9 Ecommerce Fraud Prevention Strategies to Detect and Prevent Fraud

Retailers are no stranger to theft. But while shoppers can’t physically shoplift inventory from a shop floor, fraudsters still target online shoppers and the merchants they buy from.

In 2021 alone, approximately $20 billion in ecommerce losses were reported in the US due to online payment fraud. Countries in Asia-Pacific are most vulnerable to ecommerce fraud, with lost revenues totaling 4% of a brand’s overall turnover. But no country is safe; fraud is on the rise globally, with North American merchants seeing a 68% increase in fraud attempts throughout the COVID-19 pandemic. 

This guide shares how to identify ecommerce fraud, handle the problem, and use software to help both you and your customers prevent major financial losses. 

What is ecommerce fraud? 

Ecommerce fraud happens when scammers intercept transactions happening on your online store. Also known as payment fraud, it’s a criminal act in which scammers hijack transactions and steal money from either the customer, the merchant, or both. 

With global ecommerce sales tipped to reach $5.55 trillion in 2022, there’s plenty of opportunity for scammers to hijack customer data and commit fraud. Let’s take a look at the seven types of ecommerce fraud you’re likely contending with on your online store. 

Friendly fraud

Friendly fraud happens when customers buy something through your ecommerce website and later file a chargeback with their bank. Shoppers illegitimately claim their purchase wasn’t delivered, looked different from what they ordered, or canceled their order shortly after placing it. A complaint to their bank prompts an investigation, causing 2.9% of enterprise brands’ ecommerce orders to result in a chargeback.

This type of chargeback fraud is rife in Australia and Canada, though 39% of global fraud attacks are friendly fraud.

“Overhead costs such as operational costs, transaction fees, and so on are included in chargeback processing,” says Dan Lee, head of marketing at Sealions. “And if the merchandise is sold to a fraudster, the merchant has a slim chance of recovering it. This results in a drop in revenue as well as the loss of a customer. As a result, ecommerce companies must take precautions to safeguard themselves and their consumers from fraud.”

Card testing fraud

Card testing is a tactic fraudsters use to determine whether a stolen credit card works. Scammers often make a small, low-value purchase so the fraudulent transaction goes under the radar of the card holder. Once the card is verified to still work, they go on to make more expensive purchases using the stolen card. 

Card testing is the second most popular type of ecommerce fraud for all merchants. Not only is it frustrating for customers, but should most of your online payments be blocked due to card testing fraud, your business will be subject to extra fees and disputes. 

Refund abuse

Refund abuse is a type of ecommerce fraud where customers return broken, damaged, or stolen items to a retailer in exchange for a refund. 

While many merchants have strict return policies that determine what qualifies for a refund, it’s still a costly problem. The National Retail Federation found that retailers lose $5.90 for every $100 in returned merchandise due to this type of fraud. It’s the type of online fraud that saw the biggest increase, with merchants reporting a 60% uplift in refund abuse last year. 

Online payment fraud

Online payment fraud happens when scammers steal another person’s payment details and use them to make purchases through your ecommerce store. 

Sometimes known as credit card fraud, it can also happen if scammers create duplicate versions of your website and encourage customers to unknowingly purchase items through a fake website. Hijackers recoup their cash and store their credit card number for future scams. 

Retailers worldwide suffer from online payment fraud, though it’s most prevalent in Mexico, where merchants saw a 77% increase in online payment fraud last year. 

Account takeover fraud

Account takeover is a type of fraud that happens when scammers break into a customer’s online account and use stored payment cards to make fraudulent purchases. 

Some 23% of brands experienced account takeover fraud last year, with scammers accessing customer accounts that use weak passwords, phishing emails, or malicious software on the device used to purchase. 

Promo, affiliate, or loyalty abuse

Ecommerce brands use promotion, affiliate, and loyalty programs to attract new customers and engage existing ones. But their popularity means promotions attract scammers who rinse your business of cash through fraud using tactics like:

Triangulation fraud

Ecommerce businesses that sell through various sales channels often fall victim to triangulation fraud. It happens when:

Triangulation fraud is a serious problem for both ecommerce merchants and customers. Marketplace shoppers unknowingly have their credit card details stolen. Retailers also process fraudulent orders without recognizing the invisible middleman using stolen cards and netting the difference between the marketplace price and actual product price. 

