eCommerce Fraud Prevention. Detect eCommerce Fraud With Machine Learning

eCommerce Fraud Prevention. Detect eCommerce Fraud With Machine Learning

Dorota Owczarek - July 25, 2022 - updated on April 26, 2023

Online shopping has lately gained even more popularity as people become more comfortable with buying items over the internet. That has led to a massive increase in eCommerce transactions, with which comes the risk of fraud. Fraudsters are always looking for new ways to exploit the system, so online merchants need to stay vigilant to protect their businesses.

In this article, we will discuss different types of eCommerce fraud and how you can use machine learning models to detect and prevent them.

What Is eCommerce Fraud, and How Does It Work

For over two decades, online shopping has been gradually gaining popularity worldwide, becoming more manageable and accessible. Its true boom, however, came with the pandemic. eCommerce has never stopped growing ever since, making retailers redefine their approach toward sales. That proves that we just needed a little push to change our habits that would likely change anyway with time.

The instant switch we experienced had both positive and negative implications. On the one hand, the retailers gained an opportunity to reduce costs related to maintaining their physical locations and reach wider target groups. On the other, with new platforms and eCommerce sales channels emerging, the fraudsters gain more opportunities to take advantage of online users.

Ecommerce fraud is any fraud related to online sales. Since the e-commerce industry generates numerous transactions, fraudsters have a lot of room to prove themselves. In this article, we will take a closer look at their attempts and explain how fraud detection systems can detect or prevent them.

The Different Types of eCommerce Fraud

Generally, frauds may fall into one of two categories: those which affect customers and those which affect businesses. Of course, in the case of the first category, the company will also feel the secondary effects. Some frauds, however, are specifically targeted at them. Within the scope, we can distinguish various types of e-commerce fraud with entirely different specifics. Let’s dive into the most common cases to understand the techniques fraudsters use.

Credit Card Fraud

If we had to pick one type that would deserve the infamous name of the “king of the fraud,” it would definitely be the credit card one. Even though it happens relatively rarely, considering the number of online credit card transactions carried out every day, the efficiency of the fraudsters is still worrying.

According to the Federal Trade Commission report from 2020, credit card fraud is the most common type of identity theft, making up over 20% of such crimes. Nowadays, when users regularly shop online and often have their credit card details embedded in their accounts on the shopping platforms, they’re particularly vulnerable to this type of fraud.

Credit card fraud can be understood in two ways:

  • as a takeover of someone’s card details to make purchases or withdraw funds from the account
  • as applying for a credit card with someone else’s details

While the second type of fraud requires a lot of “work” (the fraudster has to come into possession of various data and documents like, for instance, income records), the first one is relatively easy to carry out.

In the past, when online purchases weren’t that popular, the most common way to steal credit card info was using an ATM skimmer – a device that would gather the details after the card was inserted.

Today, it’s enough that the user makes a purchase when connected to public wi-fi. Such networks are a paradise for hackers since they make intercepting customer data extremely easy due to their architecture. The users can also fall into the trap of connecting to rogue hotspots that mimic the regular public networks but are created to steal personal data.

Fraudsters may also intercept the credit card details with phishing e-mails or pishing websites that are faithful copies of legitimate platforms that process transactions. Some also use spyware or rely on data leaks.

Friendly Fraud / Chargeback Fraud

The chargebacks have been becoming increasingly popular in recent years, and they are undoubtedly an empowering tool for customers to fight against unauthorized use of their credit cards. However, their increasing availability creates the potential for abuse.

