11 Vital Ecommerce Fraud Prevention & Detection Strategies for 2023
December 20, 2022
Fraud is a massive issue for ecommerce businesses across the globe.
In 2022 alone, online brands lost an estimated $41 billion because of it. Even more alarming, that number is projected to grow to $48 billion in 2023.
Fraud hurts ecommerce by degrading buyer experiences and brand reputations.
As much as 66% of American consumers say they wouldn’t buy again from an online store where their account was compromised.
Another concern is how often it occurs. Paysafe found the following five countries have especially high incidences of fraud, and consumers there were most likely to be victims:
- U.S. (34%)
- UK (33%)
- Canada (29%)
- Germany (27%)
- Austria (21%)
With this grim reality in mind, you must take measures to protect your business from ecommerce fraud.
In this post, we’ll help you tackle that problem. We’ll cover the most common types of fraud, share some ways to prevent it, and reveal tools to help you counter it.
Read on to learn about:
- Spotting common types of ecommerce fraud
- Ways to avoid ecommerce fraud
- What to do if you experience fraud
- Ecommerce fraud prevention tools
#cta-visual-pb#<cta-title>Build a store you can be proud of<cta-title>Try Shogun for free and create a fully branded store and your unique customer experience.Start building for free
Spotting suspicious activity: 8 Common types of ecommerce fraud
“One thing is certain—you will always have a certain amount of fraud in your online store. The key is to understand what types of fraud you are most vulnerable to and then employ tactics to prevent them.”
— Matthew Ramirez, founder of Rephrasely
The first step in prevention is learning how to identify scams. In this section, we’ll go over some common types of ecommerce fraud and their early warning signs.
1. Credit card fraud
This broad term encompasses any fraudulent activity involving a credit or debit card. In ecommerce, it’s also called:
- Card cracking
- Card testing
- Card not present (CNP) fraud
- Payment fraud
Criminals make online purchases using stolen credit card information, which doesn’t require a physical card. Sometimes, they test multiple cards to see which ones are active.
Common warning signs:
- Repetitive small, low-risk orders: This cuts into your bottom line once it piles up. You’ll not only lose the item you shipped but also have to reimburse the victim.
- Different cards with similar shipping or IP addresses: Multiple orders fitting this pattern could be someone purchasing through a collection of stolen credit card numbers.
2. Phishing scams and account takeover fraud
Phishing scams fool people into disclosing sensitive information such as their login credentials, bank account or payment details, billing address, etc.
They typically occur through emails, phone calls, or text messages where cyber criminals pose as trusted companies or brands.
The stolen information can then be used for account takeover (ATO) fraud, where scammers impersonate customers, access their ecommerce accounts, and make unauthorized transactions.
Once the account owners discover ATO, you can expect chargebacks and transaction disputes.
Common warning signs:
- Sudden password change requests from multiple account holders
- An accumulation of unsuccessful login attempts from multiple users
3. Chargeback or friendly fraud
“One of the easiest tactics to prevent fraud in your online store is to know how chargebacks work and how to dispute fraudulent ones.
Making sure that you clearly understand and know how Visa/MC/Amex/etc chargebacks work will help you dispute wrongful chargebacks, prevent fraud, and make more money in the long term.”
— Gilad Zilberman, CEO of SeatPick
This type of fraud occurs when a buyer makes a purchase but asks their financial institution to reverse the charges after receiving their order.
Banks or credit card companies typically take the customer’s side, making chargebacks difficult to dispute.
In most cases, people contact financial institutions to reverse unrecognized charges. Sometimes though, there’s malicious intent to contest the transaction and keep the order.
Both situations eat into your profits.
Common warning signs:
- Reports from customers saying their items weren’t delivered
- Shoppers claiming the product doesn’t match the description
- Buyers stating they canceled the order, but it was still sent
4. Refund fraud or abuse
Any business that ships items or accepts returns can experience this type of fraudulent or abusive consumer activity. Its various types include:
- Did-not-arrive (DNA)
- Empty or partially empty box
- Fake tracking ID (FTID)
It involves abusing refund policies, wherein ecommerce customers return damaged, broken, or stolen items for profit or free goods.
Others even force customer service representatives (CSRs) into issuing refunds.
