The State of Ecommerce Fee Safety in 2022

When the pandemic hit, ecommerce blew up.

With individuals locked down and with little to do, shopping for on-line appeared the solely escape. The worldwide ecommerce market jumped to $26.7 trillion. Buyer habits, too, have been altering. In one survey, 60% of respondents agreed that COVID-19 had modified their relationship with know-how.

But it surely wasn’t simply the gross sales that have been hovering. And it wasn’t simply the ecommerce trade’s companies that have been busy–however its fraudsters, too.

In only a single 12 months (between 2020 and 2021), ecommerce fraud rose 18%: from $17.5 billion to $20 billion. One take a look at the equally burgeoning ecommerce fraud prevention market–anticipated to hit a whopping $70 billion by 2025–and it’s clear this line of “work” is solely rising in recognition.

The underside line? Ecommerce fraud is one thing you possibly can’t afford to flip a blind eye to. In spite of everything, it’s not only a menace to your income however your model picture. If clients don’t really feel they’ll pay securely by your web site, they received’t belief you. When you lose that client confidence, it’s extraordinarily troublesome to win again.

Beneath, we’ll unpack the state of cost safety in 2022, beginning with the commonest forms of ecommerce fraud. We’ll additionally supply actionable recommendation for defending your clients, your web site, and–in the end–your backside line. Learn on!

Most Frequent Sorts of Ecommerce Fraud

As the world of ecommerce expands and evolves, so too do its villains. So over the previous couple of years, it’s not solely the quantity of fraudulent transactions–and the total worth of the stolen wares–that has risen. It’s the kind of ecommerce fraud, too.

From pharming and account takeovers to “pleasant” and “silent” fraud (to not point out straight-up identification theft), fraudsters’ strategies have gotten more and more dynamic and numerous. Let’s take a take a look at a few.


Pharming is a kind of ecommerce fraud in which fraudsters redirect internet customers (with out their information or consent) to a fraudulent web site. This web site would possibly look and really feel just like the one the buyer supposed to attain, however with a key distinction–it’s utterly pretend.

Designed solely to simulate the unique web site, its pretend counterpart exists for one motive solely–to trick the person into coming into their private data and bank card particulars. Fraudsters can then use this data to steal the particular person’s cash, or worse–their identification.

Chargeback Fraud

Often known as “pleasant fraud,” chargeback fraud is when a buyer fraudulently makes an attempt to declare a refund by abusing the chargeback system.

A chargeback is a step launched by banks manner again in the ’70s to enhance public confidence in the bank card (which, at that stage, was a new-fangled factor). It permits shoppers to dispute a card cost, and after the financial institution sides with their case, declare a refund.

Let’s say you’re off to Santorini for a vacation, and your card is stolen at the airport. By the time you get to Greece, you notice the thief has made $700 in fraudulent purchases on your card. In this example, you may (fairly legitimately) request a chargeback.

The issue? When it’s not reliable. Whether or not maliciously or “innocently” (clients forgetting a couple of transaction on their assertion or a recurring billing cycle), fraudsters can reap the benefits of the chargeback course of to declare a reimbursement on completely legitimate purchases.

The worst half? That, when a chargeback declare is upheld by the financial institution, the financial institution then claims the cash (together with a charge on prime, for their troubles!) again from you. Add that to the inventory you’ve already misplaced to the fraudster, and chargebacks supply an all-too-real menace.

Id Theft

Due to in style films coping with the topic (The Gifted Mr. Ripley, anybody?), identification theft is one in all the extra well-known forms of ecommerce fraud. However that doesn’t make it any much less harmful.

Right here, a fraudster falsely assumes one other individual’s identification: utilizing their identify, private data, and paperwork to open bank cards, then hitting the excessive road.

Past the affect on the sufferer, why is this dangerous information for your on-line enterprise? In spite of everything, you’re nonetheless promoting…proper?

Fallacious. Assume again, for a second, to our Santorini instance above. Fairly quickly, the individual whose identification was stolen will turn into conscious of the litany of fraudulent purchases made beneath their identify and–you guessed it–elevate a chargeback. When the financial institution upholds this, they’ll be claiming the cash again–from you.

Making up 71% of all assaults, identification theft is by far the commonest kind of ecommerce fraud. Plus, fraudsters are additionally changing into extra subtle, now utilizing the private units, IP addresses, and person accounts of targets to assume their identities, which makes them a menace to be alert to.

Account Takeovers

At some stage or different whereas buying on-line, all our clients have performed it. Ticked that field that claims “Save My Credit score Card Particulars.” It’ll save them a minute the subsequent time they arrive again to make a buy, so it’s a no-brainer, proper?

Proper. Until that’s, a fraudster is capable of get their sticky-fingered paws on that buyer’s login particulars. Ought to that occur, the thief has easy accessibility to their cost particulars. Which means all they need to do is change the delivery deal with and begin shopping for.

And once they do? Count on chargebacks from the actual buyer, leaving your small business out of pocket.

