rapid innovation and digitization has led to a spurt in e-commerce over the last few years. This has permeated into the lives of individuals to do almost anything – shop, travel, book vacations, cabs or even buy groceries online. The convenience offered to browse online in the comfort of their own home, as opposed to going physically to a store, having multiple product and service options as well as discounts, has steadily made it a preferred option for many consumers. The number of e-commerce players are increasing, and many retail companies are also joining the online bandwagon to stay competitive. Industry reports state that e-commerce, a sunrise sector is expected to reach $100-billion by 2020, making it one of the fastest growing sectors in the Indian economy today.

Some of the growth drivers include capital pumped in from angel investors, venture capitalists and private equity players, attractive payment options for buyers such as cash on delivery (COD), focused approach by existing players to gain market share, conversion of online and offline mediums, promotions and acquisitions and new business models. Typically, most of the e-commerce orders are paid in cash in India. However, the recent demonetization drive has impacted the consumers to move to a more cashless way to shop. In this case, digital wallet companies have seen an uptick in transactions owing to surge in internet penetration, the rising sale of mobile phones and a high millennial population. Looking at the sheer consumer potential this market holds, the e-commerce sector has become more structured over time and is now moving towards a mature phase.

Be aware of the fraud vulnerabilities

But the growth and popularity has also made it e-commerce susceptible to fraud and other risks. These range from vendor or reseller fraud, counterfeiting, security breaches, gaps in the supply chain network, fraud perpetrated on the logistics, data theft, warehousing and even fraud from the customer side. The transition from offline to online sales have also revealed loopholes, vulnerable to threats. This shows that while technology, consumer trends and payments are moving fast in today’s dynamic online ecosystem, perpetrators are moving even faster.

For e-commerce players, it is imperative to understand the complexities and modus operandi of these fraud scenarios, and take adequate measures to mitigate risks. Some of the key ones include:

  1. Merchant fraud
    1. Using marketplace for money laundering
    2. Dispatching prohibited items under garb of some other items
    3. Undertaking activities to benefit from company sales promotion schemes and/or commission waivers
    4. Registering fake or forged merchants
  2. Logistics fraud
    1. Non-remittance or delayed remittance of COD amounts
    2. Favouritism during reconciliation or sanctioning waivers
    3. Payments for fictitious shipments
  3. Supply chain fraud
    1. Swapping items during transit
    2. Supplying illegally sourced or counterfeit goods
    3. Returned items swapped in transit or at warehouse
    4. Inventory misappropriation at warehouse
    5. Collusion with scrap vendors, scrapping of good stock or manipulation of rates
  4. Customer account or wallet fraud
    1. Un-utilized or dormant account balances diverted for personal benefit
    2. Extending special favours to select customers
  5. Marketing and human resource fraud
    1. Marketing spend inflation or for non-existent campaigns
    2. Administrative expenses – office setup, transport, facilities etc.
    3. Recruitment fraud – excess commission, conflict of interest etc.
  6. Customer care fraud
    1. Sale to blacklisted customers claiming refund or replacement
    2. Money laundering – Converting of cash payments to bank through refunds
    3. Replacement of old product with fresh purchases during returns
    4. Processing of refunds without receipt of goods
    5. Security breaches and hacking to access customer data from outside the organization
    6. Data theft and privacy issues
      1. External intrusion to manipulate customer and seller accounts
      2. Theft of company proprietary data of sellers, customers etc
      3. Manipulation of product pricing to cause economic losses to ecommerce companies/sellers etc.

These could impact the organization at various functioning levels, which may ultimately affect its bottomline, reputation as well as sustainability. Fraudsters today have become more sophisticated, finding new ways to exploit technology driven companies by wearing the mask of sellers and aggregators.

The road ahead

E-commerce companies are recognizing the vulnerabilities present and looking at building effective anti-fraud solutions to counter these threats early on. Investments in tailor-made fraud detection, deterrence tools and techniques is the need of the hour. Building ethical businesses through anti-fraud policies, whistle-blowing mechanisms, trainings, mandating stronger authentication methods, usage of address verification services (AVS), conducting regular risk assessments and audits are some ways to curb fraud risks in the e-commerce sector. The next few years will also demand more capabilities from a technology and analytics perspective as the industry becomes more data driven.

In a nutshell, as ecommerce companies gear up for future growth, they need to be prepared to beat new risks stemming from businesses in terms of new geographical markets, business models, products, people and payment methods.

Follow @EY_India and track #EYForensic for regular updates

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.