When running an ecommerce site, it’s not uncommon to face challenges dealing with fraudulent orders. From credit card fraud and account hijacking to refund requests based on false claims, the tactics used in fraudulent orders are becoming more diverse every year.

These fraudulent orders can lead not only to losses of product and revenue, but also to an increased operational burden and a decline in customer satisfaction. In this article, we’ll look at the various types of fraudulent orders, the tactics used by perpetrators, the nature of the damage they cause, and the countermeasures that Japanese businesses can take.

What’s in this article?

• What are fraudulent orders?
  
• Fraudulent order statistics
  
• Types of fraudulent orders
  
• Fraudulent order tactics
  
• Products prone to fraudulent orders
  
• Impact of fraudulent orders on ecommerce businesses
  
• Fraud prevention measures for ecommerce businesses
  
• How Stripe Radar can help
  

What are fraudulent orders?

In the context of ecommerce sites, fraudulent orders are those placed with the intent of gaining financial benefit through unauthorized credit card use, account hijacking, or other criminal means. Fraudulent orders also can include prank orders, where there is no intent to actually keep the purchase, and identity theft orders, where a third party’s information is used illicitly.

Fraudulent order statistics

According to a 2026 survey by the Japan Credit Association, losses from credit card fraud have been increasing year over year, reaching a record high of approximately ¥55.5 billion in 2024. The vast majority of these cases involve identity theft, in which criminals illegally obtain card numbers and other information to make unauthorized payments by impersonating cardholders; such cases account for 90% of all incidents.

Types of fraudulent orders

Fraudulent orders are classified into several types based on their objective and the means by which they occur.

Credit card fraud

This is a type of fraudulent order in which payments are made using credit card information that has been obtained illegally. Since these fraudulent orders are placed by individuals impersonating the actual cardholder, it could take some time before the fraud is detected.

Account hijacking

An unauthorized party gains illicit access to an individual's account and places orders using their identity and credentials. Because the previously registered address and payment information are used, it’s hard to distinguish these orders from legitimate ones, making fraud harder to detect.

Abuse of refund and exchange policies

Individuals make false claims of dissatisfaction—despite a product being free of defects—and demand refunds or replacements. This type of fraud is characterized by the exploitation of the refund and exchange policy.

Bad-faith large-volume orders

A large order is placed with no intention of keeping it. The objective is to disrupt business operations—for instance, by deliberately depleting the store's inventory.

Abuse of deferred payment methods

These are purchases made using a deferred payment method such as cash on delivery (COD) or buy now, pay later (BNPL), where the person placing the order fails to actually make payment as agreed upon. Because payment cannot be collected, the business might suffer financial losses.

Exploitation of promotional programs

This refers to schemes involving the misuse of referral systems, coupons, and loyalty point programs to obtain rewards that a person is not entitled to. For example, a user might create multiple accounts and pose as different individuals in order to claim additional benefits.

Fraudulent order tactics

Fraudulent orders are often carried out using a combination of methods, and the tactics used are becoming more sophisticated every year.

Credit card fraud

This is the practice of purchasing goods using fraudulently obtained credit card information acquired through unauthorized means such as those described below.

Phishing

These scams use fake emails or websites to trick users into entering their credit card information. Phishing emails and sites are often hard to detect because they’re difficult to distinguish from the real thing.

Malware

This involves infecting a device with malicious software that’s used to steal card information entered into it. Sometimes this takes the form of keyloggers that collect information from a device, and other times it’s a method called web skimming where malicious scripts are embedded into an ecommerce site itself to steal the credit card information entered by users.

To combat such attacks, it’s important not only for users to take precautions but also for businesses to implement security measures.

Credit master attacks

This involves systematically trying every possible combination of card numbers and expiration dates to identify valid card information.

Password list attacks

This is a method of attempting to gain unauthorized access to an account using combinations of usernames and passwords that have been leaked from other services. It exploits the fact that many users reuse the same password across multiple sites, so once a login and password have been found for one site, it can be tried for others. Once the login succeeds, the account can be used to place orders.

Fraudulent refunds through false claims or product swapping

A common return fraud scheme involves demanding a refund or replacement by making false claims such as “the item never arrived” or “it was damaged,” even though the product was delivered and there was nothing wrong with it.

There’s also a scam known variously as “switch-and-return,” “switch fraud” or “product swapping.” In this scenario, the recipient swaps the delivered item for something else and returns it to receive a refund. This usually involves substituting the original product with a defective or counterfeit item, which has a negative impact on the business’s inventory and quality control systems. This scheme exploits the post-purchase process and poses a significant risk to companies, potentially resulting in the loss of both merchandise and revenue.

