What is Ecommerce Fraud and How to Prevent It?

Find out what fraud is, how does it happen and what are the best fraud prevention tools?

If you subscribe to a service from a link on this page, Reeves and Sons Limited may earn a commission. See our ethics statement.

Ecommerce fraud can sink your bottom lines. Scammers can steal customer data, defraud your business of thousands of dollars in goods and make you liable for refunding victims of identity theft. These financial and reputational losses can be prevented with a few simple solutions.

Do you want to prevent ecommerce fraud from happening with your customers? You should! Read this guide to learn everything about ecommerce fraud from understanding how to prevent it.

What is Ecommerce Fraud?

Ecommerce fraud, or payment fraud, is a commercial transaction scam over the Internet with the aim of stealing customer data, such as credit card info or Social Security Number to get financial or personal gain, while negatively affecting the bottom line of the merchant.

Such frauds remain a common issue and cause quite a lot of damage. It's a very obvious case of “work smarter, not harder”, where it's much easier to prevent misfortunes, rather than deal with their consequences. In this article, you'll get a brief idea of different kinds of frauds, how to spot them, and will also figure out how you possibly can protect yourself and your business.

Types of Ecommerce Fraud

To cash in on the fraud, scammers have to be creative in order for everything to go as smoothly as possible. You'll find new scamming strategies emerging every couple of months or so. But most aren’t so imaginative and use the old and tested strategies. Here's a list of the most prominent ones to be wary of.

Account Takeover Fraud

The fraudsters try to gain access to the customer's account usually containing their financial or identificational information, such as credit card info, address or Social Security Number. After that they purchase and steal the goods, often resulting in you refunding the customer and losing revenue.

New Account Fraud

Apart from gaining access to already existing accounts, fraudsters may also create new ones using the customer data they have stolen. This can unfortunately yet again lead to you being responsible for refunding the real owner of the information.

Credit card fraud

Another form of fraud is when a scammer redirects the products purchased with the stolen credit card info to their address. Sometimes they can go on with trying multiple cards to see which one works better (or works at all) for making an excessive purchase.

Triangulation fraud

This type of fraud is divided into several steps:

  1. A scammer creates a fake retail website that steals customers' information when they place an order.
  2. The scammer orders the victim their purchase from a legit site like Amazon or from other retail websites. This is done to avoid suspicion and keep a customer unaware that their info has been stolen for the longest period possible.
  3. After that, phished data is used for the scammer's own purchases.

Refund fraud

A stolen card is used to buy a product just to demand a refund to an alternative payment method. That way, the sum goes directly to the perpetrator's account. With this strategy, they are simply withdrawing money from the card via converting them into a purchase and back. A particularly unpleasant one, as the vendor has to pay twice, to the fraudsters and to the customer whose data was stolen.

Chargeback fraud

The one that's also known as friendly fraud. This one usually happens without stolen info or third-party purchases and is quite simple. So, the customer buys something from the website just to dispute the transaction with their bank later. This way they might be able to get a refund and keep their goods for free.

Affiliate Fraud

You need to be cautious if you're working with affiliates as not all of them may be legitimate. It's convenient to get a commission for each purchase using stolen credit card info. In case it happens, you'll have to return all of the funds to the real owners of the stolen cards.

Ecommerce Fraud Detection

Now that you've got a better idea of what ecommerce fraud is, it's time to learn the red flags that help you spot fraudulent activity.

Inconsistent data on a new order

Pay attention to customer data. It doesn't guarantee that a person is necessarily trying to conduct some kind of fraud, but once you've noticed it you can analyze the rest of their purchases and activity to make conclusions. Look out for things like ZIP and address not matching, IP address being different, or card registered in one country, while the shipping is placed to another.

Inconsistent behavior of existing customers

It's true that people can be unpredictable, but sometimes the case is much easier – it's not them making new purchases. If you see a sudden shopping spree from a customer who buys stuff occasionally, you might want to contact them directly to ask whether it's really them.

Inconsistent data of existing customers

Sudden changes in account info may also hint at some unwanted activity taking place. It's always better to check twice and ask the customer to confirm their identity. Although people change addresses and credit cards, it doesn't happen that often and requires a closer look.

Multiple shipping addresses

If an account has way too many addresses attached to it, you might want to give it a check, especially if the case is happening with an already existing account. The best idea would be to immediately contact the customer.

Multiple cards

Having multiple credit cards for different purposes is completely fine, but interchanging them regularly and adding new ones here and there will certainly raise some awareness. Such activity from both new and existing accounts demands a better inspection.

Multiple declined transactions

If you can track an account with a great amount of declined transactions linked to one or various cards, then the chances are extremely high that it's a so-called credit card cracking or card testing. A scammer is trying out which of the stolen cards are working. The best decision would be either to contact the owner of the account or simply freeze it.

