Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceRetail/Restaurants/Convenience

Top 3 online retail fraud methods and how to prevent them in 2022

By Rafael Lourenco
online shopping cyber security
February 8, 2022

Online merchants were hit with many kinds of fraud in 2021, including increases in identity fraud, account takeover (ATO), mobile fraud and more. Most of this fraud is committed by organized, professional criminals using botnets and vast troves of stolen data. However, friendly fraud also continued to rise in 2021. This class of fraud is committed most often by formerly good customers who seek to abuse merchants’ or credit-card issuers’ policies. These one-off instances of fraud bear the risk of becoming larger-scale or habitual fraud.

Promotion abuse fraud also increased in 2021, with customers taking more advantage of loopholes and security gaps in digital coupons and free trials, either on their own or at scale by using social media to share coupon and referral codes beyond the intended scope. Combined with other types of friendly fraud, promotion abuse can cost businesses up to 2.4% of annual revenues, per PYMNTS. Globally, e-commerce fraud losses are expected to top $20 billion in 2021.

These increases come after a surge of online fraud during 2020. Given the steady rise of fraud year after year even before the pandemic arrived, it’s wise to assume that the trend will continue in 2022. That means now is the time for merchants to review the kinds of fraud that caused the most trouble in 2021 to identify ways to strengthen their loss prevention strategies and user experience in the year to come.

Strengthen fraud controls in mobile channels

The cost of fraud in the mobile channel increased dramatically in 2021, according to the True Cost of Fraud Study. While mobile represented 5% of all U.S. e-commerce fraud costs in 2020, it comprised 39% in 2021. Merchants can counteract this rising level of risk by taking two key steps: monitoring fraud metrics in the mobile channel and tailoring fraud controls to their particular mobile risk profile.

The first step requires data on fraud attempts, completed fraud and false declines in each channel, including mobile. That data may show a similar rate of attempted fraud as the online channel but more completed fraud, or a higher rate of both fraud and false declines in mobile. By comparing fraud levels between different business channels, the merchant may then adjust their automated approval cutoff point to be lower in mobile than online. They may also implement more manual review for mobile orders to prevent fraud and false positives.

Keep a close eye on new users and accounts

Identity fraud, including synthetic identity fraud, was the costliest type of e-commerce fraud in the U.S. in 2021, per LexisNexis. Accounting for 30% of fraud costs, it is driven by criminals who steal identity information and use it to create new bank and credit card accounts, as well as new user accounts with merchants.

Screening for this kind of fraud requires looking at how recently the new user’s email address, phone number and bank or card accounts were set up. Delivery addresses can also be compared to known databases of fraudsters’ collection points for stolen goods. However, because many people who didn’t shop online before have started since March 2020, it’s also wise to manually review any orders that are flagged for recency issues. ClearSale’s 2021 State of Consumer Attitudes, Fraud & CX Survey found that 40% of shoppers in five countries won’t return after a merchant declines their order and 34% will complain about the merchant on social media, so ensuring that crackdowns only affect fraudsters may be in the best interest of the business.

Add new account takeover protections

ATO fraud took off in 2021, rising from 2% of U.S. e-commerce fraud costs in 2020 to 13% in 2021. ATO has seen explosive growth because of the huge number of stolen passwords that are available to criminals on the dark web, and because so many people reuse passwords on many of their accounts. Once a criminal with a botnet has credentials that work, they can test them on hundreds of sites, find matches, and take over those accounts to shop with the linked payment methods.

Enterprise organizations can head off ATO fraudsters by screening every order for fraud indicators, even if the order appears to come from a longtime user. A new device, location, product category, delivery address or other signal may indicate fraud — or it could indicate a trustworthy user doing something new. Manual review is necessary in these cases to avoid both fraud and the possibility of rejecting an authentic user.

Take a firmer stance on friendly fraud

Friendly fraud represented 29% of U.S. e-commerce losses in 2021. This kind of fraud occurs when users pay with a valid card, but then falsely claim their order never arrived, that it was damaged, or that it was substantially different from the product description on the website. There are several ways to combat friendly fraud, including best practices such as clear product descriptions and photos, careful packaging and warehouse-to-doorstep package tracking.

Real-time package tracking doesn’t just confirm item delivery. It also enhances user experience by showing them exactly where their package is and when they can expect it to arrive. That information can also help reduce package theft after delivery, which can lead to chargebacks and other costs.

Another approach is to screen orders to see if the customer has a track record of filing frequent chargebacks. If so, you may want to decline their orders.

Plan promotions with fraud prevention in mind

Referral codes and free trials can be abused by users who share their codes with large audiences on social media or who repeatedly cancel free trials and then sign up again with a new email address. Enterprise security leaders can limit these kinds of losses by setting expiration dates for promo codes, limiting the number of referrals one person can get credit for, and screening free trial signups for fraud, as if they were orders, to identify multiple orders coming from the same device or IP address.

Taking the time now to evaluate, customize and strengthen an enterprise’s fraud controls can help security leaders prevent more fraud, avoid false positives that turn off authentic users, and put organizations in position to earn more revenue and build more customer loyalty in 2022.

KEYWORDS: e-commerce fraud ecommerce fraud prevention online shopping retail cyber security retail fraud

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Rafael 261

Rafael Lourenco is Executive Vice President and Partner at ClearSale, a fraud prevention operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while eliminating false positives.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • A two-tiered fraud prevention strategy

    A two-tiered approach to fraud prevention can help online businesses boost sales

    See More
  • Woman online shopping

    Fraud prevention practices to protect growing e-commerce retailers

    See More
  • ecommerce

    6 e-commerce cyber fraud challenges in 2022

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing