Skip to content
Open site navigation sidebar
Go to GoCardless homepage
Pricing
LoginSign up

How to prevent ecommerce fraud

GoCardless
Written by

Last editedOct 20223 min read

Fraud is one of the unfortunate things we must all deal with in an increasingly digital society. While digital transformation allows us easier access to our data, it unfortunately also makes it easier for criminals to access too.

This is why ecommerce fraud prevention has become such a hot topic in recent years, particularly with the significant migration to online retail following the pandemic. In a world where online retailers deal with hundreds of thousands of attacks every year, how are you meant to protect yourself against these fraudsters? Let’s begin with the basics.

What is ecommerce fraud?

An ecommerce transaction refers to any commercial transaction conducted online. Ecommerce fraud, then, is the term used to describe any criminal deception targeting an online merchant. This is something that would have been impossible before the widespread adoption of the internet but now, many tech-savvy criminals prefer to do their dastardly deeds online as it’s easier, more anonymous and generally a lower priority for authorities than a physical robbery.

Types of ecommerce fraud

There are five types of ecommerce fraud to be aware of if you want to stand any chance of protecting against them.

Credit card fraud

Credit card fraud works by criminals gaining unauthorised access to customer credit card information and using it to buy a product or service. This information is often downloaded from the dark web, where hackers steal and sell customer credit card data.

Account takeover fraud

This occurs when criminals gain access to a customer’s login details through a phishing scam and use this information to make illicit purchases or sell it on the dark web. A similar method is referred to as interception fraud, where criminals use the information to redirect goods meant for a customer to themselves instead.

Friendly fraud

Also known as chargeback fraud, this involves a customer requesting a chargeback from the credit card company. The issuer then returns the money to the cardholder and demands the refunded amount from the retailer. This can be a major hassle as it is not always fraud, but if a chargeback has been filed for no verifiable reason or the chargeback has been made by anyone other than the cardholder, it needs to be dealt with.

Triangulation fraud

This is a more ambitious and potentially devastating fraud that involves criminals creating fake online storefronts, stealing customer information and then using that information to purchase the item for themselves. They then continue to use that card until the customer catches them out, which can go on for months as the best frauds can appear completely legitimate.

Affiliate fraud

Affiliate fraud means cheating the affiliate marketing system, which is when a business pays a third-party commission for sales. Generally, criminals increase the amount they’re receiving from each sale or referral, by generating fake activity to carry out more ‘fake’ affiliated actions than are actually being made.

Ecommerce fraud protection and prevention techniques

·       Conduct regular security audits on your website, ensuring all SSL certificates are working, the site is backed up, all communications are encrypted and that all passwords used for admin accounts are strong enough.

·       Ensure that your store is fully PCI DSS compliant. Do this as a minimum for your business.

·       Monitor your site for suspicious activity and don’t be afraid to act on it. Red flags to watch out for include inconsistent billing and shipping information, or a mis-match between the location and the customer’s IP address.

·       Require CVV numbers for all purchases. This adds an extra layer of protection and should be mandatory for all online merchants.

·       Use an address verified service (AVS) to check automatically that the billing address and the shipping address belong to the same person.

·       Use HTTPS to encrypt your site data as it’s significantly more secure than the outdated HTTP protocol.

·       Don’t collect too much sensitive information that could potentially be stolen during a data breach. The less information you need to authenticate a purchase, the better!

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. 

By using GoCardless as your online payment solution provider, you have access to our two key fraud prevention solutions –Verified Mandates and Instant Bank Pay. These solutions are designed to solve two real problems – verifying account ownership and making instant payments, both of which sit right inside our GoCardless Payments product.

Find out how GoCardless can help you with one-off or recurring payments.

Article Sources

If you references any external sites for statistics or other objective information, please list them below:

  1. https://gocardless.com/guides/posts/what-is-digital-transformation/

  2. https://gocardless.com/guides/posts/four-credit-card-fraud-detection-tips/

  3. https://gocardless.com/guides/posts/what-is-a-chargeback/

  4. https://gocardless.com/guides/posts/pci-dss-compliance-requirements/

  5. https://gocardless.com/g/verified-mandates/

  6. https://gocardless.com/features/invoicing/

  7. https://gocardless.com/features/recurring-payments/

Over 70,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Get StartedLearn More
Interested in automating the way you get paid? GoCardless can help
Interested in automating the way you get paid? GoCardless can help

Interested in automating the way you get paid? GoCardless can help

Contact sales