Fraud is something every business owner has to contend with. A recent Cybersource report found that 2.9% of all ecommerce revenue is lost to fraud—meaning out of every $10,000 your business generates, you could potentially lose almost $300 to scammers.
A fraud prevention strategy helps minimize losses and deter scammers from targeting your online store. With the right fraud prevention measures in place, you can block fraud automatically, saving you hours each week manually reviewing orders.
This article shares how to create one, the types of fraud to look out for, and effective fraud prevention measures that will protect your business.
What is fraud prevention?
Fraud prevention is a strategy that helps businesses identify, prevent, and resolve fraud. The goal is to prevent fraud from damaging a business’s finances, reputation, or customers.
Why is fraud prevention important?
Financial losses and instability
Fraud is a costly problem for businesses to deal with. Falling victim to financial crimes can see money drain from your bank account into a scammer’s. And when it’s your customers who are initiating fraud through disingenuous chargebacks, an event called “friendly fraud,” you’ll spend up to $35 disputing every $100 in charges.
Reputation risks
Many purchases are made—or at least influenced—by word of mouth. If one customer has a negative experience with your site, there’s a chance that they’ll tell their own friends and family about the fraud risk. This can deter people from buying your products.
Legal compliance issues
Laws exist to protect consumers against fraud. As a business, you must be compliant with anti-money laundering regulations that prohibit scammers from hiding profits from fraudulent activities (such as stolen credit card details).
Financial institutions that process payments for businesses are obligated to comply with anti-money laundering regulations, too, by verifying customer identities, monitoring transactions for suspicious activity, and reporting suspicious activities.
Failing to meet these requirements not only leaves loopholes for scammers to exploit but exposes you to legal action, regardless of whether or not you actually fall victim to fraud.
Efficiency challenges
Fraud is complex and takes a lot of time to resolve. Disputing claims, gathering evidence, and dealing with the repercussions of fraud draw valuable time away from your business—time that could be better spent elsewhere.
Types of fraud
- Phishing scams
- Friendly fraud
- Card testing fraud
- Refund abuse
- Loyalty abuse
- Account takeover fraud
- Triangulation fraud
- Identity theft
Phishing scams
Phishing happens when fraudsters pretend to be someone else. They deceive people into thinking they’re someone else, hoping that they’ll reveal sensitive information. An example might include a phishing email from someone claiming to work for your bank in order to get unauthorized access to your business’ bank account.
Cybersource’s Ecommerce Fraud Report found that phishing is the most popular type of fraud that retailers encounter. Almost half (43%) of businesses experienced this type of fraud, up from 35% last year.
Friendly fraud
Friendly fraud, also known as chargeback fraud, isn’t as friendly as the name suggests. It happens when customers buy something from a business and contact their credit card issuers to dispute the charge. They’ll claim that they didn't receive the product or that it wasn't an unauthorized transaction.
Unfortunately, fraudulent chargebacks are common. Cybersource found that over one-third of businesses experience these fraudulent tactics, and the average chargeback rate for retailers is 0.52%.
Card testing fraud
Card testing fraud, sometimes known as payment fraud, happens when scammers use stolen credit card information to make fraudulent purchases on your online store. They’ll often commit fraud using:
- Enumeration attacks, which involve fraudsters systematically guessing and checking card details using automated scripts or bots. They don’t have any specific information to start with and use scripts or bots to generate a large number of card numbers until they find one that works.
- Validity checks, which happen when fraudsters verify the legitimacy of obtained credit card information. (This is often done via small transactions or using validation tools.). In this case, fraudsters already have some card information and don’t need to guess the card numbers because they already have them. All they need to do is check if these card numbers are valid.
One-third of businesses have experienced this type of credit card fraud, but it’s easy to prevent. Ecommerce payment services like Shopify Payments have real-time fraud detection tools that verify whether a customer’s billing address matches the one registered to the card. No match equals order cancellation.
Refund abuse
Refund abuse is when a customer abuses your return policy by either submitting too many returns, returning counterfeit goods, or claiming that the goods weren’t fit for purpose.
This type of fraud is especially common in the fashion industry. Shoppers have been known to participate in “wardrobing”—a type of fraud that happens when people buy a piece of clothing, wear it (with the tags still intact), and return it for a full refund.
The National Retail Federation found that for every $100 in returned merchandise, retailers lose $13.70 to return fraud. It’s a problem that’s exacerbated by holiday shopping: losses rise to $16.50 for the same amount of returned merchandise.
Loyalty abuse
Loyalty programs exist to reward customers for shopping with you, but they sometimes cause businesses to fall victim to online fraud. Studies estimate that 22% of businesses have experienced loyalty fraud, which happens when customers abuse your loyalty program by stealing points or exploiting loopholes.
