Small BusinessCommerceE-commerce

Common types of ecommerce fraud and how to prevent them

PayPal Editorial Staff

PayPal Editorial Staff

May 19, 2023

May 19, 2023

With the proliferation of online shopping, ecommerce scams continue to threaten business owners.

This year alone, Juniper Research predicts ecommerce fraud may cost merchants more than $48 billion globally — up from $41 billion in 2022.1

From overpayment scams to return policy abuse, cybercriminals are persistent. But you can avoid falling for scams by taking proactive steps and knowing what to watch out for. Read on for some of the most common types of ecommerce fraud, plus how they can affect your business and what you can do to prevent them.

What is ecommerce fraud?

Ecommerce fraud, also known as payment fraud, occurs when stolen or fake information is used to conduct an illegal online transaction. Fraudsters generally commit scams for financial or personal gain, creating fake aliases to steal money from either the merchant, the customer, or a combination of the two.

In 2021, almost 50 percent of the reports filed with the Federal Trade Commission (FTC) involved fraud, costing consumers more than $5.8 billion in losses — a more than 70 percent increase over 2020.2 Looking at ecommerce fraud trends, the most widespread category remains imposter scams, with online shopping scams ranked second.

Common types of ecommerce fraud

Read below to learn about the types of common ecommerce fraud:

Shipping service scam

The buyer asks you to use a specific shipping service. They may claim they can get a discount or that they have a preferred vendor who is more reliable. In reality, they can easily contact the shipping company and reroute the order to another address.

Tips to help avoid a shipping service scam: Use only your shipping account, review the order for other fraudulent red flags, verify the customer’s shipping address, and ship to the address detailed on the transaction.

Prepaid shipping label scam

The buyer asks you to use a prepaid shipping label provided by them, but the shipping labels could’ve been purchased with a stolen credit card. Or they may attempt to send the package to another country, PO Box, or an untraceable location.

Tips to help avoid a prepaid shipping label scam: Don’t accept shipping labels and only ship to the address on the transaction. This also helps ensure that you remain covered under the PayPal Seller Protection policy on eligible transactions.

Package rerouting scam

The buyer provides an incorrect or fake shipping address and, when the package cannot be delivered, contacts the shipping company directly to reroute the package to a new location. They then file a complaint saying they never received the package because it was rerouted. In this case, the seller won’t be able to prove the item was delivered.

Here’s what the scenario may look like:

  • A buyer provides an incorrect or fake shipping address when placing an order.
  • The shipping company tries and fails to deliver the package.
  • The buyer monitors the online tracking information and notices the shipper couldn't deliver the package.
  • The buyer contacts your shipping company and asks them to send the package to their correct address. The shipping company delivers the package to the new location.
  • The buyer then files a complaint about not receiving the item.

Tips to help avoid a package rerouting scam: Work with your shipping company to block buyers from rerouting packages, and also validate a buyer’s address before shipping.

Overpayment scam

A customer attempts to overpay for an item or an order and asks you to wire them the difference. They may be using a stolen credit card or account to pay you, and if the legitimate account holder reports unauthorized activity, that money can be withdrawn from your account. Learn more and beware of overpayment scams.

Tips to help avoid an overpayment scam: Never wire money to someone you don’t know, and if a customer overpays, consider canceling the order as it’s likely to be fraudulent.

Employment scam

This happens when someone contacts you to be their employee or partner. They ask you to sell products on eBay or a website, pay their supplier, and update your business account address to their address. They can then conduct fraudulent transactions, and you may be liable.

Here’s an example:

  • Someone contacts you about a great new business opportunity. They need an employee or partner to sell an expensive product for them.
  • Scammers then start to trick innocent, trustworthy people into sending them money and merchandise.
  • They then use the money from the orders to pay their supplier. They’ll contact the supplier in advance to let them know you’ll send them money.
  • They’ll ask to update your business account address to their address.
  • After you pay the supplier, you’ll start receiving complaints from your buyers stating that they didn't receive their merchandise. Instead, they received an empty box (from the scammer).
  • You file a complaint against the supplier. Unfortunately, you learn that you may be liable for the money since the supplier delivered the merchandise to your business account address.

Tips to help avoid an employment scam: Never list someone else’s address or send money to someone you don’t know. You should also verify all your suppliers.

Employee theft from a PayPal account

In some cases, you might give your employees access to your account so they can do their job. Unfortunately, this opens you up to fraud risk. An employee may transfer money to their account, their friend's accounts, or to an offshore account. When you ask where the money went, they may tell you it was for a customer refund, used to pay a supplier, or used for payroll.

