Be Prepared! Prevent Ecommerce Frauds From Ruining Your Holiday!

Ecommerce is more and more integrated into our daily lives. Especially due to the pandemic, many people decided to shop online during this year’s holiday season. During a survey, about 61% of adults said they feel safe to go to the store, but when asking about Black Friday, 58% said they prefer to buy online instead.

The number even went down to 43% for going out to a restaurant and 29% for going back to work (digitalcommerce360).

This poses a possible danger for ecommerce frauds to target the store during this online holiday sales season.

Before the Internet age, fraudsters had to physically steal credit cards to make the purchase, which means robbing people, breaking into houses, and stealing the credit cards that the store accidentally discarded.

These are dangerous and risky businesses, so there were not as many frauds around compared to the current time.

But as e-commerce revenue grows, it provides opportunities for cyber frauds to be on the rising tide as well.

Retailers have reported that they have to deal with 206,000 attacks to their stores per month from these ecommerce frauds. (According to SignalScience research.)


Credit card Fraud Reports in the US (Source: Shift Processing.)

So to save your business this coming Christmas from these ecommerce frauds, you should know well how to spot them, which steps to take, and who you can consult with to prevent these frauds from harming your current customers as well as new buyers who come to your site.


Source: Freepik

GET TO KNOW other ecommerce security threats and protect your Magento site from these threats!

open shopify store

Ecommerce Fraud Definition

First, before you know how to defend yourself from ecommerce frauds, you need to understand what they are first.

Ecommerce frauds are one of the security problems that cause merchants headaches. There are thousands of ecommerce transactions made to online stores, and these frauds are criminals who use deception for those financial transactions for personal gains that could damage both card owners and merchants.

Two things are clear about the purpose of ecommerce frauds: they target online merchants, and they intend to remain undiscovered for as long as possible.


5 Types of Ecommerce Frauds

When you think of ‘ecommerce frauds, what’s often occurred in your mind is the type of fraud that stole your credit cards and made unauthorized purchases using the data. However, that’s only the most common one. Here are five types of ecommerce frauds that merchants typically have to deal with, and knowing them thoroughly would give store owners an edge in the ecommerce fraud prevention battle.

Credit Card Fraud

Credit card fraud is the broad term for the fraud committed using victims’ credit cards or debit cards. Credit card frauds are also known as card-not-present frauds or payment frauds. The data sources that credit card fraud can obtain could be from the dark web, which sells stolen credit cards from hackers, and then the fraudster proceeds to make purchases in online stores.


Although the initial defrauds the cardholders, it eventually defrauds the merchant, who must refund the purchase (and sometimes pays the chargeback fees to the bank that issued the card).

Card testing scams also cost merchants a great deal, as multiple credit cards will attempt to purchase to find out which cards are still active and allows for purchase. The number of these credit card orders will add up and cost a significant number to online stores.

Affiliate Fraud

Affiliate frauds are within the ecommerce frauds umbrella, which generates fraudulent activities to gain more commission.

This is related to affiliate marketing, in which online businesses pay affiliates commission for referring links to trace back to their website. When a customer clicks on the affiliate link, being redirected to the merchant store, and makes a purchase, the merchant would reward affiliates for the referral with affiliate commissions (typically a percentage of the sales price).

One of the common forms of affiliate fraud is “typosquatting”, which means the criminal register the domain that matches the commonly mistyped link of the real online store, and then redirects the URL to the legitimate domain as an affiliate link.


Chargeback fraud

This type of fraud waits for customers to make the purchase, then request a refund from the credit card company, claiming that the transaction was either fraudulent or unauthorized.

The credit card company then pushes the request to the issuing bank, which will consider the request and then demand the merchant to refund the purchasing amount.

The fraudster hopes that the merchant lacks the time and resources to disputing the claim or too busy during the holiday season to give them the benefit of the doubt.

Phishing/account takeover.

