E-commerce Fraud Guide: Types of Fraud & Prevention Strategies

ecommerce Fraud Guide

Hitesh J

Today, e-commerce is in the limelight of the entire global retail world, mainly due to the evolution of the internet.

Digital transformation has instigated consumers to reap the benefits of online transactions, regardless of their location. As the internet hikes up across the globe, the numbers of online buyers have increased gigantically. In 2020, e-retail sales surpassed $4.2 trillion worldwide, which is estimated to rise to $5.4 trillion by the year 2022.

However, online shopping has also given rise to high fraud cases. As per Statista, there was a whopping 1001 data breach cases with up to 155 million records exposed in 2020. In addition, according to TechRepublic, as compared to 2019, the attempts for account takeover have increased by up to 300% in 2020.

No matter what size of business you own, there is always a risk of cyber-attack involved. Hence, every company must be equipped with innovative security tools for fraud management.

What is e-commerce Fraud?

Ecommerce fraud is a fraud that is executed on an e-commerce platform during online orders and transactions. Generally, it is in the form of fake or stolen credit cards, affiliate fraud ads, or the use of false identities. If a customer experiences fraud on your e-commerce store, you as a business owner also get affected monetarily.

Unlike in a brick-and-mortar store, e-commerce fraud can be executed if the attacker has a credit card and personal information, even without the actual card. This is known as CNP (card-not-present) fraud which is growing like a wildfire nowadays. In some events, hackers may even steal a person’s financial information and sell it on the black market.

Why is e-commerce fraud prevalent? 

With the advent of the digital era and online e-commerce transactions, hackers are leveraging advanced tools and tactics to commit frauds with each passing year. Due to modern technology, it is getting easier for fraudsters to steal or buy personal information.

To some point, another reason why eCommerce fraud is so prevalent today is due to rare prosecutions, seeing a lack of resources and time. In addition, it is burdensome for businesses to gather evidence and run prosecutions. Hence, it is better to leverage modern, AI-based fraud detection and management systems to prevent eCommerce fraud and let it affect your revenues.

Before we get into the prevention measures, let’s understand the common types of fraud first.

Types of e-commerce fraud

The best way to prevent an eCommerce fraud is to find its root cause and strategize security measures to prevent these attacks and safeguard your eCommerce site. While there are numerous types of scams that occur, here are some of the most common types of e-commerce frauds that take place on eCommerce websites:

1. Card Testing/Cracking fraud

Card testing fraud is a commonly known tactic where hackers gain access to stolen credit card numbers either by buying them from the dark web, phishing, spyware, or theft. This credit card data is then used to make big purchases on eCommerce sites.

Initially, the fraudsters do not know the limit assigned to the credit card and whether the card can be used to make successful transactions. To test this, hackers may make smaller purchases with multiple credit card numbers on an eCommerce website, often with the help of botnets or scripts. If they detect that a specific credit card is working, they will begin to make expensive purchases. Usually, the cards are stolen months or weeks before; hence this whole process determines which cards were canceled by banks and cardholders.

The initial smaller purchases often go unnoticed by business owners and customers. By the time the merchants understand the whole scenario, it gets too late. Using botnets makes card testing much faster and destructive. Fraudsters program the botnets to produce myriads of low-value transactions simultaneously. As a result, merchants must deal with miserable brand damage, revenue loss due to authorization processing fees, and hefty tax for their resource and time utilization.

2. Friendly fraud

Friendly fraud, often called chargeback fraud, happens when a fraudster purchases an online product or service and then requests a chargeback from the payment processor. They often claim that the transaction was invalid. As a result, the bank returns the transaction value to the fraudster, while the merchant still needs to pay the value.

Fraudsters generally make claims that appear to be honest and realistic, hence known as friendly fraud (as the consumer may be right in some cases). Friendly fraud is used to receive products/services for free.

Say, for example,

  • The fraudster may order an item from your e-commerce store and then claim that they never received the order.
  • They might tell their credit card issuer that they returned the item and the return transaction was not processed.
  • Or, they may also claim that they canceled the order and the company still sent them the item.

These are some scenarios that fraudsters generally use to argue with their credit card company, pressuring them to pay back the value. For this, e-commerce businesses need to use a chargeback management software tool to avoid fraud related to such disputes.

This fraud is hard to detect as it is typical to happen to a customer. However, as per research by chargebacks911, nearly 40% of customers who demand chargebacks are likely to do it again.

3. Refund fraud

Refund fraud is when a fraudster uses a stolen credit card to make an online transaction on an e-commerce website. Then, they will contact the business’s support team and request a refund for accidental overpayment, stating that they will have to refund through an alternative payment model since the credit card is closed.

This means that the original credit card charge is not refunded, and the e-commerce business will still owe the total amount to the original card owner. Ultimately, the fraudster is often successful in stealing money from the e-commerce business.

4. Account takeover

Fraudsters try to gain access to a customer's account on an e-commerce website. This is generally done by stealing passwords, personal information through the dark web, or security codes.

Once they log in to the user’s account, they can change their account details, make expensive purchases, and even withdraw funds.

This type of fraud is identity theft, costing e-commerce businesses severe brand damage as customers won’t feel safe to purchase on your website ever again.

