Ecommerce businesses are increasingly the target of fraud

There are many types of fraud that ecommerce businesses face. The most common form of ecommerce fraud occurs when a criminal obtains stolen payment card information and uses it to complete an unauthorized transaction without the account owner’s knowledge. The fraudster may have physical possession of the card or acquired the card data electronically. Once the transaction is complete and the payment is approved, the business remains responsible for ensuring that the cardholder was who they said they were in the event the legitimate cardholder disputes the transaction. This puts the task of preventing fraud on the merchant. While card issuers and merchant services providers provide solutions to prevent ecommerce fraud, criminals quickly evolve to more elaborate schemes. Understanding the types of fraud and how they can be spotted is the first step in protecting your business.

Five types of ecommerce fraud

Cyber-criminals are resourceful. There are many ways to commit ecommerce fraud, and new techniques are created daily. However, most fraud will fit into one of five different categories: true fraud, friendly fraud, phishing, refund fraud, and card testing.

  1. True fraud happens when fraudulent transactions are conducted by either opening accounts in the names of identity theft victims or using a stolen payment card number to make purchases online

  2. Friendly fraud occurs when a merchant receives a chargeback because the cardholder denies making the purchase or receiving the order, yet the goods or services were received

  3. Phishing occurs when an email, text, or phone call mimics reputable entities like banks, online resources and credit card companies to trick the recipients into sharing their financial information

  4. Refund fraud is when a criminal purchases something with a stolen payment card, then returns it to the store for a refund to a different account, for cash, or store credit

  5. Card testing is when a cyber-criminal is unaware if a stolen payment card number is valid, so they make small test purchases to confirm the information is valid

Fraud red flag examples

Bulk orders with a higher-than-average dollar value are worth another look. Fraudsters have a short amount of time in which to use a stolen card and they want to buy as much as they can, as quickly as they can.

Multiple orders from one customer in a short time frame may suggest unauthorized card use. By limiting the number of transactions per hour, day, or week from a specific customer, you may reduce risk of fraud.

Different delivery and billing addresses are often valid but warrant further analysis to ensure card authorization. The Address Verification Service (AVS) system indicates if there is a full, partial, or no match response during address verification by comparing an address in the card issuer’s database.

A new customer demanding overnight or rush delivery for big-ticket items requires additional confirmation to ensure validity of card use. Fraudsters want the fraudulently purchased items in their possession before the cardholder realizes something is amiss – so they often pay extra for overnight shipping.

Purchases made with numerous attempts on the payment card number or expiration date may signify that the card is not on hand which can be an indication of fraudulent activity.

Fraud prevention

Merchants must be proactive in anticipating and preventing fraudulent transactions. The fraud prevention tips below will help lower the costs associated with fraud and protect your business from larger, more expensive fraud losses in the future.

  • Adhere to the PCI DSS standard
  • Use the Address Verification System (AVS)
  • Require CVV Codes for purchases
  • Set tight password requirements

Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365.

This contact form is for US customers only. If you are looking for one of our other locations, please visit to find your country or region.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

By providing us with an email address you are expressly consenting to receiving email communications – including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications – including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system – from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.


Available Mon. – Fri.
9:00 AM - 7:00 PM EST

Customer Support

Available 24/7