Bulk ordering using bots

A large volume of orders and payments are processed in a short amount of time using bots, which are programs that can automatically perform simple, repetitive tasks around the clock in place of humans.

Abuse of COD and BNPL services

This scheme involves using COD or BNPL services to receive goods without subsequently making the required payment.

Fraudulent acquisition of benefits

This refers to the act of creating multiple accounts to engage in self-referral schemes or coupon abuse, thereby fraudulently obtaining points or discounts.

Products prone to fraudulent orders

Let’s take a look at which products are common targets of fraudulent orders. Because the ultimate goal of fraudulent orders is to generate financial gain, the products listed below tend to be targeted because they’re easy to liquidate or resell.

• Smartphones and tablets
  
• Game consoles and software
  
• Designer goods
  
• Gift cards and digital gifts
  
• Tickets
  
• Cosmetics
  
• Supplements
  

Impact of fraudulent orders on ecommerce businesses

When fraudulent orders occur, they have wide-ranging effects on the entire operation of an ecommerce site. Let’s take a closer look at the specific types of damage that can result.

Product loss

Orders placed using stolen credit card information or fraudulent orders using forwarding services could result in the inability to recover the merchandise, which can result in financial loss.

Losses due to inability to collect payment

With COD and BNPL methods, there are instances where the business is unable to collect payment even after the goods have shipped. In some cases, return shipping and handling fees can also be incurred, significantly impacting profitability.

Chargebacks

If fraudulent use of a credit card is detected, the card issuer might issue a chargeback (reversal of payment). This not only results in the loss of sales revenue but also entails the burden of associated fees and administrative costs.

Increased customer support and operational burden

Dealing with fraudulent orders involves a significant amount of work, including verifying order details, conducting investigations, and providing customer support. This can take time away from sales and marketing activities, potentially leading to a decline in operational efficiency.

Damage to brand image

Complaints from customers affected by fraudulent activity, as well as dissatisfaction caused by slow response times, can spread through reviews and social media. A poor customer experience could lead to future customer churn.

Fraud prevention measures for ecommerce businesses

To avoid losses resulting from fraudulent orders, it’s important to implement measures that address the potential for such fraud. Combining multiple measures can help prevent damage and reduce risks.

Adopt 3D Secure 2 (3DS2)

By adopting 3D Secure 2 (3DS2) to strengthen user authentication for credit card payments, the risk of fraudulent use can be reduced. Unlike the original 3D Secure protocol, this updated version employs a risk-based authentication approach grounded in transaction data. This allows for enhanced fraud prevention without compromising user convenience. Even if your card information is stolen, this additional authentication step can help prevent unauthorized transactions.

Implement two-factor authentication (2FA)

The risk of unauthorized logins can be significantly reduced by adding a one-time code or similar security measure during the login process. This measure is considered particularly effective in preventing security breaches resulting from the reuse of passwords across multiple accounts.

Adopt a fraud detection system

Another effective measure is to implement a fraud detection system that can identify potentially fraudulent transactions based on order details and past transaction patterns. Detecting suspicious orders early and responding appropriately helps prevent the escalation of damages and reduce operational burdens.

Tailor risk management to each payment method

While COD and BNPL payment options offer great convenience, they also carry the risk of nonpayment. It’s necessary to implement risk management measures tailored to each specific payment method, such as restricting the use of COD and BNPL for high-value items or first-time purchases.

Order monitoring and establishment of operational rules

Establish internal monitoring systems to identify at an early stage any suspicious ordering patterns that could indicate fraud. Specific measures include strengthening monitoring of unnatural purchasing patterns, such as frequent use of different names or shipping addresses from the same account, or repeat orders placed in rapid succession.

How Stripe Radar can help

Stripe Radar uses AI models to detect and prevent fraud, trained on data from Stripe’s global network. It continuously updates these models based on the latest fraud trends, protecting your business as fraud evolves.

Stripe also offers Radar for Fraud Teams, which allows users to add custom rules addressing fraud scenarios specific to their businesses and access advanced fraud insights.

Radar can help your business:

• Prevent fraud losses: Stripe processes over $1 trillion in payments annually. This scale uniquely enables Radar to accurately detect and prevent fraud, saving you money.

• Increase revenue: Radar’s AI models are trained on actual dispute data, customer information, browsing data, and more. This enables Radar to identify risky transactions and reduce false positives, boosting your revenue.

• Save time: Radar is built into Stripe and requires zero lines of code to set up. You can also monitor your fraud performance, write rules, and more in a single platform, increasing efficiency.

Learn more about Stripe Radar, or get started today.