5. Interception Fraud

Interception fraud happens when the fraudster makes a purchase on your e-commerce website with a shipping and billing address linked to the information of a stolen credit card. After the order is placed, they intend to intercept the parcel and keep the goods for themselves.

For this, they usually:

  • Ask the courier services to reroute the package to their given address for easy intercepting.
  • Request the business’s support agent to change the shipping address before it is shipped.
  • If they live nearby the victim, they will wait for the delivery time and ask the courier agent to sign the package and thereby intercept it.

6. Triangulation fraud

Triangulation fraud commonly involves three fraudsters that execute the fraud viz. the leading actor, an e-commerce store, and a shopper. The fraudster will set up a store on Shopify, Amazon, or other giant platforms that sell high-demand items at shockingly cheaper costs.

Once the customer places an order on the fraudster's store, they will use stolen credit card numbers, purchase items from your e-commerce website, and send them to their customers. The customer will receive a genuine product from the fraudster's website at an unbelievably cheap rate. The victims of this fraud will be the original credit card holder and your e-commerce website.

7. Classic fraud

It is a simple type of fraud where a fraudster steals the credit card details from the dark web. Then they purchase from an e-commerce store while the victim disputes the purchase. Finally, the bank closes the current account due to the dispute, issues a new credit card number, and sends it to the fraudster’s location.

8. Business email scam

This type of fraud targets businesses that deal with overseas partners and suppliers and make online transactions with them. The first step here is to look for genuine business email accounts and target them with specific software or other intrusive tools to make illegal online transactions.

9. Data breach

This happens to e-commerce stores when hackers try to access protective or confidential information in the database.

10. Malware/Ransomware

Hackers use illegal software to intrude into computer systems of e-commerce stores to either damage or disable them. Once the e-commerce business owner realizes that they cannot gain access to their database again, they are forced to pay a ransom by hackers to regain access.

11. Phishing

Phishing emails are constructed by fraudsters so that it looks almost similar to the legitimate e-commerce businesses.

How to identify e-commerce fraud?

Large-scale e-commerce businesses are required to leverage powerful software to detect fraudulent activities and orders, seeing the large number of orders they process daily.

Here are some of the red flags you need to pay close attention to save your revenues and brand reputation from fraudsters:

  • The information provided in the order is suspicious; for example, the IP address doesn't match the zip code.
  • The location of your regular customer is suspicious as compared to their previous locations.
  • The order is way too big as compared to the previous order history.
  • The buyer purchases multiple items simultaneously from one account but provides a different shipping address for shipping items.
  • Large number of orders in a short time period.
  • Multiple orders placed in a short period using different credit cards.
  • Over two or three online payments have declined in a row. In this case, generally, the fraudster is trying to insert the right CVV, credit card numbers, or expiry date multiple times.
  • Unusual amount of orders are placed overseas, especially from a location where you did not market your products.
  • Use of multiple credit cards from the same IP address.
  • Providing an incomplete address in the order.

Steps for preventing e-commerce fraud

Every e-commerce business is seeking ways to build a strong relationship with their customers to gain customer loyalty, brand reputation and eventually increase ROI in the long term. One of the most important things to maintain the integrity of your e-commerce store is to secure your online transactions. Therefore, e-commerce businesses need to take a customer-oriented approach to prevent real-time fraud.

Here are some of the best practices e-commerce businesses can follow to avoid fraud:

1. Data security budget review

Analyze and assign a specific budget only for data protection. Data breaches are pretty standard, and they can seriously affect your revenues, brand reputation and increase bounce rates. Therefore, e-commerce businesses must have a strategic data breach response plan ready. With this, you will be able to restrict the damage caused due to data breaches and make instant decisions when it occurs.

To prevent internal data breaches, provide role-based access to employees and limit access to sensitive information to admins only.

2. PCI Compliance

The PCI (Payment Card Industry) Security Standard Council has partnered with big global brands such as MasterCard and Visa to dictate specific regulations. This is to help businesses prevent fraud and secure their customer’s personal information. If you visit PCI’s official website, you can go through their standard regulations and seek compliance.

Some of the PCI Compliance’s significant rules include:

  • Daily monitoring of online transactions and bank accounts to look for suspicious orders/billing. For this, you can leverage advanced monitoring tools to track IP addresses.
  • Limits on daily spending for an account to prevent huge monetary losses in case of fraud.
  • A payment processor with AVS (Address Verification System) helps you compare the billing address associated with a credit card with the address on a file stored with the credit card issuer.
  • CVV (Card Verification Value) is a three or four-digit security number on credit cards at the backside. It is advised not to save CVV anywhere along with the credit card details. Hackers won’t be able to get this code unless they physically get hold of the card.
  • Stronger passwords for user accounts.
  • Timely security patching and system upgrades of e-commerce platforms.
  • Anti-malware and anti-spyware software to detect suspicious activities.


Ecommerce stores need to make sure all of their websites are secured with HTTPS to avoid security vulnerabilities.

Final thoughts

One of the essential business strategies for eCommerce stores is to invest in advanced fraud prediction and prevention systems and enhance customer experiences.

Ecommerce businesses can reduce lost sales and false positives by relying on trust rather than risk scores. Trust scores will help you know about the customer and minimize delays in transactions further. To thwart fraud, eCommerce businesses can leverage machine learning and AI-based solutions to help them gain accuracy in detecting fraud.