Skip to content
Go to GoCardless homepage
Pricing
LoginSign up

Types of Ecommerce Fraud and How to Prevent it

Last editedMay 20223 min read

Ecommerce sales have skyrocketed in recent years, with around1.92 billion people worldwide purchasing services or goods online in 2019. While shopping online can open up new doors for businesses, there are also plenty of challenges associated with increasing payment processing, such as losses due to fraud.

In this post we’ll take you through the most common types of ecommerce fraud with advice on how to prevent falling victim to it.

What is ecommerce fraud?

Ecommerce fraud, or purchase fraud, refers to the fraudulent purchasing of goods online using a stolen or copied credit card. In the case of friendly fraud, which we’ll discuss in more detail below, this involves requesting a chargeback on false grounds with the issuing bank after a purchase has been made, effectively putting a business out of pocket.

In the past, fraud was limited to using stolen credit cards, but now transactions can be fraudulently placed simply by having a copy of the card information. This is known as card-not-present (CNP) fraud, and is on the rise.

Types of ecommerce fraud

With a clearer idea of what ecommerce fraud entails, let’s look into the most popular forms of it.

Friendly fraud

Also known as chargeback fraud, friendly fraud occurs when a customer buys a product with their own credit card, but then requests a chargeback from their bank.

But what is a chargeback?

A chargeback involves an issuing bank returning a charge to the customer, then retrieving the funds from the merchant. The merchant then has to pay chargeback fines and processing fees on top of remunerating the charge for the goods purchased. It can therefore be very costly for sellers.

Sometimes, a customer will request a chargeback for legitimate reasons. These include:

  • An item never showing up after ordering

  • The ecommerce business seemingly disappearing

  • The item/s which arrived differed significantly to the description on the site

  • The customer believes the purchase was made by someone else using their card

However, often customers will cite one of the above reasons whilst knowing full well that they do not apply. They are simply defrauding the merchant in order to get their money back and keep the item they purchased.

Occasionally, a customer will not recognise a transaction no their credit card statement and so request a chargeback erroneously. In this case, they’re not intentionally trying to defraud anyone, it’s just a simply mistake. This is where the “friendly” in friendly fraud comes from.

Clean fraud

Clean fraud refers to old fashioned credit card theft. However, in ecommerce, it its strictly card-not-resent (CNP) fraud. This may involve any of the following:

  • Copying card information

Making a copy of somebody’s credit card number, CCV (credit code verification) and expiry date is enough to be able to carry out transactions online. Fraudsters sometimes do this by attaching a skimming device to cash machines in order to make a copy of individuals’ cards while they’re withdrawing cash. It can also be done simply taking a photo at an opportune moment.

  • Interception fraud

With interception fraud, fraudsters need information such as billing and shipping address in additional to stolen credit card information. Their victim is therefore usually somebody they know. Once the order has been placed, the fraudster will either try to change the shipping address by contacting the delivery service, or they will intercept the package as it arrives. Again, if it’s someone they know, they can often just take the parcel from the victim’s doorstep.

  • Refund fraud

With refund fraud, a fraudster will use a stolen credit card/credit card information to make a purchase online and then seek out a refund on a different card, i.e. their own. It’s therefore a means of effectively taking funds from the stolen credit card. They’ll try to achieve this refund by claiming the card they used to pay with has expired or been lost or stolen and they therefore need to receive the refund on a different card.

How to prevent ecommerce fraud?

While there is no way to ensure zero fraud in ecommerce, there are certain steps you can take to improve your ecommerce fraud protection. These are outlined below:

  • Implement SSL protocol - This allows you to encrypt information, such as credit card information, as well as any other personal data shared by customers at checkout.

  • Be PCI compliant - PCI compliance is a list of regulations set up by major card schemes, such as Visa and Mastercard. It requires businesses meet 12 separate data security requirements in order to take credit card payments online.

  • Implement 3D Secure authentication - This adds an additional verification step at payment whereby cardholders are redirected to a different page to verify their identity.

  • Use AVS - Address Verification Service (AVS) certifies that the billing address of the purchase and the billing address linked to the credit card match up.

  • Install ecommerce fraud protection software - Software like ClearSale, Signifyd and SEON all provide solutions which help you detect fraudulent activity on your e-storefront.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.

Over 70,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Sign upLearn More