Triangulation fraud is a serious problem for both ecommerce merchants and customers. Marketplace shoppers unknowingly have their credit card details stolen. Retailers also process fraudulent orders without recognizing the invisible middleman using stolen cards and netting the difference between the marketplace price and actual product price.

What is ecommerce fraud prevention?

Ecommerce fraud prevention is the strategy that online merchants use to prevent, detect, and solve online fraud. Almost 90% of global merchants say it’s important to their business strategy not just for customers’ safety, but for avoiding lost profits. 

How to identify fraud on ecommerce websites

Ecommerce fraud is an expensive problem, both in terms of lost revenue from intercepted online orders and customer loyalty. Shoppers are unlikely to return to your website if they were a victim of fraud the last time they purchased through it. 

Here are seven red flags to spot fraudulent activities happening on your website.

A purchaser that uses multiple shipping locations, a sudden change to a PO box, or several orders coming from a region or country that you had never received orders from before are all signs that ecommerce fraud could be occurring.”

—Yuvi Alpert, founder and CEO of Noémie

9 ecommerce fraud protection strategies and best practices

The ecommerce fraud detection market will be worth $69.13 billion by 2025, with enterprise companies spending 10% of their annual ecommerce revenue on payment fraud management. 

“If you do experience fraud, it’s important to have a system in place for dealing with it,” says Kristin Stump, marketing manager at My Enamel Pins. “This might involve working with your payment processor to cancel the transaction and refund the customer, or contacting the customer directly to resolve the issue.” 

Here are nine fraud prevention strategies to minimize the likelihood of fraud happening through your website. 

1. Manually review risky orders

Ecommerce software exists to flag risky orders. Manually review orders that raise a red flag, reaching out to the customer for further information if you’re unsure whether it’s legitimate. 

If you’ve received a low-value order from an unusual IP location, conduct a manual review and reach out to the customer for further verification. Failing to hear back means there’s a strong chance that the order was made using a stolen credit card. 

Similarly, consult a customer’s purchase history to determine whether a risky transaction is ecommerce fraud. It’s likely not a cause for concern if a shopper who usually makes orders from the US makes one purchase from an IP address in Spain. But there’s a strong chance their account has been compromised if they’re making orders bigger than usual, using a different credit card, from a different location. 

Be vigilant when it comes to new customers. Take a closer look at orders from new customers, and be prepared to cancel or refund them if something looks suspicious.”

—Susan Carin, marketing manager at Dr.Sono

Enterprise brands reject 3.3% of domestic orders and 5.5% of international orders. But it’s important to get right. Customer experience is at risk if you approve a false positive—a genuine customer who’s been incorrectly flagged as fraud. If an online order has been declined, 18% of shoppers will avoid trying another time before moving to another merchant. One in five won’t place an order with that retailer again.

2. Limit order quantities

High order quantities is a red flag for scammers using stolen credit cards to make fraudulent purchases on your ecommerce store. 

Limit the likelihood of these orders going through by limiting the number units a customer can buy. Analyze previous sales data to understand your “normal”—the average number of units you sell each day. Automatically block orders that superseded this volume to restrict the chances of people committing fraud through your online store. 

3. Collect proof of delivery 

Return fraud often happens when customers say they haven’t received their order. It’s a $25.3 billion problem online retailers face, largely exasperated by lazy shipping or third-party logistics (3PL) partners.

Combat the problem, and be sure that customers only claim when they legitimately haven’t received their delivery, by working with trusted shipping carriers or 3PLs that supply proof of delivery. Customer signatures or photos of a delivered parcel act as evidence they have received the item they’re illegitimately claiming a refund for not receiving. 

4. Be PCI compliant

All ecommerce businesses need to meet Payment Card Industry Data Security Standards if they’re processing online payments safely. These PCI compliance standards include:

“Having a firewall between your internet access and any system that stores credit card details is one way to ensure PCI compliance,” says Sina Will, co-founder of Foxbackdrop. “Therefore you must verify that you are adhering to the appropriate PCI requirements to avoid sanctions or penalties.”

5. Show clear policies on your website

Policies are pages on your website that explain how your business works. Aside from blanket terms and conditions, showcase clear policies on your website to crack down on ecommerce fraud. That includes: 

Avoid merchant errors like unclear billing descriptions or confusing return policies that can end up frustrating legitimate customers.”

