How to Help Prevent eCommerce Fraud


If your online store is the victim of a fraud attack, you may be up against some financial hardship. That’s because for every $1 in direct losses, your eCommerce store loses over $3 due to costs such as fees, penalties, and litigation.1 You may also start losing customers if they no longer have confidence in your ability to keep their payment data safe.

This may be a factor as to why 60% of small businesses shut down their operations within six months of a cyberattack.2

One of the best ways to help protect yourself from a cyberattack is to work with a PCI-compliant payment processor that understands the importance of data security. Doing so will help shield you from online attacks; however, some fraud tactics call for specific prevention strategies. Below are a few of the more common schemes to look out for – plus tips on how to help protect your business.

Card testing fraud

Before going for the big purchases, online criminals often test multiple stolen cards — back to back — using tiny transaction amounts (of less than a dollar). Once they know a card is valid, they can begin making much larger charges on different sites.

One way to help prevent this type of fraud is to set minimum thresholds for all online purchases. If nothing in your inventory costs less than $5, for example, you would set your threshold at $4.99. Be sure to factor in for future sale prices. Another good strategy involves using an online velocity filter that automatically prevents back-to-back transactions from the same location or device.

Friendly fraud

Also known as “chargeback” fraud, this scheme happens whenever a customer buys something from you – with the intention of claiming he or she never placed the order or that the item never arrived. This dishonest customer obviously keeps the item he or she purchased and requests a charge reversal through his or her card-issuing bank. Once the customer gets his or her money back, the bank then comes to you to collect the reversed charge.

You can (and should) try to dispute each chargeback. Though having receipts and other documentation is helpful, credit card issuing banks often side with their customers – especially when it comes to anonymous, online transactions. 

The best way to help protect yourself from chargeback fraud is to disable guest checkout and add tracking to all deliveries:

  • The former makes it harder to claim one never ordered an item
  • The latter makes it harder to claim one never received the item

Overpayment fraud

You may be familiar with stolen credit card fraud in which criminals use compromised plastic to buy items online and ship them to third-party addresses. You can help prevent this with Address Verification Service (AVS) technology coupled with a firm policy of only shipping goods to the billing address supplied during checkout.

Now there’s a new twist to this scheme.

With overpayment fraud, criminals use stolen credit cards to deliberately “overpay” for goods online. Once the order goes through, they then request that the refunded balance be sent to a different banking account. Fixing this is simple. Only refund money to the credit card used during checkout. Be sure to clearly state this in your refund policy.

The above is just a partial list of common fraud tactics of which every online merchant should be aware. For more eCommerce fraud and prevention strategies, be sure to read the accompanying resource.

1 “CNP Fraud Costs US Merchants $3.36 for Every $1 of Direct Fraud Loss,” Card Not Present, 30 July 2020

2 “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack,” Inc., 7 May 2018

Infographic created byFiserv, a credit card processing company