With the increase in online sales and the growth of the e-commerce industry comes opportunities as well as threats. With online sales forecasted to reach a total of $630 billion dollars by the end of the year, store owners should not only focus on curating strategies to scale their product procurement, order processing, shipping, and delivery; they should also implement precautionary measures against e-commerce fraud, which has, sadly, become more prevalent in the recent years.

Fraud Statistics and Key Takeaways

According to Retail Dive, in 2018, U.S. small businesses have reported an average loss of $28,313.33 due to online fraud. Data on econsumer.gov shows that there were 8,573 reported online shopping fraud incidents in the US in the third quarter of this year alone, and a whopping 21,900 total reported cases to date. From the e-commerce store side, medium to large-scale online retailers are said to experience roughly 206,000 web attacks per month. Cybercriminals are not only persistent, but they’re also innovative, finding new ways to defraud online shoppers, retailers, and e-commerce websites.

Let’s take a look at the key trends to better work on effective e-commerce fraud detection and protection campaigns:

  • As the transaction volume spikes, so does the number of attacks against e-commerce retailers.
  • Trends show an increase in attacks every weekend, as well as every 15th and 30th of every month due to weekend and payday shopping consumer trends.
  • Among the most common forms of attacks are chargebacks, account takeovers, and cross-site scripting.

Most Common E-Commerce Fraud Trends


Because this fraudulent activity entails the loss of inventory and revenue and leads to additional fees, chargebacks are among the costliest attacks. This may also lead to disabling the retailer’s capacity to accept payments from a specific credit card type. Chargebacks cost the company $3.94 for every $1 disputed. They are usually filed within 7 days from the date of the transaction.

According to statistics, 40% of these customers are likely to repeat filing within 2 months. Furthermore, 50% of them tend to do it again within 3 months.

Not all chargebacks are criminal in nature, though, which is why this is also coined as “friendly fraud.” Even if the charges are valid, some customers fail to recognize the charges and directly contact their banks to dispute them instead of allowing the merchant to investigate first. The bank issues a refund and charges the company these chargeback fees.

Here are some ways that you can protect your business from chargebacks:

Use Fraud Analysis Machine Learning Technology

To combat chargeback fraud, online stores can utilize fraud analysis machine learning algorithms that help detect suspicious orders. Due diligence is needed in investigating the flagged transactions so they don’t result in chargebacks. Some platforms have built-in fraud filters that detect and block possible fraudulent transactions.

Keep Your Customers Informed

Make your contact information always visible and ensure all channels are available. Open communication is key and responding to your customers in a timely fashion is critical. Providing real-time data on the transaction prevents 60% of chargebacks. Keep your customers informed about your shipping processes and timelines, and offer them an online tracking system that they can use themselves. It also helps to make them aware of your store policies.

Help Your Customers Recognize Those Charges on Their Bill

Send your customers real-time transaction receipts and use your store name when you bill them. This will help them recognize the transaction on their billing statement and thus not report this as an unauthorized purchase.

Process Refunds and Cancellations Right Away

Stay ahead of your customers and process refunds for duplicate charges and cancellations before they reflect the charges on their billing statements. Confirm the refund and/or cancellation.

Accurate Product Descriptions and Photos

Set the right expectations by posting clear pictures and accurate product descriptions. Include details, dimensions, color, etc. Make sure they are packed properly so that these don’t get damaged while in transit. If the customer complains of damaged goods, replace the items as soon as possible.

Account Takeovers

This type of fraud happens when an attacker obtains your customers’ credentials via methods like phishing and uses them to pass website authentication. The victims’ password and recovery details are altered, which consequently locks them out of their accounts. With the attacker now in full control of the victims’ accounts, they then make unauthorized purchases billed to your customers.

Because most people use the same passwords across different sites and apps, fraudsters utilize automated credential stuffing tools that test stolen usernames and passwords across varied platforms. These tests are conducted rapidly and simultaneously. These tools employ scripts that tell these platforms that the logins are coming from various IP addresses, allowing them to bypass protections. This is just one of the many methods that hackers use.

From the merchant’s side, you will see an increased frequency in the user’s chargeback requests. You might also see a spike in the user’s login access or attempt, password resets, expensive purchases, change in address, and unusual user behavior. Aside from chargeback costs, ATO may impair your business relationship with your customers.

The best way to prevent your customers from becoming victims is by educating them about securing their accounts and about password hygiene. Introduce them to password manager tools and tell them to avoid unsafe passwords. Unsafe passwords, such as “1234” or “qwerty”, are easy to guess, and bots that are programmed to generate all possible combinations are able to guess easy passwords in an instant. As a precautionary measure, you can integrate tools that prevent your users from using passwords that were already found and listed in a database breach.

Cross-Site Scripting

Cross-site scripting (XSS) targets both online shoppers and store administrators. Hackers inject a script tag that makes websites that don’t sanitize user input vulnerable. This injected script then enables fraudsters to steal credentials, log in as the victim, make fraudulent transactions, and ship them to a different address. This can be tracked by investigating the address change versus the user’s usual shipping address. This is also evident when you see the user’s logins coming from another state or country.

When hackers get a hold of a store administrator’s access, they acquire control over a number of things. They are able to process large volumes of fraudulent orders, delete your store data, alter your receipt processing, and gain access to your customers’ contact details and other information.

To resolve this, we need to secure those that are vulnerable to XSS attacks, such as websites, third-party systems, apps, and plugins.

Use Open-Source Systems

Because open-source systems usually fix security problems as soon as these security threats are detected, using them is a good preventative measure. The developers regularly update the systems to their new and more secure versions. Always make sure to update your site and online store to the newest version.

Use Hosted Platforms

Hosted platforms are just as quick to fix XSS attacks and security problems, so this is another good option to consider. They upgrade their system as soon as a fix is rolled out; merchants won’t even know that an attack has happened.

Choose Your Tools Wisely

Most merchants integrate third-party apps, such as Amazon repricer tools or Shopify’s Exchange, for efficiency. The best ones are likely to immediately address any XSS attacks or security threats, so invest in a good and reliable third-party tool. They regularly update the app or system, granting your tools and your business better protection.


Unfortunately, these fraudulent activities are not going to end anytime soon. The growing volume of online transactions is attracting hackers and fraudsters. Take precautionary measures to prevent these attacks. Invest in supervised machine learning algorithms that send fraud signals and help stop or mitigate damages caused. Strive to always be in the know regarding fraud trends and the latest protection available in the market. Educate your customers and make sure that you’re easy to contact in case they need clarification or any help. Use strategic approaches not just in scaling but also in protecting your business so that you not only boost company revenue but you also build customer trust and loyalty by providing them a secure place to shop online.