Ecommerce Fraud: Definition, Detection, and Prevention

People tend to shop online due to the COVID-19 pandemic. The US e-commerce sales soar like an eagle in Q1 2021, up to 39% in increase compared to this time last year, reaching $196.66 billion.

However, the growth of e-commerce also creates opportunities for cybercriminals and suspicious consumers to scam online businesses. They hack stores, steal customer data, or even make fake orders and purchase frauds.

As online business owners, you need to take proactive actions to detect and prevent e-commerce fraud by all means.

In this article, we will guide you on how to detect as well as prevent e-commerce fraud in your stores. But before that, we’ll clarify what e-commerce fraud is and e-commerce fraud issues on big platforms like WooCommerce and Shopify together.

Let’s jump in!

What Is E-commerce Fraud?

In the beginning, fraud refers to the concept of stealing credit cards physically and using them to make purchases.

eCommerce fraud describes all types of fraud occurring on your eCommerce platform. It happens when hackers use a stolen or fake credit card to proceed their commercial transaction.

And of course, all these transactions are illegal. Consequently, retailers won’t receive any payments for the sale they just made, which directly affects their revenue.

Mind-blowing Statistics about E-commerce Fraud

The Federal Trade Commission estimated that over 32% of people in the US feel annoyed about credit card fraud only in 2015. And this number doubles the percentage of 2015.

The chargeback rate is also in an alarming situation which increases near to 20% each year. The US National Consumer Helpline received 977 cases of online shopping fraud registrations from 1 April 2017 and ending on 31 March 2018. However, they’ve had to deal with 5,620 cases in 2019, taking the total number to 13,993 cases since 2017.

Javelin Strategy reported that fake purchases, identity fraud, and e-commerce criminals blew out $16 billion of e-commerce merchants globally. In 2024, this amount of money is predicted to climb up to $24 billion, according to Juniper Research.

E-commerce Fraud Targeted Platforms

It’s not surprising that WooCommerce and Shopify receive the most fraud payments and transactions due to their popularity. WooCommerce empowers about 28% of all online stores over the world while Shopify takes almost 20% market share.

WooCommerce and Shopify always provide new updates as well as functions to auto-scan the transaction for fraud indicators. Still, fraudsters always try their best to find vulnerability holes in the payment process and make illegal purchases.

Each e-commerce platform comes with different solutions and tools to identify and prevent fraud. You need to firstly understand the types of frauds your online store is facing to find a suitable method and effectively protect your site.

Types of E-commerce Frauds

“In order to win a battle, you have to know your enemy”. Before taking any action in stopping fraud, you need to know how many types of frauds your e-commerce business can face.

#1 Card Testing Fraud

Card testing or card cracking is considered the most common fraud, accounting for about 16% of all e-commerce fraud.

The process of card testing fraud takes place when a fraudster has access to one or more stolen credit or debit card numbers. They own this information via theft or buy it on the dark web. The thing is that they aren’t sure if these credit cards work or not.

That’s why they have to test them by going to an eCommerce website and ordering products with low prices first.

If they can successfully complete this transaction, they will continue their bad action with bigger orders. Merchants credit card owners won’t realize this until they notice that very large purchases are made without the right permission.

Store owners are the main victim of this issue since they have to refund the purchase and pay a chargeback to the bank. Since then, they lose their products and extra fee at the same time.

#2 Friendly Fraud

Another name of friendly fraud is chargeback fraud allowing customers to contact the credit card issuer to get back the money they’ve paid on a product or service.

They can use many reasons to persuade the bank to return the transaction. They will claim the order is invalid, or argue that the item was never delivered to them. Some people also say that they already send back the product to the store.

All these actions aim to take a product for free. Take WordPress plugins as an example. Since these are one-off products, customers can buy the plugin licence and have it installed on their site.

Then they make a dispute by stating that they don’t find this plugin suitable with their site. The plugin providers have to give the money back while they aren’t sure if these users copy the plugin’s code and keep using them without paying anything.

#3 Account Takeover/ Phishing Fraud

As the name indicates, account takeover fraud happens when a suspicious user gains access to another user’s account on an e-commerce store. They achieve that by brute force attacking passwords, buying data on dark web, or stealing credential information.

After successfully logging the targeted user account, they can take bad actions there. Commonly, fraudsters firstly change the password and other details like shipping address so the right account owner won’t be able to access it again. Then, they will order products on these online stores and even withdraw funds.

This affects both merchants and shoppers. Your customers lose money and trust in your store since they think that their data is not kept safely there. They will look for another shopping place, properly your competitors for stronger security measures.

#4 Refund Fraud

When a fraudster purchases a product on an e-commerce website with a stolen credit card and later asks for a reimbursement, it’s called refund fraud. They often reason that the payment is made by accident and they need their money back.

Unlike friendly fraudsters, these people request the bank to pay back their money via a different method or another bank account since that (stolen) credit card is closed. As a result, the thief will get the refund from the merchant, not the original card owner.

It’s difficult for business owners since they can’t refuse the refund request but at the same time they may throw their money at fraudsters.

#5 Interception Fraud

Interception fraud is when the bad actor uses a stolen credit card and makes purchases as normal. They will then contact the customer service of that online store to change the shipping address so the items will be delivered to their locations. They can explain that they already changed the living place or they want the product to be sent to the company instead of their house.

In some cases, the fraudster lives near the victim and waits until the shipper transports the package, then intercept, sign, and take it for themselves.

#6 Triangulation Fraud

Considered as the most complicated method of e-commerce fraud, triangulation fraud requires the fraudster, shopper, and online shop to join the activity.

