Download for free Axerve’s latest whitepaper on payment orchestration. Find out more

Download for free Axerve’s latest whitepaper on payment orchestration. Find out more


Our Solutions

Unique and integrated solutions to manage payments in all shapes and forms in all online channels.
Online payment fraud: protect your Ecommerce [Guide 2023]

Online payment fraud: protect your Ecommerce [Guide 2023]

Published: 31 January 2023 • Reading time: 9 minutes

Many Ecommerce merchants in the UK and Ireland witnessed a particular increase in fraud in 2022. 58% of interviewed merchants reported increase in monetary fraud, 46% in account takeover fraud and 38% in friendly fraud. This data seems very concerning, but many other leading countries in Ecommerce have got it worse, such as the US, Canada, Mexico, Australia and France. Moreover, in 2022 62% of merchants have been witnessing the appearance of new fraud types, which makes it challenging to keep up. ¹

No wonder, the cyber security sector is thriving in the UK, reporting each year higher revenue and demand on the merchants’ part, which is clearly reflected in the consumers’ raising concerns about fraud as well. Therefore, more and more measures are taken by the consumers to protect themselves from online fraud. For instance, in 2021 68% of Ecommerce consumers reported to use strong passwords on devices they use to go online, while in 2016 this number was merely at 54%. ² Same goes for the UK merchants that in 2022 had to spend on average over $5 million per each data breach suffered from hackers and fraudsters. ³ Let’s explore in this insight the main fraud types Ecommerce businesses suffer from annually so that you can prepare for them more efficiently.

Payment card fraud (card-not-present/transaction fraud)

It is a macro category for many common types of fraud, such as a new account fraud, cloned card etc. Fraudsters use stolen credit card information they illegally gained access to in order to purchase products or services from Ecommerce websites, as well as to open new accounts or make transfers. This common type of online fraud is gradually substituting the card-present fraud, where the fraudulent party is in possession of a stolen credit card and not only its data and presents it to the merchant, however, this type of fraud still poses a big threat to the consumers from the developed countries.

Triangulation fraud

The goal is always the same – stealing credit card credentials from legitimate consumers. There are three actors involved in this type of internet fraud: the fraudster, the merchant and the victim (real shopper). The idea of this fraud is to tempt the customer with very low prices for highly requested items on a fake online shop with deep discounts. The shopper places an order with their credit or debit card on a fake website. Then the bad actor forwards the transaction to the real ecommerce merchant using the stolen credit card data. Then the customer is charged for a second time by the real merchant, which leads to chargebacks. Moreover, if the shopper doesn’t realise their credit card information was compromised, the fraudster can keep using the stolen information for further purchases.

Interception fraud

Not to be confused with the email interception fraud, where criminals monitor the internet to read private correspondence and steal email credentials and hack the accounts. Ecommerce interception fraud, however, involves yet again stolen card information that is used to place orders, where the bad actors deliver the products to themselves, instead of the legitimate recipient by intercepting a customer’s order and then reselling it. This is done by contacting merchant’s customer service to change the shipping address. However, in order to be able to do this, fraudsters first need to take over the customer’s account to access shipping and order details. And now we need to get into the account takeover fraud to explain how it works.

Account takeover (ATO) fraud/phishing.

Simply put, this is an identity theft, if you want to study this topic in depth, we wrote an article on how to prevent it with intelligent fraud detection. The attacker gains access to a registered customer’s credit account and uses the card details to pose as a trusted customer by means of hacking or social engineering (or phishing – tricking people into revealing sensitive information, and/or purchasing the credentials on the dark web).

Friendly fraud

It is differentiated from other types of fraud by the fact that the fraudster and the customer have the same identity. There are many ways to commit the friendly fraud, but the core is always the same. The purchase is legitimate, but the customer tries to find a way to get the money back without giving back the product or get a better deal, and it involves deception on the customer’s part or at least a faulty memory. The most common friendly fraud is a chargeback fraud, when the product is purchased but the consumer contacts their card issuer to dispute the charge to get the money back, as well as to keep the goods. Return fraud is a sub-category of the friendly fraud and involves defrauding the retailer during the return process (by price or receipt switching, substituting the price tags from lower to higher price or using an old invalid receipt to return the product).

New account opening (NAO) fraud

This fraud occurs when a cybercriminal creates new accounts to take advantage of offers and services thought for the new customers. The bad actor uses bits and pieces of real identity data that were stolen, which makes it harder for merchants to understand if the account holder is legitimate or not. Businesses that offer free trials, referral codes and sign-up gifts are most susceptible to this fraud type.

E-gift card fraud

A consumer’s payment details are stolen by a fraudster, who then buys an e-gift card for the purpose of reselling it. When another shopper purchases it, the bad actor pockets the money, as well as the payment data. Meanwhile, the original consumer, whose payment information was used, calls their credit card company to dispute the charge, which then usually gets approved. E-gift card fraud is difficult to trace and ends up being costly for the merchant because cards don’t get shipped. However, there are ways to detect and prevent this type of fraud with dedicated ecommerce fraud protection solutions.

