Understanding Online Fraud: A Comprehensive Guide for Merchants
eCommerce fraud is projected to cost $48 billion annually by the end of 2025.
In the US alone, nearly $20 billion in chargebacks are expected to be processed annually by 2025. And in 2022, over 70% of all card-not-present transactions were considered to be fraudulent.
Do I have your attention? Good.
So, where is all this fraud coming from? How is it happening? And what can you do to protect your revenue? You’ll find answers to all those questions and more below.
Recommended reading
- Fake Google Reviews: How to Identify, Remove & Prevent
- The Top 10 Prepaid Card Scams to Watch Out For in 2025
- How do Banks Conduct Credit Card Fraud Investigations?
- How Credential Stuffing Works: Examples, Red Flags & More
- How Denial-of-Service Attacks Work: Red Flags & Prevention
- How to Prevent Cybercrime: Top Business Tips for 2025
What is Online Fraud in eCommerce?
- Online Fraud
Online fraud consists of dishonest activities, by either individuals or groups, that exploit vulnerabilities in online retail transactions. Typically aimed at merchants, the goal is to steal goods, services, funds, or information.
[noun]/än • līn • frôd/
Online fraud is not just one specific practice or tactic. It’s an umbrella term; we’re referring collectively to dozens of different moves that scammers can make to separate you from your money.
If it involves deception, and it takes place online, then it falls within the purview of what we’re discussing today.
How Online Fraud Against Merchants Works
Like I explained, there are innumerable tools and techniques crooks can use to commit fraud. But, most attacks are still built around the same core steps: gathering information, testing usefulness, committing the crime, and finally covering up their work.
Typically, it works something like this:
In some instances, the crook may use phony data to create a new account, then use the false account to create others, building credit for years before “busting out” by maxing all their acquired spending limits and disappearing.
Why is Online Fraud so Hard to Detect?
While identifying fake transactions might seem like a simple task, they’re generally not very obvious. Fraud detection is a much more complicated issue for eCommerce than it ever was for brick-and-mortar stores, for several reasons:
Anonymity
Automation
Speed
Security Gaps
There’s another major factor to consider here: first party abuse, or “friendly fraud.” Accidentally or otherwise, many legitimate customers are committing fraud against merchants. It’s hard to identify that kind of fraud prior to the transaction, since the crime may not be committed until months afterwards.
Common Types of Online Fraud Affecting Merchants
Some types of online fraud, such as business email compromise (BEC) can be aimed specifically at businesses. As a merchant, however, you’re more apt to be an indirect victim of fraud. That is, fraud will get perpetrated against consumers, but you’ll end up taking the hit for it.
If a fraudster is able to buy from you using a cardholder’s information, you’ll lose the money and the merchandise. The bank will reimburse the consumer, but no one will reimburse you. Theoretically, of course, you could track down the fraudster and take them to court. Good luck with that, though.
Here are just a few of the most-common threats that could impact you:
- Account takeover fraud: Hijacking a legitimate cardholder’s account to make seemingly authorized purchases from you.
- Synthetic identity fraud: Buying from you using a fake “Frankenstein” persona created by combining partial card data.
- Friendly fraud: Dishonestly filing invalid chargebacks through the bank, rather than contacting you for a refund.
- Refund fraud: Abusing your return policies to pursue a refund or other goods without valid cause.
- Bust-Out Fraud: Patiently building up a fake profile and line of credit, then maxing it out and disappearing.
Bear in mind that your fraud detection efforts will benefit from understanding as many threat vectors as possible. Check out our main article on the topic, outlining dozens of different threat sources.
What Online Fraud Really Costs Merchants
The increasing volume of eCommerce fraud is exacerbated by the growing volume of online shopping. Card-not-present channels already account for more than 20% of US retail sales, and the number keeps going up. It doesn’t take a mathematician to recognize the trend here.
On average, eCommerce merchants lose 2.9% of their revenue to fraud every year. These are direct costs, though; the true costs go far beyond that.
Fraud costs you more than just the value of the stolen merchandise. To illustrate, say you have a home decorating site. You sell a $30 candle, but the buyer turns out to be a fraudster. Here’s a generalized look at what you can expect to lose from that one transaction:
| Description | Estimated Cost | |
| Lost Sales Revenue | the candle is long gone, so you can’t resell it. | $30 |
| Lost Merchandise Cost | The cost of buying the candle wholesale. | $10 |
| Shipping costs | You paid to ship the candle to the buyer. | $7 |
| Chargeback Fees | These fees cover your bank’s costs resulting from the chargeback. | $20 |
| Processing Fees | What you paid to process the initial transaction. | $1 |
| Additional Costs | Labor and other costs tied to order fulfillment | $5 |
We’re talking about just one incident with a relatively low ticket price. But, you’re already looking at losses that are more than double the value of the original sale. That’s to say nothing of the indirect, ancillary costs like reputational damage when the fraud is discovered, or potential long-term restrictions on your merchant account due to excessive fraud attempts.
