Types of ecommerce fraud—and best practices to protect against them

Radar
Radar

Fight fraud with the strength of the Stripe network.

Learn more 
  1. Introduction
  2. What is ecommerce fraud?
  3. Types of ecommerce fraud and how they work
    1. Identity theft
    2. Credit card fraud
    3. Chargeback fraud
    4. Phishing and social engineering
    5. Account takeover fraud
    6. Refund fraud
    7. Affiliate fraud
    8. Counterfeit or fake products
    9. Drop-shipping fraud
  4. Best practices for preventing ecommerce fraud

Ecommerce businesses need a well-rounded payments strategy in order to thrive, which involves addressing the risks associated with ecommerce fraud. This requires planning for what you can’t control as well as optimizing what you can in order to protect your business and customers from potential losses, improve payment processes, and create a positive customer experience.

Below we explain the various types of ecommerce fraud and how to plan for, prevent, and respond to them as part of a holistic payments strategy. By incorporating robust fraud prevention measures into your payments system, your business can make informed decisions and maintain a secure environment for customers.

What’s in this article?

  • What is ecommerce fraud?
  • Types of ecommerce fraud and how they work
    • Identity theft
    • Credit card fraud
    • Chargeback fraud
    • Phishing and social engineering
    • Account takeover fraud
    • Refund fraud
    • Affiliate fraud
    • Counterfeit or fake products
    • Drop-shipping fraud
  • Best practices for preventing ecommerce fraud

What is ecommerce fraud?

Ecommerce fraud is a form of cybercrime that occurs with online customer transactions. Malicious actors deceive businesses and customers to gain unauthorized access to personal and financial information, conduct fraudulent transactions, or otherwise exploit the online retail environment for their own gain. This type of fraud can cause significant financial losses for both businesses and their customers, as well as reputation damage to the businesses and industries involved.

Types of ecommerce fraud and how they work

As ecommerce rapidly increases, businesses are grappling with new challenges, including the evolving landscape of ecommerce fraud. Protecting your business and customers from fraudulent actors is now necessary for any business that accepts online payments.

Below are more details on the various types of ecommerce fraud and insight into their mechanisms and repercussions, which is important to know in order to combat these threats effectively. By staying informed and being proactive about the growing threat of ecommerce fraud, businesses can safeguard their reputation, revenue, and customer trust.

Identity theft

What it is
Identity theft occurs when a fraudulent actor uses someone else’s personal information, such as their name, address, or credit card details, to make unauthorized purchases or open accounts.

How it works
Criminals acquire personal information through various means, including data breaches, phishing attacks, and social engineering. They then use this information to impersonate the victim and conduct transactions or create new accounts in their name.

Affected businesses
Any business that operates online and collects customer data is at risk, including online retailers, subscription services, and financial institutions.

Credit card fraud

What it is
Credit card fraud is a type of ecommerce fraud that involves the unauthorized use of a credit card to make purchases online. It occurs when a fraudulent actor obtains a victim’s credit card information and uses it to make fraudulent purchases.

How it works
Fraudulent actors obtain credit card information through methods such as hacking, phishing, or skimming devices, which are all tools used in ecommerce fraud to gain unauthorized access to personal or financial information.

  • Hacking involves using technical knowledge and tools to access a computer system or network without authorization. This is done by exploiting software vulnerabilities or using brute-force attacks to guess passwords.
  • Skimming devices are physical devices that are installed on ATMs or credit card machines to steal credit card information. These devices are often small and discreet and can be difficult to detect. Fraudulent actors may also use overlay skimmers that fit over the top of card readers, or skimmers that can steal information from chip-enabled cards.

We’ll discuss phishing in more detail below.

Once obtained, fraudulent actors use this data to make unauthorized purchases, create counterfeit cards, or sell the information to other criminals.

Affected businesses
All businesses that accept credit or debit card payments are susceptible, including online retailers, payment processors, and digital content providers.

Chargeback fraud

What it is
Chargeback fraud, also known as “friendly fraud,” occurs when a customer makes a purchase using their credit card, receives the product or service, and then disputes the charge with their credit card company to obtain a refund. This type of fraud is sometimes labeled as “friendly” because the customer may not have malicious intent, but rather disputes the charge for invalid reasons.

How it works
Chargeback fraud can occur in a few different ways. For example, a customer may dispute a charge, claiming that they never received the product, when in fact they did receive it. Alternatively, a customer may dispute a charge claiming that the product was defective or not as described, when in fact it was as described and not defective.

Affected businesses
Online retailers, digital content providers, and subscription-based services are the businesses that are most commonly affected by chargeback fraud.

Phishing and social engineering

What it is
Phishing and social engineering tactics involve fraudulent actors using deceptive emails, messages, or websites to trick users into providing sensitive information or credentials, which they can then use to commit fraud.

How it works
Phishing and social engineering tactics are commonly used in ecommerce fraud to trick customers into divulging personal and financial information. These tactics work by exploiting a victim’s trust or emotional state to gain access to their sensitive data.