Refund fraud

Can be performed both by large groups and opportunistic individual customers alike. It poses a big problem for any company that ships goods or accepts returns. 2022 Kount survey on social engineering trends revealed that 41.4% of consumers have used social engineering tactics to coerce customer service representatives into issuing refunds. ⁴

Saying the item was broken or damaged was the No. 1 coercive tactic (22.22%), followed by threatening to cancel services (15%) and threatening disputing the purchase (13%). This is one of the hardest to detect frauds, since the logistics process is exploited thanks to companies’ breaches and imperfections in the operations flow and social engineering to repossess the goods of businesses. The types of refund fraud are as follows:

  • Item not received / Did-not-arrive refund fraud (DNA). Fake claim that the package did not arrive or was stolen when the opposite is true.
  • Empty box fraud. Purposeful deception regarding the package’s content, that it arrived empty (content was stolen) or packaged improperly, which makes it hard for merchants to understand if they are being defrauded or if the claim is authentic, this is why this type of fraud is difficult to prevent.
  • Partially empty box. The order is made usually for two or more items, where one is large and cheap, and the other is costly and smaller. So that the customer might claim that the small item was not included by the merchant by mistake and get a refund for it.
  • Fake tracking ID (FTID). The tracking ID label that the merchant gives to the customer gets plastered on a junk envelope instead of a real item, the refund was issued for, and then the empty envelope gets mailed to be able to claim that the item was shipped back to the merchant. The solution to this would be requiring the receipt to be shipped together with the package to check that the real item was shipped and issue the refund only afterwards.

Subscription billing fraud

Also called recurring payments fraud. Subscription economy has been expanding rapidly during the last decade, and there are many safe payment solutions for this business model, including payment orchestration, this is a win-win strategy for both parties. Merchants receive recurring income, and customers receive ongoing service and guarantees. However, passing from one business model to another is not always a safe endeavour, businesses that switch to subscription business models are exposed to fraudulent activities possibly carried out by both customers (friendly fraud) and external criminals. The ways to defraud businesses for both customers and external bad actors are very similar – false accounts, referral discounts abuse, infinite free trials with different credentials and other perks.

Buy now, pay later (BNPL) fraud

By 2025, the BNPL market will be worth $680 billion. ⁵ In the US, for instance, 4 out of 5 consumers use BNPL on all types of goods, from clothing to kitchen appliances, according to Experian, consumer credit reporting company. Synthetic ID fraud and various types of account takeover are the most common means to defraud businesses with the BNPL model. Bad actors look for vulnerabilities in the application process in order to test cards, which is further simplified by the absence of payment at the first step of the purchase. Less common types of fraud used against the BNPL merchants are triangulation, refund and friendly fraud.

Coupon fraud or promo abuse

Can be performed by different parties, even by third-party vendors, when the loophole is found in the coupon distribution, which significantly cuts the profit margin for the merchant. When the ecommerce fraud protection solution isn’t adequate, sometimes coupons can even be abused to earn money and not only to accumulate discounts and re-sell items for a higher price. Loopholes can be found in promo policies and in the absence of limitations of how many codes can be used in one purchase. For example, one can use a first-time purchase promo code, bloggers’ referral codes, newsletter subscription, apology vouchers and other promo codes, all in one purchase in order to reduce the price to the minimum, in such a way that the business loses significantly on the profit margin or might even suffer losses.

Retail arbitrage fraud

In this fraud bots come into play. They allow for purchases of multiple discounted items that later are re-sold on marketplaces at a higher price. It is important to consider, however, that buying 1 or 2 items to re-sell them at a higher price on another marketplace that doesn’t have these particular products isn’t a fraud per se, since these buyers don’t drain the inventory, however, even this innocent act might undermine brand’s reputation.

We end here the complete list of the fraud types that your Ecommerce might get hit by, to find out how to protect your business from fraud losses, check out the article about online payment fraud or if you are interested to learn how machine learning can prevent ID theft, we covered it as well here. If this is not enough to satisfy your interest in this topic, download our whitepaper on cybercrime and check out how Axerve deals with fraud and what advanced solutions it offers to global businesses.


Online Merchant Perspectives Survey, Ravelin, 2022


Cyber crime and consumers in the UK, Statista, 2021


Cyber crime and companies in the UK, Statista, 2022


Social Engineering in Refunds and Returns, Kount, 2022


The Buy Now, Pay Later Report, Emarketer, 2021

Latest edu-content
Payment Orchestration explained
28 March 2022
Benefits of Buy Now Pay Later for Ecommerce
28 March 2022
Shopping cart abandonment
24 January 2022

Join our newsletter