As an ecommerce online store, it would be typical for you to provide customers with accounts to easily store purchasing information, financial payment methods, and order history.

The account takeover frauds utilize this system by using phishing schemes. In a common scenario, they would send victims an email, which tricked them into revealing their data like username or password.

They then take over the account, change the password, and make illegal purchases without consent. Social media hacking is most vulnerable to this type of fraud, as people often make ecommerce accounts using social media logins.

Triangulation fraud

There is a reason for the word ‘triangulation fraud. This type of fraud uses the three-step to steal data from customers.

First, the criminal develops a site storefront, which could be similar to the famous brand store, or a retailing store that sells the brands’ goods at a low price. This store aims to steal customers’ names, addresses, and credit card information as they purchase at the fake store.

In the second step, the fraudster takes the stolen credential and credit cards to purchase in the actual store, buys precisely what the customer purchased in the fake store, and delivers them to the buyers.

Seems innocent enough, right?

But the third step is where they got their payoff. These fraudsters make additional purchases which they ship for themselves. And as the victims still got what they ordered, this type of fraud took longer to be discovered, as they raised almost no suspicion at all.


STOP hackers from infiltrating your Magento website NOW with these security practices!

Although the ecommerce frauds happen all year, high time would be on holiday seasons. More people would come to your site, and the fraudsters hope you miss one or two suspicious behaviors or lack ecommerce fraud prevention and monitoring during this season.

Tips to Identify Ecommerce Frauds Online

There are several ways you can spot an ecommerce fraud, which is through some abnormality that arises in your site, orders, or delivery addresses. Below are a few red flags that there might be frauds involved for you to look out for:

  • Inconsistent order data: When the customer’s IP address and their zip code, the city entered in the order address don’t match, then it could be a fraud faking their victims’ address.
  • More extensive than average order: The order is more costly compared to what your customer typically buys. Other signs of a fraud order are multiple units with the same SKU in order, and/or expedited shipping (the criminal wants to get the order before being exposed.)
  • Unusual location: Your customer usually purchases from an IP address in one place, for example, UK, but then suddenly orders from an unusual location such as Ukraine, Nigeria, etc. (An utterly new country far from the usual area.)
  • Multiple shipping addresses: When a customer billing at one billing address and have different shipping addresses, something malicious could be happening, and you should double-check.
  • Perform many transactions in a short period: The fraudster makes many purchases at once. During the holiday season, it would be more difficult to notice since you have a large number of orders coming in.
  • Orders from different credit cards: Someone makes multiple purchases using different credit cards to buy products (this process can happen in one day or over a long period).

One obvious spotting point is if this criminal was careless enough to put the same credential on multiple credit cards, but if they don’t, you can check the IP address where the credit cards were registered.

  • Multiple decline transactions: This is also one of the signs of credit card fraud, as they tested not just one or two, but even five, six, seven, or more times in an attempt to get the card number, expiry date, and card security code right.
  • A string of orders from a new country: When you usually don’t have any demand from Slovakia, and then suddenly you have 10 – 20 orders in a week, then it’s a sign to be worried.

Prevent Ecommerce Frauds From Causing Casualties on Your Holiday!

As ecommerce merchants, and also for Magento business owners, you should be aware that even when you know the frauds’ types, read all about how to spot the crime, it is not easy to perform ecommerce fraud prevention.  The fraud’s game is getting more complicated each day. They devise new cunning ways to defraud their targets.

It’s vital for you to take preventative measures that could minimize the risk of frauds, instead of trying to remedy the problem after it had happened.

1. Prevent attacks from hackers

One source for fraud to get data from the victims is the black market, where hackers sell stolen identities from online stores’ customer databases. They can also hijack into the store themselves to steal the credit card’s information, which can then be used for their own gains.

Therefore, to protect your business and regular customers from fraud, you must first develop strategies to limit the chance of your site getting hacked.

