Best Practices for Merchants to Prevent E-Commerce Fraud

Ecommerce in the U.S. grew by 44% in 2020, to more than $862 billion. For eCommerce conducted on a smartphone in the U.S., aka mCommerce, the numbers are even more impressive. mCommerce sales are forecast to balloon to $432 billion, up more than 30% annually from $148 billion in 2018.

These figures cannot be ignored by security experts, merchants, nor merchant service providers because schemers and fraudsters are not ignoring them. As the trend towards cashless payments and online transactions accelerates, so does the potential for fraud, especially in innovative and fluid industries such as eCommerce and payments. Granted, the security safeguards need to strike a balance between security risks and the customer experience. Below are some best practices for a merchant to implement to mitigate eCommerce fraud risk and offer a frictionless experience for the consumer.

Look out for the warning signs

More and more, eCommerce fraud is carried out by skilled technology experts equipped with the most recent technologies and practices. Nonetheless, there are warning signs and clues that hackers leave behind. We have used these past events as case studies to learn from and have derived common risk indicators, which include:

credit card security 6126777 1

Billing and shipping addresses being different

Numerous orders of the same item by one customer

Unusually large order flows

Multiple orders are coming from the same address using other credit cards.

International transactions are charged out of the blue.


One scam that is common among many businesses, and not just eCommerce, is phishing. This type of fraud happens when somebody poses to be a person they aren’t, intending to trick staff members into disclosing vital details such as credit card information, login credentials, passwords, or a host of other personal information. Fraudsters intend to gather as much information as possible to build a user profile to carry out identity theft or other nefarious activities.

Individuals can contact eCommerce stores pretending to be calling from a financial institution to verify suspicious account activity stemming from the merchant’s business. Research shows that it is best to continuously raise awareness of such emails and phone activities among employees and have a program to test staff on an ongoing basis. Ensuring that your team is appropriately trained to handle such types of calls or events can save a lot of time, money, and reputation.

Chargeback Fraud

Chargeback fraud occurs when an individual makes an eCommerce purchase, receives the item, and then files a claim that their card was stolen, requesting the merchant to reverse the charge. This is one of the most challenging types of frauds for merchants to protect themselves against. However, with the appropriate security measures in place and your staff trained on those security measures, many of these instances can be avoided or successfully contested.

The warning signs cited above, such as the billing and shipping addresses being different, can be a great starting point to act. Call the issuing bank to confirm client details and verify with the card owner if they placed the order. It’s a cumbersome process but much better than the consequences of repetitive chargebacks.

Unchecked susceptibility to chargeback fraud has other long-term costs since payment processors determine the risk profile of a merchant based on the likelihood or actual history of chargebacks. If a merchant is classified as high-risk due to a history of higher than usual cases of chargebacks, fraudulent or not, the business is likely to pay higher chargeback fees and higher processing fees.

Employee engagement

One of the most effective techniques to reduce IT security occurrences is to raise the awareness of security risks among your staff. Employees being on the front lines of business operations can be a business’s best defense in detecting and resolving security threats.

Get the right tools

Besides training, you can equip your staff with the right tools, such as predictive analytics, that have systematic scoring of transactions’ nature to judge the likelihood of fraud. Large online retailers, payment processors, and financial institutions sift through billions of transactions to model acceptable transactions and fraudulent ones based on many factors such as address verification, card security codes, IP geolocation, device history, user profile, and transaction logs, among many other.

These tools should serve as the first line of defense, and any transactions flagged should be escalated to threat analysts for human decision-making.

Mandate user accounts 

One way to ensure that you have an honest consumer rather than a fraudster on the other end of a transaction is to have customers create an account with your website. This process force individuals to disclose accurate information about themselves. The process can also collect information about the type of device they use and details about their location.  This can expedite the checkout process if merchants use auto-fill or form-fill techniques in the order form pages.

Client outreach and signatures

You can check all the boxes and execute all the safety precautions but still need to give specific attention to certain transactions. It may be easier to pick up the phone in such cases and reach out to the client directly on the contact number you have on file and explain to the client that you intend to confirm the order placed.

In such escalated cases, a delivery signature should be required. Specific risk management precautions should be standard practice, such as requiring a signature for all high-risk consumers, those flagged in any disputed or returns transactions in the past, or if orders exceed a certain threshold.

E-Commerce Fraud protection is complicated. Merchants need to strike a balance between security and convenience. Understanding that there are preventable fraud risks to be addressed is an essential first step, albeit difficult since there are no guarantees that these preventive measures eliminate the risks. However, these are vital precautions needed for a business and affect consumers’ confidence that your site takes data safeguards seriously.

Frequently Asked Questions

  1. How can merchants prevent fraud?

    Merchants can prevent fraud by implementing several best practices such as using secure payment gateways, implementing multi-factor authentication, monitoring suspicious activities and transactions, conducting regular fraud risk assessments, using address verification systems, requiring CVV numbers for card-not-present transactions, and using fraud detection tools and services.

  2. What is merchant fraud protection?

    Merchant fraud protection refers to the measures and strategies implemented by businesses to safeguard themselves against fraudulent activities in e-commerce transactions. It involves utilizing various tools, technologies, and practices to detect and prevent fraud, protecting both the merchant and the customers. This may include implementing secure payment gateways, using fraud detection systems, conducting regular risk assessments, and educating employees about fraud prevention techniques.

  3. How can merchants detect fraudulent transactions?

    Merchants can detect fraudulent transactions by implementing fraud detection tools and systems. These systems use advanced algorithms to analyze various data points, such as transaction history, customer behavior patterns, and IP addresses, to identify suspicious activities. Merchants can also manually review transactions for red flags, such as large orders from new customers, multiple failed payment attempts, or inconsistencies in billing and shipping addresses. Additionally, collaborating with payment processors and financial institutions can provide access to additional fraud detection mechanisms.

  4. What are some common signs of e-commerce fraud?

    Common signs of e-commerce fraud include orders with mismatched billing and shipping addresses, unusually large or expensive orders from new customers, multiple failed payment attempts, rush or overnight shipping requests, and suspicious or incomplete customer information. Other indicators may include frequent purchases of high-value items, multiple orders with different payment methods or shipping addresses from the same IP address, and unusually high or sudden order volumes from a single customer. 

  5. How important is customer education in preventing e-commerce fraud?

    Customer education plays a crucial role in preventing e-commerce fraud. Merchants should provide clear guidelines and recommendations to customers on safe online shopping practices, such as creating strong passwords, avoiding sharing sensitive information, regularly monitoring financial statements, and reporting suspicious activities. By raising awareness about potential risks and providing guidance on how to protect themselves, merchants can empower customers to make informed decisions and reduce their vulnerability to fraud.

Save Time, Money, & Resources

Categories: eCommerce

Get Started

Ready for the ultimate credit card processing experience? Fill out this form!

Contact HMS

Ready for the ultimate credit card processing experience? Ask us your questions here.