Skip links

eCommerce fraud in 2023: what to watch out for

eCommerce fraud in 2023: what to watch out for

With eCommerce spending volumes on the rise and the need for increased security on digital channels, businesses have more time this year to reassess their ability to counter online fraud.

Globally, eCommerce losses from online payment fraud were estimated at $20 billion in 2021- a 14 percent increase over the previous year’s $17.5 billion.

Over the last 12 months, some companies may have invested heavily in technology to improve their fraud detection. Still, cybercriminals have also kept up with digital advancements and found new ways to attack.

To help you address these new challenges, we’ll look at some of the most common tactics fraudsters use to steal customers’ identities and credit card information in this short guide.

Account Takeover Fraud (ATO)

Because so many people reuse passwords on so many accounts, ATO fraud took off in 2021 due to the huge number of stolen passwords that were available on the dark web. If a criminal has valid credentials, they can test them on hundreds of sites, find matching accounts, and take over those accounts to shop using their linked payment methods.

By screening every order for fraud indicators, businesses can avoid ATO fraudsters, even if the order appears to be from a longtime customer. A multi-factor authentication system is the best way to prevent ATO fraud in your business. Additionally, you will be able to prevent fraud by using a fraud protection solution based on machine learning and automation.

Friendly Fraud

The pandemic has increased the momentum of friendly fraud, also called return fraud. Users commit this type of fraud when they pay with a valid card but then falsely claim their order was never delivered, damaged, or substantially different from what was described on the site.

The trend is affecting both brick-and-mortar shops and eCommerce stores, but while in-store returns run in single-digit percentages, online returns can range from 25% to 40%.

Friendly fraud can be combated in several ways, including clear product descriptions, photos, and package tracking from the warehouse to the doorstep.

New Accounts Fraud

This type of fraud is also known as synthetic identity fraud. Instead of impersonating a single individual, the fraudster combines pieces of data from multiple consumers to create a fake (synthetic) identity.

Using this fake identity, they open accounts or set off on shopping sprees, charging whoever holds the corresponding name with the bill. Using technologies that combine facial traits, criminals have even been able to circumvent biometric verification.

Identifying this type of fraud requires checking the email address, phone number, and bank or card accounts of the new user. A database of known fraudsters’ collection points for stolen goods can also be used to compare delivery addresses. Because many people began shopping online after the pandemic, it’s also advisable to manually review any orders flagged recently.

Card Testing

Card testing involves cybercriminals making a small test purchase on an eCommerce site to validate the validity of stolen payment information before making a larger purchase elsewhere. Criminals use this method to identify which piece of information is incorrect when the card is declined.

Fraudsters can be discouraged from committing card testing fraud by combining address verification testing with CVV testing and requesting customers to enter the three-digit security code on the back of their cards. It’s also a good idea to implement CAPTCHA challenges and limits on the number of transactions permitted over a certain period of time.

Buy Now Pay Later (BNPL) Fraud

As the “buy now, pay later” (BNPL) model grows in popularity, fraudsters are adept at exploiting it. To make purchases using a BNPL option at checkout, they can utilise other tactics listed above, such as account takeovers and synthetic fraud. The fraudster then disappears without paying for the goods or uses stolen credit card information to pay.

Having the right identity and fraud protection across their websites and applications is key to addressing this issue. Further fraud attacks can be prevented by quick and comprehensive fraud reporting.

The need for a fraud screening solution

In order to prevent eCommerce fraud, the steps above should be followed. However, it will not be sufficient to combat all online fraud in the long run. Every day, new threats appear, which means that criminals have access to too many different tactics.


You should invest in a fraud screening solution if you are looking to minimise fraud. Our Protect Plus service fits the bill, providing your online and mobile channels with an extra layer of security against fraudulent transactions globally and in real-time.

Learn more about how we can help and get started today!

Security statement

Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.

Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.

We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.

Keep up with the latest in payments!

Fill the form below to sign up to our mailing newsletter.