The first strategy is to conduct your site audit often, make sure that:

  • The website software is up-to-date and has the latest security patch. For Magento 1 websites, you should be planning on migrating to Magento 2. Without updating on security and support from Magento, your online store is an easy target for hackers and frauds.
  • Is the store SSL certificate current and still working?
  • Is the store PCI compliant (Payment Card Industry)?
  • Check if the passwords on your admin account, hosting dashboard, CMS systems, database, and FTP access are strong passwords.
  • You perform regular website checks and maintenance for any malware.
  • You’ve encrypted your conversations with customers and suppliers.

In the case you’re either stuck on any action that we have listed above, have done them but want more security, or suspect something malicious is happening on your site, then consult with a maintenance service provider for further steps.

You can choose a service that is in the specific platform your site is based. The experts in the field might be able to dig deeper and give insights into the problem your site is having. You can combine this check-up on security with your usual maintenance before holiday sales for a safer holiday season.

GET expert’s help with Magento web maintenance service for a smoothly running and secure Magento website!

2. Monitor customers’ irregularities in the site

With brick and mortar stores, there are cameras, securities, and other fraud prevention methods to catch shoplifters. For online stores, you can have ecommerce fraud prevention implemented by closely monitoring and doing ecommerce website testing on your store frequently to spot any red flags that might be fraudulent transactions.

Especially during holidays, when the traffic is in the surge, it’s difficult for you as the store owner to oversee every detail happening on your site.

To lift off some of your weight as you both have to run a store and take care of the site’s security activities on holiday sales, you can contact a security monitoring service for ecommerce websites.

They can actively perform checks from the certificates, code integrity, to virus scanning and server uptime monitoring, etc.


3. Sort out affiliates regularly and before holidays

The holiday season is profitable with affiliate frauds, because their affiliate can earn more if the store’s traffic is in its uptime. Many of the affiliate fraud would use fake website claims as intermediaries or registering them close to the real domain to trick customers into buying on it.

One of the fake website examples is When lookup Trustpilot reviews, many reviews were marked as fake and removed.


Therefore, to prevent this type of fraud during holidays, you should:

Manually approve your affiliates: Although this is time-consuming, manually checking all your affiliates can help you form the first line of defense against fraudulent affiliate activities. You should check if:

  • Has the affiliate met your brand’s standard?
  • Do they have the holiday campaigns aligned with yours?
  • Whether they are link farm or not?

Changing the Terms and Conditions: When you update the affiliate terms and conditions, make sure to send the newsletter to the affiliates to inform them about the new policies. This will ensure that honest affiliates will have time to comply and update their campaigns.

After the due date has passed, you can use several tools to prevent and detect frauds and make sure that the affiliates are following the new policies.

4. Use Address Verification Service (AVS) Offered By Banks

If you want to protect your credit cards and debit cards of your customers, then the Address Verification Service (or AVS) offered by most credit card processors and issue banks should provide a great solution in ecommerce fraud prevention.

It detects suspicious transactions via credit or debit card in real-time and starts taking actions to prevent credit card frauds. The Address Verification Service will compare the billing address from the customer, and the address that was registered with the issuing bank.

This will help if the fraudster attempts to put the delivery address different from their victim’s.


AVS check is a part of the response to a request for authorization of the credit card from the merchant. The AVS system then sends the report back to the merchant, who will then have the ultimate decision to continue with the transaction.


Source: Pixabay

5. Limit the maximum number of purchases

One of the red flags for ecommerce frauds is an abnormally high order amount compared to average. This can come from a strange IP or a completely new country from where your customers used to buy.

Ecommerce and Magento merchants can prevent cases from happening by limiting the number of purchases. Of course, you don’t want to discourage customers from buying multiple products in different categories, because there are people who want to buy the whole set, or making numerous purchases for other products to prepare for their Christmas party with many guests.

But if the purchases keep falling into one category and even on one product SKU, then you might want to limit the number of products to avoid fraud on the other end.