Account takeover fraud
Account takeover fraud is a type of identity theft that can happen if someone gets unauthorized access to your business accounts, such as the login credentials for your ecommerce platform. When they log in, scammers can see your private information and might hold your accounts for ransom and only relinquish access when they’ve been paid.
Account takeovers can also happen if someone hacks the account a customer has made on your website. Scammers might use their stored cards to make unauthorized purchases or test stolen card details under another person’s name.
Triangulation fraud
Triangulation fraud is a complex type of digital fraud that happens when scammers imitate your online store and lure shoppers in with discounted prices. Customers who buy through the store handover their payment information. The scammer uses stolen money from their order to make a fraudulent purchase on your actual store using the customer’s details. Those details are then sold on the dark web or used to make other fraudulent purchases from other businesses.
This online fraud can often go undetected for months because the customer still gets their product, but they’re none the wiser that their sensitive personal details have been fraudulently obtained.
Identity theft
Identity theft happens when a scammer uses someone else’s identity—be that their name, email address, or online accounts—to make fraudulent transactions. Scammers can gain access to these details through data breaches or phishing attacks. Sometimes, details are sold on the dark web for fraudsters to buy.
Identity theft is a particular problem for merchants because you think that you’re dealing with genuine customers. If someone signs into their account and requests a refund to a different card, for example, you might not realize that it’s not the actual customer contacting you; it’s someone who’s illegally signed into their account and demanded the refund.
How to prevent fraud
- Use Shopify Payments
- Deploy IP fraud scoring tools
- Use verification software
- Limit order quantities
- Bolster your store policies
- Review risky orders
- Train employees on your fraud prevention plan
- Regularly update cybersecurity measures
- Keep accurate records
1. Use Shopify Payments
A secure ecommerce payment gateway goes a long way in preventing fraud. Shopify Payments, in particular, is PSD2 compliant and offers 3D Secure Checkout. This protects you against fraud by shifting liability for fraudulent chargebacks from you to the card issuer. You also won’t be liable for any costs associated with chargeback dispute management, provided it’s an eligible Shop Pay transaction in the U.S..
Businesses using Shopify Payments can use card testing and proxy detection, both of which are automatically embedded in Shopify Payments (no integrating or switching on needed). The tool uses machine-learning and CAPTCHA tests to help prevent card testing attacks by bots and humans at checkout.
Plus, Shopify’s fraud analysis helps you identify high-risk orders by assessing the IP address, billing information, order characteristics, and more.
2. Deploy IP fraud scoring tools
IP fraud scoring tools rank the potential risk of an order being fraudulent using factors from a person’s IP address. It can also detect mismatched addresses and analyze whether the order was placed by a bot.
Shopify has a similar functionality built into its ecommerce platform. Shopify’s fraud analysis tool tells you whether the order is low, medium, or high risk for a chargeback. High-risk orders will be flagged through order notification emails, helping you review high-risk orders and combat fraud.
3. Use verification software
Verification software confirms that the details entered at checkout match a real person who’s trying to make a legitimate purchase. When enabled on your ecommerce site, you can identify potential fraud risks with verification software that requires:
- Identify verification: Is the customer really them or is a fraudster imitating them? Combat identity fraud with verification software that requires shoppers to confirm it’s really them with two-factor authentication or biometric identification.
- Card verification: Anyone can quickly skim the card number and expiration date on the front of a credit or debit card. The CVV code, which is on the back of the card, is an extra layer of security that indicates the customer has the card in their possession.
- Address verification: Oftentimes, scammers who have stolen credit card details don’t have the customer’s billing address. Catch them before they commit fraud with a verification tool that confirms the cardholder’s billing address matches the shipping address they’ve entered at checkout.
This fraud prevention solution is more common than you might think. Per Cybersource, the average business has five fraud detection tools with credit card verification, identity validation, and two-factor authentication ranking highest.
With Shopify, you can set rules to prompt customers to verify their identity. It automatically assesses information like the correct CVV and billing/shipping address via fraud analysis to insulate you from fraudulent orders.
4. Limit order quantities
Scammers often make large orders if they use stolen credit card details. They hope that by sticking to a small number of retailers, their fraudulent transactions will go undetected.
Prevent your online store from falling victim to this type of fraud by limiting order quantities. If shoppers can only order a maximum of 10 units, for example, there’s less opportunity for them to make larger financial transactions that severely impact an unassuming card owner.
Analyze your previous order data to see how units people tend to order when making a purchase through your website. That way, you won’t block genuine customers from making high-value purchases while also deterring fraud.
5. Bolster your store policies
Fraud often happens when people exploit a retailer’s policy and find loopholes, particularly with loyalty and returns policies. Do a comb through of your existing policies to see whether there are any loopholes, and regularly update both policies if customers start to take advantage.
Say you’re a clothing retailer with a generous return policy. Anyone who buys a garment through your online store can return it for a full refund within 14 days, provided the clothing is unworn and undamaged.
