Retailers are no stranger to theft. But while shoppers can’t physically shoplift inventory from a shop floor, fraudsters still target online shoppers and the merchants they buy from.
In 2023 alone, an estimated $38 billion in ecommerce losses were reported in the US due to online payment fraud, and that number is set to reach $91 billion by 2028. In terms of the cost of this fraud, a recent MRC report shows 2.9% of global ecommerce revenue was lost due to fraud between 2022 and 2023.
But no country is safe; fraud is on the rise globally.
This guide shares how to identify ecommerce fraud, handle the problem, and use software to help both you and your customers prevent major financial losses.
Table of Contents
Ecommerce fraud is when scammers intercept a commercial transaction on an ecommerce store with the goal of personal or financial gain. Also known as payment fraud, it’s a criminal act in which scammers steal money from either the customer, the merchant, or both.
With global ecommerce sales tipped to reach $6.3 trillion in 2024, there’s plenty of opportunity for scammers to hijack customer data and commit fraud. Implementing robust fraud and identity theft protection measures is essential for safeguarding sensitive information and preventing costly breaches. Let’s take a look at the seven types of ecommerce fraud you’re likely contending with on your online store.
Friendly fraud happens when customers buy something through your ecommerce website and later file a chargeback with their bank. Shoppers illegitimately claim their purchase wasn’t delivered, looked different from what they ordered, or canceled their order shortly after placing it. A complaint to their bank prompts an investigation, causing orders to result in a chargeback.
This type of chargeback fraud is common amongst merchants, with some 62% reporting an increase in friendly fraud since last year. The good news? Roughly 9 in 10 of them submit compelling evidence to resolve friendly fraud disputes.
“Overhead costs such as operational costs, transaction fees, and so on are included in chargeback processing,” says Dan Lee, head of marketing at Sealions. “And if the merchandise is sold to a fraudster, the merchant has a slim chance of recovering it. This results in a drop in revenue as well as the loss of a customer. As a result, ecommerce companies must take precautions to safeguard themselves and their consumers from fraud.”
Card testing is a tactic fraudsters use to determine whether a stolen credit card works. Scammers often make a small, low-value purchase so the fraudulent transaction goes under the radar of the card holder. Once the card is verified to still work, they go on to make more expensive purchases using the stolen card.
Types Of Fraud Experienced By Merchants – Past 3 Year Rankings & Global Incidence (2023). 2023 Global eCommerce Payments and Fraud Report
Card testing is the third-most common type of ecommerce fraud for all merchants. Not only is it frustrating for customers, but should most of your online payments be blocked due to card testing fraud, your business will be subject to extra fees and disputes.
Refund abuse is a type of ecommerce fraud where customers return broken, damaged, or stolen items to a retailer in exchange for a refund.
While many merchants have strict return policies that determine what qualifies for a refund, it’s still a costly problem. The National Retail Federation found that retailers lost $13.70 for every $100 in returned merchandise in 2023. It’s the type of online fraud that saw the biggest increase, with merchants reporting a 25% to 30% uplift in refund abuse in 2023.
Online payment fraud happens when scammers steal another person’s payment details and use them to make purchases through your ecommerce store.
Sometimes known as credit card fraud, it can also happen if scammers create duplicate versions of your website and encourage customers to unknowingly purchase items through a fake website. Hijackers recoup their cash and store their credit card number for future scams.
Account takeover is a type of fraud that happens when scammers break into a customer’s online account and use stored payment cards to make fraudulent purchases.
Some 83% of surveyed brands experienced an increase in account takeover fraud in 2023, with scammers accessing customer accounts that use weak passwords, phishing emails, or malicious software on the device used to purchase.
Ecommerce brands use promotion, affiliate, and loyalty programs to attract new customers and engage existing ones. But their popularity means promotions attract scammers who rinse your business of cash through fraud using tactics like:
Triangulation fraud is a serious problem for both ecommerce merchants and customers. It impacts around 17% of all businesses that sell on multiple channels.