Phishing attacks are usually in the form of fake emails or messages that appear to come from a trusted source, such as a bank, ecommerce store, or social media platform. The message may ask the recipient to provide personal or financial information, such as login credentials or credit card details, by clicking on a link or downloading an attachment.

Social engineering tactics are more nuanced and can involve a range of tactics, such as building a relationship with the victim, playing on their emotions or fears, or using social manipulation to gain access to their information. For example, a fraudulent actor might create a fake social media profile and befriend the victim, gaining their trust over time before asking for sensitive information.

In the context of ecommerce fraud, phishing and social engineering tactics are used to steal personal and financial information, such as login credentials or credit card details. Fraudulent actors may then use this information to make unauthorized purchases, steal money from bank accounts, or commit identity theft.

Affected businesses
All businesses operating online are potential targets, as phishing and social engineering attacks can target employees or customers to gain access to sensitive data or systems. These types of fraudulent attacks can affect businesses of all types and sizes, but fraudulent actors target some industries more often than others. Here are a few examples of businesses where phishing and social engineering scams occur more often:

  • Ecommerce businesses
  • Financial services companies
  • Healthcare organizations
  • Government agencies
  • Educational institutions

Account takeover fraud

What it is
Account takeover fraud is a type of ecommerce fraud that occurs when a fraudulent actor gains unauthorized access to a customer’s online account and uses it to make purchases or carry out other fraudulent activities. This type of fraud is often accomplished through phishing attacks or social engineering tactics that trick the victim into revealing their login details or other sensitive information.

How it works
Fraudulent actors use various techniques like phishing, data breaches, or brute-force attacks to obtain login credentials. Once they have access to the account, they may change the shipping address, make purchases, or even sell the account information to other criminals.

Affected businesses
Any business with customer accounts—for example, online retailers, marketplaces, or subscription-based services—can be targeted by account takeover fraud.

Refund fraud

What it is
Refund fraud occurs when a fraudulent actor poses as a customer and requests a refund for a product or service they never purchased and aren’t entitled to a refund for—often by providing fake order details or using stolen account information.

How it works
There are several ways that refund fraud can occur:

  • Returning stolen or counterfeit items for a refund
    A person may steal or obtain counterfeit items and then return them for a refund to the retailer. The retailer may issue the refund without realizing that the item is stolen or counterfeit.

  • Claiming a refund for a product that was never purchased or received
    A person may claim a refund for a product they never actually purchased or received. This can be done by providing a fake receipt or order confirmation.

  • Returning used or damaged items as new for a refund
    A person may use or damage a product and then return it as new for a refund. The retailer may not realize that the product has been used or damaged and issue the refund.

  • Double-dipping by claiming a refund from both the retailer and the credit card company
    A person may claim a refund from both the retailer and the credit card company for the same purchase. This can be done by claiming that the purchase was fraudulent and then returning the product for a refund.

Affected businesses
Online retailers, digital content providers, and subscription-based services are most vulnerable to refund fraud.

Affiliate fraud

What it is
Affiliate fraud occurs in affiliate marketing programs, where a business pays affiliates a commission for promoting its products or services. Affiliate fraud happens when affiliates engage in fraudulent activities to earn commissions that they are not legitimately entitled to.

How it works
Criminals use tactics like click farms, bots, or fake accounts to generate artificial traffic, clicks, or sales that inflate their commission earnings. There are several types of affiliate fraud, including:

  • Cookie stuffing: Cookie stuffing involves placing cookies on a user’s computer without their consent to inflate the number of clicks or sales attributed to the affiliate.

  • Ad fraud: Ad fraud occurs when affiliates create fake websites or engage in click fraud to generate false impressions or clicks on ads, which they receive a commission for.

  • Fake leads: Affiliates may submit fake leads or customer information to earn commissions they are not entitled to.

  • Brand bidding: Brand bidding involves affiliates bidding on a business’s branded keywords in search engines, driving up the cost of advertising and reducing the effectiveness of the business’s campaigns.

Affected businesses
Any business that participates in affiliate marketing programs can be affected by affiliate fraud. However, some types of businesses are more vulnerable to affiliate fraud than others. Ecommerce businesses are particularly vulnerable to affiliate fraud, as their sales are often generated through online channels, making it easier for fraudulent actors to manipulate click-through rates and leads. For example, online retailers that offer a commission to affiliates for driving traffic to their website or generating sales are more susceptible to affiliate fraud.

Counterfeit or fake products

What it is
Counterfeit or fake products are often intentionally produced and sold under false pretenses, often using a brand name or trademark without the authorization of the original manufacturer or owner. These products can range from luxury goods, such as designer handbags and watches, to everyday items, such as electronics, cosmetics, and pharmaceuticals.

