ecommerce fraud header

6 Common Types of Ecommerce Fraud and How to Fight Them

Ecommerce fraud takes many forms, including account takeover fraud, friendly fraud, card testing fraud, and more. To reduce the impact ecommerce fraud has on your store, you need to understand the specific fraud type and source.

If you run an ecommerce store, you should be protecting your customers – and your business – against potential ecommerce fraud. Recently, ecommerce fraud has risen nearly twice as fast as ecommerce sales. More than ever, ecommerce stores need to use fraud management systems that detect and protect against fraud while helping you manage chargeback disputes.

It’s important to take these threats seriously by developing strategies to combat and reduce the impact of fraud on your online store. To help, we’ve compiled a list of the most common types of ecommerce fraud and tactics that you can leverage to protect your ecommerce store from fraud. For convenience, we’ve broken this article into the following sections. Feel free to jump to the one that’s most useful to you:

  • What is ecommerce fraud?
  • 6 common types of ecommerce fraud
  • How to fight back against ecommerce fraud
  • Some future trends in ecommerce fraud

With these fundamentals in mind, you can better identify and combat different types of fraud that may affect your ecommerce business. Let’s get started.

What is ecommerce fraud?

graphic of shopping cart and credit card representing ecommerce fraud

Ecommerce fraud is any type of fraud that occurs on an ecommerce platform. Using a stolen or fake credit card, using a false identity, and affiliate fraud advertising are all forms of ecommerce fraud. When a customer engages in fraud on your online store, you as a retailer absorb this cost, negatively affecting your revenue.

As opposed to fraud in a brick-and-mortar location, online fraud can be conducted with personal and credit card information and the card doesn’t need to be present for the transaction. In some cases, hackers steal personal and financial information and sell it on the black market. This type of criminal fraud is more severe, but there are other types of customer fraud, such as friendly fraud, where the customer intentionally files a chargeback to gain a free product and avoid payment.

Part of why ecommerce fraud is so prevalent today is because prosecutions are rare, due to time and resource constraints, the burdens of gathering evidence, and more. This means ecommerce fraud prosecutions are rare, and it is best to integrate a high-quality fraud detection and prevention management system to eliminate fraud on your platform and reduce its impact on your revenue.

Ecommerce fraud is sophisticated and ever-evolving, as fraudsters leverage more advanced tactics with every passing year. Malicious actors only need to be right once, whereas you need to be right every time. Before we look at strategies to combat fraud, let’s look at the most common types of fraud on an online store.

6 Common Types of Ecommerce Fraud

graphic of credit card and graphs

The best way to combat fraud is to identify why fraud is occurring in the first place, and then develop strategies to prevent and protect against these attacks, in order to secure your ecommerce site. To start, you’ll want to identify the type of fraud that is occurring on your platform, and then address it directly.

While there are countless schemes that fraudsters can use, we want to highlight some of the most common types of ecommerce fraud. These strategies have been used successfully against both small and large ecommerce websites. Recognizing them now can help you avoid becoming a victim.

1. Card Testing Fraud

Card testing fraud (also known as card cracking) is a widespread tactic used to defraud ecommerce businesses. In 2017, for instance, card testing fraud jumped by more than 200 percent, accounting for 16 percent of all ecommerce fraud and 7 percent for larger ecommerce merchants.

Card testing fraud is when someone gains access to one or more stolen credit card numbers, through theft or by purchasing card data on the dark web. Even though they have the credit card numbers, they do not know (1) whether the card numbers can be used to successfully complete a transaction or (2) the limit associated with that credit card.

Fraudsters visit an ecommerce website, making small test purchases, often using scripts or bots to test multiple credit card numbers quickly. These initial purchases are extremely small, as the entire purpose is to see whether the credit card can be used to complete transactions. Once they know that a credit card number works, they will begin making much more expensive purchases.

Ultimately, the initial small purchase testing tactic often goes undiscovered. Merchants and impacted customers tend to realize that they have been victims of card testing fraud when larger purchases are made. By that point, they may have been able to make several significant purchases using stolen credit card information.