Common warning signs:
Refund fraud typically occurs without chargebacks or disputes, so it’s challenging to track. However, there are signs such as:
- A considerable increase in your returns
- Expensive items being returned without receipts
- High inventory shrinkage rates
5. Promo, affiliate, and loyalty abuse
In these types of scams, swindlers take advantage of your marketing efforts via:
- Promos: Consumers use promotional codes multiple times or abuse coupon policies for free items.
- Affiliate: Cybercriminals take advantage of affiliate marketing, leveraging fake activities to receive commissions from your business.
- Loyalty: Fraudulent customers join your loyalty program, use stolen payment information to earn points, and then resell them.
Common warning signs:
- A sudden increase in new accounts joining loyalty programs or using promos
- Abrupt spikes in traffic or conversions from a single affiliate
- An unbelievable increase in purchases from one affiliate link
6. Triangulation fraud and website theft
Triangulation entails cybercriminals creating a fake ecommerce website identical to yours.
Then, when a customer places an order, they charge them and then use their payment details to order on your website. They then keep the initial payment, and while customers receive the actual item, they are charged twice.
Without insight into what actually happened, a customer will think that your brand accidentally charged them twice while only sending one item—creating a poor buyer experience and inciting negative reviews.
Website theft is similar to triangulation, but it happens when hackers take over your site, steal customer information, and block you from your store.
Common warning signs:
- New accounts regularly buying the same items
- Conflicting billing and shipping addresses
- Fast and repeating low-value transactions
7. Interception fraud
This occurs when a fraudulent customer purchases from you using stolen credit card, shipping, and billing information.
Once the purchase is complete but before the item ships, the criminal contacts customer service to change the delivery address to their chosen pickup location.
They aim to intercept the order and take it for free or resell it.
Common warning signs:
- Sudden changes in delivery addresses
- Unusual shipping locations
8. Supply chain fraud
“If you suspect something is amiss and can’t get a clear answer, it might be worth reaching out to the [wholesaler] to clarify or even going behind [their] back and reaching out to the supplier directly.
If you catch a seller in a lie, you can also always report them to the platform or, if you’re working directly with a supplier, discontinue your business relationship.”
— Matthew Ramirez, founder of Rephrasely
Since it can overlap with other criminal activities like collusion, financial fraud, and the misrepresentation of goods or services, supply chain fraud can be more complex than the others we’ve discussed.
It can even begin before a sale.
Misrepresentation, for instance, can result in you receiving counterfeit items instead of legitimate ones.
There are a few different types of supply chain fraud you need to know and protect against.
Some write it off as unavoidable, but cargo theft can significantly damage your business if left unchecked. This is typically planned and carried out while products are in transit.
Since thieves aim to resell, they target small and high-demand items.
This happens internally and differs on a case-to-case basis.
For instance, your 3PL can use your inventory to fulfill other client orders, or your goods may be stolen for resale.
Common warning signs:
- Suppliers changing banking information for money transfers
- The inventory that arrives is different or lower in quantity than expected
11 Ecommerce fraud prevention best practices
Now that you know the common fraud types and how to identify them, let’s discuss how to prevent them.
With business scams, prevention is always better than a cure (which we’ll also review later in this article).
1. Secure store access
Do you have a customer portal that stores payment information, passwords, order history, addresses, and other sensitive information?
Then it’s crucial to create a secure website while ensuring a seamless shopper experience.
When con artists possess stolen customer login credentials, having an extra layer of protection like Two-Factor Authentication (2FA) can prevent them from accessing your store and your customers’ accounts.
Additionally, one-time passwords (OTPs) sent via SMS can notify an account owner if someone’s trying to log in to their account.
2. Create and display strong policies
Your policies explain to customers how your business operates.
They also state what people can and can’t do, like prohibiting fraudulent or abusive activity. Clearly display them on your website and include regulations that cover:
- Passwords: Require that customers create secure passwords that scammers can’t crack.
- Returns: Craft a return policy that makes it difficult to abuse chargebacks and refunds.
- Promotions, affiliates, and rewards: Prohibiting the sale of rewards and placing order quantity limits prevents violations of your promotions’ terms and conditions.
#cta-visual-pb#<cta-title>Easily and seamlessly showcase your policies<cta-title>Use Shogun Page Builder to create any webpage you need with an intuitive drag-and-drop interface.Start building for free
3. Implement purchase limits
“We have placed limits on how many units of an item a customer can purchase in one order.
