What are the statistics of credit card fraud?

Over 1.03 million people were impacted by identity theft in 2023, with potential losses exceeding $12.5 billion. Merchants are expected to lose over $362 billion globally to payments fraud within the next 5 years. In the United States alone, credit card fraud losses are projected to exceed $165.1 billion by 2034.

How often does credit card fraud get prosecuted?

In less than 1% of cases, according to most sources. Credit card fraudsters are the least likely to be caught. Due to chargeback protections, cardholders are responsible for little to none of the fraudulent transactions. The criminals, however, will likely never be caught.

Who eats the cost of credit card fraud?

In almost all cases, either the bank or the merchant involved will have to pay; which one depends on the specific circumstances. For card-present purchases, it is typically the bank who reimburses the customer and assumes the financial loss. Even so, the bank may still try to prove that the merchant was negligent (wasnât following proper security measures or verifying the identity of the cardholder, for example) and will attempt to recover the cost from the business.<br><br>In card-not-present situations, however, the reverse is true. Merchants have no chance to examine the physical credit card, check buyer identification, or rely on the built-in security of a chip-enabled card. The liability of accepting a fraudulent CNP transaction, therefore, is shifted to the merchant themselves. If a merchant accepts an order online that is later found to be fraudulent, the merchant must refund the customer.

How risky is credit card fraud?

Itâs highly unlikely that a fraudster will be caught, and even less likely they will be prosecuted. For criminals, credit card fraud carries a low risk. If a cardholder knowingly disputes valid transactions, there is a greater risk of the perpetrator being caught.

Who bears the risk of credit card fraud?

Generally speaking, it is the bank that takes on the risk when they issue a credit card to a cardholder. However, both merchants and consumers are expected to maintain reasonable standards to protect purchases. If the bank can prove negligence, they may be able to shift part or all of the liability. Again, accepting eCommerce payments is riskier, so merchants who offer online shopping assume the lionâs share of the risk.

eCommerce Fraud: The Ultimate Merchant’s Guide for 2024

eCommerce Faud: The Ultimate Merchant's Guide

eCommerce fraud is an equal opportunity headache.

It affects everyone involved in the payment industry, from banks and financial institutions to merchants and consumers. But, while everyone is aware of eCommerce fraud and some of its repercussions, you may not realize just how insidious eCommerce fraud can be. You might also be surprised at how sophisticated and complex attacks can be, and how it may impact every aspect of your business.

On that note, let’s take a look at eCommerce fraud from multiple angles to see if you could be doing more to stop attacks in their tracks.

What Is eCommerce Fraud?

eCommerce Fraud: eCommerce fraud refers to any type of false, illegal, or illegitimate commercial transaction conducted through the internet. The fraudster typically impersonates a legitimate user, making purchases without valid authorization to do so.

There are a variety of methods that criminals can employ in an eCommerce fraud scam. Most involve purchases made using stolen customer data. For example, a criminal might buy goods with a stolen credit card, or make a purchase by accessing a customer’s account and using stored payment information without permission.

In the past ten years, most fraudsters have moved to the internet because it's easier to hide their identity and cover their tracks, making it harder to catch them. This is also known as card-not-present fraud

Learn more about card-not-present fraud

It’s the path of least resistance; unlike in-person transactions, online fraud doesn't require forging signatures or faking physical cards. Plus, it's tougher for merchants to verify the true identity of buyers in an online setting.

When people reference eCommerce fraud, they’re typically referring to third-party fraud attacks. Second-party and first-party scams are problems, too, but we’re going to focus on those third-party attacks for our purposes here.

Learn more about third-party fraud

How Big of a Problem is eCommerce Fraud?

In short: it’s big.

According to Mastercard, eCommerce losses to payment fraud hit $48 billion globally in 2023. This statistic cited North America as being the point of origin for 42% fraudulent activity, followed by Europe at 26%.

Fraud losses are not limited only to the cost of the original transaction. Merchants also need to account for lost merchandise, wholesale costs, shipping and fulfillment costs, and chargeback and processing fees. All totaled, the average merchant will ultimately lose $3.75 for every dollar lost to fraud.

A Real-World Look at Chargeback Management

The 2023 Chargeback Field Report, brought to you by Chargebacks911, is a comprehensive and independent report offering a cross view of the state of chargebacks and dispute management in card-not-present payments.

