Five e-commerce fraud trends to stay on top of right now

Alice WongPayPal Editorial Staff

Alice Wong

PayPal Editorial Staff

May 27, 2020

Two staff at a table calculating restaurant bill

More businesses have moved their operations and stores online in the past few months, which also means more opportunities for fraud.

According to website Retail Dive, each dollar of consumer fraud costs retailers $3.131. And, in 2018, small businesses in the U.S. reported losing an average of $28,313.33 to online fraud.2

You can help prevent some of this fraud by staying diligent. Below, learn the most prevalent types of ecommerce fraud trends. And more importantly, how you can help protect your business from them.

  1. Merchant app fraud

    Ability to self-detect and protect: Difficult.

    Merchant app fraud is when a fraudster downloads your mobile app and pays for goods or services using stolen credit card information. Unfortunately, it costs businesses twice.

    One, goods that have been purchased are now gone. And two, because it’s a stolen card, the cardholder will dispute it with the bank and the business will have to refund the cost.

    What you can do about merchant app fraud.

    You can manually check for purchases of products prone to fraudulent transactions and you can also look out for purchases significantly above your store’s average transactional value.

    But a sophisticated fraud protection tool is key. A good fraud protection tool looks at many items: transaction velocity (how many transactions are being done by this particular mobile app), card number stored with the mobile app, and the device the customer is using. It flags anything that doesn’t add up between these data points and can help prevent fraudulent transactions from even taking place.

  2. Digital payment fraud

    Ability to self-detect and protect: Difficult

    Good news: EMV chip cards and card readers make traditional debit and credit card fraud more difficult and expensive to pull off at brick-and-mortar retailers.

    Bad news: Rather than dramatically reducing credit card and debit card fraud, EMV technology has shifted it away from physical stores toward online transactions. The Federal Trade Commission reported that, from 2017 to 2018, credit card fraud increased by 24% and online shopping and payment account fraud increased by 18%.3

    How it happens.

    Digital payment fraud can take many forms:

    • Criminals use stolen credit card credentials to make purchases online. Since the chip doesn’t protect online transactions, it’s an easy avenue for fraudsters.
    • Customers can make a purchase with their own credit card and then dispute the transaction with their credit card issuer. If they win the case, they get a refund and keep the goods.

    What you can do.

    One of the most effective ways to combat digital payment fraud is to have a sophisticated fraud protection tool that keeps up with the pace of evolving fraud trends. You can get a fraud protection tool on your own or you can look for a payment processor that already includes that benefit.

    Either way, the tool you use should use machine learning technology to learn with every transaction and adapt to ever-shifting fraud patterns.

  3. Promotion abuse / signup fraud

    Ability to self-detect and protect: Difficult.

    Businesses often try to increase their customer base by offering special promotions to gain new customers. They usually offer incentives (free meal, $10 off, etc.). Fraudsters take advantage of a special promotion multiple times by using the large number of Personally Identifiable Information (PII) data and stolen cards to create new accounts with your online store.

    What you can do about promotion abuse / signup fraud.

    Look for multiple accounts being created with the same email address or phone number. When you spot one, reach out to the customer and see if they can provide additional information. Or if you don’t want to chance it, terminate the loyalty account.

    You can also look at your chargebacks. If there’s a consistent phone number/email address reporting a chargeback, that’s a red flag.

  4. Compromised business email

    Ability to self-detect and protect: Medium.

    Compromised business email fraud is when criminals pose as trusted employees or partners to steal company money. There's been a dramatic increase in cases of business email compromise fraud in recent years so don’t take this lightly. In 2019, the FBI's Internet Crime Complaint Center received 23,775 email compromise complaints with total losses of over $1.7 billion.4.

    How compromised business email happens.

    a. The perpetrators access your company's network through a spear-phishing attack and by using malware.

    b. They then spend weeks or even months studying your company's vendors, billing systems, and even your employees' style of communication and travel schedules to make sure their fraudulent emails appear authentic.

    c. When it's time to strike, the scammers send emails from your executives' email addresses to employees who have access to company finances. Then they request wire transfers to what are actually fraudulent bank accounts.

    d. Since the email sounds and looks like it’s from an executive and the bank accounts look like they belong to the company's trusted partners, employees often unwittingly comply and send the money.

    What you can do.

    The best way to combat business email compromise is company-wide education. Make sure everyone knows how to spot and report a fraudulent email. Be wary of emails that stress the time sensitive nature of the transfer (Do it ASAP) or instructions to be secretive (Hush, don’t tell anyone about this transfer).

    Even better - establish a stringent and regulated process for requesting and receiving money.

  5. Account takeover

    Ability to self-detect and protect: Medium.

    Account takeover is when fraudsters use stolen login credentials to make fraudulent transactions. Criminals have realized that stealing a user's account access can be more lucrative than typical transaction fraud. In fact, in 2019, 57% of businesses have experienced increased losses associated with account opening and account takeover.5

    How account takeover happens.

    a. Through data breaches, phishing, or hacking, fraudsters steal your login credentials to gain access to your financial accounts.

    b. Then they add themselves as an authorized user or change the contact email or address.

    c. From there, they set up a one-time or ongoing funds transfer from your company account to their account. A fraudster may even use your account to make fraudulent purchases with one of your frequent suppliers and then ship directly to themselves.

    Also watch out for your loyalty rewards or points. Fraudsters know victims are much less likely to track loyalty and rewards points usage than they are to track bank and credit card statements. Betting on the fact that it's likely to go unnoticed for a while, they use your points to make unauthorized purchases.

    What you can do.

    The best defense against account takeover is good password hygiene:

    • Use unique usernames and strong passwords on every site you visit.
    • Leverage a password-management tool to keep track of your passwords.
    • Install updates and virus protection on all devices.
    • Take advantage of multi-factor authentication whenever available.

    Also audit your accounts every day so you can detect unfamiliar transactions and report them more quickly to your bank. They may be able to catch the fraudster, stopping damage and the transaction.

    New schemes happen all the time. It’s important to monitor fraud trends, educate your team, and work with partners that can help prevent fraud.

Get built-in fraud protection with the PayPal Commerce Platform.

PayPal’s fraud protection works hard 24/7 to help guard your business against fraud. Learn more at 844-276-1414.

Additional resources for fraud prevention.

E-book: Comprehensive fraud prevention for merchants.

E-book: How to choose a great fraud solution.

Protect against Account Takeover.

Was this content helpful?

Sign Up for the PayPal Bootcamp

In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.


We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies