Discover the leading eCommerce fraud threats facing your business. We’ll explore how these schemes work, and look at some preventative steps you can take to reduce risk, protect your revenue, and keep your business secure.
Explore the eCommerce Fraud Library
View article library
eCommerce fraud is an equal opportunity headache.
It affects everyone involved in the payment industry, from banks and financial institutions to merchants and consumers. But, while everyone is aware of eCommerce fraud and some of its repercussions, you may not realize just how insidious eCommerce fraud can be. You might also be surprised at how sophisticated and complex attacks can be, and how it may impact every aspect of your business.
On that note, let’s take a look at eCommerce fraud from multiple angles to see if you could be doing more to stop attacks in their tracks.
[noun]ēˌ• käm • ərs • frôd
eCommerce fraud refers to any type of false, illegal, or illegitimate commercial transaction conducted through the internet. The fraudster typically impersonates a legitimate user, making purchases without valid authorization to do so.
There are a variety of methods that criminals can employ in an eCommerce fraud scam. Most involve purchases made using stolen customer data. For example, a criminal might buy goods with a stolen credit card, or make a purchase by accessing a customer’s account and using stored payment information without permission.
In the past ten years, most fraudsters have moved to the internet because it's easier to hide their identity and cover their tracks, making it harder to catch them. This is also known as card-not-present fraud
Learn more about card-not-present fraud
It’s the path of least resistance; unlike in-person transactions, online fraud doesn't require forging signatures or faking physical cards. Plus, it's tougher for merchants to verify the true identity of buyers in an online setting.
When people reference eCommerce fraud, they’re typically referring to third-party fraud attacks. Second-party and first-party scams are problems, too, but we’re going to focus on those third-party attacks for our purposes here.
Learn more about third-party fraud
In short: it’s big.
According to Mastercard, eCommerce losses to payment fraud hit $48 billion globally in 2023. This statistic cited North America as being the point of origin for 42% fraudulent activity, followed by Europe at 26%.
Fraud losses are not limited only to the cost of the original transaction. Merchants also need to account for lost merchandise, wholesale costs, shipping and fulfillment costs, and chargeback and processing fees. All totaled, the average merchant will ultimately lose $3.75 for every dollar lost to fraud.
Over the next ten years, the industry is projected to lose $397 billion worldwide due to eCommerce fraud. 41% of that total is expected to come from the US alone. Remember, though — these are just direct losses. That figure does not account for the fraud multiplier mentioned above. When we add that into the mix, the total financial impact comes to $1.49 trillion.
Learn more about eCommerce fraud statistics
With most eCommerce fraud tactics, the cardholder is the fraudster’s point of attack. A criminal steals personal data, such as a social security number or bank account information, and then uses the data to either make purchases or attempt to access other accounts by impersonating the cardholder.
But, although the consumer may be the primary target of a payment fraud scheme, these eCommerce fraud attacks will still impact your business in a big way. With that in mind, let’s look at some of the most common eCommerce fraud tactics, strategies, and threat sources:
Every account you manage, personal or business, can be a target for fraudsters who steal credentials to make unauthorized transactions or compromise other profiles. In this knowledge guide, we show you how account takeovers happen and give practical steps to safeguard your accounts, helping you protect your business from this type of fraud.
Synthetic fraud also involves stealing personal information. Rather than impersonate a single person, however, the fraudster combines pieces of data from multiple consumers to create a fake (synthetic) persona. This fake user identity is then used to open accounts or go on a shopping spree.
What should you do when a customer wants to pay more than your listed price for goods or services? This question might seem to have a simple answer, but there's a reason why overpayment scams are a favorite method for fraudsters. This guide explores everything you need to know on the topic: what overpayment scams are, why they’re a bad deal, and how best to fight them.
In this guide, we’ll take a closer look at new account fraud. We’ll talk about what it is, how it works, and how prevalent it is. We’ll also provide real-life case studies and examine how you can detect and prevent your business from falling victim to account creation scams.
Thieves may employ an automated algorithm to roll through a list of potential account numbers and request balances to try and find and steal active balances. Or, they may use gift cards as part of a broader triangulation scheme. These are just two of several tactics that involve gift cards as tools to commit fraud.
In this guide, we’ll take a closer look at affiliate fraud. We’ll examine common tactics used by fraudsters, talk about how it harms merchants, and explore how you can protect yourself from this type of scam.
In a triangulation scam, a fraudster sets up a fake eCommerce store, attracts real buyers, and uses stolen payment details to dropship an item from a real store. This guide explains how triangulation fraud works, the financial impact of this threat, prevention best practices, and more.
Product replacement fraud typically requires the help of an “inside man.” The customer orders an item, but the product is removed and replaced with a less valuable product. A variation of this is fake return fraud, where the criminal orders an expensive item and then requests a refund, but the item returned is something of lower value.
How does push payment fraud work and what can merchants do to identify and protect it? In this guide, we’ll share some tips and tricks to help you stay safe.
Transaction laundering is a serious matter for eCommerce. With the right strategies in place, though, merchants can protect their businesses, prevent loss, and preserve their relationships with financial institutions. But what do you need to know to protect your business?
Scammers often look like legitimate cardholders... at least until they suddenly don’t. Take bust-out fraud, for instance. This happens when a scammer uses a synthetic identity to open up credit cards with issuing banks, build up a credit history, then max out the card and disappear.
