7 Types of E-commerce Fraud And What To Do About Them

by Amir Levi 21.Feb.2022 11 min read Views
7 Types of Ecommerce Fraud and What to Do About Them

Listen to this article

Amir Levi

2021’s busiest holiday shopping season in the US witnessed a 25% increase in fraudulent e-commerce transactions compared to the previous year. There’s no denying that e-commerce is the soft white underbelly that fraudsters love to attack. Truth is, e-commerce fraud is areal time threat we need to acknowledge and address. 

If you’re a small business or an e-commerce startup, you are especially vulnerable to e-commerce fraud. You might not have the necessary security measures to protect your data. Or perhaps you’re not familiar with data security best practices. 

Either way, if you have an online store, you should make every effort to tighten your online security. We’ll tell you why, but basics first. 

Understanding E-commerce Fraud

Understanding E-commerce Fraud

E-commerce fraud is a deliberate act of deception where a cybercriminal or deceitful customer cheats during your sales transactions. Such fraudulent activity will certainly cause you financial losses but can adversely affect your reputation, brand image, and customer relations. 

The deception should go undetected to be successful, at least until after the transaction. However, it can be difficult to prosecute the fraudster even when you detect their activity. 

Unlike offline stores, scamsters can commit e-commerce fraud without even using a card to conduct a transaction. 

The amounts involved for individual incidents are not usually significant. It also takes significant time and effort to gather evidence and prove criminal intent, so some of you might just write such instances off. 

But that’s exactly the line of activity you should not pursue. Here’s why. 

The value of fraudulent card transactions worldwide in 2021 was $32.04 billion and is expected to reach $38.5 in 2027. Closer to home, the actual cost of e-commerce fraud to merchants is $3.60 for every $1 lost to fraud because of chargeback fees, penalties,  and loss of customer confidence

So it is important to spend on resources preventing e-commerce fraud than making big losses that affect your bottom line. But that’s jumping the gun. Before we talk about how to prevent fraud, let’s consider why it happens in the first place. 

Why Is E-commerce Fraud So Common?

Why is E-commerce Fraud So Common

There’s no denying that the Internet helps online business owners like you reach bigger markets and levels the playing field. But it has its vices that fraudulent customers or cybercriminals use to their advantage. 

In fact, e-commerce fraud is very prevalent because: 

It’s Easy To Cheat Online 

There is absolutely no need for fraudsters to do anything physical to carry out their nefarious schemes. They don’t have to steal credit cards or go dumpster diving to get discarded ATM slips and use them later. 

E-commerce fraud only requires access to credit card information, which a fraudster can obtain from the dark web. Given that 23 million stolen credit cards were available for sale on the dark web in early 2019, you can gauge how serious the problem is. 

An online merchant who unwittingly completes transactions using stolen cards will likely get chargebacks from the credit card company. 

It’s Always Unseen

Because all e-commerce fraud happens online, fraudsters enjoy anonymity in their schemes. They work unseen and may conduct their activities at any time, from any place. 

Typically, a person committing fraud will create a fake email account and use P.O. boxes for their addresses. These do not contain personally identifiable data, so they are confident that the deed cannot be traced back to them. 

It’s Hardly Ever Prosecuted

Most e-commerce fraud involves relatively small amounts that might not make it a priority for law enforcement agencies to investigate. Gathering evidence also takes time and effort, much less proving intent. 

That is especially true when a traceback reveals the crime originated in another country. Fraudsters count on that, so it makes them bold. 

You are essentially on your own when it comes to e-commerce fraud.  You also shoulder the responsibility of securing your clients’ information from unseen bad actors. 

Different Types of E-commerce Fraud

Different Types of E-commerce Fraud

E-commerce fraud takes many forms, and some are easier to detect than others. Find out the most common types of fraud and how they happen. That can help you develop strategies to prevent them, which we will discuss later. 

Credit Card Fraud

When someone uses a stolen credit/debit card to make purchases online, it comes under what we call Credit Card Fraud. Also known as card-not-present fraud, is the most recognized type of e-commerce fraud. 

