Skip to content

How to Avoid Ecommerce Credit Card Fraud

Written by

Last editedDec 20223 min read

Ecommerce is on the rise, with more shoppers than ever choosing to make purchases online. While this is great news for ecommerce businesses, it also offers more opportunities for fraudsters. This has led to a recent rise in credit card fraud in ecommerce.

In this guide, we’ll explain what credit card fraud looks like and take you through some tips for ecommerce credit card fraud prevention.

What is ecommerce credit card fraud?

Credit card fraud in ecommerce is the act of fraudsters and criminals using stolen or copied credit cards to make transactions on an online store. They do this without permission from the account holder. Usually, the cardholder will not find out his or her card has been used to make illegitimate purchases until they check their credit card statement.

Types of ecommerce credit card fraud

There are several types of credit card fraud used by criminals in ecommerce. The main types are outlined below:

Identity theft

Identity theft, or identity fraud, refers to when fraudsters acquire a cardholder’s details in order to carry out fraudulent purchases. They can do this by hacking into devices or programs that have the card information stored, by stealing the credit card or copying the credit card information.

The stolen information and data need to carry out credit card fraud include:

  • Billing address

  • Credit card number, CVV code and expiry date

  • Passwords and security codes

Identity theft doesn’t just affect the cardholder, but also merchants. This is because the funds are often recovered from the business, meaning they lose revenue as well as the illegitimately purchased goods and services. In addition, it can negatively impact the reputation a seller has, as customers associate the theft with the business.


Phishing refers to the fraudulent practice of collecting personal information of real customers, including:

  • Credit card number, CVV code and expiry date

  • User ID and password

Criminals use this information to make online purchases without the owner knowing.

To acquire the personal information required, fraudsters often send links with malware in emails, messages and posts. Sometimes they install devices at ATMs which can photograph card information and PIN entry.

Chargeback fraud

Chargebacks occur when customers dispute charges with their bank and are reimbursed the funds of their disputed transaction. The bank will usually take the customer’s side, give the customer their money back and then recoup the funds from the business that took the customer’s payment. This results in a loss of revenue for merchants.

Sometimes this occurs due to so-called friendly fraud, where customers don’t recognise the charges on their account, even though they were legitimate purchases. They therefore assume it was somebody using their details, and contest the charge. 

Credit card fraud preventions

As an ecommerce business, it’s impossible to completely eradicate fraud. However, you can reduce it. Below are some tips for avoiding credit card fraud:

1. Use credit card fraud prevention solutions.

Card networks offer a number of solutions for preventing fraud. These include:

Address Verification Service (AVS), which confirms the cardholder’s identity by verifying that their registered address is the same one held by their bank.

3-D Secure (3DS), which is an additional security layer that requires customers to enter a code to complete their purchase.

2. Use a highly secure and trustworthy third-party payment processor

Check that your third-party payment processor has built in security and fraud protection measures.

3. Use HTTPS (Hypertext Transfer Protocol Secure)

HTTPS encrypt data so as to protect customer information. This prevents cyber attackers and fraudsters from being able to view sensitive customer data. You can utilise HTTPS by purchasing an SSL certificate.

4. Check your SSL certificate is up to date and still working

An SSL certificate is a digital certificate that authenticates a site and provides an encrypted connection.

5. Check your commerce store is PCI-DSS (Payment Card Industry Data Security Standard) compliant

All ecommerce sites that accept credit card payments must be PCI compliant. This means that your site meets the standards outlined by the Payment Card Industry.

6. Take payments by direct debit or PayTo

Direct Debit is a 'pull' payment that allows businesses to collect payments directly from customer accounts. This eliminates the risk of fraud, as the business is in full control of the payment.

Direct Debit offers a lot of additional benefits to merchants, such as improving cash flow due to the reduction of failed payments, late payments and chargebacks.

GoCardless’ tool PayTo is an updated version of Direct Debit, allowing merchants to initiate real-time payments from customer bank accounts. It is set to transform the way we take payments and drastically reduce fraud. With instant customer verification, PayTo is the fastest and safest way to conduct account-to-account payments.

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.

Over 85,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Sign upLearn More

Try a better way to collect payments, with GoCardless. It's free to get started.

Try a better way to collect payments

Learn moreSign up