Access the FREE Report

Over the next ten years, the industry is projected to lose $397 billion worldwide due to eCommerce fraud. 41% of that total is expected to come from the US alone. Remember, though — these are just direct losses. That figure does not account for the fraud multiplier mentioned above. When we add that into the mix, the total financial impact comes to $1.49 trillion.

Learn more about eCommerce fraud statistics

Types of eCommerce Fraud: Strategies & Tactics Used by Scammers

With most eCommerce fraud tactics, the cardholder is the fraudster’s point of attack. A criminal steals personal data, such as a social security number or bank account information, and then uses the data to either make purchases or attempt to access other accounts by impersonating the cardholder.

But, although the consumer may be the primary target of a payment fraud scheme, these eCommerce fraud attacks will still impact your business in a big way. With that in mind, let’s look at some of the most common eCommerce fraud tactics, strategies, and threat sources:

Account Takeover Fraud

Instead of trying to hijack an entire identity, ATO is mostly about getting access to existing accounts. Once they access an account, fraudsters can change details, make purchases, withdraw funds, and even leverage the stolen information to invade other accounts.

Learn more about account takeover fraud

Synthetic Fraud

Synthetic fraud also involves stealing personal information. Rather than impersonate a single person, however, the fraudster combines pieces of data from multiple consumers to create a fake (synthetic) persona. This fake user identity is then used to open accounts or go on a shopping spree.

Learn more about synthetic fraud

Clean Fraud

Clean fraud is less a distinct form of eCommerce fraud and more of a tactic to cover it up. Here, transaction information is manipulated to bypass fraud detection devices. The name refers to the fact that the transaction appears “clean” and will not be picked up by fraud filters, blacklists, or other online fraud detection tools.

Learn more about clean fraud

Overpayment Fraud

The thief makes a purchase, then asks the merchant to accept additional funds. The extra money is allegedly to pay for shipping or some other believable expense. The fraudster then instructs you to forward the funds to a third party. When the true cardholder discovers the fraud, they will file a chargeback to recoup their funds.

Learn more about overpayment fraud

New Account Fraud

New account fraud occurs when a fraudster adopts a false identity to create a new payment card account. This often occurs at the banking level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards, which they can use to make purchases.

Learn more about new account fraud

Gift Card Fraud

Thieves may employ an automated algorithm to roll through a list of potential account numbers and request balances to try and find and steal active balances. Or, they may use gift cards as part of a broader triangulation scheme. These are just two of several tactics that involve gift cards as tools to commit fraud.

Learn More About Gift Card Fraud

Fraud as a Service (FaaS)

Fraud as a Service is a process by which an individual bad actor provides tools and services to others to facilitate their commission of fraudulent online activity. And, even if a merchant intercepts an individual fraud attack, the service provider is still out there, offering the same tools and services to other fraudsters.

Learn more about fraud as a service

Affiliate Fraud

Affiliate fraud occurs when malicious actors manipulate traffic to score unearned commissions. Tactics include generating fake leads, taking credit for sales from other affiliates, or even collecting commissions on purchases that the fraudster submitted themselves using stolen cards.

Learn more about affiliate fraud

Triangulation Fraud

Here, a cardholder makes a purchase from an online source. The second step involves the fraudster, who takes the cardholder’s payment and any personal data the customer supplied. Using a different, stolen card, the thief then buys the item from another site (at full price), has it shipped to the customer, and pockets the cardholder’s money.

Learn more about triangulation fraud

Fraud detection is one investment you can’t afford to skip.

Return Fraud

Product replacement fraud typically requires the help of an “inside man.” The customer orders an item, but the product is removed and replaced with a less valuable product. A variation of this is fake return fraud, where the criminal orders an expensive item and then requests a refund, but the item returned is something of lower value.

Learn more about return fraud

Push Payment Fraud

Push payment fraud is any incident that involves manipulating cardholder-initiated payments that allow buyers to make purchases without waiting for you to batch and submit transactions for settlement. Perpetrators can use social engineering, account takeover, phishing emails, and other tactics to accomplish their goal.

Learn more about push payment fraud

Buy Now, Pay Later Fraud

Fraudsters are adept at abusing the increasingly popular “buy now, pay later” (BNPL) model. They can employ other tactics on this list, like account takeover or synthetic fraud, to make purchases using a BNPL option at checkout. The fraudster then disappears without paying for the goods or pays using stolen cardholder information.