Alibaba, currently the world's largest online retail hub, is the target of millions of cyberattacks every day.
There’s nothing friendly about friendly fraud.
It’s a serious threat, but we can take prevention and revenue recovery completely off your plate.
Request a Demo
Warning Signs of Online Fraud Attempts
Online fraud prevention starts with detection. And, there are a number of different indicators that could help you identify potentially fraudulent transactions before processing:
Transaction red flags:
- Unusual order velocity
- Mismatched billing/shipping
- High-risk product combinations
Customer behavior indicators:
- Reluctance to provide info
- Urgent shipping demands
- Multiple order variations
Technical warning signs:
- IP/location mismatches
- Device fingerprint anomalies
- Email address red flags
Pattern recognition basics:
- Repeated payment failures
- Geographic risk indicators
- Time-based patterns
Responding to Online Fraud Incidents
So what should you do as the victim of a fraud attack? Our best advice is to create a basic strategy before you actually need it. Start by addressing the three basic stages to an effective fraud response plan: verification, cancellation, and reporting.
Before you make any other move, you’ll want to verify that the suspected transaction is actually fraud. Double-check why the order was flagged. Make sure the customer info either matches exactly, or has only minor, explainable errors. If you’re still not certain, consider calling the customer and asking for additional verification.
You should cancel the order as soon as you are reasonably sure of fraud. It’s a delicate balance; you don’t want to ship an order to a crook, but you also don’t want to delay a legitimate order any longer than necessary.
After that, there’s one more thing you need to do: report the crime.
Online fraud reporting is as important as the other steps. Contact the FBI Internet Crime Complaint Center for suspected cybercrime, and the FTC Consumer Sentinel for Identity Theft. When appropriate, you can also contact local law enforcement.
Payment processors and card networks should also be alerted. And, be sure you update your own blacklists to reflect the alleged fraudster.
Online Fraud Prevention Best Practices
If everything I’ve talked about so far has you a little alarmed, that’s intentional.
eCommerce fraud detection gets more and more critical with each passing day. The more robust your online fraud detection efforts, the less likely you are to end up a victim.
With that being said, here are a few basic facets of online fraud prevention, along with the tools and practices you’ll need to carry them out, to get you started on your journey:
Representment can be complex and time-consuming.
We’ll handle it for you, increase your net win rates AND up your ROI.
Request a Demo
Building Your Online Fraud Detection System
As we said previously, all this needs to be in place before fraud actually occurs. And while starting small is better than nothing, effective protection can’t be done with just one tool. What you need is an entire fraud detection framework that can handle today’s threats, but is flexible enough to scale with your business and adapt to future threats.
While there are multiple fraud detection systems available, off-the-shelf solutions won’t be specifically attuned to your business. That said, building a system from scratch can be time- and cost-prohibitive, especially for smaller companies.
Even if you have the money to build your own solution, it’s still not a bad idea to start with a mixture of buy and build. This gives you a chance to discover which tools you really need, and ones you don’t.
The more specialized tools you use, the better. For the best internet fraud protection, however, you really need a comprehensive strategy composed of multiple tools and customized to your business. Contact us today to learn how we can help with that.
FAQs
What is an example of online fraud?
A fraudster uses stolen credit card information to make purchases at an online store. While the merchant is typically not responsible for repayment to the customer, they will still lose any merchandise already shipped.
What can be done about online fraud?
Online fraud is too lucrative for criminals to ever abandon it. For merchants, the best protection is to identify and block suspicious transactions before they’re completed. Tools commonly used for this include AVS matching, 3D Secure, device fingerprinting, and risk scoring.
What to do when someone defrauds your business online?
The first step is to verify the legitimacy of the claim. If the customer has a legitimate complaint, it’s best to issue an immediate refund. If the claim is fraudulent, though, the merchant must decide if the case is worth challenging. If so, they should begin the representment process as soon as possible.
What are the most common fraud schemes?
There is no end to the varieties of fraud scams in use, but some of the more common ones include account takeover attacks, synthetic identity fraud, triangulation fraud, refund fraud, and of course, friendly fraud.
How can you identify online fraud?
Some red flags to watch for include large orders from new customers, multiple orders from the same IP address (or identical orders from different addresses), orders from high-risk locations, and inconsistencies between billing and shipping addresses.
Also, be aware of customers who insist on unusual payment methods, or who create an inappropriate sense of urgency. In any of these situations, fall back on a manual review to verify the transaction before letting it proceed.