Tips to help avoid an employee theft scam:

  • Always conduct background checks on potential employees and review current employees’ account activity on your account regularly.
  • If you need an employee to manage your finances, make sure no one person has control over your account. When it comes to your finances, you should have checks and balances in place.
  • Only give employees access to the information they need to do their job.
  • Set up employee access privileges.
  • You can decide how much access to give each of your employees.

Return policy abuse

You sold something, and the buyer files a complaint stating the product was damaged, you sent the wrong order, or the product was broken. When this happens, the buyer would be asked to send the product back to you. The buyer may be telling the truth — packages get damaged in shipment from time to time. But if you notice that an item the buyer said was broken is in perfect condition or the buyer used the item before sending it back, they may be trying to take advantage of you. Maybe they found it for less somewhere else or they’re trying to avoid your return policy.

Tips to help avoid return policy abuse:

  • Always pack items securely to prevent damage.
  • Communicate with your customers. Inform them of any flaws upfront and provide product pictures so customers know exactly what they're buying. If you’re selling a technical product, send installation instructions so the buyer can use the product.
  • Provide a customer-friendly return policy so the buyer doesn't feel like they need to make up a reason for returning the order.
  • If you sold something on a marketplace like eBay and feel your buyer is misusing the returns process, report it. If you sold something on your own website and feel the buyer is misusing the returns process, you can appeal your claim by contacting your payments company. (Learn more about How Claims Work.)
  • Create a list of customers you don't want to do business with again. The list should include information such as name, address, email, and phone.
  • If you have your own website, the list could also include IP addresses, computer or device IDs, and credit card information.
  • Monitor new orders against your negative list.
  • If you're a smaller business, you can create a negative list using Excel or a Macro.
  • If you're a larger business, you can use a third-party rules system or develop your own in-house solution.

Affiliate fraud

Affiliate fraud occurs when affiliates or third-party marketers use illegal methods to earn commissions from promoting products or services, such as creating fake websites, generating false sales, using fake traffic sources, or manipulating tracking and reporting. The result is that the advertiser loses money, and the affiliates are paid commissions they didn’t rightfully earn.

If you use affiliate marketers to help increase your sales, there are some additional things to be aware of. As a refresher, here’s how it works:

  • Affiliate marketers are paid based on their performance.
  • Each time the affiliate refers a customer to your website, and it results in a sale for your business, the affiliate gets a commission.
  • You may notice that one affiliate is generating higher sales than your other affiliates.

Fraudulent affiliates take advantage of your revenue-share program by placing orders using stolen credit cards, then:

  • Since you didn't realize the orders were fraudulent, you paid the affiliate.
  • Months later you realize the affiliate was a fraudster because your customers filed complaints that their credit or debit cards were stolen.
  • As a result of this scam, you may incur losses like affiliate fees, the cost of your product, shipping fees, transaction fees, chargeback fees, and your time.

Tips to help avoid affiliate fraud:

  • If you offer an affiliate program, make sure you know who your partners are.
  • If you're partnering with a third party that refers affiliates, understand how the third party verifies and approves their affiliates.
  • Pay affiliates 60 or 90 days after the order date so if there is a chargeback or customer complaint, you notice it before the affiliate has gotten away with that money.
  • Watch for spikes in sales on products that come with higher affiliate payouts.

Ecommerce fraud management strategies and best practices

New scams pop up often, so it’s critical to keep an eye on fraud trends and work with partners who can help prevent fraud.

To help reduce your business risk, below are fraud management techniques you can consider integrating into your business:

  • Look out for suspicious transaction activity, such as mismatched billing and shipping information or anonymous email addresses.
  • Regularly review financial statements and account history. Record and report transactions you suspect may be fraudulent or risky.
  • Set purchase limits on the number of orders you accept from customers.
  • Use the address verification system (AVS) in payment processing, and require card verification value (CVV) at checkout.
  • Update your software and systems regularly and use business-grade anti-malware and anti-spyware software.
  • Before an order ships, confirm order details with the customer and allow them to catch any mistakes or errors.
  • Train employees on how to identify and prevent fraud.
  • Consider implementing advanced fraud prevention tools into your business procedures.

Learn more about fraud management and fraud protection.

Was this content helpful?

Related content

Sign Up for the PayPal Bootcamp

In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.

*Required fields.

I consent to PayPal contacting me by phone or by email, and to sending me product or industry information relevant to my query. I know I can unsubscribe at any time.

The content of this article is provided for informational purposes only. You should always obtain independent business, tax, financial, and legal advice before making any business decision.
1
Juniper Research. (2022, October). eCommerce Losses to Online Payment Fraud to Exceed $48 Billion Globally in 2023, As Fraud Incursions Evolve.
2
Federal Trade Commission. (2022, February). New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021.

We use cookies to improve your experience on our site. May we use marketing cookies to show you personalized ads? Manage all cookies