How To Help Prevent eCommerce Fraud


When it comes to eCommerce fraud, larger companies may be more attractive targets because they process, transmit, and store more payment data. Because of their size, they also tend to generate bigger headlines after a cyberattack. However, smaller companies are often victims, as well.

Not only do they often lack the resources to protect themselves, but they have a much harder time bouncing back after a breach. Inc. reports that an estimated 60% of smaller companies go under within half a year of a cyberattack.1

Fortunately, there are steps you can take to help protect your online business (regardless of its size). Below are some of the most common types of eCommerce fraud – complete with strategies to help minimize your exposure.

1. Card testing fraud

Before making larger purchases, criminals often test stolen credit cards by running tiny transactions of just a few pennies to see if the card is valid. You can help reduce this scheme within your online business by using fraud management filters to set a minimum purchase amount based on the least expensive item in your inventory.

If your lowest-priced item is $3, for example, there should never be an approved transaction for $2.99 or less.

2. Account takeover fraud

With this type of scam, a thief steals your customers’ login credentials to gain access to their stored credit card data and personal information. One way to mitigate this risk is to require two-factor authentication (2FA) for all customer and employee logins. In addition to usernames and passwords, for example, they must provide another password or a temporary PIN sent to their phone or email.

Requiring longer passwords with a mix of letters, numbers, and symbols can also help make account takeover fraud harder for thieves.

3. Overpayment fraud

Criminals sometimes use stolen credit cards to deliberately overpay for items. They then have the difference refunded to a different account.

You can help eliminate this by creating a policy in which you only issue refunds to the original payment source – whether it’s a credit card or bank account.

4. Friendly fraud

There is nothing friendly about this scam – especially since your customers are the ones to blame. It unfolds whenever your customers intentionally buy something only to claim that the item never arrived or that they didn’t place the order. These customers then reverse the charge through their credit card company – and end up keeping the goods.

Also known as chargeback fraud, you can help protect your online business by:

  • Adding tracking and signature requirements to outgoing packages
  • Disabling guest checkout; only logged-in customers can place orders
  • Requiring two-factor authentication when logging in

These steps won’t eliminate chargeback fraud completely. That said, they help establish a clearer paper trail, which makes it easier to authenticate every order and track every delivery.

5. Identity Verification

While many eCommerce fraud schemes revolve around credit card or account misuse, ensuring the true identity of your customers can provide an additional layer of security. By integrating with identity verification companies, you can:

– Confirm the authenticity of new account sign-ups.
– Minimize risks associated with high-value transactions.
– Verify customer details against trusted databases.
– Incorporate biometric or document-based authentication methods during checkout or account creation.

6. Data sniffing

Users do not know that they are actually connecting to the right person when an attacker sets himself in between the server and the user. It is called MiTM attack. To prevent such attack, SSL certificate is necessary. It assures users that they are connecting to the verified website and not a fake one. Customers share their credentials and other sensitive information on your website and these details should be protected with strong encryption. You can go with any type of SSL certificate including cheap wildcard SSL certificate that secures subdomains easily under a single certificate. Data sniffing can damage the reputation of a company and it takes much time in business restoration.

The tips above can help protect you in many situations, but this is far from a complete list. As fraud prevention strategies evolve, criminals come up with more inventive ways to steal from businesses and consumers.

For a more detailed overview of eCommerce fraud and prevention tips, see the free accompanying resource

Author bio: Dori Bright is Senior Vice President of Marketing Intelligence and Small Business Market Development at Fiserv, a leading global provider of eCommerce payments and omnichannel commerce solutions, helping businesses connect with customers through physical, digital, and mobile payment experiences that drive commerce.

This information is provided for informational purposes only and should not be construed as legal, financial, or tax advice. Readers should contact their attorneys, financial advisors, or tax professionals to obtain advice with respect to any particular matter.

1 “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself,” Inc., 7 May 2018