Online fraud costs eCommerce businesses billions annually, and the problem is growing. For European merchants, the combination of Strong Customer Authentication (SCA) requirements and increasingly sophisticated fraud tactics creates a complex landscape. Here is a practical guide to protecting your store and your customers without creating so much friction that you lose legitimate sales.
Common Types of eCommerce Fraud
Understanding the threat landscape is the first step to building effective defences:
- Card-not-present fraud: Stolen card details used to make purchases online. This is the most common form of eCommerce fraud and the primary reason for chargebacks.
- Account takeover: Attackers gain access to legitimate customer accounts through credential stuffing or phishing, then make purchases or steal stored payment information.
- Friendly fraud: Legitimate customers dispute valid charges, claiming they never received an item or did not authorise the purchase. This accounts for up to 40% of all chargebacks.
- Bot attacks: Automated scripts that test stolen card numbers, scrape pricing data, or exhaust limited-stock inventory before real customers can purchase.
Payment-Level Protections
3D Secure 2 (3DS2) is mandatory for most European card transactions under PSD2's Strong Customer Authentication rules. Unlike the original 3D Secure, version 2 uses risk-based authentication that analyses dozens of data points to determine whether to challenge the cardholder. Low-risk transactions pass through frictionlessly, while suspicious ones trigger additional verification. This significantly reduces fraud while maintaining a smooth checkout experience for most customers.
Enable Address Verification Service (AVS) and CVV checks as baseline requirements. While not foolproof, these filter out a large volume of casual fraud attempts. Your payment gateway likely supports these features natively — ensure they are enabled and configured to decline transactions that fail verification rather than merely flagging them.
Machine Learning Fraud Detection
Rule-based fraud detection (blocking orders above a certain value, or from specific countries) catches some fraud but also blocks legitimate customers. Machine learning models analyse patterns across thousands of data points — device fingerprint, browsing behaviour, order velocity, shipping address history — to score each transaction's risk in real time.
Services like Stripe Radar, Signifyd, and Riskified provide ML-powered fraud scoring that integrates with most eCommerce platforms. These services continuously learn from chargebacks and confirmed fraud across their entire merchant network, giving even small businesses access to enterprise-grade fraud detection. The cost is typically a small percentage of each transaction, which is easily justified by the reduction in chargebacks and manual review time.
Account Security and Bot Prevention
Implement rate limiting on login attempts to prevent credential stuffing attacks. Offer and encourage two-factor authentication for customer accounts. Monitor for unusual account activity — a sudden change in shipping address followed by a high-value order is a classic account takeover pattern.
For bot protection, implement CAPTCHA selectively on forms and checkout flows. Use device fingerprinting to identify automated traffic. If you run flash sales or limited-edition drops, consider queue-based systems that validate user identity before allowing purchase access. Rate-limit API endpoints to prevent automated inventory hoarding.
Managing Chargebacks Effectively
Some chargebacks are inevitable, but how you manage them determines your chargeback ratio and, ultimately, your ability to accept card payments. Maintain detailed records of every transaction including delivery confirmation, customer communication, and IP logs. Respond to chargeback disputes promptly with comprehensive evidence. Use clear billing descriptors so customers recognise your charges on their statements.
At Born Digital, we help eCommerce clients implement layered fraud prevention that balances security with user experience. The goal is not to eliminate every fraudulent transaction — that would require friction levels that drive away legitimate customers. Rather, it is about reducing fraud to manageable levels while keeping the checkout experience smooth for the vast majority of honest buyers.