Counterfeit products can be difficult to distinguish from the real thing, and customers may unwittingly purchase them online, believing they are buying a genuine product. This not only results in financial losses for the customer but can also have serious health and safety implications—particularly in the case of counterfeit pharmaceuticals, cosmetics, and electronic devices.

How it works
Counterfeit or fake ecommerce products are sold a few different ways. Some fraudulent actors will create websites or online stores that look legitimate and offer products at a discounted price. These products may be labeled as “authentic” or “genuine” but are actually cheap knock-offs made to look like the real thing. The fraudulent actors may use stolen images and descriptions from the legitimate product’s website to make their fake products look more convincing.

Another way fraudulent actors may sell counterfeit products online is by hijacking legitimate listings on marketplaces like Amazon or eBay. They may create a fake account and offer a counterfeit version of the product for a lower price than the legitimate seller. When a buyer purchases the counterfeit product, the fraudulent actor ships it directly to the buyer, but because the product is not genuine, the buyer may end up with a low-quality (or even unsafe) product.

In some cases, fraudulent actors may also create their own counterfeit brands, complete with fake logos, packaging, and advertising. These counterfeit brands are designed to look like legitimate products and may be sold on websites or through social media platforms.

To carry out these fraud schemes, fraudulent actors may trick customers by using a variety of tactics, such as fake reviews or testimonials, misleading product descriptions, and false claims of authenticity. And because ecommerce fraud is not limited to a single type of fraud in each scenario, fraudulent actors may also use stolen personal information or credit card details to make fraudulent purchases.

Affected businesses
Any business that produces or sells products with high value or brand recognition can be vulnerable to counterfeit or fake product fraud in ecommerce. However, some businesses are more vulnerable to this type of fraud than others. Here are a few examples:

  • Luxury goods: Luxury goods are particularly vulnerable to counterfeiting due to their high value and brand recognition. Fraudulent actors often create fake versions of popular luxury brands like designer handbags, watches, and clothing.
  • Electronics: Electronic devices like smartphones, tablets, and laptops are also commonly counterfeited because of their high demand and market value.
  • Pharmaceuticals: Counterfeit pharmaceuticals are a significant problem in ecommerce, particularly for medications that are expensive or difficult to obtain. These fake drugs may contain harmful or ineffective ingredients.
  • Beauty products: Beauty products such as cosmetics, fragrances, and skincare are also frequently counterfeited. These fake products may contain harmful ingredients and can cause skin irritation or other health issues.
  • Sporting goods: Sporting goods, such as athletic shoes and apparel, are often counterfeited due to their popularity and high resale value.
  • Auto parts: Auto parts, such as brake pads and airbags, are commonly counterfeited, and these fake products can pose a serious safety risk to customers.

Drop-shipping fraud

What it is
A drop-shipper is a retailer who does not keep physical inventory of the products they sell. Instead, they fulfill orders by purchasing products from a supplier or manufacturer, which ships the product directly to the customer on behalf of the retailer. This allows the retailer to avoid the costs and complexities of storing and managing inventory and to focus on marketing and selling products.

Drop-shipping fraud occurs when a drop-shipper engages in deceptive practices to scam buyers or other businesses in the supply chain. This can involve various fraudulent activities, such as misrepresenting the quality or availability of products, failing to fulfill orders, charging excessive fees or prices, or using stolen credit card information to make purchases.

How it works
A drop-shipper may create fake websites or social media accounts, pretending to be a legitimate retailer, and take payment from customers for goods that they have no intention of delivering. They may also manipulate product descriptions and images to make it appear as if they are offering a high-quality product, when in reality it is subpar or nonexistent.

Drop-shippers may also engage in price gouging, where they inflate the cost of goods to make a larger profit or use false advertising to lure customers into buying products that do not meet their expectations. In some cases, they may even resort to stealing the identity of a legitimate business to gain access to its supply chain or customer base.

Affected businesses
Online retailers who use drop-shipping as a fulfillment method are most susceptible to this type of fraud.

Best practices for preventing ecommerce fraud

Despite the diverse tactics fraudulent actors use to defraud ecommerce systems, businesses aren’t powerless to defend themselves. There are effective best practices for preventing ecommerce fraud, including:

  • Using secure payment gateways
  • Implementing strong authentication methods
  • Monitoring transactions and user behavior
  • Setting up fraud detection rules and filters
  • Employing address and card verification systems
  • Keeping software and systems up-to-date
  • Training employees and building internal fraud awareness
  • Encrypting and protecting customer data
  • Monitoring chargebacks
  • Connecting with other businesses and industry organizations
  • Utilizing biometrics and behavioral analytics

By following these best practices, businesses can reduce their exposure to ecommerce fraud and create a safer online shopping environment for their customers. For a more thorough look at these antifraud best practices for ecommerce businesses, read more here.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accurateness, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent attorney or accountant licensed to practice in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.
Radar

Radar

Fight fraud with the strength of the Stripe network.

Radar docs

Use Stripe Radar to protect your business against fraud.