Skip to content

What is online fraud and how does it work? Understanding the causes and mechanisms of internet frauds

Get Commerce Protection Buyer’s Guide

Get the Commerce Protection Buyer’s Guide

Cover of Signifyd's Commerce Protection Buyer's Guide

Experiencing fraud is an inevitable aspect for businesses operating online, particularly when exploring how online frauds work.

Every ecommerce company encounters fraud at some point, often questioning how such online fraud can take place. It’s often when that first merchant chargeback arrives that merchants become fully aware of the fraud risks specific to ecommerce.

As massive data breaches become more common, the identities and credit accounts that fraudsters and fraud rings need to ply their trade become more readily accessible.

Exploring the causes of internet frauds: Why is online fraud so prevalent?

Understanding how online frauds work: The answer unfolds in two parts:

  1. Stolen credit card information is easy to buy.
  2. Prosecution is rare, and online fraud may be a low priority for law enforcement, due to difficulty amassing evidence and time and resource constraints.

With that being said, let’s take a deeper look into each part.

Vendor evaluation help

If you are an online merchant evaluating commerce protection vendors, you might be interested in our free Commerce Protection Buyer’s Guide. This comprehensive guide outlines the evolution of commerce protection from Ecommerce Fraud Detection and details the integral components of a commerce protection solution. Takeaway resources include:

  • A sample RFI template to leverage in your evaluation process
  • Tips on how to build a business case for a commerce protection solution
  • How to evaluate ROI and understand the tools used to protect against fraud and chargebacks
  • How to find the right solution for your business

Ease of access to stolen credit cards

How does online card fraud take place? We’ll examine the typical process for how a stolen credit card can become a fraudulent order for a merchant.

Step 1: The initiation of online fraud – credit card numbers are stolen, either via large criminal syndicates or solitary hackers.

Online criminal organizations or lone hackers will attack companies and organizations, regardless of size, to obtain access to any type of personal and/or financial information. When the information is acquired, it’s often packaged to immediately be sold on a black market. The more information available on a cardholder, in addition to the card number, the higher the price the information fetches. (Cards sold with information such as billing and delivery address, email and phone numbers are sold at a premium.)

Step 2: The personal and financial information stolen is sold to a 3rd party, and usually not used by the initial thieves.

More often than not, the organizations and individuals who steal personal and financial information are not the same individuals and organizations who use that information. The larger the hack, the less likely that the party responsible for the theft of data will use it to commit fraud. In the aftermath of the Target and Home Depot hacks, law enforcement noticed a significant uptick in the black markets of personal information being sold.

As mentioned above, online thieves looking to commit fraud are able to buy stolen cards and personal information in mass quantities on the black markets. (U.S. credit card information can sell for as little as $5.) Take the massive 2019 Capital One data breach, one of the increasingly common mega-thefts of personally identifiable information.  The records of more than 100 million customer and prospective customers were accessed. Often selling in bulk, those who collect and then sell the personal and financial information can make huge sums.

Step 3: Execution of the fraud – once in possession of stolen credit card information, a fraudster tests and then exhausts the credit card, showcasing a practical example of how online fraud takes place.

Now that a fraudster is in possession of credit card information, either from buying it from a black market or by stealing information themselves, the first step is to separate the active cards from the inactive cards.

They will usually test the stolen credit cards by making small purchases online (typically in the range of just a few dollars) to see if the transaction will go through. If the transaction is successful, they will attempt to max out the credit cards to their full potential.

Depending on how much information the fraudster has stolen (phone number, email, social security number, billing and delivery address, passwords, etc.), they can, with varying degrees of success, pass themselves off as the legitimate cardholder. Often, they are able to get past an online merchant’s fraud screenings because of the information that they have at their disposal.

Now that we’ve demonstrated the ease with which a fraudster acquires and uses stolen credit card information, let’s explore the enforcement issue.

Prosecution of online frauds: A challenging and rare occurrence

Prosecuting for online fraud is quite difficult, for many reasons.

First, an investigation often crosses state, if not international, lines, causing jurisdictional issues to arise. If the online merchant is based in Orlando, Florida, and the real cardholder lives in Austin, Texas, and the fraudulent purchase was shipped to a Montpelier, Vermont, this raises the question of where the crime was committed. On top of that, when a crime involves multiple states, federal law enforcement may also be involved, raising the number of stakeholders further, and complicating the question of ownership of investigating the crime.

Second, evidence can be in short supply. When a fraudster impersonates a cardholder, uses a new email address, rents a mailbox under an assumed name, and attempts other methods to escape detection, little evidence may be available to tie the actual fraudster to the attempt. Authorities might not have enough evidence to bring a case.

Third, ecommerce business frauds may be perceived a low-priority crime. A single instance of fraud might come with a low monetary amount. Often it’s difficult to identify a victim. Legitimate cardholders are typically reimbursed for their losses by their issuing bank, reducing the motivation to follow through with a prosecution.

Compare the average monetary amount of ecommerce fraud to those cases that the FBI, Department of Justice and Secret Service discuss on their respective sites. They tend to deal with fraud where the stakes are generally much higher—counterfeit money, insider trading, securities fraud, investment fraud, scams etc. We recommend reviewing the FBI’s Internet Crime site in order to get an idea of the vastness of the complaints that the FBI alone receives. This isn’t to say that law enforcement ignores the issue, but it’s helpful to frame ecommerce fraud in relation to the crimes they deal with.

Comprehensive ecommerce fraud protection with Signifyd

Preventive measures from a merchant perspective

Signifyd provides a robust platform for ecommerce fraud protection, focusing on various preventive measures:

  • Revenue protection: Safeguarding transactions and ensuring legitimate orders are not declined.
  • Abuse orevention: Identifying and mitigating different forms of ecommerce abuse to protect revenues and customer experience.
  • Payment compliance: Ensuring all transactions adhere to regulatory and compliance standards.

Legal aspects in ecommerce fraud protection

Signifyd’s platform is designed to assist merchants in adhering to legal and compliance standards by:

  • Ensuring payment compliance and adhering to regulatory requirements[1].
  • Protecting customer data and ensuring privacy in transactions.

Technology and tools for fraud prevention

Signifyd employs advanced technologies to offer:

  • Machine learning: Utilizing machine learning to identify and prevent fraudulent transactions.
  • Large merchant network: Leveraging a vast network to provide more data points for accurate fraud detection.
  • Payment optimization platform: A platform built to authorize more payments fearlessly and retain existing merchants.

Global perspective on ecommerce fraud protection

Signifyd’s solutions cater to a global market, ensuring:

  • International compliance: Adherence to global payment and data protection regulations.
  • Global fraud prevention: Utilizing a wide network of data points to detect and prevent fraud on an international scale.

Frequently asked questions (FAQ) about Signifyd

How does Signifyd protect against ecommerce fraud?

Signifyd provides a multi-layered approach, utilizing machine learning, a large merchant network, and various other technologies to detect and prevent fraudulent transactions.

What legal and compliance standards does Signifyd adhere to?

Signifyd ensures that all transactions are in compliance with relevant regulatory and legal standards, providing secure and lawful ecommerce operations.

How does Signifyd ensure global ecommerce fraud protection?

Signifyd’s platform is designed to cater to merchants globally, ensuring international compliance and utilizing a wide network to prevent fraud on a global scale.


Want to learn more about fraud protection?

Learn how to avoid friendly fraud chargebacks