Here’s how it works:
Triangulation fraud is a serious problem for both ecommerce merchants and customers. Marketplace shoppers unknowingly have their credit card details stolen. Retailers also process fraudulent orders without recognizing the invisible middleman using stolen cards and netting the difference between the marketplace price and actual product price.
Ecommerce fraud stems from many sources and motivations. Some top reasons it occurs are:
Ecommerce fraud prevention is the strategy that online merchants use to prevent, detect, and solve online fraud. It’s important for customers’ safety and avoiding lost profits, which is why 75% of online merchants increased their fraud prevention budgets in 2023.
Ecommerce fraud is an expensive problem, both in terms of lost revenue from intercepted online orders and customer loyalty. Shoppers are unlikely to return to your website if they were a victim of fraud the last time they purchased through it.
Here are seven red flags to spot fraudulent activities happening on your website.
Yuvi Alpert, founder and CEO of Noémie, gives an example: “A purchaser that uses multiple shipping locations, a sudden change to a PO box, or several orders coming from a region or country that you had never received orders from before are all signs that ecommerce fraud could be occurring.”
The ecommerce fraud detection market will be worth $84.83 billion by 2026, with US companies spending 10% of their annual ecommerce revenue on payment fraud management.
“If you do experience fraud, it’s important to have a system in place for dealing with it,” says Kristin Stump, marketing manager at My Enamel Pins. “This might involve working with your payment processor to cancel the transaction and refund the customer, or contacting the customer directly to resolve the issue.”
Here are nine fraud prevention strategies to minimize the likelihood of fraud happening through your website.
Ecommerce software exists to flag risky orders. Manually review orders that raise a red flag, reaching out to the customer for further information if you’re unsure whether it’s legitimate.
If you’ve received a low-value order from an unusual IP location, conduct a manual review and reach out to the customer for further verification. Failing to hear back means there’s a strong chance that the order was made using a stolen credit card.
Similarly, consult a customer’s purchase history to determine whether a risky transaction is ecommerce fraud. It’s likely not a cause for concern if a shopper who usually makes orders from the US makes one purchase from an IP address in Spain. But there’s a strong chance their account has been compromised if they’re making orders bigger than usual, using a different credit card, from a different location.
It’s important to get right. Customer experience is at risk if you approve a false positive—a genuine customer who’s been incorrectly flagged as fraud. If an online order has been declined, shoppers will avoid trying another time before moving to another merchant.
High order quantities is a red flag for scammers using stolen credit card information to make fraudulent purchases on your ecommerce store.
Limit the likelihood of these orders going through by limiting the number units a customer can buy. Analyze previous sales data to understand your “normal”—the average number of units you sell each day. Automatically block orders that superseded this volume to restrict the chances of people committing fraud through your online store.
Return fraud often happens when customers say they haven’t received their order. It’s a $101 billion problem online retailers face, largely exasperated by lazy shipping or third-party logistics (3PL) partners.
Combat the problem, and be sure that customers only claim when they legitimately haven’t received their delivery, by working with trusted shipping carriers or 3PLs that supply proof of delivery. Customer signatures or photos of a delivered parcel act as evidence they have received the item they’re illegitimately claiming a refund for not receiving.
All ecommerce businesses need to meet Payment Card Industry Data Security Standards if they’re processing online payments safely. These PCI compliance standards include:
“Having a firewall between your internet access and any system that stores credit card details is one way to ensure PCI compliance,” says Sina Will, co-founder of Foxbackdrop. “Therefore you must verify that you are adhering to the appropriate PCI requirements to avoid sanctions or penalties.”
Policies are pages on your website that explain how your business works. Aside from blanket terms and conditions, showcase clear policies on your website to crack down on ecommerce fraud. That includes:
“Avoid merchant errors like unclear billing descriptions or confusing return policies that can end up frustrating legitimate customers,” says Zarina Bahadur, founder of 123 Baby Box.
The five-day weekend from Thanksgiving to Black Friday Cyber Monday in 2023 was the biggest online shopping season on record: $38 billion in sales, a 7.8% jump from 2022, according to Adobe Analytics.
Lily Will, founder and CEO of Nia Wigs, says you should be extra cautious around these dates.
