E-Commerce fraud and how to protect your business

E-Commerce fraud and how to protect your business


As a new business starts to see their e-commerce channel grow, so too does the issue of increased order fraud. First, it’s a few hundred dollars across one or two orders, then it becomes a weekly occurrence. Before you know it, it’s costing thousands of dollars and taking efforts away from expanding the business.

So what are the most common types of e-commerce fraud and how can you protect your business against them?

Card not present fraud

Card not present fraud happens when a fraudulent transaction occurs and the buyer is not able to present, and the merchant is not able to accept the credit card in person. It is most common online, however, businesses often encounter this over the phone or email. In most cases, the card information has been maliciously obtained by theft or hacking.

If the merchant is not able to provide all of the required evidence to their bank to prove that it was the actual customer who placed the order, the liability falls on the merchant, who is then required to refund the customer. This leaves them having sent the goods and out of pocket.

Card-not-present fraud is 80 percent more likely to occur than card-present fraud. This is in part due to the amount of credit card data available on the dark web, which increased by over 150% in 2019.

While card-present fraud is on the decline, the amount of CNP fraud is rising each year. reports that retailers are estimated to lose around $130 billion due to digital CNP fraud between 2018 and 2023.

Chargeback fraud

Chargeback fraud occurs when a consumer makes an online shopping purchase with their own credit card, and then fraudulently uses the chargeback process upon receiving the purchased goods or services. They will dispute the charge directly with the bank rather than with the merchant.

When the bank contacts the merchant, most merchants simply accept the banks reason for the chargeback as truthful. Unless merchants are able to detect the actual cause of the chargeback, a significant amount of their money is unnecessarily lost in illegitimate bank chargebacks and payment reversals.

Some classic examples of Chargeback fraud include:

  • A consumer previously authorizes their child to make a purchase using their payment card. When the charge appears on her bank statement, they immediately files a chargeback stating that they do not recognize the charges as her own.
  • A charge appears on a cardholder’s bank account one month after the initial purchase because the account was not charged until the product was shipped. Because the cardholder did not make the purchase on the posting date, they do not recognize the charge and disputes the transaction with her issuing bank.

False Declines

False Declines are legitimate credit card transactions that are incorrectly rejected at the point of checkout. False declines can be caused by identity-related or technical reasons.

A key reason that false declines are on the rise is that e-commerce platforms, merchants and card issuers have all become so fearful of fraud that their platforms, as a result of implementing rudimentary fraud detection techniques, are falsely blocking real customers attempting to make real purchases.

Recent studies found that upwards of 50% of orders that merchants thought fraudulent turned out to be good orders that could have been fulfilled.

And you don’t just lose the revenue of this one falsely blocked purchase, you will likely lose that customer forever, causing them to take their money and their brand loyalty elsewhere.  

In the retail edition of its 2018 True Cost of Fraud Survey, LexisNexis found false decline rates ranging from 18 to 28%, depending on the size of the merchant and the type of goods they sell. Aite Group estimated that $331 billion in CNP orders were falsely declined in 2018 (in the U.S. alone).

This all sounds scary, so what should you do about it?

Fraud management platforms like Spotrisk allow you to concentrate on the reasons that you got into the business and not lose precious online revenue. Eliminating bad actors and enabling more legitimate shoppers as easy as integrating your e-commerce store.

Ensure your checkout process and payment provider is up to date with the most modern Payment Card Industry Data Security Standards (PCI DSS) The PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. The standard was created to increase controls around cardholder data to reduce credit card fraud.

Validation of compliance is performed either by an external Qualified Security Assessor (QSA) or by a firm-specific Internal Security Assessor (ISA) that creates a Report on Compliance for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

For more information on how to reduce fraud for your business, book a free consultation with a Spotrisk expert.

Ready to protect your business?

Connect your ecommerce store free, in just a few clicks.
© Copyright Spotrisk 2023