E-Commerce Fraud Prevention: Protect Your Store and Revenue

The Scale of E-Commerce Fraud

Online fraud costs e-commerce businesses billions annually. For small stores, a single successful fraud attack can result in hundreds or thousands of dollars in losses, account holds from payment processors, and hours spent resolving disputes.

Understanding how fraud works is the first step to preventing it. Most fraud follows predictable patterns, and most of it can be stopped with the right tools and practices.

Types of E-Commerce Fraud

Card Testing

Fraudsters use stolen credit card numbers and test them by making small purchases on your store. If the transaction goes through, they know the card is active and proceed to make larger purchases elsewhere.

Signs of card testing:

• Multiple small transactions ($1-$5) in rapid succession
• Different card numbers from the same IP address
• Transactions fail at a higher rate than normal
• Orders have nonsensical shipping addresses

Prevention: Set a minimum order amount (if practical), implement CAPTCHA or bot detection on checkout, use velocity checks that flag multiple transaction attempts from the same IP, and enable Stripe Radar's built-in card testing protection.

Stolen Credit Card Fraud

A fraudster uses a stolen credit card number to make a purchase on your store. The real cardholder eventually notices the charge and files a chargeback. You lose the product, the revenue, and pay a chargeback fee.

Signs:

• Shipping address differs significantly from billing address
• Customer requests expedited shipping (they want the product before the cardholder notices)
• Large first-time orders with no account history
• Orders from high-fraud geographic regions

Prevention: Require CVV verification, enable Address Verification System (AVS), use 3D Secure authentication for high-value orders, and let Stripe Radar's machine learning score transactions.

Friendly Fraud

The customer makes a legitimate purchase but then disputes the charge with their bank, claiming they never received the item, the item was not as described, or they did not authorize the transaction.

This is the most common type of fraud for small e-commerce businesses and the hardest to prevent because the "fraudster" is your actual customer.

Signs:

• Customer does not contact you before filing a dispute
• Serial disputers (customers with history of chargebacks)
• Claims of non-delivery when tracking shows delivery

Prevention: Send shipping confirmation with tracking immediately, require signature confirmation for high-value orders, keep detailed records of all customer communication, and use clear billing descriptors that customers recognize on their statements.

Account Takeover

Hackers gain access to a customer's account on your store and make purchases using saved payment methods. This is more common on stores with customer account functionality.

Prevention: Enforce strong password requirements, implement two-factor authentication, monitor for unusual account activity (new shipping address, multiple orders in short succession), and send email notifications for account changes.

Refund Fraud

A customer receives a product, requests a refund claiming the item was damaged or not received, and keeps the product.

Signs:

• Repeated refund requests from the same customer
• Claims of damage without providing photos
• Claims of non-delivery when tracking shows delivery

Prevention: Require photos of damaged items before issuing refunds, use delivery confirmation and signature requirements, track refund rates by customer, and flag repeat offenders.

Fraud Prevention Tools

Stripe Radar

If you use Stripe, Radar is your first line of defense. It uses machine learning trained on billions of transactions to identify fraudulent patterns. Features include:

• Risk scoring: Every transaction receives a risk score from 0-99
• Automatic blocking: High-risk transactions are blocked automatically
• Custom rules: Create rules specific to your business (block orders from specific countries, flag orders over a certain amount)
• 3D Secure: Trigger additional authentication for elevated-risk transactions

Radar is included in Stripe's standard processing fees. The advanced version (Radar for Fraud Teams) adds more customization for $0.07 per screened transaction.

Address Verification System (AVS)

AVS checks the billing address provided by the customer against the address on file with the card issuer. Mismatches indicate potential fraud.

AVS results include:

• Full match: Address and zip code match
• Partial match: Zip code matches but street address does not
• No match: Neither matches
• No data: Card issuer does not support AVS

Configure your payment processor to decline transactions with "no match" results. Partial matches warrant additional review but should not be automatically declined.

CVV Verification

The card verification value (CVV) is the 3-4 digit code on the physical card. Requiring CVV verification confirms the customer has the physical card, which significantly reduces fraud from stolen card numbers obtained through data breaches.

Always require CVV. There is no legitimate reason not to.

3D Secure (3DS)

3D Secure adds an additional authentication step where the cardholder must verify the transaction through their bank (via SMS code, bank app, or biometric). This shifts liability for fraudulent transactions from you to the card issuer.

Use 3DS selectively for:

• High-value orders (over $100)
• First-time customers with elevated risk scores
• Orders with billing and shipping address mismatches
• Transactions flagged by Radar

Blanket 3DS on all transactions can reduce conversion, so apply it strategically.

Building a Fraud Prevention Strategy

Level 1: Basic (Every Store)

• Enable CVV verification
• Enable AVS
• Use Stripe Radar (included free)
• Set clear billing descriptors
• Send immediate order confirmation and tracking emails

Level 2: Intermediate (Growing Stores)

• Configure custom Radar rules for your business patterns
• Implement 3D Secure for high-risk transactions
• Track fraud patterns and adjust rules monthly
• Maintain a customer blocklist for known fraudsters
• Require delivery confirmation for all shipments

Level 3: Advanced (High-Volume Stores)

• Use Radar for Fraud Teams for advanced rule customization
• Implement velocity checks on IP addresses and customer accounts
• Use device fingerprinting to identify repeat fraud attempts
• Integrate third-party fraud scoring tools
• Conduct regular fraud analysis and strategy reviews

Balancing Fraud Prevention and Conversion

Over-aggressive fraud prevention blocks legitimate customers. If your fraud tools reject 10% of transactions, you are almost certainly blocking good orders along with bad ones.

Guidelines for balance:

• Accept some fraud risk rather than blocking legitimate customers aggressively
• The cost of blocking a legitimate $30 order (lost revenue + lost customer lifetime value) often exceeds the cost of one fraudulent transaction
• Review declined transactions weekly to identify false positives
• Adjust rules based on actual fraud patterns, not theoretical risks
• Monitor your approval rate alongside your fraud rate

A healthy approval rate for an e-commerce store is 95-98%. If yours drops below 93%, your fraud prevention may be too aggressive.

Responding to Fraud

When fraud occurs despite prevention:

1. Document everything immediately including order details, communication, and any red flags missed
2. Block the customer to prevent repeat fraud from the same person or card
3. Review your prevention rules to determine if the fraud could have been caught
4. Submit chargeback evidence if the customer disputes the charge
5. Report the fraud to your payment processor, which improves their fraud models

Do not take fraud personally. It is a cost of doing business online. The goal is to minimize it, not eliminate it entirely.

Key Takeaways

• Card testing and friendly fraud are the most common threats to small e-commerce businesses
• Stripe Radar provides strong baseline protection included in standard processing fees
• Always require CVV and enable AVS as these are basic but effective measures
• Use 3D Secure selectively for high-risk transactions to balance security and conversion
• Monitor your approval rate alongside fraud rate to avoid blocking legitimate customers
• Document everything to improve chargeback dispute outcomes and fraud prevention rules