In most cases, the fraudster obtains cardholder information including name, account number, billing address, card value verification (CVV) code, and expiration date via the following methods: 

  • From the dark web
  • Through a phishing attack
  • Or by hacking your customer database 

Once you complete the transaction, the charge goes to the legitimate cardholder’s account. At some point, when the cardholder disputes the transaction or the issuing bank flags it as a fraudulent transaction, you end up issuing a refund. 

You’re not only out of pocket for the product or service, but also become liable for chargeback fees and other penalties. 

Card Testing Fraud

You might also fall victim to credit card testing fraud or card cracking. This occurs when fraudsters use multiple cards using bots or scripts to find out which are active. In most cases of card testing fraud, the purchases are so small, you wouldn’t even end up red-flagging them. 

Fraudsters test the card’s validity with the help of this method. They do not make purchases. 

If you as a merchant allow the transaction, the fraudster will then use that card to make as many purchases as they can until they max the card out or the bank blocks it. 

Card testing fraud can prove to be quite expensive. One study estimates that card cracking accounts for about 16% of all e-commerce fraud.

Friendly Fraud

The next one we’re going to discuss is friendly fraud, or chargeback fraud. This is when a customer makes an online purchase using a credit card and then disputes it as an invalid transaction. 

In most cases, the shopper will wait weeks, even months, after receiving the products or services before disputing the transaction with their bank, claiming one of the following:

  • Never received the item/service
  • Returned the item to the merchant
  • Canceled the order
  • Received the wrong item

The fraudster hopes that you do not have time to challenge the dispute or give them the benefit of the doubt. In either case, the issuing bank credits the disputed amount back to the account, so the fraudster gets the product or service and their money back. 

In the meantime, the credit card provider issues a chargeback to you, which means that you need to refund the money for that transaction. Don’t forget that you’ll probably have to pay chargeback fees too. 

Enough friendly fraud can break any e-commerce business’s back. That’s not so friendly, right?  

However, not all friendly fraud is deliberate. 

For instance, a customer might dispute a transaction because the delivery was so delayed that it was no longer needed. Another common reason is the credit card description of the purchase is unclear, confusing the cardholder and leading them to believe it was not a valid purchase sincerely.

Whether deliberate or not, friendly fraud costs merchants like you significant money and trouble. 

Refund Fraud

Return fraud is a little more complicated than straightforward credit card fraud. The fraudster uses a stolen card to make an online purchase. After receiving the item, they contact you to say they want to return the item and request a refund. 

However, the trick is they request you to send the refund to another account. This is because the credit card they used originally is no longer active. As a result, you end up paying double: once to the fraudster and a refund to the legitimate cardholder. 

While you will usually get back the item the fraudster bought, such unscrupulous activity will still cause you financial losses. 

Account Takeover Fraud

E-commerce stores typically require customers to create accounts with their personal and transactional information. In an account takeover fraud scheme, a hacker gains control of these accounts through phishing emails. These emails trick your customers into handing over information such as their usernames and passwords. The fraudster logs into the account, changes the passwords, withdraws money, and buys stuff. 

You are pretty much powerless to do anything to prevent account takeover fraud if customers fall for phishing scams or use the same password for all their accounts. However, you are still left holding the bag for refunds, chargebacks, and fees. 

Interception Fraud

Interception fraud is much like credit card fraud. But instead of using a P.O. box or other anonymous location as the delivery address (which many merchants consider red flags), scamsters have the items delivered to the address of the legitimate credit cardholder. They then intercept the package before you can ship it. 

A common tactic is to call your customer service, marketplace (i.e., Amazon), or courier (i.e., FedEx) and request a change of delivery address. Some may even physically intercept the package if they are in the same area as the cardholder by going to the address and signing for it. 

Triangulation Fraud

Much like a bait and switch, triangulation fraud involves a legitimate buyer, a genuine e-commerce store, and a fake storefront. The fraudster operates the storefront, selling expensive items at ridiculously low prices. Shoppers attracted by the bargain end up buying these goods using a credit card. 

The fraudster, now armed with the credit card information of their customers, buys the items from the e-commerce store at regular prices and ships them to their customers. The fraudster can also buy stuff to send to themselves. 

The legitimate cardholder often does not detect the fraud until later because they expect the purchase to come out in their statements. 

The result is the customer gets the item at a low price (they think), the fraudster benefits from the goods they ship to themselves, and you, the merchant, pays for chargebacks to the stolen cards. It’s always the merchant who loses in these stories. 