Malware and Ransomware

Does your laptop maintain freezing up? Are there adverts popping up in all places? Do hyperlinks take you to the incorrect vacation spot, or are new icons showing on your desktop and browser?

If so, you could have inadvertently put in malware (mal = dangerous, ware = software program…it’s dangerous software program) on your system. Even the time period “malware” itself features a vary of completely different malicious code varieties, every extra nefarious than the final. These embody spy ware, “Trojan Horses,” and ransomware–code that locks you out of your system till you pay the hacker a “ransom” to get again in.

The issue for ecommerce retailer house owners is that malware, whether or not on your system or that of your clients or admins, can steal delicate knowledge. That features the names and deal with particulars of your clients, as effectively as their cost data. If any of that’s compromised, it received’t simply be income or knowledge you’ll be dropping, it’ll be your credibility.

What’s extra, malware assaults pave the manner for an rising type of ecommerce deception referred to as “silent” fraud. After utilizing malware to illegally entry a variety of accounts, fraudsters, as a substitute of snatching 1000’s, tons of, tens, or even ones, swipe a few cents alone. Achieved at scale and with regularity, these thefts can whole enormous quantities of stolen funds. Not so “silent” in any case!

Methods to Defend Your Prospects

Figuring out what the essential forms of ecommerce fraud in 2022 are is one factor. However having the ability to successfully insulate you and your clients from fraud’s sick results is fairly one other.

Beneath, we’ve rounded up our prime suggestions for serving to you, your buyer base, and your small business stay past the covetous clutches of fraudsters.

Safeguard Buyer Info

The primary manner you possibly can shield your clients? Safeguarding their most vital particulars. Right here’s how:


By filtering and monitoring incoming (and outgoing) site visitors, firewalls assist keep the safety of your web site, performing, mainly, as a literal wall between your community and the wild, wild West of the web at giant.

Via this lens, firewalls are very important not just for securing your knowledge programs however for sustaining PCI compliance. PCI DSS (Funds Card Trade Information Safety Requirements) is a set of laws all companies accepting credit score and debit playing cards should comply with. PCI compliance is a sort of “seal of approval” that exhibits your clients, regulators, and the wider market that you could be trusted to deal with delicate knowledge.

If you promote on-line with Ecwid by Lightspeed, your retailer is already PCI DSS compliant. Ecwid by Lightspeed is a PCI DSS validated Stage 1 Service Supplier. That is the highest worldwide commonplace for safe knowledge exchanges for on-line shops and cost programs.

Allow Two-Issue Authentication (2FA)

Guarantee 2FA is carried out, so anybody trying to entry your small business’s backend platforms and processes might want to log in by two units. If you or one in all your workforce members is logging in from a desktop laptop, for occasion, you’ll additionally have to affirm the try on one other system, reminiscent of your telephone, to achieve entry.

Different variations embody:

  • Two-step variation (2SV): entails receiving a one-time code or password by way of electronic mail, message, or telephone name which you could enter to log in.
  • Multi-factor authentication: a mixture of a number of types of authentication for one in all the highest ranges of safety.

Enterprise house owners promoting on-line with Ecwid by Lightspeed can use their Google or Fb accounts to register to their Ecwid retailer. Allow two-factor authentication for your Google or Fb account and thus shield your login data for Ecwid as effectively.

If you wish to add different workforce members (like success workers or a designer) to your Ecwid retailer, by no means share your Ecwid login with them. As an alternative, create separate workers accounts for every person in your retailer. Employees accounts have separate logins and don’t have entry to your profile and billing pages.

Use a Safe Fee Gateway

If you wish to supply your clients the highest degree of cost peace of thoughts doable, a safe cost gateway is a should.

A cost gateway is the tech retailers use to settle for credit score and debit card purchases: each in-person and on-line. However not all cost gateways are created equal, significantly when it involves charges and payout instances. So be positive to decide the proper one for your small business’s distinctive wants.

Ecwid by Lightspeed is built-in with dozens of safe cost gateways. You may select a cost system that’s handy each for your small business and your clients.

Extra: The right way to Choose a Fee System For Your Ecommerce Retailer

Share Recommendation and Information with Your Prospects

Certainly one of the best methods to shield your clients? Informing them.

Whether or not by emails, texts, or devoted sections on your web site, let your clients know of the fraud that exists and how they’ll shield themselves from it. (And make it easier to shield them from it!)

Be positive to clearly lay out:

  • How your small business greets its clients (to allow them to spot discrepancies)
  • How your small business doesn’t greet its clients, and what it received’t request (i.e., their login particulars or to click on a hyperlink to log in)
  • Clear, actionable suggestions for clients to maintain their account particulars secure (if your small business retains buyer accounts)
  • The right way to get in contact if one thing doesn’t look proper or if the buyer has questions
  • What safety checks you’re introducing, if any
  • How the buyer can safely replace their particulars
  • What to do if they obtain a rip-off electronic mail (i.e., a fraudster posing as your small business) and methods to report the fraudulent communication

Useless to say, these sorts of comms are very important. Not solely do they encourage belief and supply an wonderful person expertise, however additionally they assist cut back the danger of your clients falling prey to ecommerce fraud.

