Online fraud: a growing cost for merchants
Online payment fraud represents a major and growing financial burden for merchants worldwide. According to Juniper Research, online payment fraud is expected to cost businesses $206 billion globally by the end of 2025, up from $130 billion in 2020.
This sharp increase highlights how rapidly online fraud is escalating as ecommerce continues to expand.
This trend is largely driven by the expansion of ecommerce, which accelerated during the pandemic, with online transaction values growing by around 20%. Fraudsters have adapted quickly, taking advantage of this widespread digitalisation to develop increasingly sophisticated attack methods.
For merchants, these figures may seem alarming. The good news is that effective ecommerce fraud prevention solutions exist, allowing businesses to mitigate risk without making the purchasing journey more complex for legitimate customers.
What fraud threats target your ecommerce business?
Before implementing protection measures, it is essential to understand the most common types of online payment fraud.
Payment fraud remains the most widespread threat. It involves the use of stolen or compromised card details to make online purchases. Fraudsters often target newly launched websites or those with weaker security controls.
Social engineering scams (e.g., payer manipulation like CEO fraud and phishing) drove much of the €4.2 billion in EEA payment fraud losses in 2024, accounting for over half of fraudulent credit transfers (€2.2 billion total, with users bearing ~85% of those costs) despite a stable overall fraud rate of 0.002%.
Unlike traditional fraud, these transactions are authenticated. Fraudsters manipulate victims into approving payments themselves, for example by sharing a one-time code or validating a transaction in a banking app, while impersonating a bank advisor or legitimate customer service agent.
Fraud linked to instalment payments is another emerging risk. In these cases, fraudsters pay the first instalment and then immediately cancel the card. This practice can be combined with Fraud as a Service, where individuals pay third parties to carry out the initial payment on their behalf.
Chargeback fraud is a persistent challenge for ecommerce merchants. Customers falsely dispute a transaction with their bank to obtain a refund while keeping the product. Although less common in France, this practice can represent up to 0.5% of turnover in some sectors.
Identity fraud is also on the rise, with estimated losses reaching $14 billion by 2025. Fraudsters create synthetic identities by combining real and fabricated data to open accounts or subscribe to services.
Internal fraud through temporary staffing represents a more covert threat. In these cases, fraudsters obtain temporary roles within financial institutions, gaining access to systems from the inside.
Finally, logistics fraud occurs after payment and particularly affects high-value goods. It includes parcel diversion, delivery to false addresses and order interception.
Fraud as a Service: the industrialisation of fraud
Fraud as a Service (FaaS) has transformed fraud into an organised and accessible industry. Dedicated platforms now offer turnkey fraud tools, including databases of stolen cards, phishing kits, card-testing software and fake identity creation services, available for purchase or rental.
In some cases, fraudsters can even hire individuals to execute fraudulent operations on their behalf, covering planning, execution and coordination of attacks.
This professionalisation explains the explosion in fraud attempts. Advanced technical skills are no longer required to launch sophisticated attacks, dramatically lowering the barrier to entry.
How technology protects your transactions
Strong authentication as the first line of defence
3D Secure 2 relies on strong customer authentication to verify that the person initiating a transaction is the legitimate cardholder. This significantly reduces the risk of online payment fraud.
Multi-factor authentication on customer accounts adds an additional layer of protection. By combining passwords, one-time codes and biometric data, the risk of identity takeover is greatly reduced.
Real-time analysis to detect fraud
Payment service providers use technologies capable of analysing a wide range of transactional and contextual parameters in real time. These include transaction amount, country of origin, purchase history, delivery method and device type.
Behavioural profiling further refines fraud detection by assessing factors such as account age, cumulative spending, rejected or shared cards and the use of new payment methods.
Each transaction is assigned a risk score that determines the appropriate action. Suspicious payments may trigger strong authentication or be automatically blocked, while legitimate transactions are approved smoothly. The result is agile fraud risk management that protects revenue without compromising checkout performance.
Security versus friction: do you really have to choose?
Diversifying payment methods intelligently
Consumers now expect to choose their preferred payment method. Expanding your payment offering has become essential to facilitate purchases and reduce cart abandonment. Cards, digital wallets, instant bank transfers and Buy Now Pay Later options each address different usage patterns and expectations.