Identifying E-commerce Fraud

Identifying E-commerce Fraud

Given the many ways you can fall victim to fraud, it would be in your best interest to identify these deceptive practices. Keep in mind that you can do only so much, fraudsters are pretty cunning. However, you can minimize the low-hanging fruit by scrutinizing the following:

  • Inconsistencies in the zip code, city, I.P. address, and email address
  • Significantly larger or more frequent purchases by an existing customer relative to their usual buying behavior
  • Rush orders containing multiples of one SKU
  • Change in location, particularly different countries 
  • Shipping to different addresses
  • Back-to-back purchases, but in not peak season
  • Multiple purchases using many different credit cards
  • Multiple failed attempts to enter card details, resulting in declined transactions
  • Multiple purchases from an unusual location in a short period, i.e., 20 orders from Russia from where you have never received an order before

Preventing E-commerce Fraud

Preventing E-commerce Fraud

As a small online business owner, you might believe you’re of no interest to cybercriminals. On the contrary, fraudsters target small businesses because you are less likely to have e-commerce credit card fraud prevention, security protocols, and the resources to pursue a fraud case. 

That said, recognizing fraud when it happens is helpful, but it is much better if you prevent it from happening at all. 

There are many ways you can prevent fraud, and some you can implement immediately at little to no cost. Others may require a bit more investment, but they are worth it if they can minimize fraud on your site.

Implement Fraud Prevention Solutions

Those that commit e-commerce fraud are getting smarter by the day. Guarding your business against them requires advanced measures and e-commerce fraud prevention techniques. 

Automated fraud detection and prevention solutions can help you nip any shenanigans in the bud. 

For instance, Shopify includes a fraud detection e-commerce tool that analyzes trends to help e-commerce stores spot possible fraud. It also supports third-party apps for fraud protection, some of which are free to screen up to 500 orders a month. If you have a Shopify store, we suggest you sign up for one of them, pronto!

Other e-commerce marketplaces or website hosting platforms might also offer integrations with fraud prevention solutions. WordPress, for instance, has numerous plugins for fraud prevention

Audit The Site Regularly

Criminals are constantly looking for holes in the fence to exploit you. Keep them out by checking the following regularly:

  • Shopping cart and plugins updates
  • SSL certificate validity
  • PCI-DSS (Payment Card Industry Data Security Standard) compliance
  • Backups
  • Password strength for backend access, FTPs, and databases
  • Malware scans
  • Data encryption
  • Inactive plugin status (remove them)

Ensure PCI Compliance

E-commerce stores that accept credit cards must comply with PCI-DSS standards. Compliance means you avoid penalties, fees, and possible litigation. It also means your store and business processes ensure credit card data security. 

There are 12 requirements for PCI-DSS compliance. These include:

  1. Installing and maintaining firewalls to protect cardholder data
  2. Changing vendor-supplied defaults for system and security passwords 
  3. Protecting cardholder information
  4. Encrypting cardholder data transmissions across public networks
  5. Using updated anti-virus software 
  6. Developing and maintaining  secure applications and systems and applications
  7. Restricting access to cardholder data 
  8. Assigning unique I.D.s to everyone with access to stored cardholder data
  9. Restricting physical access to cardholder information
  10. Tracking access to network resources 
  11. Testing security processes and systems regularly
  12. Maintaining information security policies for contractors and employees 

While this might seem like a lot to do, some e-commerce platforms such as BigCommerce are PCI-compliant by default. That means most of the work is done for you. Some web hosting sites also offer PCI-compliant options. 

Check Regularly For Suspicious Activities

You can’t stroll the aisles of your online store as you would a brick-and-mortar one. But you can keep an eagle eye for red flags such as wonky I.P. addresses, mismatched billing and shipping addresses, or multiple delivery addresses for single accounts. 

You can also use velocity checking tools to track buyer behavior to detect anything unusual in their activities. Monitor regularly, especially during peak buying seasons such as the holidays. That’s when fraudsters come out of the woodwork. They’re counting on their transactions getting lost in the crowd. 

Go For The Address Verification Service 

Most issuing banks and credit card companies provide an Address Verification Service (AVS) to their merchants for a small fee (typically between $0.01 to $0.10 per transaction). 