2. Friendly Fraud

Friendly fraud (also called chargeback fraud) is when someone purchases an item or service online and then requests a chargeback from the payment processor, claiming the transaction was invalid. The credit card companies or bank returns the transaction value to the customer, which must still be paid by the retailer.

In a chargeback fraud, an individual makes claims that appear to be believable and honest, and in some cases, that individual may be right (hence, “friendly fraud”). That said, friendly fraud can be used to receive items for free. For instance, the fraudster may purchase an item from your online store and argue that the item was never delivered, they may tell their credit card issuer that they returned the item to the merchant, but that a refund was never processed, or they can even say that they canceled the order, but it was still sent to them.

Whatever the case may be, chargeback fraud occurs when they contact their credit card issuer to dispute a charge that they actually intended to make. Use a chargeback management software tool that will reduce fraud loss and help you manage disputes.

3. Refund Fraud

Refund fraud is when someone uses a stolen credit card to make a purchase on an ecommerce website. The fraudster then contacts the ecommerce business and requests a reimbursement due to an accidental overpayment. They request a refund of the excess amount, but then state that the money will need to be sent via an alternative method since their credit card is closed. Ultimately, this means that the original credit card charge is not refunded and the ecommerce business is responsible to the card owner for the full amount.

With refund fraud, the ecommerce merchant is stuck in the middle. The fraudster may appear to be making a legitimate claim on the surface, but in reality, they are trying to steal money from your business.

4. Account Takeover Fraud

Account takeover fraud occurs when someone gains access to a user’s account on an ecommerce store or website. This can be achieved through a variety of methods, including purchasing stolen password, security codes, or personal information on the dark web or successfully implementing a phishing scheme against a particular customer.

Once they have gained access to a user’s account, they can engage in fraudulent activity. For instance, they can change the details of a user’s account, make purchases on ecommerce stores, can withdraw funds, and can even gain access to other accounts for this user.

Account takeover fraud is a serious form of identity theft, costing victims and your reputation as a retailer. Customers that feel that their data may be vulnerable on your website or ecommerce store are less likely to checkout and will consider competitors that offer stronger security measures.

5. Interception Fraud

Interception fraud is when fraudsters place orders on your ecommerce website where the billing address and shipping address match the information linked to a stolen credit card. Once the order is placed, their goal is to intercept the package and take the goods for themselves.

This can be done in several ways. First, they may ask a customer service representative at your company to change the address on the order before it is shipped. By doing this, they aim to receive the goods while the actual payment is made by the victim. They may also contact the shipper (whether it is FedEx, UPS, or another courier) to reroute the package to an address of their choosing. If they live close to the victim, they may even wait for the physical delivery of the package, sign for the package, and take it for themselves.

6. Triangulation Fraud

Triangulation fraud requires three different types of actors: the person doing the fraud, a shopper, and an ecommerce store. The fraudster sets up a storefront (on Amazon, Shopify or another platform) that sells high-demand goods at competitive prices.

Setting up this storefront brings in a number of legitimate customers who are looking to take advantage of an incredible bargain. Once these customers place orders on the fraudster’s website, the fraudster uses stolen credit card numbers to purchase legitimate goods from your ecommerce website, and then send those goods to their customers.

While the customers of the fraudster’s store may be receiving real goods for an unbelievable price, the victims are (1) those whose credit cards have been stolen and (2) your ecommerce website. Your ecommerce store ships real items to the fraudster after they use stolen credit card information to place these orders.

How to Fight Back Against Ecommerce Fraud

graphic of the path to purchase

Regardless of how much credit card fraud is occuring on your platform, it affects your revenue and bottom line. While it may seem like an uphill battle to defend your ecommerce company from growing threats, here are some quick steps that you can take to fight back against ecommerce fraud and reduce fraud risk.

1. Take Advantage of Fraud Detection Solutions

This is one of the most effective ways to fight back against all types of ecommerce fraud. A fraud detection solution is essentially a third-party solution that specializes in identifying red flag transactions and protecting ecommerce merchants from card testing fraud, friendly fraud, and chargeback fraud.