The FBI calls business email compromise “the $26 billion dollar scam.” How is that possible? This article will take a close look at BEC scams to explain what they are, why they’re such an expensive problem, and also how you and your employees might be targeted.
Your face is more unique than your password: that’s the basic idea behind biometrics authentication. Biometrics are powerful, but they can still be spoofed. Today, we're discussing how biometric spoofing works, why it’s a problem, and ways to guard against the danger.
Phishing involves a scammer attempting to deceive unsuspecting victims into voluntarily divulging sensitive information. An estimated 90% of cyberattacks begin with a phishing attempt. Here’s what you need to know about these attacks and how you can protect yourself.
Criminals validate stolen credit card information by making small, inconspicuous purchases. Once they confirm the card details are valid, they may proceed to make larger unauthorized transactions. This tactic helps fraudsters avoid detection until they have successfully exploited the stolen card.
That’s a rundown of some of the most common eCommerce fraud tactics. However, scammers devise new methods of attacking merchants, banks, and cardholders every day. The eCommerce fraud landscape changes rapidly.
Friendly fraud, also known as chargeback fraud, occurs when a cardholder uses a credit card to make a legitimate purchase and then files a chargeback with their issuing bank. This can happen unintentionally but can also result from consumers abusing the chargeback system to gain unwarranted “refunds.”
Friendly fraud is a form of eCommerce fraud. It’s distinct from the tactics outlined above, though, as it doesn’t come from crooks using stolen card data. It originates with the actual cardholder. Another important difference is that friendly fraud happens post-transaction. It’s almost impossible to prevent because you won’t know it’s fraud until after the fact.
While friendly fraud doesn’t work like typical eCommerce fraud, it’s still worth mentioning. In reality, as many as 60% of all chargebacks may be cases of friendly fraud. If your chargebacks are coming from friendly fraud, a management strategy focused on stopping eCommerce fraud will be inefficient, at best.
Learn more about friendly fraud
You don’t need a fortune teller to see the future when it comes to eCommerce fraud. Careful examination of current fraud and chargeback data, coupled with careful research on new and developing fraud trends, puts the power of eCommerce fraud prevention in your hands. You must have the right practices in place, though.
There’s no single tool that will accomplish this job on its own. eCommerce fraud detection is a complex matter demanding a variety of indicators to identify abuse without generating runaway false positives. This can be an expensive prospect; the average eCommerce merchant decicates 11% of their annual revenue every year to fraud detection and prevention.
Think about eCommerce fraud detection like a net. The finer the mesh, the more you’ll catch.
A good strategy to detect fraud without breaking the bank is to deploy tools like address verification, CVV validation, 3-D Secure, and velocity limits in a coordinated manner. These tools should be backed by fraud scoring, which will let you assess fraud indicators using machine learning. Fraud scoring then provides simple up-or-down decisioning as to whether you should accept or reject the purchase, or subject that transaction to manual review.
Many service providers offer their technology as all-inclusive risk management platform to let you offload this process entirely, saving time and money in the process.
Learn more about fraud detection
Online fraud is a moving target. The more we shop, connect, and transact online, the more the danger grows. Meanwhile, criminals get more sophisticated all the time.
Implementing the above steps will help stop eCommerce fraud. That said, it won’t be enough to combat all online fraud, especially in the long term. There are simply too many different tactics that criminals can use, with new threats appearing daily. Staying up-to-date on the latest threats can be a full-time job on its own.
Chargebacks911® offers the most comprehensive chargeback management services and products available on the market today. Our experts are constantly uncovering new fraud threats and developing innovative strategies and technologies to fight back. This applies not only to eCommerce fraud prevention but even to hard-to-fight challenges like friendly fraud.
Whatever you need to prevent chargebacks, we can help. Contact us today for a free demo.
The most common type of eCommerce fraud is identity fraud, where criminals use stolen credit card information to make unauthorized online purchases. Informal polling suggests that identity theft may account for 71% of all third-party fraud attacks.
Common indicators of eCommerce fraud include mismatched billing and shipping addresses, multiple failed payment attempts, unusually large or rush orders, and frequent transactions from the same device or IP address. Suspicious behavior during the checkout process, such as multiple payment method attempts or an unusual number of declined cards, can also be red flags.
Additionally, unexpected changes in a customer's purchasing behavior, like high-value purchases from a previously inactive account, may signal potential fraud.
In a word, huge. According to Mastercard and Juniper Research, eCommerce losses to payment fraud hit $48 billion globally in 2023.
eCommerce fraud is also known as “online payment fraud” or simply “online fraud.” It encompasses fraudulent activities related to online purchases and payments made through eCommerce platforms or websites.
You can implement several strategies to stop fraud. First, use robust fraud detection tools and practices, such as Address Verification Service (AVS), Card Security Codes, and 3-D Secure, to verify transactions. Secondly, closely monitor transaction data and customer behavior for any unusual patterns or red flags. Finally, educate yourself and your team about the latest eCommerce fraud trends and prevention techniques to stay ahead of evolving threats.
Common red flags for eCommerce fraud include mismatched billing and shipping addresses, unusually large orders, multiple failed payment attempts, and frequent transactions from the same device or IP address. Additionally, suspicious behavior during the checkout process, such as rapid purchases or inconsistent customer information, can also raise concerns.
Social Engineering
Psychological influence and deception can cause you to voluntarily and unknowingly give up your credentials to bad actors. Here’s how to protect yourself against social engineering attacks.
Knowledge Guide