This has deterred scammers from ordering bulk items from our store using stolen credit card information. We also investigate accounts making multiple repeat purchases within a short time frame to determine whether they are legitimate.
Implementing order limits has helped bring down the rate of fraudulent activity to less than 6% per annum.”
— Nathan Sanders, CEO of Plumbing Navigator
Frequent, repeating small purchases and unrealistically large ones are red flags that indicate fraudulent activity. Impose order quantity limits to avoid clearing such transactions.
To minimize your chances of experiencing fraud, automatically block orders exceeding the established limitations.
Use your store data to gauge your average daily sales and set these restrictions accordingly.
4. Comply with PCI standards
One requirement for all ecommerce businesses is safe online payment processing, so they must comply with the Payment Card Industry (PCI) Data Security Standards.
These include best practices for scam and fraud prevention, such as:
- Cardholder data encryption
- Changing default passwords for systems
- Regular online security system testing
- And more
Fortunately, most payment gateways can handle adherence to PCI standards.
5. Choose the right payment processors
“Using an Address Verification Service (AVS) remains one of our most effective fraud prevention strategies. It automatically compares the billing address provided at the point of sale with the address that the card issuer has on record.
Since adopting this fraud mitigation strategy, fraudulent payments in our store have declined by about 35%, protecting our company and our customers from fraudsters while also mitigating against reputational damage.”
— Michael McCarty, CEO of EDGE Fall Protection
Look for payment processors that also implement the following standard security measures (in addition to PCI compliance):
- Address Verification Service (AVS): This ensures the entered billing address matches the one on file.
- Card Verification Value (CVV): This requires customers to input the three-digit code on the back of their debit or credit card.
The code entry ensures correct billing addresses and adds an extra layer of security in cases where thieves only possess card numbers.
You can also install the above measures easily without the help of payment processors.
6. Limit your payment options
“As a business owner and an entrepreneur, some tactics I have employed to prevent invoice fraud include: requiring payment via an ACH transfer rather than credit card; requesting a copy of an invoice or other form of verification from the customer; requiring that international customers provide additional documentation; and using third-party risk management services that screen your incoming invoices for fraudulent activity.”
— Matthew Ramirez, founder of Rephrasely
If fraud is a big concern, you may want to limit your payment options.
Credit cards are inherently less secure than ACH payments, as they require less information that’s easier for scammers to come across.
7. Require signatures and proof of delivery
This measure helps prevent identity theft as well as return and chargeback fraud.
Requiring physical signatures foils scammers who try to pose as someone else. It’s also proof the order was delivered.
Photos upon delivery can also serve as powerful evidence that those trying to (unjustly) claim refunds received their items.
8. Always gather evidence
Since most chargebacks are settled between the customer and the financial institution, signatures and photos may not be enough to dispute them.
When contesting chargebacks, include images of:
- Your fraud filters
- Conversations with the customer
- The customer and transaction details
This due diligence will help you win disputes and prevent unnecessary losses.
9. Train your CSRs
Your CSRs can also protect your business, so equip them with the necessary knowledge and skills to counter fraud.
Show them how to screen orders properly and identify telltale signs such as:
- Mismatched IP, billing, and shipping addresses
- Unrealistic purchase behavior
- Return or refund claims that already have proof of delivery
Have your CSRs double-check contact information to spot fakes.
Also, train them on how to use fraud prevention tools. This helps them monitor fraud alerts and manually check risky orders.
10. Conduct manual reviews
This measure is for smaller ecommerce businesses that see fewer transactions and don’t need CSRs.
Sometimes the best defense comes in the form of manual reviews.
To find and fix security issues, manually review risky orders, watch out for the fraud indicators we’ve discussed, and lean on your security tools.
11. Leverage ecommerce fraud prevention software
“We use a highly reputable fraud detection software that automatically flags suspicious user behavior on our ecommerce store. The software also flags orders that have a shipping address that differs from the billing address on the card used to make the payment.”
— Lisa Richards, CEO and creator of The Candida Diet
Powerful ecommerce fraud prevention tools can implement security measures like:
- Fraud filtering and scoring
- Identity and payment verification
- Account protection
- Dispute and chargeback management
- Behavior analytics
Others incorporate AI and machine learning so they can automatically take action when they detect suspicious activity.
