top of page
Writer's pictureKathryn Kandra

What Ecommerce Credit Card Fraud Means for You: The Merchants



This is the second article in our series on ecommerce fraud protection. Click here to read Part 1, for banks, and Part 3, for individuals.


Global ecommerce sales are set to hit a staggering $6.3 trillion in 2024. This boom has transformed the internet into a place of endless opportunities for businesses—and for criminals. In 2021 alone, online retailers fended off around 206,000 attacks each and every month. It's enough to make any business owner nervous, and it’s predicted to get even worse, with cumulative losses topping $343 billion by 2027.


Whether you’re a big-time retailer or a small business owner, ecommerce fraud can have a devastating effect on your business. In this article, we’re diving deeper to find out why that is, and how businesses can better protect themselves.


The Growing Threat of Ecommerce Fraud

In a nutshell, ecommerce fraud is a type of cybercrime that occurs during transactions over the internet. And as online shopping becomes as common as doom-scrolling through TikTok, merchants are finding themselves more vulnerable than ever.


Specifically, North American ecommerce businesses are feeling the fraud, facing nearly 40% more fraudulent transactions than their brick-and-mortar cousins, according to a LexisNexis study. Another study found that through 2024, retail ecommerce sales and CNP (card-not-present) fraud were trending up in lock-step with each other.


Why is ecommerce fraud surging? For starters, ecommerce simply makes buying and selling more accessible. This increases the volume of transactions, which gives fraudsters more opportunities. Additionally, many ecommerce merchants operate from homemade websites with lacking sufficient security. It also allows fraudsters to more avenues of attack (from phishing to data breaches and everything in between) and the ability to target thousands, if not millions, of personal data at once.


The Cost of Ecommerce Fraud to Businesses

The financial impact of ecommerce fraud on businesses is stark. Businesses suffer direct losses from ecommerce fraud, often in the form of fraudulent chargebacks (the refund that the customer receives once they’ve flagged a transaction as fraudulent) and their related fees, which can cost a merchant between $20 and $100 per fraudulent transaction.


But direct losses are just the tip of the iceberg. Merchants also must deal with the indirect costs of ecommerce fraud including lost merchandise, soaring operational costs for fraud detection and prevention, and fraud-related customer service like more secure (and thus more costly) shipping and fulfillment. In extreme cases, these indirect costs can lead to supply chain disruptions and operational strain. All in all, the LexisNexis study linked above found that each fraudulent transaction costs ecommerce merchants three times the value of the lost transaction.


Furthermore, ecommerce fraud doesn’t just drain a business’s bank account: it can also hurt its reputation. Customers will often blame a merchant for lax security, even if the burden ultimately doesn’t even fall on the business owner. This can cut businesses off at the knees by scaring off customers and even partners. And if that wasn’t enough to keep you up at night, there’s also the risk of litigation, fines, and penalties from unhappy customers and regulatory bodies.


So, what can merchants do to protect themselves?


How Business Can Fight Ecommerce Fraud

The reality is that ecommerce fraud is overwhelmingly card-based, meaning stolen credit or debit card information is used for the majority of fraudulent purchasing across the internet. This is why card fraud protection is also ecommerce fraud protection.


There are ways for your business to fight back against ecommerce fraud. In fact, 75% of online merchants increased their fraud prevention budgets in 2023. And with good reason!


Some of the commonly accepted best practices that businesses can follow to prevent fraud include: 


  • Conducting regular website security audits

  • Ensuring compliance with the rules set by the PCI DSS (Payment Card Industry Data Security Standard) council

  • Monitoring your website, online storefront, and payment gateway for suspicious activity

  • Using an Address Verification Service (AVS) that compares the customer’s address entered during the online transaction with bank records for extra security

  • Requiring your customers to enter their card’s security code (CVV/CVC) for all card purchases

  • Making sure your website and online store uses hypertext transfer protocol secure (HTTPS) to securely send customers’ data between their web browser and your website 


That said, fraud prevention isn’t easy. The LexisNexis survey showed that businesses identified customer friction and keeping up with changing fraud tactics as two of their largest roadblocks. Reducing friction is key to a smooth customer experience, but many anti-fraud measures add friction to the transaction. Additionally, hyper-specific fraud protection tools may become obsolete as soon as fraudsters figure out how to circumvent them.


Ellipse Verification Code (EVC) is an anti-fraud tool that solves both problems. EVC is a payment-card based solution that transforms a card’s static security code into a dynamic security code. This code changes each time the card is “tapped” or “dipped” in an in-person transaction or triggered with a mobile app. That means that no fraudster can get their hands on the card’s full information for fraud.



With a little knowledge and the right tools, merchants can stay one step ahead of ecommerce fraud, protecting their customers, their bottom line, and their peace of mind. New fraud protection technology like EVC can stop credit card fraud in its tracks, making ecommerce a friendlier and safer channel for all parties involved.

Comments


bottom of page