However, you notice that customers start returning items that no longer have the manufacturer’s tag on it—and although they’re insisting the item was bought from you, you can’t verify their claim. Insulate yourself against return fraud by stating that you can only accept product returns if the tag is still intact.
Or, if you’re losing too much money processing returns, change the policy to only offer exchanges or store credit instead of a cash refund. This can be a smart fraud prevention policy because your business will be a less attractive target for scammers who want to submit fraudulent returns, such as stolen or worn merchandise, for a full refund.
6. Review risky orders
Fraudulent orders tend to share similar characteristics that make scams easy for you to spot. This includes a mismatch between the shipping address and the home address of the registered card holder, multiple attempts to complete a transaction, or a low value order (which can happen if a fraudster is testing whether a stolen card is still active).
Bear in mind that international orders tend to have a higher rejection rate. Cybersource found that the average order rejection rate for domestic orders is just 2.7% compared to 5.3% for international orders.
Manually reviewing risky orders can be time-consuming, especially if you’re processing lots of orders each day. That’s where Shopify Flow comes in. The tool can automate manual processes so you can seamlessly review, manage, and fulfill orders.
You can set up fraud detection rules to automatically cancel certain orders, capture payment for low-risk orders, alert your team when their review is required, and more.
7. Train employees on your fraud prevention plan
As a business owner, it’s impossible to keep an eye on every part of your business. As you grow, you’ll likely hire employees to cover tasks like marketing, inventory management, or order fulfillment. These people should be fully trained on how to spot fraud attacks and report suspected fraud incidents.
As part of your fraud awareness training program, touch on things like:
- The importance of fraud prevention
- How to protect sensitive company details
- Common fraud schemes they might encounter
- Tools and methods they can use to detect fraud
- Who to report suspected fraud to
8. Regularly update cybersecurity measures
Ecommerce is done completely online, which makes it an industry that’s particularly susceptible to fraud. Cybersecurity measures help protect your company against things like malware, ransom attacks, and unauthorized access to important accounts.
Conduct a thorough audit and risk assessment to see where your cybersecurity measures are falling short. As a starting point, all accounts should have two-factor authentication and use strong passwords that are never reused elsewhere. Employees should also have firewalls or antivirus software installed on their devices.
The problem is criminals are constantly evolving fraud threats to overcome popular ecommerce fraud prevention strategies. The best approach is to be proactive, so repeat the audit regularly and keep an eye out for suspicious activity that you could block in the future.
9. Keep accurate records
If you do fall victim to fraud, or a customer initiates a fraudulent chargeback, you’ll need evidence to dispute the claim. Roughly 9 in 10 submit compelling evidence to resolve friendly fraud disputes, according to Cybersource.
Shopify makes it easy to collect this information when you need it, especially if you’re using Shopify Payments to process online payments. All payment and order-related data is stored in one centralized location. And for fraudulent chargebacks on eligible Shop Pay transactions in the U.S., we automatically submit evidence about the order to the cardholder's bank. If you have additional information you'd like to include, you can add evidence to the chargeback response
Top fraud detection and prevention tools
Shopify Protect
Chargebacks pose a huge risk to retailers. Not only is it time-consuming to deal with this type of fraud, but it’s expensive. Shopify Protect solves that problem.
US-based Shopify stores that accept online payments through Shop Pay have automatic access to Shopify Protect. Eligible Shop Pay orders in the US are protected from fraudulent chargebacks. If you experience a fraudulent chargeback, Shopify will cover the cost of the order by reimbursing you the disputed funds and chargeback fee.
NoFraud
NoFraud is a Shopify app that integrates with your online store. It uses artificial intelligence and machine learning to detect and block high-risk orders. If the software isn’t sure, the case gets escalated to NoFraud’s team of fraud detection experts for manual review.
NoFraud also offers a financial guarantee to help with chargeback fraud. If a customer does slip through the net and initiates a fraudulent chargeback, NoFraud will reimburse you.
Fraud prevention FAQ
What are ways to avoid fraud?
- Use a secure payments provider
- Enable fraud scoring tools
- Block high risk orders
- Train employees on cybersecurity
- Build upon fraud prevention policies
- Limit order quantities
- Never give out sensitive information
What is an example of fraud prevention control?
Identity verification software is an example of how online retailers might prevent fraud. The software confirms that an order’s shipping address matches the cardholder’s registered home address to minimize the chance of accepting fraudulent orders from criminals using stolen credit card details.
Which is the best strategy for preventing fraud?
- Enable verification checks to prevent identity theft
- Block high risk transactions
- Set an order quantity limit
- Use risk scoring on orders to detect fraudsters
- Update cybersecurity measures
- Train your employees on fraud detection
How can you protect against fraud?
- Never open links or emails from people you don’t know
- Use strong passwords
- Install antivirus software and a firewall
- Review risky online orders
- Train employees on cybersecurity
- Strengthen store policies
- Enable two-factor authentication