Keep in mind, too, to make this data as accessible as doable. Your clients won’t learn their emails or completely learn by your web site. So the extra channels you possibly can publicize this recommendation on, the higher!

Preserve Your Website Up to date and Conduct Common Safety Audit

Earlier, we analogized the wider web as a sort of “Wild West”: a frontier state the place bandits and lawlessness abound.

Now, whereas that may be a little on the harsh aspect, there are many threats on the market and myriad strategies by way of which phishers, hackers, and fraudsters can derail your small business:

  • DoS (Denial of Service) assaults: a hacker makes an attempt to cease customers from accessing your website’s providers.
  • DDoS (Distributed Denial of Service) assaults: the perpetrator doesn’t assault you instantly however as a substitute makes use of your website as a “zombie” with which to hurt one other website. In a DDoS assault, your servers are inundated by requests from a bunch of untraceable IP addresses, crashing your website, and stopping site visitors and gross sales.
  • Brute drive assaults: right here, hackers hit your web site with 1000’s of completely different password mixtures in an try and achieve entry.
  • Man in the center (MITM) assaults: if your buyer is accessing your website by way of a weak community (i.e., public WiFi), hackers can “hear in” to the transaction and use it to extract delicate knowledge.
  • SQL injections and cross-site scriptings: these assaults exploit vulnerabilities in your website. In an SQL injection, hackers goal your kinds to achieve entry to, corrupt and steal data out of your website’s backend. In cross-site scripting, hackers insert malicious snippets of code that steal your guests’ data.

The truth that all these modes of assault exist? That’s the dangerous information. The excellent news, nevertheless, is that these hackers are opportunists. They’re on the lookout for vulnerabilities in your website’s safety and fraud prevention setup. Which means, by conserving your website up to date and usually figuring out, understanding, and plugging its vulnerabilities you possibly can cut back the danger of a hacker focusing on your web site and enterprise.

To do this, conduct common safety audits. Assess your website’s infrastructure for loopholes, exploring the backend and code (together with extensions and themes) for something hackers can exploit. Guarantee:

  • Your passwords are sturdy
  • Your software program is up to date
  • Your website’s SSL (Safe Sockets Layer) certificates is up to date

Talking of SSL certificates, if you created your ecommerce web site with Ecwid by Lightspeed, you have already got an SSL certificates by default.

If you added your Ecwid retailer to an present web site, you have already got the free SSL certificates for your retailer. Nonetheless, the remainder of the web site is a separate matter. You have to buy an SSL certificates to shield delicate data. Learn to do that in the Ecwid Assist Middle.

One other option to shield your web site is to revise the checklist of your on-line retailer’s workers accounts and take away the workers members that you simply do not work with anymore. This fashion, you forestall hackers from profiting from these “again channels” to achieve entry to your website.

Key Occasions to Defend Your Web site

So, now that we’ve defined what fraud to search for and methods to shield your web site from it, let’s take a look at the when–at the key instances all through the 12 months when hackers are most energetic.

Public Holidays

“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) have noticed an enhance in extremely impactful ransomware assaults occurring on holidays and weekends–when places of work are usually closed–in the United States, as not too long ago as the Fourth of July vacation in 2021.” — Ransomware Consciousness for Holidays and Weekends, 2021.

Christmas, Easter, Memorial Day, Independence Day–although the remainder of us are spending time with our households and unwinding, hackers are doing something however calm down.

Elevated distraction on the a part of the buyer or end-user and much less workers and assets on the enterprise’s finish means situations are rife for hacking.

Towards this backdrop, don’t let your small business get caught out. Don’t wait till the subsequent vacation to set your website’s safety up for success, or end up scrambling to audit your website mere days earlier than the lengthy Mom’s Day weekend. Keep in mind that previous Chinese language proverb?

The most effective time to plant a tree was 20 years in the past. The second greatest time is at this time.


Hackers are inclined to goal companies once they’re most weak and once they’re closed.

That’s why weekends, significantly lengthy ones, the place public holidays are concerned, are ripe alternatives for hackers. Nonetheless, that doesn’t imply you need to let your guard down throughout the remainder of the week. Hackers, on common, assault a staggering 26,000 instances per day, so it is advisable to stay vigilant.


As the alternatives of ecommerce evolve, so do its threats.

With so many scaremongering statistics on the market, it will be straightforward to wish to put your fingers in your ears, flip a blind eye, and take an “ignorance is bliss” method.

However this mentality doesn’t have in mind that with these threats come much more thrilling alternatives.

To make the cost course of safer, simpler, extra handy and extra constant than ever earlier than. To construct your model, engender buyer loyalty, and enhance belief together with your viewers by displaying them that you simply worth their privateness and respect the sensitivity of their knowledge. And, in the course of, lay the foundations for your ecommerce enterprise’s strong, sustainable success.

Do you wish to study extra about cyber safety for ecommerce?

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here