Via this process, the bank compares the billing address of a credit card with the data they’ve stored at their end. All this is a part of their authorization process. If the addresses don’t match, the bank stops the transaction from going through.  

You can choose not to use AVS, but that might not be a great idea. Such a nominal fee is worth the security it provides you with. 

Ask For The CVV

The Card Verification Value (CVV) is usually the three or four-digit security code etched at the back of a credit card. You can require your customers to add this value for all online purchases. While it is an extra step, it can help you verify the legitimacy of a transaction. 

Like AVS, you can choose not to require shoppers to input the CVV for their online purchases. Unlike AVS, there is no charge to require a CVV, so it makes perfect sense to ask for it.


You probably already know to choose to open sites with HTTPS (Hypertext Transfer Protocol Secure) because it has better data security than HTTP offers. But did you know that you don’t automatically get HTTPS when building your e-commerce store? 

For example, for a WordPress site, you need to secure a Secure Socket Layer (SSL) certificate and follow a few steps to enable HTTPS for yourself. 

Use HTTPS for your site to encrypt data from your e-commerce store whenever a public network is involved. It’s an excellent way to dampen a fraudster’s spirit. 

Limit Customer Data Collection 

Avoid collecting unnecessary personally identifiable or sensitive financial information such as birth dates and Social Security numbers from your customers. 

Only collect what you need to complete a transaction to mitigate your risks if someone hacks your database. If you don’t have it, they can’t get it. 

It’s perfectly fine to collect as much information about your customers regarding their preferences and pet peeves to use for your ad marketing.

Blacklist Possible Fraudsters

Finding customers is hard, but you need to take a tough stance if you think a customer might be committing fraud on your site. Put them on a list of banned people. It isn’t a perfect solution, but it will prevent them from transacting with your business. 

 Fraudsters can always come back with a new identity, but it helps to have a record. 

Impose A Purchase Limit

Sound counterintuitive? Let us explain. You can set limits based on the expected behavior of your customers. This will help you smell fishy behaviour, if any.

For example, if customer A buys between $100 and $150 worth of products a month, you can set a limit of $200. On the other hand, if customer B typically buys between $1,000 and $1,500 a month, your limit could be $2,000.

Always Ask For A Physical Address

You can refuse to complete transactions if the delivery is to a P.O. Box or virtual addresses, such as that of freight forwarders (if you see a container number such as #ABC-1234567 included, that’s a freight forwarder). In fact, you should. 

Most fraudsters use such anonymous addresses to avoid exposing anything personally identifiable, such as their actual address. 

Keep E-commerce Fraud At Bay

Keep E-commerce Fraud At Bay

E-commerce fraud is the Achilles heel of all online sellers, but that doesn’t mean you have to take it lying down. It is almost impossible to avoid e-commerce fraud if you are an online merchant. But you can minimize it greatly by being aware and knowing what steps you can take. 

It will not be easy, but making your e-commerce store as secure as possible will be worth the effort.

An e-commerce store has distinct advantages over brick-and-mortar ones, not the least of which is lower operating and overhead costs. But it isn’t without its disadvantages. One of those is more people are making purchases online, doubling the sales for many merchants, but the incidence of fraud is also increasing by 69% a year. In 2019, online merchants dealt with more than 200,000 attacks on their stores every month. 

Even if only a few are successful, the consequences can still be serious.

Try AdScale Now

Get Started for Free

Related posts

20 Ways to Optimize Your E-commerce Conversions Fast

Increase E-commerce Conversions Ecommerce marketers and business owners develop and launch complex, multi-pronged marketing strategies just to bring potential customers to their websites. Unfortunately, the work doesn’t end there. It

12.May.2022 34 min read

E-commerce Analytics Software 2022: Top 20

In general, e-commerce analytics is the process of collecting information from all of the sources that influence your business. It can encompass a wide range of customer lifecycle KPIs, including

02.May.2022 31 min read

E-commerce Marketing Calendar For 2022

Any eCommerce business field, retail or wholesale, should synchronize its marketing campaigns with official or traditional holidays to cope with the demand of its customers and boost sales. An eCommerce

26.Apr.2022 16 min read