Anti-fraud
Jul 11, 2024
4 min read

E-commerce Fraud Prevention Guide 2024

Learn about fraud in e-commerce, including the most popular scheme and how to prevent them.

Oraz Kereibayev

Oraz Kereibayev

Content manager

According to an International Trade Administration report, the global B2B e-commerce market is valued at $28 billion, and it’s expected to grow as high as $36 billion by 2026. With rapid growth comes a greater risk of fraudsters seeking to steal from both customers and merchants.

Statista suggests that fraudulent transactions conducted through payment cards alone will reach $38.5 billion by 2027—with the e-commerce market being a prime target. 

Therefore, the e-commerce sector needs to take action to minimize both financial and reputational risks. To assist with this, we at Sumsub have prepared this guide breaking down e-commerce fraud and how to confront it. 

What is e-commerce fraud?

E-commerce fraud can occur in multiple ways. Typically, it’s a result of fraudsters gaining access to someone’s credentials or abusing loopholes in a company’s security system—with the end goal of stealing from either the customer or the merchant. If unchecked, e-commerce fraud can wreak havoc on a platform’s reputation. 

Suggested read: Fraud in E-Commerce: “What The Fraud?” Podcast

6 types of e-commerce fraud

The six most common attacks faced by e-commerce platforms include:

  • Chargeback fraud
  • Credit card fraud
  • Refund fraud
  • Account takeover fraud
  • Promo abuse 
  • Triangulation fraud

Below we explain how each typeworks in further detail. 

What is chargeback in e-commerce?

What is it?

Chargeback fraud, also known as friendly fraud, refers to credit card charges that customers request to be refunded over alleged ‘false’ purchases. While sometimes these requests are genuine, in fraudulent cases they’re done with the sole intention of obtaining a refund and keeping the item.

You can learn more about the types of chargeback frauds and ways to confront them by following the link here.

Credit card fraud

What is it?

Credit card fraud is when a fraudster obtains credit card information to purchase items from an e-commerce store. This is typically done with the aim of reselling products afterwards. 

Card information can be leaked online through hacking, phishing, or other techniques, which then makes it easy for criminals to obtain it. 

In cases when full payment details aren’t available to fraudsters, they can use credit testing, which includes testing stolen credit card numbers to see which can be used to make unauthorized purchases. This can either be done manually, where the fraudster checks card validity by making small purchases—or by using special special bots to test large numbers of cards within a short time span, which is known as carding.

Refund fraud

What is it?

Refund fraud is when a criminal claims a refund by pretending to be an actual client of a business. The difference between refund fraud and friendly fraud is that the former is conducted by criminals pretending to be customers, while the latter is initiated by dishonest clients. 

For instance, a fraudster can claim a refund for a product that was never purchased by using a forged receipt. 

Account takeover fraud

What is it?

Account takeover, also known as ATO, is when fraudsters gain unauthorized access to someone’s online account. This involves fraudsters stealing someone’s personal information (e.g., email, password, etc.). Once this information is obtained, a fraudster can access a platform and withdraw/transfer funds—or make fraudulent purchases on e-commerce sites.

Here are the methods fraudsters use to take over someone else’s account include:

  • Social engineering
  • Malware
  • Phishing
  • Sophisticated techniques (e.g., using AI and machine learning tools)
  • Targeting vulnerabilities on e-commerce platforms

In 2023 account takeover was among the five most popular types of identity fraud. We expect that the prevalence of account takeovers will continue to increase, which means that companies need to implement more robust countermeasures.

To learn more about account takeover and ways to prevent it, check out our complete guide here

Promo bonus abuse

What is it?

Promo bonus abuse takes place when a user or a fraudster misuses promotional materials (e.g., vouchers, referral links, sign-up bonuses, coupons, etc.) There are many ways that fraudsters can do this, depending on the type of bonuses your company provides. For example, a customer can create several accounts to get repeat free trials, never paying for the subscription. People can also abuse loyalty rewards by taking over accounts and transferring the bonuses to themselves or changing billing addresses. 

You can learn more about each scheme by reading our in-depth article here

Triangulation fraud

What is it?

