We put together this guide to help you protect your business and consumer data. You can do this by implementing some e-commerce fraud prevention protocols. To understand how it works, let’s examine what fraud is, how it happens, and what companies can do to mitigate their risk.

eCommerce Fraud Protection Table of Contents

What is ECommerce Fraud?

E-commerce fraud is a type of fraud that occurs during an online transaction. There are many types of e-commerce fraud, but the most common is credit card fraud. This occurs when a thief uses a stolen or counterfeit credit card to make a purchase online. Here, we have categorized e-commerce fraud into five types you should be aware of.

Credit Card Fraud

Credit card fraud is a broad term used to refer to any criminal activity involving a credit card. In the e-commerce world, it is “card-not-present” fraud, meaning the purchases are made without a card. It is also sometimes referred to as “payment fraud.”

This type of fraud occurs when the criminal obtains credit card information and uses it to make online purchases. Cybercriminals often obtain this information by purchasing lists on the dark web or hacking directly into a payment processing system for a bank or business. The information can also be secured using skimming technology, which allows criminals to skim information from physical devices like ATMs or gas pumps.

Chargeback Fraud

Chargeback fraud, commonly called “friendly fraud”, refers to the process of purchasing goods or services online and then reporting them to your card issuer as fraudulent. This generally happens when an individual is using their own credit card, rather than a stolen one. They will make an online purchase and wait until their goods arrive. A few weeks or months later, the customer files a complaint with their credit card issuer to receive a refund.

The card issuing bank will typically give the customer a refund immediately as a form of good customer service. The issuer will investigate whether the purchase was fraudulent and who was at fault. This type of activity can be difficult to catch and generally results in a loss of revenue for the merchant.

Phishing Fraud

This type of fraud occurs when a scammer tries to get a business or individual to click on a link or open an attachment that contains malware. The scammer will often pose as a legitimate company or individual to trick the victim into acting on the request. When a customer clicks on the link or offers personal information, the fraudster secures that data and uses it to make fraudulent purchases.

Phishing scams generally ask the user the password to their account. They scare the user into doing so by telling them their account will be deactivated or this is an issue with the card. Consumers want to discover the issue, so they put in their password, and the scammer has full access.

Affiliate Fraud

Affiliate fraud is a completely different type of e-commerce fraud. In the e-commerce world, there is a type of marketing called “affiliate links.” This type of marketing involves businesses paying content creators and influencers a commission for sending customers to their online stores. For example, if I placed an affiliate link in this article, and you clicked on it to go to a merchant’s website and made a purchase, the merchant would give me a percentage back as a commission for sending you to their store.

Criminals can do this by registering for domain names closely related to the merchant’s website. When people mistakenly type in the wrong website name, and it lands on the fraudster’s page, they will set it up to re-direct the consumer to the correct page using an affiliate link. As a result, the affiliate pays the fraudster a commission for their “referral” to the merchant site.

Interception Fraud

Interception fraud is when the fraudster uses stolen credit card information to make online purchases. They have the merchandise shipped to the address affiliated with the card, just as a consumer would. However, the criminal then intercepts the package before it reaches the cardholder.

They can do this in a few different ways. One common way is to call the customer service line before the package ships and change the shipping address. Another way is to register a fake email address for the merchant to send shipping notifications to. When the criminal gets the email saying the package will be delivered soon, they can intercept it before the cardholder arrives home to receive their package.

Identifying Fraudulent E-Commerce Activity

As a business owner, you have a lot of options available to you for fraud prevention. Many techniques can be learned and implemented to help you and your team detect fraud when it’s happening. We also suggest investing in automated tools, which are much more effective and expensive. Here are some key things to watch for when looking for potentially fraudulent activity:

  • Inconsistent Data: When the purchaser enters an address that doesn’t match the billing zip code, or the URL doesn’t line up with the cardholder’s email address
  • Unusually High Purchase Price: The purchase being made does not align with the typical spending habits for that cardholder
  • Multiple Purchases in a Short Period: The same card is used for multiple purchases on the same or different sites in a short time period
  • Unusual Location: The purchase is being made from a location that is out of the ordinary for that cardholder
  • Multiple Shipping Addresses: If the same card is used for multiple purchases, and those purchases are being shipped to different addresses
  • Multiple Cards: Multiple purchases being shipped to the same address, but being purchased with different cards
  • Multiple Decline Transactions in a Row: When many purchases are being attempted by the same card, or same purchaser and several have been declined, this could be indicative of inaccurate credentials and multiple attempts to hack the account.

