Welcome to Unlimint business interface

eCommerce Fraud: What you Need to Know and how to Prevent it

November 27, 2019 3 min read
eCommerce fraud and cybercrime remain some of the biggest threats to its longer-term growth.
Unlimint team
Your payment experts
Unlimint team
Your payment experts

  • eCommerce lose $12bn annually through threat actors.
  • Common attacks consist of Account Takeovers (29.8%) and Bot Imposters (24.1%)

As far as any industry is concerned, eCommerce is a rapidly evolving one. In 2019 so far, the eCommerce market has a valuation of more than $3.5 trillion, and it’s only going to rise faster.

According to Statista, by 2022, eCommerce will carry a value of $6.52 trillion. The immediate takeaway here is that it’s accelerating at a staggering pace, and innovations are making it all possible.

eCommerce events like Singles Day demonstrate that it’s a booming industry

More recent of which is the steady introduction of 5G, widening the scope of who can get online and where.

But for all the innovations, with an ever-more digital world, cybersecurity becomes ever-more important. We already see just how much it costs businesses, as a whole.

While retailers will enjoy bumper profits of $630bn in 2020, $12bn of it is lost through a variety of cybersecurity attacks and eCommerce fraud, according to a recent report conducted through Signal Sciences.

eCommerce – Cybersecurity attacks

So even with so much success, eCommerce retailers need to balance out this with constant vigilance, with over 206,000 attacks happening on a monthly basis for medium/large-scale businesses.

These statistics don’t take into consideration the kind of damage that could be wreaked upon smaller-scale businesses too.

So with such a heavy price-tag and high volume of attacks, the most frequent kinds of attacks range from direct account attacks to bot imposters and Cross-Site Scripting.

Account Takeover – 29.8%

Account Takeover refers to the mostly automated process of testing stolen or illegally purchased account information of online users.

Whenever these are found valid, the attacker then changes security credentials (login, security questions, contact information) which allows them full access to the account while locking the user out.

In successfully doing this, the attacker can then order goods and services from the site, while also testing other accounts with these same credentials.

This not only costs the individual user dearly but can also result in any number of sales to be deemed fraudulent, losing both the account holder and eCommerce business money.

Bot Imposters – 24.1%

For every eCommerce website out there on the internet, 187 bots will visit each on a daily basis, but that’s not a bad thing.

Googlebots, for example, actually crawl through websites in order to see whether or not they’re easily navigable.

As a result, these bots are typically given a ‘carte blanche’ in what they’re able to visit and see on websites, allowing eCommerce business owners to be as widely visible as possible.

But it’s this wide-open door approach that can work in a bot imposters favour. Being able to easily access a wide array of segments of a website, a bot imposter is able to scrape, crawl and maliciously use it to achieve its own ends.

What ends these consist of exactly fluctuate. The majority of them can consist of scraping for personal information (10%), and DDoS attacks in the near future (23%).

How to Keep Your eCommerce Business Secure

When it comes to Account Takeover and what you believe to be fraudulent transactions, you should bare in mind these two questions if you suspect it:

Where is it?
  • If the account is trying to make one or more purchases using multiple payment methods from the same IP address.
  • Does the account have a foreign billing and/or shipping address compared to where the IP address of the account is located?
What is it?
  • If the account is placing multiple orders but with different payment methods, this could be a sign that it’s compromised.
  • When these attacks happen, the perpetrator will often try to purchase a large volume of the same product in order to re-sell them.

Above all else, always make sure that your website is up to date with the latest cybersecurity technology.

Regulations like PCI Compliance, 3rd party payment processors and PSD2 allow for more secure payments to take place. Reducing the risks to your customers and preventing losses for your business too.


We’ve got all your details, thanks!