However, diversification also increases the number of potential entry points for fraud. Each payment method has its own security profile and exposes the payment journey to different risks, such as identity theft, account takeover or refund fraud.
To maintain strong payment fraud prevention while meeting customer expectations, merchants must understand the risk profile of each payment method. Card payments are exposed to transactional fraud using stolen cards. Wallets are vulnerable to account takeover attacks. BNPL solutions face higher levels of voluntary non-payment, sometimes referred to as first-party fraud or “buy now, pay never”.
Adapting control rules, introducing new payment methods with a clear security strategy and monitoring emerging fraud trends are all essential. In short, improving the customer experience through payment diversity must go hand in hand with rigorous fraud risk management.
Securing data with tokenisation
Tokenisation is a technology that protects stored payment data by replacing card numbers with unique, context-specific tokens. These tokens are unusable outside their intended environment.
Beyond improving authorisation rates, tokenisation significantly reduces risk in the event of a data breach, especially for merchants who store card details directly.
How to anticipate fraud attacks
Monitoring key performance indicators
Regular monitoring of payment metrics helps identify anomalies early. Sudden increases in transaction volume often signal fraudulent activity. Declining acceptance rates, higher rejection rates by card network, rising chargeback claims and unusual geographic patterns in payment attempts are all warning signs.
Payment providers may also access real-time files listing cards that have been reported as blocked or opposed. This information can allow merchants to stop shipments before losses occur.
Automating security alerts
Automated alerts enable immediate response to suspicious situations, such as abnormal transaction spikes, multiple orders from the same IP address or unusual geographic concentrations.
This proactive monitoring allows merchants to intervene quickly and limit the impact of fraud attempts.
Why your teams are your first line of defence
Technology alone is not enough. Staff training remains critical in ecommerce fraud prevention. Teams must be able to recognise warning signs such as unusual orders, urgent delivery requests to addresses different from billing details or evasive customer behaviour during verification.
Regular awareness sessions on emerging fraud techniques and internal procedures help strengthen human defences.
Does your industry face specific fraud risks?
Ecommerce fraud does not affect all sectors in the same way. Each industry faces unique threats that require tailored prevention strategies.
In general ecommerce, card fraud and identity theft are the primary risks. Small and medium-sized businesses are often more vulnerable due to limited resources.
In travel and leisure, fraud rates can reach around 36%, according to TransUnion. Last-minute bookings during peak demand periods create opportunities for fraudsters to exploit weaker controls. High transaction values mean that a single fraudulent booking can result in substantial losses.
In fashion and retail, refund fraud is a major concern. Practices such as wardrobing, where customers buy, use and then return items, generate significant losses. Other tactics include false non-delivery claims, returning damaged goods and presenting fake receipts.
Is your fraud strategy profitable?
Measuring return on investment
Evaluating ecommerce fraud prevention efforts goes beyond the fraud rate alone. Merchants must consider the impact on conversion rates, customer satisfaction and operational costs.
Overly restrictive controls may reduce fraud but also drive away legitimate customers. The goal is to strike the right balance between protection and commercial performance.
Continuously adapting your strategy
Fraud techniques evolve constantly. Fraud prevention strategies must adapt accordingly. Regularly reviewing the effectiveness of controls and adjusting them to new threats ensures long-term protection without harming loyal customers’ experience.
Should you fight fraud alone?
Relying on PSP expertise
Given the growing complexity of online fraud, merchants should not face this challenge alone. Working with an experienced payment service provider brings advanced technology, specialist expertise and deep market insight.
Monext offers a transparent and customisable approach to ecommerce fraud prevention. Merchants retain full control over security rules, configuring them according to industry, transaction types and evolving threats, while preserving customer experience.
As a member of the GIE Cartes Bancaires, Monext can access and process real-time data from the OPPOTOTA file, which lists blocked cards in France and is updated several times per day. This enables rapid action when compromised cards are detected.
By choosing a partner like Monext, merchants benefit from proactive collaboration and ongoing support, essential to anticipating and responding to the constantly evolving challenges of online fraud.
