Best Practices for Merchants to Prevent E-Commerce Fraud

Ecommerce in the U.S. grew by 44% in 2020, to more than $862 billion. For eCommerce conducted on a smartphone in the U.S., aka mCommerce, the numbers are even more impressive. mCommerce sales are forecast to balloon to $432 billion, up more than 30% annually from $148 billion in 2018.

These figures cannot be ignored by security experts, merchants, nor merchant service providers because schemers and fraudsters are not ignoring them. As the trend towards cashless payments and online transactions accelerates, so does the potential for fraud, especially in innovative and fluid industries such as eCommerce and payments. Granted, the security safeguards need to strike a balance between security risks and the customer experience. Below are some best practices for a merchant to implement to mitigate eCommerce fraud risk and offer a frictionless experience for the consumer.

Look out for the warning signs

More and more, eCommerce fraud is carried out by skilled technology experts equipped with the most recent technologies and practices. Nonetheless, there are warning signs and clues that hackers leave behind. We have used these past events as case studies to learn from and have derived common risk indicators, which include:

credit card security 6126777 1

Billing and shipping addresses being different

Numerous orders of the same item by one customer

Unusually large order flows

Multiple orders are coming from the same address using other credit cards.

International transactions are charged out of the blue.


One scam that is common among many businesses, and not just eCommerce, is phishing. This type of fraud happens when somebody poses to be a person they aren’t, intending to trick staff members into disclosing vital details such as credit card information, login credentials, passwords, or a host of other personal information. Fraudsters intend to gather as much information as possible to build a user profile to carry out identity theft or other nefarious activities.

Individuals can contact eCommerce stores pretending to be calling from a financial institution to verify suspicious account activity stemming from the merchant’s business. Research shows that it is best to continuously raise awareness of such emails and phone activities among employees and have a program to test staff on an ongoing basis. Ensuring that your team is appropriately trained to handle such types of calls or events can save a lot of time, money, and reputation.

Chargeback Fraud

Chargeback fraud occurs when an individual makes an eCommerce purchase, receives the item, and then files a claim that their card was stolen, requesting the merchant to reverse the charge. This is one of the most challenging types of frauds for merchants to protect themselves against. However, with the appropriate security measures in place and your staff trained on those security measures, many of these instances can be avoided or successfully contested.

The warning signs cited above, such as the billing and shipping addresses being different, can be a great starting point to act. Call the issuing bank to confirm client details and verify with the card owner if they placed the order. It’s a cumbersome process but much better than the consequences of repetitive chargebacks.

Unchecked susceptibility to chargeback fraud has other long-term costs since payment processors determine the risk profile of a merchant based on the likelihood or actual history of chargebacks. If a merchant is classified as high-risk due to a history of higher than usual cases of chargebacks, fraudulent or not, the business is likely to pay higher chargeback fees and higher processing fees.

Employee engagement

One of the most effective techniques to reduce IT security occurrences is to raise the awareness of security risks among your staff. Employees being on the front lines of business operations can be a business’s best defense in detecting and resolving security threats.

Get the right tools

Besides training, you can equip your staff with the right tools, such as predictive analytics, that have systematic scoring of transactions’ nature to judge the likelihood of fraud. Large online retailers, payment processors, and financial institutions sift through billions of transactions to model acceptable transactions and fraudulent ones based on many factors such as address verification, card security codes, IP geolocation, device history, user profile, and transaction logs, among many other.

These tools should serve as the first line of defense, and any transactions flagged should be escalated to threat analysts for human decision-making.

Mandate user accounts 

One way to ensure that you have an honest consumer rather than a fraudster on the other end of a transaction is to have customers create an account with your website. This process force individuals to disclose accurate information about themselves. The process can also collect information about the type of device they use and details about their location.  This can expedite the checkout process if merchants use auto-fill or form-fill techniques in the order form pages.

Client outreach and signatures

You can check all the boxes and execute all the safety precautions but still need to give specific attention to certain transactions. It may be easier to pick up the phone in such cases and reach out to the client directly on the contact number you have on file and explain to the client that you intend to confirm the order placed.

In such escalated cases, a delivery signature should be required. Specific risk management precautions should be standard practice, such as requiring a signature for all high-risk consumers, those flagged in any disputed or returns transactions in the past, or if orders exceed a certain threshold.

E-Commerce Fraud protection is complicated. Merchants need to strike a balance between security and convenience. Understanding that there are preventable fraud risks to be addressed is an essential first step, albeit difficult since there are no guarantees that these preventive measures eliminate the risks. However, these are vital precautions needed for a business and affect consumers’ confidence that your site takes data safeguards seriously.

Save Time, Money, & Resources



Contact HMS

Ready for the ultimate credit card processing experience? Ask us your questions here.