In default, Magento supports setting min/ max quantity in the shopping cart at the product level, however, you can’t set the maximum order per category.

LIMIT your minimum and maximum order for the category of YOUR CHOICE to prevent string order frauds!

6. Clear billing descriptors and preparation for chargebacks during holidays

The chargeback frauds are opportunists who exploit the gap in billing description to claim fraudulent or unauthenticated payments from customers, with the end goal being getting the refunding payment from merchants.

To prevent chargeback frauds from harming your website during the holiday season, make sure that the billing description is clear and stated the time shopped and received packages after your customer has confirmed them.

It’s easy for customers to forget where they shop, so a clear merchant descriptor will help them from filling “friendly fraud” disputes over confusion.


Another thing your business can do to prepare for fighting chargeback frauds during the holiday season is keeping clear communication, and being explicit about the shipping/return policies.

This way, you can contact customers for validation, and they also will be able to reach your business at any convenient time to report suspicious activity on their part.

7. Require Card Verification Value (CVV) numbers for all orders on your site

The last three or four-digit numbers on the back of VISA, Mastercard, etc., are called Card Security Code, or Card Verification Value. If you require the code for all purchases, you will be sure that your customer has their physical card in hand when they perform the purchase.

This, however, doesn’t completely prevent frauds who possess physical credit cards, and therefore the method should work alongside the AVS system we have talked about above.


8. Double-check the IP address of customers

You should be highly alert if the IP address of customers contains dubious elements, like it coming from a country you have never received orders before, or it simply doesn’t match your customer address in the credit card.

However, it could also be that your customer’s on a business trip, or they use services like VPN to change the IP address, so make sure to double-check with the customer about their purchase before deciding whether to accept the purchase or not.

9. Avoid collecting too much sensitive customer data.

Even when you have done all steps above, perform all the ecommerce website testing needed, take measures to prevent security issues, your store might still be breached and targeted by ecommerce hackers or frauds as their techniques and technology become more and more sophisticated.

One example is the breaching incident of Volusion, which stole credit card information from 6,589 small and middle stores. This costs 239,000 credit card data records being stolen and sold in the black market. And it’s all because a small disguised innocent file was being uploaded to Volusion google cloud infrastructure.


KNOW MORE about Volusion data breach and plan the next step to protect your business!

In these unlikely scenarios, a way to protect your store is to only collect essential information for the purchase from your customers. Restrain from asking unnecessary details, which could be beneficial to ecommerce frauds such as social security numbers, birthdays, relatives, etc. Hackers can’t steal what you don’t have in the first place.


Ecommerce frauds are a problem for both ecommerce merchants and shoppers, as they’re not only causing casualty in financial terms but also distrust about the merchant security level. There are different types of fraud with various methods to manipulate merchants and end-users for their own gain. Knowing the types of frauds, the red flags in which you can spot fraud transactions, and methods for ecommerce fraud prevention will give you powerful knowledge to protect your store and your clients against them on this upcoming holidays.

If you have any problems or inquiries about this article or on your website, do not hesitate to reach out to us. We will be happy to assist you anytime.

BSSCommerce is one of the leading Magento development services providers in the world. With 7+ years of experience, certified Magento developers, and specialists, we guarantee high-quality and commitment to satisfying your business requests.

We covered a wide range of Magento services such as website development, maintenance, speed-up consulting package, etc. Our PWA Magento website development service and Magento 2 PWA Theme will give your site transforming looks, and significant improvements in mobile experience.

We also provide a library of 178 free & paid Magento and Magento 2 extensions, and offer FREE Installation – FREE 1-year Support and FREE Lifetime Update for every Magento extension.


CONTACT NOW to explore our services and boost your business to the next height!

Magento Tester at | Posts

Charlie is an experienced Magento Tester and has started at BSSCommerce for some time. He loves writing about Magento products, e-commerce topics, and is a fan of all technical problems Magento related. If you have a question, he's happy to help.

Write A Comment