Best practices to prevent e-commerce fraud

For criminals intent on committing fraud, the rapid expansion of global e-commerce provides ample opportunities. Over the last decade, e-commerce has experienced significant growth. In 2010, fewer than 5% of retail sales were online; by late 2023, it was over 15%. Experts expect global e-commerce sales to top $6.3 trillion in 2024 and reach $8 trillion by 2027.

Opportunity and evolving technology, including artificial intelligence (AI) and machine learning (ML), have opened the door to new types of e-commerce fraud. As more consumers shop online, fraud follows.

E-commerce fraudsters — also called hackers or scammers — often use periods of surging traffic to disguise their activities and circumvent security measures stressed or overwhelmed by unusually high transaction volumes. Traditionally, events such as Black Friday, Cyber Monday, and Amazon Prime Day have prompted significant spikes in e-commerce fraud, as consumer traffic on those days can run higher than usual.

"Any time there is noise in the system, there are going to be increased incidences of fraud," says Jennifer Singh, former director of channel partnerships at the fintech security firm Entersekt. "Wherever the money goes, criminals will follow," she says, adding, "With an average traffic increase of 15–20%, we would expect to see a 2–5% increase in fraudulent activity."

Mobile and online shopping poses new risk

However, large retailers aren't necessarily the most likely targets of e-commerce fraud. While some fraudsters try exploiting traffic spikes at large retailers or game their generous return policies, those most at risk are often small- to mid-sized businesses. Fraudsters usually target them due to an underutilization of e-commerce fraud prevention tools or not following best practices.

Accounting for 43% of all e-commerce sales in 2023, shopping via mobile devices is on the rise. New payment methods, such as mobile wallets and QR codes, have made mobile shopping even more popular. That leaves organizations that haven't reinforced their digital security or updated e-commerce fraud best practices for prevention vulnerable. Savvy fraudsters are increasingly adept at finding new, more sophisticated attack tactics.

"With the implementation of the EMV chip in physical cards, fraudsters have migrated to less secure channels in mobile and online," says Singh. Emerging threats on mobile platforms, such as app-based phishing scams and card-not-present (CNP) fraud, are growing concerns. In 2024, CNP fraud is projected to represent 74% of all card payment fraud losses, accounting for over $10 billion.

Fraudsters are increasingly tech savvy

Part of the reason for this escalation in fraud is the growth of e-commerce. However, a more insidious reason is that fraud schemes are becoming more sophisticated. Stolen cards, phishing scams, and fake websites are still among the most prevalent fraud schemes. But technically adept criminals continue to discover ways to co-opt seemingly secure digital technologies.

Some of the most popular and problematic types of e-commerce fraud organizations must look to defend against include:

• Phishing and spear phishing. Fraudsters use emails, text, or social media messages that appear to be from legitimate businesses to trick shoppers into providing personal information. Now, deepfake technology allows cybercriminals to create convincing audio or video messages. 
• Account takeover (ATO) fraud. Scammers access a user's e-commerce account through phishing or security weaknesses and make unauthorized purchases or steal financial information.
• Payment fraud. This fraud uses stolen or fake credit card information to make purchases or create counterfeit digital wallets.
• Friendly fraud. A customer makes an online purchase and then requests a chargeback from the bank after receiving the goods, claiming the item was unauthorized or stolen.
• Loyalty program fraud. Scammers hack into loyalty accounts obtained from data breaches, redeem member points for items or gift cards, and sell them for cash.
• Social-engineering scams. Fraudsters impersonate customer service agents from e-commerce sites and contact shoppers, claiming an issue with an order to obtain login or payment information.

Hackers can create synthetic identities by blending a person's real information stolen from the dark web with fake names and addresses, thus fooling merchants, financial institutions, and retailers to gain instant access to information. Using bots, they bombard e-commerce sites with login requests, overwhelming a system and breaking through a retailer's firewall.

How to prevent e-commerce fraud

Businesses should consider reevaluating their e-commerce fraud protection strategy to help prevent attacks and create safer spaces for digital commerce. 

One way to improve e-commerce security is by combining advanced risk-assessment technologies with straightforward "step-up" techniques that allow consumers to validate or deny any given transaction.

Additional e-commerce fraud prevention best practices include:

• Use multi-layered security measures. Combining security solutions, such as encryption, tokenization, and secure socket layer (SSL) certificates, protects data and provides layers of safeguards against hackers.
• Require multi-factor authentication (MFA). Ask customers to enable MFA on their accounts, especially for actions like changing personal details or processing transactions over a certain amount.
• Set up monitoring systems. Create monitoring systems and use automated alerts to spot unusual transactions, high-order values, numerous transactions in a row, or shipping to multiple addresses. 
• Keep systems updated. Work with IT to regularly review and update your e-commerce platform, plugins, and system and software components to patch vulnerabilities.
• Employ verification software. Card verification number (CVN) and address verification systems (AVS) help verify customer information and flag data that doesn't match. 
• Conduct employee training. Provide your employees regular training and awareness of new and common frauds, from onboarding to continuing education sessions.

While organizations often bear the brunt of fraud e-commerce mitigation strategies, there is more awareness about the dangers of online fraud for consumers. Under the INFORM Consumers Act, which targeted fraud prevention in online marketplaces, sites needed to meet new compliance measures by mid-2023.

Overcoming friction and frustration

The challenge for online businesses is having a system that provides a high level of e-commerce fraud prevention but doesn't ask so much of the consumer that they abandon their purchase out of frustration or annoyance.

"Consumers want transactions to happen instantaneously," Singh says. "If the transaction is declined for any reason, they may abandon their cart or use a different credit card to finish the transaction. This results in losses for both the merchant and issuer of the card."  

Consumers abandon sites in mid-transaction for many reasons, but clunky security measures are often to blame. More "frictionless" mobile solutions include the EMV 3-D Secure (3DS2) protocol, which combines superior algorithmic risk assessment with more straightforward authentication methods. It can help create more completed transactions while reducing false declines and costly chargebacks.

Increasingly, companies are looking to AI and ML. These tools can quickly analyze data sets to identify patterns indicating fraud and behavioral patterns like mouse movement or typing speed that distinguish legitimate users from fraudsters. 

This technology allows for more accurate fraud detection while reducing false positives, helping balance the need for robust e-commerce security with a more seamless customer experience. That can also help build consumer trust in the brand, leading to fewer abandoned carts and more completed transactions. 

Take steps to prevent e-commerce fraud

By implementing e-commerce fraud prevention best practices, retailers can significantly reduce the risk of falling victim to fraud. However, developing and following fraud prevention for e-commerce is an ongoing process that requires a proactive approach to thwart increasingly sophisticated attacks.

Employing the latest tools and technologies, including AI and ML, can help create a more secure environment for businesses and consumers.