This scheme can work as follows: a fraudster creates a fake e-commerce website to lure in unsuspecting buyers. After the buyer makes a purchase, their credit card information gets to the criminal. The fraudster then makes the same purchase from an existing e-commerce platform to make the transaction seem legit. In reality, the fraudster has obtained the victims credit card information. 

How to detect e-commerce fraud

Companies need to take proactive actions to detect fraudsters in a timely manner and prevent future breaches. To do so, to know the red flags that signal e-commerce fraud. They include, but are not limited to:

  • Abnormally large transactions
  • Atypical transactions to/from another country
  • Unusual transaction patterns
  • Change of personal information (e.g., shipping address)
  • Mismatch of username and payment method
  • Recurring refunds
  • Repeated declined transactions
  • Errors in provided documents
  • Transactions that exceed the credit limits or the card funds

10 ways to prevent e-commerce fraud

While there’s no end-all solution,, companies can take concrete steps to minimize risks:

  • Taking a risk-based approach towards customers, partners, and vendors
  • Cyber-security measures and policies, like secure VPNs, etc.
  • Using AI-based behavioral fraud detection
  • Conducting regular employee training
  • Using a reliable KYC solution to onboard only trustworthy users
  • Requesting face authentication in case of unusual activity
  • Using a reliable business verification solution to know and trust the partners and corporate customers you work with
  • Using a transaction monitoring tool to quickly detect unusual transactions
  • Encrypting transactions
  • Using up-to-date software

What fraud prevention tools are there for e-commerce?

E-commerce businesses should take a holistic approach to detect suspicious activity at every stage. Therefore, it’s not enough to simply verify users at the onboarding stage, as over 70% of fraud takes place after the initial verification. So, while Know Your Customer (KYC) is an essential component of any security system, it’s far from enough.

Companies should choose a verification provider that can cover a full range of security checks, including behavioral and transaction monitoring, device fingerprinting, risk scoring, and much more. 

Sumsub can help the e-commerce sector minimize the chances of fraud through account takeover and multi-accounting prevention, payment protection, and more, while also achieving high conversion rates.

FAQ

  • What fraud schemes target e-commerce?

    The most common types of fraud that businesses face include:

    • Chargeback fraud

    • Credit card fraud

    • Refund fraud

    • Promo abuse

    • Triangulation fraud

    • Account takeover fraud

  • How does e-commerce fraud work?

    There are many different kinds of e-commerce fraud. Let’s look at how friendly fraud works as an example. This occurs when a cardholder requests chargebacks for purchases they intended to make, falsely claiming that they didn’t intend to make the purchase. This allows them to acquire the item they intended to buy while getting refunded for it.

  • How do you detect fraud in online transactions?

    Companies need to look after certain red flags. They include, but are not limited to:

    • Abnormally large transactions

    • Atypical transactions to/from another country

    • Unusual transaction patterns

    • Change of personal information (e.g., shipping address)

    • Mismatch of username and payment method

    • Recurring refunds

    • Repeated declined transactions

    • Errors in provided documents

    • Transactions that exceed the credit limits or the card funds

  • How can e-commerce fraud be prevented?

    Companies need to take a holistic approach that includes the following steps:

    • Taking a risk-based approach towards customers, partners, and vendors

    • Cyber-security measures and policies, like secure VPNs, etc.

    • Using AI-based behavioral fraud detection

    • Conducting regular employee training

    • Using a reliable KYC solution to onboard only trustworthy users

    • Requesting face authentication in case of unusual activity

    • Using a reliable business verification solution to know and trust the partners and corporate customers you work with

    • Using a transaction monitoring tool to quickly detect unusual transactions

    • Encrypting transactions

Chargeback FraudE-commerceFraud Prevention

Explore more

4 Signs of Transaction Fraud to Watch Out For in 2024
4 Signs of Transaction Fraud to Watch Out For in 2024
Oraz Kereibayev

Oraz Kereibayev

Content manager

Payment Screening: Complete Guide for 2024
Payment Screening: Complete Guide for 2024
Alyssa Abrams

Alyssa Abrams

Senior Content Manager

Ask Sumsubers: What are the most dangerous types of fraud in terms of regulatory penalties and monetary losses?
Ask Sumsubers: What are the most dangerous types of fraud in terms of regulatory penalties and monetary losses?
Andrew Novoselsky

Andrew Novoselsky

Chief Product Officer