A fraud detection solution is helpful for ecommerce organizations of all sizes, and is one of the best forms of fraud protection for ecommerce businesses. That said, it can be especially valuable for smaller companies who do not have the time, resources, or talent to implement their own fraud solutions. While you will want to do your due diligence to find the best vendor, a fraud detection solution can be a great way to fight back against fraudsters.

2. Maintain PCI Compliance

The Payment Card Industry Data Security Standard (PCI DDS) is a widely-respected set of requirements ensuring companies storing and processing credit card information and cardholder information—like ecommerce companies—maintain a secure environment. PCI compliance results in basic security precautions, including things like creating a firewall between your internet connection and any system storing credit card numbers. Ultimately, PCI compliance is mandatory, so you must ensure that you are abiding by relevant PCI guidelines to avoid any sanctions or penalties.

3. Be Extra Vigilant During the Holidays

The holiday months can be some of the most critical months for your business, as more people buy using ecommerce stores for Black Friday, Cyber Monday, and various December holidays. Customers are also preoccupied and busy during these times, and often adhere to fewer safety precautions.

The simple fact is that many fraudsters rely on merchants being too busy or preoccupied to spot potential fraud during these months. During the holiday months, be extra careful when receiving a significant number of foreign orders, rush orders, or many small-dollar purchases. These behaviors can be evidence of fraudsters testing out schemes like card testing fraud.

4. Create Blacklists

If you pay for a fraud detection solution (or do it yourself), you may start to notice that particular customers have tested credit cards with your ecommerce business. Once you find these customers, put them on an internal blacklist.

By putting a customer on a blacklist, you ban them from future purchases on your website. A blacklist isn’t a complete solution, since fraudsters can keep using new stolen customer identities. However, a blacklist can help you flag potential fraudulent transactions before they occur based on past behavior.

shopping cart and email graphic representing ecommerce fraud

As ecommerce continuously changes, so does ecommerce fraud. While things like card testing fraud, friendly fraud, and chargeback fraud will likely persist into the near future, we can expect fraudsters to capitalize on several different trends.

Account takeover attacks and fraud are expected to increase in the near future because of a large number of high-profile data breaches in the past two years. With customer data in hand, fraudsters can impersonate real people and make purchases on your website. Fraudsters often use bots to execute this type of fraud on a larger scale, meaning that you and your organization need to be prepared.

There isn’t all bad news, however. The advancements provided by algorithmic and behavioral approaches to fraud detection means that ecommerce companies will be better equipped to fight against fraudsters. Predictive and behavioral models powered by machine learning help ecommerce companies better combat fraud attempts today.

On the other hand, a new problem in ecommerce fraud has become increasingly well-known: the problem of false positives. Many popular fraud detection solution on the market today have relied on faulty fraud-flagging mechanisms that inadvertently reject good customers trying to make a purchase.

This has an overall negative impact on a company’s revenue bottom line; oftentimes, the net impact of losses due to false positives is greater than the impact of fraud losses themselves. Adopting a solution like Bolt, where incentives around order approvals are aligned with the online retailer, will result in a reduction of these false positives.

Defending Yourself Against Bad Actors

The world of ecommerce fraud is complex. Fraudsters are intelligent and can think outside of the box to accomplish their goals. Whether you work for or run a small or large ecommerce company, you should use a high-quality solution that incorporates a fraud detection and management system to defend yourself against these malicious actors. The good news is, if you’re vigilant and closely follow ecommerce fraud prevention methods, you can stop a majority of fraudsters in their tracks.

Whether you decide to work with a third-party vendor, implement your own process, or rely on a combination of both, we encourage you to get started today. One easy solution is to try Bolt, a checkout experience platform with a 100% fraudulent chargeback coverage guarantee that absorbs all liability for fraudulent chargebacks while increasing order approval rates and revenue. Ultimately, using Bolt or another solution means that you not only protect your customers, but also the future of your online business.

Enjoying this article?

Subscribe to our newsletter, Good Question, to get insights like this sent straight to your inbox every week.

Bolt Company logo

About the Author


Bolt is the checkout experience platform. They make sure that nothing gets in the way when shoppers want to buy. Using Bolt means adopting a mobile-friendly, dynamically-optimized checkout experience with fraud prevention and higher order approval rates built in.