Every merchant that processes payments faces the constant threat of fraud and scams. Tactics become more sophisticated and nefarious year after year, evolving in complexity and scale, as fraudsters learn from the innovative solutions those in the fraud prevention industry deploy to subvert their sabotage. As these bad actors continue to find new ways to exploit vulnerabilities in our payments systems, merchants and individuals continue to fall victim to their schemes. In the following editorial we will examine the current landscape of global online fraud and why we still, after years of exposure and innovation, continue to be duped by fraud.
The 2024 Global eCommerce Payments & Fraud Report reveals a troubling, yet unsurprising trend – fraud is on the rise globally. The data, collected from hundreds of merchants around the globe, shows that they faced a greater variety of fraud attacks in 2023 than in any other year. Most commonly, merchants encounter three to four different types of fraud every year, including refund/policy abuse, first-party misuse, account takeover, loyalty fraud, and triangulation schemes.
Key insights
Refund/policy abuse impacted 48% of merchants in 2023.
First-party misuse affected nearly 45% of merchants.
Account takeover is increasing in prevalence with a significant impact.
Loyalty fraud and triangulation schemes are steadily emerging as major concerns.
These numbers indicate a growing challenge for merchants worldwide, emphasising the need for fraud prevention and management strategies that tackle fraud head-on and stay one step ahead of the perpetrators.
One would be hard-pressed to find a merchant or consumer who has not been affected by fraud or scams, in one way or another. While we are increasingly aware of the ubiquitous phenomenon, many of us still find ourselves or those around us falling victim to online scams.
Increasingly sophisticated scams. While we know that scams are out there and may think we know what to look for, fraudsters continually refine their tactics, making scams harder for consumers and merchants alike to detect. Phishing schemes, for instance, have become more convincing, mimicking legitimate communications from trusted entities to a frightening degree.
Emotional manipulation. Scammers prey on emotions such as fear, urgency, and desperation. Creating a sense of urgency or fear prompts victims to act quickly, without fully considering the request’s legitimacy. Mimicking a merchant to request a customer share a one-time passcode to complete a transaction is a common method of initiating an account takeover, playing on the perceived legitimacy of the request in the face of their pending transaction.
Lack of awareness. While many merchants know about common scams, new fraud tactics can catch people off guard. Continuous education and awareness are essential in combating this issue. However, the perpetrators behind these tactics know that every new trick they pull from their sleeves will soon be widely recognised and less effective. One example of this evolution that both merchants and customers must contend with today is the nefarious use of artificial intelligence (AI) to generate proof-of-identity images, videos, or voice samples. We can expect this trend to grow as generative AI continues to exponentially improve each day.
Technological vulnerabilities. As technology evolves, so do the methods used by fraudsters. Vulnerabilities in modern technologies can be exploited before adequate security measures are put in place. Furthermore, when those solutions are deployed, fraudsters immediately set to work, engineering creative ways to bypass, override, or otherwise render those solutions ineffective.
Process vulnerabilities. Fraud protection starts with the merchant’s processes. Weak verification steps, overly lenient refund policies, and outdated fraud detection methods are open invitations for fraudsters to strike. According to MRC’s 2024 report, up to 40% of merchants identified gaps in fraud tool capabilities as a significant challenge. Strengthening internal processes, tightening refund policies, and ensuring consistent staff training can close these gaps. Just as fraudsters use AI in their methods of attack, merchants can also leverage advanced AI-driven fraud detection tools to add an essential layer of defence against crafty fraud schemes.
According to the same MRC report, merchants estimate that fraud schemes drain roughly 3% of their total ecommerce revenue annually. This figure highlights the substantial economic burden that fraud places on businesses, which can amount to millions of dollars in lost profits. The repercussions of fraud affect everyone, from the CEO and suppliers to employees and consumers.
North America: Merchants report a fraud rate of 3.3% of total revenue.
Europe and APAC: Slightly higher rates, around 3.5%.
SMBs: Small and mid-sized businesses experience higher fraud rates compared to larger enterprises.
Unfortunately, fraud is here to stay. Wherever money changes hands, a malicious entrepreneurial fraudster will lurk, waiting for the opportunity to pounce. The good news is that there are several ways merchants can protect themselves and their customers from this ever-present threat.
Enhanced verification processes. Implementing stronger verification processes can help prevent fraud at various stages of the transaction. This includes using multi-factor authentication (MFA) and biometric verification.
Advanced fraud detection tools. Leveraging AI and machine learning (ML) can enhance fraud detection capabilities. These tools can analyse patterns and detect anomalies in real time, providing an additional layer of security.
Educating employees and customers. Regular employee training sessions about fraud KPIs and security protocols can reduce the likelihood of merchants falling victim to sophisticated fraud schemes. For example, frequent reviews and updated training on protective policies like return windows — and how to enforce those parameters with customers — can help stem fraud at the front line. Merchants can also shape these proactive measures into consumer awareness programmes. Moreover, reminding customers never to share their passwords, account information, or other common scams like gift card purchases alerts them to be mindful of these tactics during all transactions.
Collaboration with industry partners. Working with industry partners and participating in forums, such as those provided by the MRC, can help merchants stay informed about the latest trends and best practices in fraud prevention.
As we look towards 2024 and beyond, the fight against online fraud remains a top priority for the ecommerce industry. The data from the Merchant Risk Council’s 2024 report underscores the need for ongoing vigilance, advanced security measures, and robust fraud management strategies. By understanding the numbers and recognising why people still fall victim to scams, merchants can better prepare and protect their businesses in an increasingly digital world.
While the battle against online fraud is far from over, staying informed and proactive can make a vital difference for the safety of merchants and consumers alike. With the right tools, education, and collaboration, we can strengthen our defence against the ever-evolving threat of online fraud.
This editorial piece was first published in The Paypers' Fraud Prevention in Ecommerce Report 2024-2025, the ultimate source of knowledge that taps into the ever-evolving fraud realm and helps ecommerce specialists protect their businesses with the latest fraud prevention strategies.
Tracy Kobeda Brown is the VP of Programs and Technology for the MRC. She was head of product for Fragomen, Lockerz, and the CEO of Evil Genius Designs. Tracy created the American Eagle Outfitters website, ae.com, and served as it CISO. She earned her master’s degree from Carnegie Mellon and her bachelor’s degree in economics from The Wharton School.
Leslie Green is a seasoned content marketing professional with over 12 years of experience in digital and social media marketing. Currently, she serves as the Content Marketing Manager at the Merchant Risk Council (MRC), where she crafts email, blog, social media, and web content aimed at engaging members and promoting MRC's mission. Leslie earned an MBA from the University of Louisville and a Bachelor of Arts in Communications from Indiana University.
The Merchant Risk Council (MRC) is the premier global non-profit membership association for payments and fraud prevention professionals, established in 2000. MRC empowers its members to stay connected, current, and influential within the industry by emphasising collaboration, networking, education, and advocacy. Acting as a central hub for ecommerce fraud and payments professionals, solution providers, and brands of all sizes, MRC drives industry innovation and education. With operations in the US, Europe, APAC, and expanding into LATAM, MRC is continuously growing its global presence.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now