Firstly, the fraudster will create a fake e-commerce store selling high-quality and branded goods at a much lower price. These stores can be set up on big platforms like Amazon, Shopify, or their own site. This will attract a lot of customers who are looking for bargains of high-demand products.

Once these customers buy products at the fake store, the fraudster takes their credential credit card information and orders exactly those items from another real store, and delivers them to these customers. The buyers won’t realize that they’ve shopped in a suspicious store.

After finishing this process, fraudsters will use their customers’ credit number to make purchases at other stores. Plus, it’s difficult for card owners to discover this so the fraudsters can continue their actions for a long time.

#7 eGift Card Fraud

Another type of eCommerce fraud comes to eGift which allows fraudsters to steal customer’s credit card information and buy eGift cards. Then they resell this digital card to others and take the money from there.

When the real credit card owner discovers this and requests a dispute from the credit card company, the merchant who sells the eGift card will become the main victim of this problem.

On top of that, it’s hard to find out who purchased the eGift card since fraudsters don’t need to provide their address when making the order.

How to Identify Ecommerce Fraud Online

There is more than one way for merchants to spot e-commerce fraud. You can notify them via their suspicious actions such as making extremely large orders, setting multiple shipping addresses, or making many transactions in a short time.

#1 Larger-than-Average Orders

You always want to encourage customers to pay as much money on your store as possible. Sometimes, this would be a sign of illegal orders. Similar to consumers who make lower-than-average orders, they can be the victim of the card test fraud or account takeover fraud issue.

Those who make a larger quantity of the same product than normal should be placed on special notice as well.

#2 Suspicious Shipping Process

When it comes to shipping, the fraudster will never keep the addresses of the credit card owners. Instead, they will change to their own or another unidentified location. Fast shipping requests should be taken into account in this case too.

Additionally, buyers make various orders at the same time in your store but each of them will be sent to a different address. Normal customers will rarely do that unless they have bad intention in harming your store and stealing your products

#3 Unusual Location

When you find out a buyer from the UK is shopping with the IP address from China or US, it’s proper that his/her credit card has been stolen and used for bad purposes.

If a person from a single IP address uses multiple cards to shop online, you can consider it suspicious. We understand that a consumer can have more than one card, but using several of them to place orders at the same time gives us a question about its trustworthiness.

#4 Continuous Declined Transaction

You should see it uncommon when a shopper tries to place many orders but doesn’t proceed with them. They don’t provide the correct card number, expiry date, and card security code.

6 Methods Prevent Fraud on Your Ecommerce Store

Ecommerce fraud is dangerous, undoubtedly. Besides detecting these fraudsters, you need to take proactive actions to detect and prevent your businesses from the increased risk of e-commerce fraud.

#1 Do a Vulnerability Test

To apply this method, you need to partner with reliable software to help you scan your store, make a site security audit, and check the system for vulnerability. You should take this action in a frequent time such as one time every 2 weeks or monthly.

Make sure that:

  • The shopping card software and plugins are all updated and create no holes for hackers to attack. Inactive and useless plugins should be removed from the site.
  • You backup your online shop before making any changes in the system.
  • The store meets the Payment Card Industry Data Security Standard.
  • You set strong passwords for all accounts, from the admin, hosting dashboard to CMS and FTP access.

#2 Follow The PCI Compliance Standards

PCI standards, standing for Payment Card Industry, include 6 main objectives and many key and base requirements and test procedures to ensure the security of credit card transactions.

Most payment processors comply with PCI standards. However, you need to research carefully before partnering with a third-party payment processor.

#3 Setup Two-Factor Authentication for Users

Forcing strong passwords on your store is not enough. You need to set up 2FA for better security.

Customers sometimes find it annoying to identify their account multiple times, but it’s the best way to secure their data and money.

You can add additional authentication methods to buyer accounts such as email or phone identification.

#4 Ask for Card Verification Value (CVV) Numbers

CVV numbers refer to the 3-digit security code on the back of credit and debit cards including VISA, MasterCard, and Discover. For American Express credit and debit cards, it’s the 4-digit security code.

It’s necessary to require customers to provide the CVV every time they checkout using their credit or debit cards. This makes sure they’re having their own credit cards by themselves when shopping.

#5 Invest In AVS

Address Verification Service aka AVS is the billing address that the cardholder provides on the file with the issuing bank. When the buyer purchases on an e-commerce store, the merchant will request the payment processor to check if these 2 addresses match each other.

As a result, the AVS code will accept, decline, or give a red flag on transactions that it finds suspicious. This helps reduce fraud significantly.

#6 Set Limit on Each Purchase

We mentioned above that many fraudsters may place a lot of big orders at a time trying to take as much money away from your pocket as possible.

To prevent this, you should limit the number of products for each purchase, the period of time between them, and the total amount of money spent as well. This way makes it difficult for bad actors to leave fraud payments on your site.

Don’t Let E-commerce Fraud Ruin Your Online Store

E-commerce has been a pressing challenge to all online businesses, no matter what sizes they are. Fraudsters try different methods to steal money from you and your customers, from applying card testing, buying e-gift cards to requesting refunds, and more.

You need to identify frauds before knowing how to prevent them. We’ve shown 4 ways to detect e-commerce fraud that you can use for your online shop.

There is not a 100%-secure solution to perfectly protect your ecommerce stores. We recommend using multiple methods at a time to bring your site security to the next level.

If you still have any questions about e-commerce fraud, simply leave us a line in the comment section below.