—Zarina Bahadur, founder of 123 Baby Box

6. Be vigilant around peak shopping seasons

Black Friday Cyber Monday was the biggest retail season on record, with 47 million customers spending $6.3 billion on ecommerce purchases throughout the weekend. 

Lily Will, founder and CEO of Nia Wigs, says you should be extra cautious around these dates since “customers are likewise focused and busy, and they often disregard safety measures. Many fraudsters depend on merchants being too preoccupied or distracted to identify possible fraud during these months.”

Increase your investment in fraud prevention solutions around these peak shopping times—be that through specialist software or extra cybersecurity staff who manually review risky orders. It’ll go a long way in protecting both yours and your customers’ finances during peak fraud season. 

7. Use verification software 

A telltale sign of ecommerce fraud is when a customer’s billing, shipping, or card details don’t line up correctly. Automatically identify orders that raise this red flag using verification software, such as:

8. Build a blocklist 

Catching a scammer once doesn’t mean they won’t become a repeat offender. Fraudsters can try to trick merchants by changing their name, shipping address, or credit card in the hopes that fraudulent orders will fly under the radar. 

Used by almost a quarter of merchants, blocklists prevent repeat offenders from committing fraud through their websites. It’s a document that contains names, credit card numbers, IP addresses, and shipping addresses known to be a fraud risk. Any new orders with information that matches the blocklist are automatically blocked.

While blocklists can block fraudulent orders before they’re processed, use them with care. A legitimate customer might use a credit card previously flagged as fraudulent without realizing. Blocking their order without explanation will cause confusion and frustration—two things bound to put them off future purchases once their request to be removed from a blacklist has been approved.

9. Use IP fraud scoring tools 

One person can commit several types of fraud using the same computer. Detect those serial fraudsters with IP scoring tools such as SEON or Scamalytics. Each detects an IP address that’s been linked to fraud in the past, using signals like:

Orders placed from an IP with a high fraud score are highlighted, ready to manually review risky orders or automatically block them. 

Ecommerce fraud prevention software

The likelihood of fraud happening on your ecommerce platform scales as your business does. Protect your store with ecommerce fraud prevention tools that check, flag, and block high-risk orders on autopilot. 

Shopify Protect

Shopify merchants already have access to a world-class fraud algorithm that uses machine learning and data from stores across the Shopify network to identify fraudulent ecommerce orders. 

Shopify Protect provides an extra layer of protection that secures your business against fraudulent chargebacks—the friendly fraud that costs retailers $191 each time. 

Any Shop Pay transaction that’s been cleared by Shopify Protect is safe to fulfill. Should a chargeback happen on a protected order, Shopify will cover the total cost, the chargeback fee, and handle the dispute process on your behalf. 

Price: Free for Shopify merchants.

Signifyd is an ecommerce fraud prevention software that integrates with Shopify stores. It uses machine learning, big data, and expert reviews to identify fraudulent transactions happening through your ecommerce store. Should fraud occur, Signifyd has a financial guarantee. You won’t lose out on revenue if its software approves a fraudulent transaction. 

Signifyd also provides account takeover protection for your customers. Block suspicious login attempts and avoid takeover chargebacks to prevent ecommerce fraud on your website.  

Price: $1,500/month. 14-day free trial available. 

NoFraud’s protection software vets ecommerce transactions to identify fraudulent transactions. Once a customer places an order through your website, the software automatically passes or fails this test. Choose to automatically cancel those transactions or flag them for internal review.

NoFraud uses proprietary and third-party systems to examine order details, such as email longevity, device history, geolocation, IP address, household income, home value, and social media to identify the person behind the transaction and the likelihood of them being the legitimate cardholder.”

—Isaac Gurary, CEO of NoFraud

Price: Free to install. Additional charges may apply.

Protect your ecommerce store with Shopify Protect

We know how much fraud can eat away at merchants’ time and profits. So today, we’re excited to share that Shopify Protect, Shop Pay’s free and built-in fraud protection, has launched in early access. The next time a merchant experiences fraud, we’ve got their costs covered.

Shopify Protect is now available to 50% of eligible merchants in the US and will roll out to 100% of merchants with Shop Pay active at the end of May. .

Be the first to comment

Leave a Reply

Your email address will not be published.


*