Learn more about BNPL fraud

Transaction Laundering

This involves fraudsters conducting their activity by impersonating merchants. It’s a process by which fraudsters disguise themselves as legitimate merchants and begin working with an acquirer to process payments. Unbeknownst to the acquirer, the fraudster is actually using their account to launder revenue from criminal activity.

Learn more about transaction laundering

Bust-Out Fraud

Bust-out fraud is a practice by which a fraudster acquires a credit card account using false information and then leverages that account to develop an extended line of credit. When the available credit is high enough, the fraudster maxes out the cards and walks away without paying, effectively “busting out” of the scam.

Learn more about bust-out fraud

Business Email Compromise (BEC)

Here, criminals gain unauthorized access to corporate email accounts. Once inside, they manipulate communications to deceive employees into making fraudulent transactions, redirecting funds, or revealing sensitive information. BEC attacks pose a serious threat to businesses' financial security and operational integrity.

Learn more about business email compromise

Biometric Spoofing

Biometric spoofing involves tricking biometric authentication systems, such as fingerprint or facial recognition. Fraudsters use various techniques to create fake biometric data, allowing them to access accounts or devices protected by biometrics. This form of fraud exploits the trust placed in biometric security measures.

Learn more about biometric spoofing

Phishing

Fraudsters impersonate legitimate entities, often via email, to trick individuals into revealing sensitive information like login credentials, credit card numbers, or personal data. Victims unknowingly provide this information, enabling fraudsters to commit various forms of identity theft and financial fraud.

Learn more about phishing

Card Testing

Criminals validate stolen credit card information by making small, inconspicuous purchases. Once they confirm the card details are valid, they may proceed to make larger unauthorized transactions. This tactic helps fraudsters avoid detection until they have successfully exploited the stolen card.

Learn more about card testing

Scammers manipulate individuals through psychological tactics to gain access to sensitive information, systems, or funds. Fraudsters may use social engineering to impersonate trusted entities, exploit emotions, or create urgency to trick victims into making poor decisions that benefit the attacker.

Learn more about social engineering

Become a Full-Fledged Chargeback Genius

The only resource you need to become an expert on chargebacks, customer disputes, and friendly fraud.

Download the Guide

Reshipping Scams

Reshippers recruit unsuspecting individuals to receive and reship packages on behalf of fraudsters. These individuals, known as “mules,” are often lured with promises of easy work or attractive compensation. In reality, they unknowingly become accomplices in the movement of fraudulently acquired goods.

Learn more about reshipping scams

Address Fraud

A criminal uses false or manipulated address information during online transactions to receive goods or services while avoiding detection. This tactic can make it challenging to track down fraudsters, as they operate under deceptive addresses.

Learn more about address fraud

BIN Attack

Short for “bank identification number attack,” this is a tactic by which criminals exploit weaknesses in payment processing systems to test a range of card numbers. The aim is to identify valid card details for future fraudulent transactions. This method helps fraudsters avoid suspicion while building a list of working and active cards.

Learn more about bin attacks

Promo abuse involves exploiting discounts, promotions, or coupon codes for personal gain or profit. Fraudsters use various specific tactics to circumvent the intended use of promotions, leading to financial losses for businesses and abuse of their marketing strategies.

Learn more about promo abuse

Package Redirection Scam

Criminals intercept and redirect shipments intended for legitimate customers to an alternate location under their control. This allows fraudsters to steal goods passively by simply rerouting the goods in transit without raising suspicion.

Learn more about redirection scams

“Man-in-the-Middle” Attacks

A Man-in-the-Middle (MitM) attack is a type of cyberattack by which a hacker or scammer secretly intercepts and possibly changes the messages being sent between two parties without either party knowing.

Learn more about Man-in-the-Middle attacks

That’s a rundown of some of the most common eCommerce fraud tactics. However, scammers devise new methods of attacking merchants, banks, and cardholders every day. The eCommerce fraud landscape changes rapidly.

Is Friendly Fraud a Form of eCommerce Fraud?

Friendly fraud, also known as chargeback fraud, occurs when a cardholder uses a credit card to make a legitimate purchase and then files a chargeback with their issuing bank. This can happen unintentionally but can also result from consumers abusing the chargeback system to gain unwarranted “refunds.”