How to Prevent Ecommerce Fraud — Top Tips

Spotting the problem is great. It's definitely a first step towards the improvement of your Internet security. But how exactly should you deal with it? You'll see the best fraud detection tactics listed below.

Improve website security

Better encryption of customers' data via SSL and HTTPS lessens the chances of it getting stolen and makes it much more inconvenient for scammers to even try. On top of that, it's quite cheap. The average cost of an SSL certificate is about $60 per year, but it varies greatly and can drop down quite drastically. In any case, it will probably save you much more money and time, while also bringing the feeling of security.

Use 2FA for customer accounts

Two-factor authentication may feel annoying and unnecessary sometimes. Customers can't reach their accounts instantly and this may push them away. That's why many websites make this function an option instead of a standard. Still, it's better to use anything you can to prevent your information from getting into the hands of unwanted third parties.

Use secure payment gateways

Secure payment gateways are some of the most potent fraud prevention tools. It's one of the easiest ways to spot a scammer and cut any ways for them to use your website. It may be a requirement to enter a CVV code or other kind of confirmation from the customer. Despite the fact it also slows down the whole process, it's a time-tested method and can save a fortune for both customers and vendors.

Verify customer information

There are a number of services that help a customer verify their identity. For example, Address Verification Service works to check whether the address entered by the customer is linked to the cardholder's credit card account and the geolocation checks out.

Monitoring activity

Monitoring customer activity and understanding their patterns is one of the easiest ways to discern legitimate customers from those who do fraudulent transactions. One of the best methods is known as velocity checks or velocity limits — these are the mechanism for spotting anomalies or similarities of fraud-like activity. So if there were too many purchases from a certain account or the payment got declined several times in a row, the system will flag it as a potential danger.

Don’t store sensitive information

If you store customer information on your website, it may get stolen. So try to avoid storing private information like SSN or credit card information on your database, otherwise, you may be liable in case of a data breach. It’s best to use third-party services to conduct payments — they’re secure and you don’t run the risk of losing customer information to scammers.

Fraud detection automation

The importance of monitoring has already been mentioned in some of the previous points, but it can be taken to another level with ecommerce automation. There's an array of various fraud detection software that is available on the market right now and make the whole process a lot faster.

Customer education

To protect both customers and yourself it would be a good idea to educate them on fraud in a help desk center. For example, send them an email to explain that you'll never contact them repeatedly to ask for their password or other private info. Of course, not all of the clients will read it, but some will and therefore it's worth it.

Best Practices for Ecommerce Fraud Prevention

Creating a fraud-resistant working environment is extremely important. As the ways scammers phish customers' information get more and more elaborate, it's necessary to keep up with all of the new schemes and to know how to effectively protect your business. The best solution would be to create an action plan to deal with the problem immediately.

Create a plan

Create a plan for all stages of fraud.

To prevent fraud from happening all aim for security: use SSL and HTTPS, two-factor authentication, and payment gateways. You should also try to spot fraud activity as soon as it occurs, so pay close attention to monitoring transactions and ideally automate this process.

To minimize impact, pay attention to educating your customers on how to store their private information, what to do if their information got stolen, and what are the policies of your service.

When the fraud is already suspected, the first thing to do is to freeze the account. After that, the client should be contacted and asked for verification of their activity. All of the clients should be able to confirm their identity.

After the fraud has taken place, the customer and you should be in one team, trying to catch a scammer. In case you are going to get the police involved, try to get as much information about the scammer as possible, for example, they might have left their address or other info in the cracked account. It really matters as the outcome of the situation will impact how much revenue you'll spend on refunds.

Do risk assessment regularly

Keep an eye on your security level as even good plug-ins can become a weak spot after some time. Don't let any information leaks occur and do check-ups of all the parts of your system frequently to find fraud risks.

Train employees

Due to the fact that some scams involve customer service, training employees to prevent getting scammed should also be a regular practice. They should know what actions to take depending on a type of suspicious activity and always be cautious while dealing with redirecting purchase calls and similar matters.

Stay up-to-date

The only way to protect your business from scammers is to know what they are up to. Take reading about the latest schemes as a habit and you'll do yourself a great favor. Here, it's the more you know the better.

Protect Your Business

If there are ways to help yourself then why ignore them? Staying in one place may seem convenient and even reliable, but it's certainly a matter of time before you realize how much you're at risk by not taking any steps toward developing your security system. With new scamming tactics arising rapidly, you might lose a fortune on refunds and court cases instead of investing in information protection and creating better conditions for both you and your customers. It might be disorienting at first, but with a little effort, you may take your business to a whole new level of trustworthiness.

Michael Doer

Michael Doer is an independent content marketer who writes about digital marketing, ecommerce, and business advice. Reach him on LinkedIn to ask about anything.

shopify popup new
shopify light modal wide - this exclussive deal expires