The right one can confidently secure your store and improve the customer experience.
What to do if you encounter ecommerce fraud
Despite the safety measures we’ve discussed, it’s still possible for an enemy to slip past your defenses.
What should you do if your store falls under attack? How can you deal with a horde of false orders?
Follow the steps below to counter any assault and shield your business.
Step 1: Document everything
This is imperative.
Take detailed notes of what’s happening—each fraudulent transaction, its date and time, and the accompanying account with its shipping, payment, and billing details.
Gather proof in case you need to press charges; clean records will help you take action later.
Step 2: Identify and blacklist suspicious accounts
Afterward, pinpoint accounts that served as sources of fraudulent activity. Blacklist and block them to prevent further damage.
Step 3: Protect the buyer experience
Don’t let con artists inconvenience your real buyers. Enforce security measures with tools that detect suspicious activity early and in real-time.
This can stop scammers from accessing customer accounts and personal information in the future.
Step 4: Protect your inventory
Make sure the fraudulent transactions weren’t cleared.
For those that push through, cut them off before they’re fulfilled. Inventory losses can hurt, so take additional steps to secure the overall purchase process after the attack.
Step 5: Take responsibility and protect your brand reputation
In case of account takeovers, notify victims immediately and ask them to reset their login credentials.
Also, advise them to double-check their payment methods and ensure they’re still secure.
Most importantly, apologize for the lapse in your store’s security and try to make it up to them to keep their business.
Step 6: Learn from your mistakes
Fraud attacks from ecommerce swindlers are a nightmare, but you can prevent future assaults. Analyze what you’ve documented and conduct a website security audit.
- See if your software and plugins are up to date
- Check if your SSL certificate is working
- Double-check for proper data encryption
- Determine if there are any PCI compliance issues
Identify any gaps in your store’s security and address them to shore up your defenses.
Ecommerce fraud prevention tools
“Platforms such as Shopify have some level of built-in fraud prevention to help reduce the likelihood of chargebacks, but if you’re doing significant sales volumes, then it’s advisable to use additional tools built specifically to prevent ecommerce fraud.
Ideally, you want to look for a tool that uses a combination of both AI and actual human review when necessary to detect fraudulent transactions.”
— Ryan Turner, founder of Ecommerce Intelligence
Finally, to assist your implementation of the strategies we’ve discussed, here are some powerful tools designed to detect, manage, and prevent fraud.
Many of these tools employ automated checks to speed up verification and recognize patterns to catch fraudulent activity.
Signifyd is an ecommerce fraud prevention platform that harnesses transactional and behavioral data from merchants across the world.
- Fraud protection: Employs machine learning that automatically scrutinizes orders and decides whether they should be fulfilled or blocked.
- Abuse prevention: Lets you create, manage, and test custom policies against abuse, then integrate them into your workflows. The tool also automates chargebacks.
- Account protection: Detects anomalies and prevents account takeovers.
- Payment optimization: Follows Strong Customer Authentication (SCA) compliance for a more enjoyable customer experience.
Pricing: $1,500/month; 14-day free trial
Simility’s Adaptive Decisioning platform applies various technologies to help ecommerce businesses stay on top of fraud and abuse.
- Device Recon: Analyzes various attributes to assign unique device identities. It also uses locational and transactional data for precise detection.
- Machine learning: Drives regular rule recommendations and threshold suggestions for greater accuracy and catch rates.
- Complex authentication: Automatically authenticates, accepts, rejects, or steps up events, reducing the need for manual reviews.
- Link analysis and visualization: Simplifies fraud screening through a consolidated interface that visualizes data.
Subuno is a platform that automates ecommerce fraud detection and speeds up manual reviews to protect ecommerce businesses and increase their sales.
- Risk scoring: Analyzes and flags fraudulent orders.
- Rules engine: Lets you automate fraud prevention processes.
- Review dashboard: Provides details and visual cues for faster reviews.
- Platform: Possesses more than 15 fraud detection and order validation tools.
- Custom data: Custom API fields for incorporating internal fraud analysis.