Friendly fraud is a form of eCommerce fraud. It’s distinct from the tactics outlined above, though, as it doesn’t come from crooks using stolen card data. It originates with the actual cardholder. Another important difference is that friendly fraud happens post-transaction. It’s almost impossible to prevent because you won’t know it’s fraud until after the fact.

While friendly fraud doesn’t work like typical eCommerce fraud, it’s still worth mentioning. In reality, as many as 60% of all chargebacks may be cases of friendly fraud. If your chargebacks are coming from friendly fraud, a management strategy focused on stopping eCommerce fraud will be inefficient, at best.

Learn more about friendly fraud

Save time. Recover revenue. Prevent more chargebacks.

How to Detect & Prevent eCommerce Fraud

You don’t need a fortune teller to see the future when it comes to eCommerce fraud. Careful examination of current fraud and chargeback data, coupled with careful research on new and developing fraud trends, puts the power of eCommerce fraud prevention in your hands. You must have the right practices in place, though.

There’s no single tool that will accomplish this job on its own. eCommerce fraud detection is a complex matter demanding a variety of indicators to identify abuse without generating runaway false positives. This can be an expensive prospect; the average eCommerce merchant decicates 11% of their annual revenue every year to fraud detection and prevention.

Think about eCommerce fraud detection like a net. The finer the mesh, the more you’ll catch.

A good strategy to detect fraud without breaking the bank is to deploy tools like address verification, CVV validation, 3-D Secure, and velocity limits in a coordinated manner. These tools should be backed by fraud scoring, which will let you assess fraud indicators using machine learning. Fraud scoring then provides simple up-or-down decisioning as to whether you should accept or reject the purchase, or subject that transaction to manual review.

Many service providers offer their technology as all-inclusive risk management platform to let you offload this process entirely, saving time and money in the process.

Learn more about fraud detection

eCommerce Fraud: The Bottom Line

Online fraud is a moving target. The more we shop, connect, and transact online, the more the danger grows. Meanwhile, criminals get more sophisticated all the time.

Implementing the above steps will help stop eCommerce fraud. That said, it won’t be enough to combat all online fraud, especially in the long term. There are simply too many different tactics that criminals can use, with new threats appearing daily. Staying up-to-date on the latest threats can be a full-time job on its own.

Chargebacks911® offers the most comprehensive chargeback management services and products available on the market today. Our experts are constantly uncovering new fraud threats and developing innovative strategies and technologies to fight back. This applies not only to eCommerce fraud prevention but even to hard-to-fight challenges like friendly fraud.

Whatever you need to prevent chargebacks, we can help. Contact us today for a free demo.

FAQs

What is the most common type of eCommerce fraud?

The most common type of eCommerce fraud is identity fraud, where criminals use stolen credit card information to make unauthorized online purchases. Informal polling suggests that identity theft may account for 71% of all third-party fraud attacks.

What are the indicators of eCommerce fraud?

Common indicators of eCommerce fraud include mismatched billing and shipping addresses, multiple failed payment attempts, unusually large or rush orders, and frequent transactions from the same device or IP address. Suspicious behavior during the checkout process, such as multiple payment method attempts or an unusual number of declined cards, can also be red flags.

Additionally, unexpected changes in a customer's purchasing behavior, like high-value purchases from a previously inactive account, may signal potential fraud.

How big is eCommerce fraud?

In a word, huge. According to Mastercard and Juniper Research, eCommerce losses to payment fraud hit $48 billion globally in 2023.

What is eCommerce fraud also known as?

eCommerce fraud is also known as “online payment fraud” or simply “online fraud.” It encompasses fraudulent activities related to online purchases and payments made through eCommerce platforms or websites.

How can you protect yourself from eCommerce fraud?

You can implement several strategies to stop fraud. First, use robust fraud detection tools and practices, such as Address Verification Service (AVS), Card Security Codes, and 3-D Secure, to verify transactions. Secondly, closely monitor transaction data and customer behavior for any unusual patterns or red flags. Finally, educate yourself and your team about the latest eCommerce fraud trends and prevention techniques to stay ahead of evolving threats.

What are red flags or indicators of fraud?

Common red flags for eCommerce fraud include mismatched billing and shipping addresses, unusually large orders, multiple failed payment attempts, and frequent transactions from the same device or IP address. Additionally, suspicious behavior during the checkout process, such as rapid purchases or inconsistent customer information, can also raise concerns.

eCommerce Fraud Resources Hub