E-commerce payment fraud losses are expected to total $343 billion globally between 2023 and 2027. And, considering that every $100 in fraudulent order translates into $207 in losses to a business and 43% of online shoppers have been victims of payment fraud, every merchant offering online shopping services should be taking steps to detect and prevent fraud.
This article dives into the world of payment fraud in e-commerce and marketplaces, and provides an overview of the 5 most common types of payment fraud online merchants to be aware of. I’ll also cover some recommended strategies to detect and prevent payment fraud to help e-commerce businesses better protect their customers — and their bottom line.
What is payment fraud?
Online payment fraud is when a malicious actor steals login credentials or other financial information to conduct fraudulent online transactions.
More specifically, it involves fraudsters using various techniques to access customer data or business financial information, including credit card details, bank account information, usernames, passwords, and other personally identifiable information (PII). Once they have this information, fraudsters can go on a shopping spree, resulting in headaches and financial losses for both online shoppers and businesses.
How does payment fraud impact online shopping & marketplaces?
Loss of consumer trust
When it comes to online shopping, customers need to be able to trust that a brand will provide the best services and goods possible while keeping their personal and financial information safe.
For example, when big names like Ticketmaster suffer data breaches or when smaller brands fail to protect customer information, it can negatively impact the company's reputation, resulting in lower customer retention and lower sales.
Higher operational costs
Remember how I mentioned earlier that every $100 in fraudulent orders results in $207 in losses for online retailers? This is because the merchant is responsible for the cost of disputes filed by legitimate customers affected by fraud, in addition to the time and cost required to investigate fraud, including customer support and chargebacks dispute resolution support.
Increased friction for legitimate customers
In their efforts to stop fraud, many online marketplaces have implemented additional security measures like multifactor authentication (MFA), one-time passwords (OTP), and CAPTCHA tests. While additional authentication steps can help, they can also add significant friction for legitimate customers who simply want to log in and complete their purchase as smoothly and quickly as possible, leading them to abandon their carts out of frustration.
Top 5 types of e-commerce fraud
When it comes to online shopping and payment fraud, most people think of credit card fraud. But did you know that e-commerce payment fraud losses aren’t just limited to credit cards? Other types of fraud, like buy now, pay later fraud, chargebacks, and coupon and promo abuse also fall into that category. Let’s take a look at the top 5 types of payment fraud for e-commerce businesses and marketplaces.
1. Buy now, pay later (BNPL) fraud
Buy now, pay later (BNPL) services are on a trajectory to reach $687 billion by 2028, making them a juicy target for fraudsters. One of the most common types of BNPL fraud is costly account takeovers. Fraudsters will either obtain accurate login information or brute-force their way into the accounts of buy now, pay later customers to take advantage of pre-approved credit and stored payment information.
(Learn more about account takeover fraud and how to prevent them.)
2. Chargeback fraud
Credit card chargebacks are when a customer files a transaction dispute with the payment processor. Some chargebacks are legitimate, such when goods aren’t delivered or when a customer’s stolen payment information was used to make an unauthorized purchase.
However, there are a few instances where chargebacks are filed with malicious or fraudulent intent, such as
Friendly fraud
Friendly fraud is a type of credit card chargeback fraud that happens when the actual customer files a dispute on a real transaction. For example, they can claim they didn’t receive what they ordered (even if they did), that the transaction was unauthorized (even if it was), or that the merchandise is not as described (even if it is).
(Read more about friendly fraud and specific prevention strategies.)
Return fraud
Return fraud happens when customers or fraudsters abuse merchant return policies for their own personal gain. Return fraud can occur in many forms — one example is when fraudsters purchase goods using stolen credit cards, then request a return in cash instead of having it credited back to the card.
(Read more about specific return fraud types.)
3. Card cracking or card testing
Credit card cracking or card testing occurs when fraudsters test credit card details on e-commerce sites or marketplaces. Fraudsters often purchase batches of credit card details from the dark web, then set up automated tools or bots to try different combinations via small purchases to see if the card is valid.
For example, they might have a credit card number but not its expiration date. It then becomes a process of elimination as they attempt various dates until they correctly identify the expiration — then they use the card for bigger purchases.
4. Gift card scams
According to the U.S. Federal Trade Commission, gift card scams were responsible for up to $217 million in losses in 2023. Gift card fraud is a favored payment fraud method by fraudsters because of its security flaws.
For example, fraudsters can use a few different techniques to obtain gift cards, including social engineering, gaining unauthorized access to accounts via account takeover, or returning goods purchased with a stolen credit card and having the refund issued to a gift card.
(Learn how merchants can prevent gift card fraud online.)
5. Coupon & promo abuse
Coupon and promo abuse can seriously impact your bottom line and involves a variety of tactics. They include stacking coupon codes in unintended ways, creating multiple new accounts to take advantage of first-time customer discounts, or deploying bots to purchase high-value items in a promotion — which also all impact legitimate customers who lose out on deals.
(Read more about the negative impacts of coupon and promo abuse.)
How to prevent common types of payment fraud in e-commerce businesses
We recommend a few techniques for online businesses and marketplaces that can help prevent stolen or fraudulent information from being used during the transaction process or elsewhere in the customer journey.
Use a reputable payment processor
If you’re an online e-commerce merchant processing sensitive customer payment information, using a reputable payment processor and system is table stakes for operating an online store. Unsecured payment systems are a target for fraudsters who can exploit weak defenses to steal sensitive information, such as credit card numbers, bank account details, and other personally identifiable information (PII).
Regularly monitor and audit transactions
Define normal and abnormal transaction behavior based on historical data and industry benchmarks. Automated monitoring protocols can then be set up to alert the security team whenever a transaction falls outside the defined parameters.
Red flags to look for: High-risk transactions
High-risk transactions, such as those involving large amounts or originating from high-risk locations, require special attention. These transactions should be flagged for manual review so a trained analyst can assess whether they're legitimate or not.
Conduct routine audits to identify patterns
Routine audits involve a comprehensive review of transaction records, looking for patterns or trends that automated systems may miss, including repeated attempts at small transactions (a common sign of card testing) or a sudden increase in transactions from a particular location.
Consider adopting reliable and accurate visitor identification
Identifying website visitors should be an important part of your payment fraud prevention strategy. By using a device intelligence platform like Fingerprint, online businesses and marketplaces can detect in real time when users are attempting to conceal their identity and quickly flag visitors as potentially fraudulent. From there, a detailed analysis can help identify the root cause and prevent future occurrences. This might involve reviewing user behavior, IP addresses, device information, and other relevant data.
Want to learn more about how device intelligence can help detect and prevent payment fraud for e-commerce businesses? Check our tutorial on building accurate visitor identification specifically for payment fraud detection and prevention.
