Skip to content

Images by iStock; Security Management photo illustration

The Rise of eCommerce Fraud

Holiday eCommerce fraud increased by 60 percent between 2017 and 2019, according to research from software firm iovation. The report’s findings seem to confirm some of customers’ and industry experts’ worst fears: eCommerce fraud, the use of stolen customer information to purchase goods, is becoming an even larger threat to online retailers.

The Sudden Growth of eCommerce Fraud

The report builds upon earlier research from Experian, which found that eCommerce fraud was growing about twice as fast as legitimate eCommerce sales.

The highest percentage of eCommerce transactions suspected to be fraudulent came from China, according to Experian’s research. Fifty-seven percent of the transactions originating from the country were suspected to be fraudulent. Other countries with high rates of transactions suspected to be fraudulent included Lebanon and the Central African Republic.

Fraud hit its peak in the United States on the holiday weekend around Thanksgiving and Black Friday, when retailers were under the most strain from shoppers.

Most fraudulent transactions originated from mobile devices. Researchers suspect this is because fraudsters are trying to mimic the shopping habits of legitimate customers.


A significant portion of fraudulent transactions from the United States was found to have originated from a single town—Boardman, Oregon. The nearby Portland, Oregon, along with its suburb Beaverton, have traditionally been regarded as risky ZIP Codes for eCommerce, likely due to their proximity to an international airport. It’s not uncommon for fraudsters to ship goods to addresses near airports, which allows them to more easily move goods out of the country.

Researchers are not sure why eCommerce fraud is growing at such at rapid pace, but they do have a few theories. Some experts say they believe that online retailers are skimping on security measures that defend against fraud but may slow down the check-out process. Others blame the adoption of better technology by fraudsters—like the use of bots, advanced automation software that’s becoming better at pretending to act like human customers.

How Organizations Can Defend Against eCommerce Fraud

There are a few techniques that companies are using to defend their storefronts and customers against fraud.

Better monitoring of transaction histories can help companies detect fraudulent transactions before goods are shipped and delivered. Some businesses are even using new fraud detection solutions that are powered by artificial intelligence (AI), as reported by Raconteur. AI algorithms are often used to identify patterns and they can be used to monitor transactions and flag potentially fraudulent sales for an employee to review.

Under current security laws, U.S. companies are not required to be PCI-DSS–compliant. However, adopting these data security standards could be a way to protect user data and defend against fraud.


Implementing basic security measures—like encrypting stored user passwords and regulating network access—can help prevent data breaches, which have been found to cause 22 percent of companies to lose customers, according to Cisco’s 2017 Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches and the Actions that Organizations Are Taking. Data breaches can provide criminals with information they can use to run bots and make fraudulent purchases.

In general, limiting the amount of data an organization holds on to is a good security practice. Except when necessary, a business should avoid holding on to credit card information, addresses, full names, or any other information that could be stolen and used for fraud.

Physical security measures, like requiring signatures upon delivery, can also help businesses ensure that goods are being delivered to legitimate customers.

It’s not uncommon for billing and shipping addresses to not match up in the case of fraudulent purchases. Address verification systems, which check to see if billing addresses match shipping addresses—and require additional information if they don’t—can help companies prevent shipping and billing fraud.

New research has confirmed the eCommerce industry’s suspicions—that fraud is growing at an increasing rate.

Fortunately, researchers think they know how fraudsters are beating online security—and, as a result, IT and security staff know how they can respond. Better transaction monitoring, data management, and other solutions like address verification systems can help eCommerce companies beat fraud.


Kayla Matthews is a technology journalist and cybersecurity writer. Her work has been previously published by Security Boulevard, Security magazine, Malwarebytes, and the National Cyber Security Alliance. To read more from Matthews, visit her blog here.