Luckily, there are a variety of fraud detection and fraud prevention products on the market that merchants can utilize to protect their customers. In the next section, we’ll look at what’s available to implement in your business.

E-Commerce Fraud Prevention Protocols

E-commerce fraud prevention is big business, and for good reason! As cybercriminals become more sophisticated, so should fraud prevention practices. According to Statista, the fraud prevention industry will be worth nearly $70 billion by 2025. Large enterprise companies spend 10% or more of their revenue on fraud prevention tools and protocols.

You can do several things to mitigate the risk of fraud in your business. Implementing simple but important protocols could save you and your customers thousands of dollars.

Remain PCI Compliant

This may seem like a no-brainer, but there is a shocking number of businesses who are not PCI compliant. This puts their customer data at risk and could put the business at risk of being shut down. Here are some of the key elements of PCI Compliance:

  • Consumer data encryption
  • Antivirus software to combat malware attacks
  • Regularly changing the password for software and systems
  • Routine testing of anti-fraud systems
  • Restricting access to consumer data within your organization

Another major part of PCI compliance is a firewall between your access points and your consumer data. If you don’t have an internal IT team that can assist with these items, be sure to find a consultant or specialist to get it done.

Use ID Verification Software

When consumers purchase on your website, they enter sensitive information and trust you to protect it.

For an e-comm merchant, this is a delicate dance between protecting your customers and having too much friction during checkout. US consumers are notoriously averse to “friction” or too many steps required in the checkout process. That being said, you should still implement a verification system in your payment gateway. There are a few different options to choose from, including:

  • Card Verification – the system requests the security number on the back of the card
  • PIN Number – the system asks for the PIN associated with the card.

All these options should be available through your payment processor. Ask your representative how to activate these options to protect your consumer data.

Review Potentially Risky Orders in Depth

Depending on the volume of your business, it can be difficult to review every single order. That’s why fraud detection software exists. However, you should make time to manually review extremely risky orders. If your fraud detection software raises a flag on a particular order, be sure that you or your team is reviewing that order.

When reviewing the order, look for unusual activity for that cardholder, billing data that doesn’t match, URLs from odd locations, etc. If you need more verification, attempt to reach out to the customer. It’s usually a sign of fraud if you don’t get a response from them.

Require Proof of Delivery
Working with trusted delivery partners can help combat return fraud. This type of fraud happens when a customer purchases and receives their goods, but then asks for a refund, claiming they never received their products. If you work with carriers who provide proof of delivery such as photos or signatures, you could save your business a lot of money and headaches.
Implement Quantity Limits
High quantities of the same product or a few products can indicate fraud. Limiting the quantity purchased on your site in one day can help mitigate this risk. To figure out what the limit should be, do some analysis on purchasing trends over the past 6-12 months. That should give you a good idea of how much your customers purchase at one time.
Block Repeat Offenders
Creating a blocklist of past fraudsters can prevent them from returning for more. This can be done by building a blocklist and using IP fraud scoring tools. A blocklist is a document that contains names, credit card numbers, billing addresses, IP addresses, etc. It can flag and prevent attempted orders placed by the people on the list. An IP fraud scoring tool can detect IP addresses linked to fraud in the past and prevent them from making purchases on your site.
Fraud Prevention Software
As the fraud prevention industry grows, more options are available to business owners. Here is a list of some top-rated fraud prevention software companies today. This list is a great place to start if you’re looking for a fraud prevention software, partner, or consultant.

  • Riskified
  • Kount
  • Forter
  • SEON
  • Signifyd

Depending on your business, you may need different software and tools for protection. Doing your due diligence and planning to move forward can get you on track to protecting your customers and saving money by decreasing e-commerce fraud. Be sure to shop multiple vendors for software before making your selection. A good fit for a vendor is someone who will partner with you, provide flexible options, and meet the needs of your business.