- Bronze: $19/month, $.05 per additional transaction
- Silver: $49/month, $.04 per additional transaction
- Gold: $99/month, $.02 per additional transaction
- Platinum: $249/month, $.01 per additional transaction
Through its suite of products, Riskified assists with fraud management, helps reduce operating costs, and increases revenue.
- Chargeback Guarantee: Automatically approves legitimate transactions, provides order decision insights, and more.
- Deco: Rescues orders at the point of decline, minimizing revenue lost from payment authorization failures.
- Policy Protect: Automatically identifies abusive customers, blocks resellers, and creates loyal consumer-friendly policies.
- Account Secure: Prevents account takeovers, blocks fake accounts, and automates account recovery.
- PSD2 optimization: Ensures PSD2 compliance, filters out fraud pre-authorization, lets you decline risky transactions, and more.
Pricing: Percentage of the value of each approved transaction
SEON relies on alternative data and flexible, modular APIs for precise and accurate fraud detection. It contains three core modules:
- Email Analysis: Enhances data through one email address.
- Phone Analysis: Identifies users through a single phone number.
- IP Analysis: Lets you spot and block suspicious web connections.
These modules also share the following key features:
- Risk scores and rules: Improves detection accuracy and automates user blocking.
- Digital and social media lookup: For in-depth background checks.
- AML and KYC: Anti-Money Laundering and Know Your Customer monitoring.
- Behavioral analytics: Lets you screen customer activity.
Pricing: Free or $299/month; 14-day free trial
ClearSale provides fraud protection for small to enterprise-level businesses. Its services are tailored to your size, and it also offers consulting services.
For small to medium businesses:
- Fast order approvals through fraud scoring
- Simple ecommerce integration for easy setup
- Comprehensive protection eliminates chargebacks and false declines
For enterprise brands:
- Customized solutions to match your business challenges
- Curated customer interactions for those that can’t be addressed automatically
- Business process consulting to address your unique issues
Pricing: Based on a KPI or fixed percentage per approved transaction
NoFraud provides solutions for ecommerce fraud protection to yield seamless customer experiences and optimize your business operations.
- NoFraud Protection: An ecommerce platform integration that accurately passes or fails each order.
- NoFraud Checkout: A faster checkout experience designed for trustworthy shoppers.
- Managed Services: The NoFraud team handles chargeback disputes for you and provides process recommendations based on industry best practices.
Pricing: Pay for approved orders only
Kount’s Identity Trust platform provides multiple products that leverage AI and consumer insights to fight digital fraud.
- Kount Command: Recognizes trustworthy customers, letting you approve, decline, and review interactions.
- Kount Control: Identifies dangerous behaviors and prevents account takeovers through customizable business policies and machine learning.
- Kount Central: Builds a payment provider’s merchant portfolio with digital fraud protection and access to a prompt network.
- Dispute and Chargeback Management: Integrates with post-authorization tools and lets you manage chargeback alerts and automate inquiry responses.
Pricing: Contact sales to request a quote
Bolt’s CheckoutOS platform is a robust solution offering fraud protection and seamless checkout, authentication, and payment.
- Fraud coverage: Provides in-depth protection through real-time data, machine learning, chargeback guarantee, human review, and more.
- One-click checkout: Personalized, one-click checkout and post-purchase management.
- Frictionless authentication: One-click account creation to OTP login capabilities.
- Payments orchestration: Various secure payment integrations and options.
Pricing: Starts at $19.99/month and scales based on yearly sales for BigCommerce; pricing for other platforms unavailable
Prepare your defenses against ecommerce fraud
Ecommerce fraud is a major headache for both businesses and consumers. But, with enough know-how and tools, preventing it can be simple.
As you take steps to guard your store, remember to identify the types of fraud you’re fighting, implement the aforementioned best practices for early detection and prevention, and supplement your efforts with tools that improve security and customer experiences.
Employ the necessary measures so you and your customers can operate without worry.
#cta-visual-pb#<cta-title>Start building your dream store<cta-title>Leverage Shogun’s intuitive UI to create a website that converts.Start building for free
Rachel is a remote marketing manager with a background in building scalable content engines. She creates content that wins customers for B2B eCommerce companies like MyFBAPrep, Shogun, and more. In the past, she has scaled organic acquisition efforts for companies like Deliverr and Skubana.