“Customers are likewise focused and busy, and they often disregard safety measures,” she says. “Many fraudsters depend on merchants being too preoccupied or distracted to identify possible fraud during these months.”
Increase your investment in fraud prevention solutions around these peak shopping times—be that through specialist software or extra cybersecurity staff who manually review risky orders. It’ll go a long way in protecting both yours and your customers’ finances during peak fraud season.
A telltale sign of ecommerce fraud is when a customer’s billing, shipping, or card details don’t line up correctly. Automatically identify orders that raise this red flag using verification software, such as:
Current & Planned Usage Of Fraud Detection Tools. 2023 Global eCommerce Payments and Fraud Report
Catching a scammer once doesn’t mean they won’t become a repeat offender. Fraudsters can try to trick merchants by changing their name, shipping address, or credit card in the hopes that fraudulent orders will fly under the radar.
Used by 32% of merchants, blocklists prevent repeat offenders from committing fraud through their websites. It’s a document that contains names, credit card numbers, IP addresses, and shipping addresses known to be a fraud risk. Any new orders with information that matches the blocklist are automatically blocked.
While blocklists can block fraudulent orders before they’re processed, use them with care. A legitimate customer might use a credit card previously flagged as fraudulent without realizing. Blocking their order without explanation will cause confusion and frustration—two things bound to put them off future purchases once their request to be removed from a blacklist has been approved.
One person can commit several types of fraud using the same computer. Detect those serial fraudsters with IP scoring tools such as SEON or Scamalytics. Each detects an IP address that’s been linked to fraud patterns in the past, using signals like:
Orders placed from an IP with a high fraud score are highlighted, ready to manually review risky orders or automatically block them.
The likelihood of fraud happening on your ecommerce platform scales as your business does. Protect your store with ecommerce fraud prevention tools that check, flag, and block high-risk orders on autopilot.
Shopify merchants already have access to a world-class fraud algorithm that uses machine learning and data from stores across the Shopify network to identify fraudulent ecommerce orders.
Shopify Protect provides an extra layer of protection that secures your business against fraudulent chargebacks—the friendly fraud that costs retailers between $20 and $100 each time.
Any Shop Pay transaction that’s been cleared by Shopify Protect is safe to fulfill. Should a chargeback happen on a protected order, Shopify will cover the total cost and the chargeback fee, and handle the dispute process on your behalf.
Price: Free for Shopify merchants.
Signifyd is an ecommerce fraud prevention software that integrates with Shopify stores. It uses machine learning, big data, and expert reviews to identify fraudulent transactions happening through your ecommerce store. Should fraud occur, Signifyd has a financial guarantee. You won’t lose out on revenue if its software approves a fraudulent transaction.
Signifyd also provides account takeover protection for your customers. Block suspicious login attempts and avoid takeover chargebacks to prevent ecommerce fraud on your website.
Price: $1,500/month. 14-day free trial available.
NoFraud’s protection software vets ecommerce transactions to identify fraudulent transactions. Once a customer places an order through your website, the software automatically passes or fails this test. Choose to automatically cancel those transactions or flag them for internal review.
“NoFraud uses proprietary and third-party systems to examine order details, such as email longevity, device history, geolocation, IP address, household income, home value, and social media to identify the person behind the transaction and the likelihood of them being the legitimate cardholder,” says Isaac Gurary, CEO of NoFraud.
Price: Free to install. Additional charges may apply.
Preventing ecommerce fraud involves using multifactor authentication, employing advanced cybersecurity measures like AI-driven fraud detection, regularly updating security protocols, and educating customers on safe practices.
Measures that help prevent fraud in an ecommerce store include implementing secure payment gateways, constantly monitoring transactions for unusual activity, using SSL certificates for secure connections, and maintaining a robust system of identity verification for users.
The most common type of ecommerce fraud is friendly fraud, where customers make an online purchase with their credit card, then request a chargeback after receiving the purchases.
There are a bunch of ecommerce fraud issues, including identity theft, phishing scams, friendly fraud, account takeovers, and credit card fraud, which pose significant financial and reputational risks.