Friendly fraud, alternatively called chargeback fraud, occurs when a customer makes an online purchase with their credit card and then demands the chargeback from its issuer. The name of this fraud is misleading, but it didn’t come from anywhere. On the surface, it may look like a legit claim, but in the end, the customer may use it to unduly withdraw from the purchase or keep the product without paying. Usually, when asking for a chargeback, the customers use one of the following justifications:

  • the product didn’t arrive
  • the product didn’t fulfill their expectations
  • the product was purchased by an unauthorized party
  • the product was purchased with a stolen credit card
  • they got overcharged

The frauds of this kind can be problematic since it may be difficult for the company to prove that the claim is fraudulent. Some arguments, like the one regarding the lack of delivery, are easy to undermine, but others can cause some issues. Detecting friendly fraud is equally challenging. However, modern fraud detection systems can find patterns in customer history that would be hard to identify otherwise and link them to fraudulent activity.

Account Takeover Fraud

In the case of online e-commerce platforms, account takeovers are the kind of fraud that can cause the most severe consequences. If the user has kept automatically saved payment data, the fraudsters can use them to withdraw funds from the bank account. They also may access other vulnerable information such as personal data, addresses, company data, etc.

To take over the accounts, fraudsters tend to use similar methods as in the case of credit card details theft. They either take advantage of the insecure public networks, install spyware, or use pishing strategies, posing as customer agents of the platform or an eCommerce store. They may also create mirror-like pishing websites that retrieve account details without the user noticing.

Return Fraud

Return fraud is similar to friendly fraud - however, it doesn’t usually involve the financial institutions that have processed the transaction. Instead, the shopper claims directly to the online shop or platform that they want to return the purchased item and receive a refund. The return frauds may adopt different forms, from treating purchases as a rental (common in the clothing industry), claiming that the goods were never delivered, to returning empty boxes or removing valuable parts before returning the goods. Return fraud is often combined with credit card fraud – the fraudster uses stolen details, fresh emails, and store accounts to purchase something that they later return. Identifying some of the website behavior patterns and mixing them with external data sources may help to discover return frauds.

Gift Card Fraud

This type of fraud has gained recognition with the Google Play Gift Card scam that the scammers in the US would notoriously use for quite some time. They would call people posing as governmental agents and remind them about, for instance, fiscal obligations requiring immediate payments. The victims would be asked to transfer the money to the gift cards and share their details.

Contrary to credit card fraud, this scam is difficult to reverse once the money from the card is spent. There is no chargeback option in such a case, and the transaction will not be that easy to flag as the purchase itself is not associated with the scammed customer. However, sophisticated fraud detection models can handle that challenge, too!

Shipping and Handling Fraud

There are two ways in which shipping fraud can be understood – first, as a falsification of the shipping address, and second, as processing the purchase but never proceeding to deliver it. In the first case, different billing and shipping address is often an indicator of a scam.

The other one is a domain of the fraudulent freight forwarders. Even though it’s easy to detect, it may be hard to prove since the deliveries can be falsified in the system. Fraudsters may, for instance, attribute fake tracking numbers to the orders so that the customer cannot follow them, refuse to issue the bill of lading, or mislead clients with their vague order execution policy. The shipping fraud can harm both customers and the retailer since it affects the company’s image. Plus, the intermediary character of this fraud makes it harder to find the culprit and solve the issue. Plus, as it often takes place on international grounds, law enforcement becomes more complicated.

Reseller Fraud

This fraud has intensified with the popularization of big online marketplaces such as Amazon or Aliexpress. In a nutshell, it’s a practice of buying the product in high demand in large quantities, usually with the support of bots, and then reselling them online. The issue gained visibility during the pandemic, when the resellers would purchase bulk quantities of antibacterial gel and face masks, selling them later with an extremely high margin.

Reseller fraud is relatively easy to detect but difficult to combat. Often it’s considered a victimless crime since, in the end, the transactions themselves are legit, and lifting the margin is not against the law. However, it can affect the company’s image and its profit.

eCommerce Fraud Prevention Tools

Both e-commerce platforms and financial institutions that process the transactions support the retailers with their fraud detection systems to prevent and detect fraud. Once they identify the suspicious activity, they can either flag it and inform the retailer or take independent steps to block the fraudulent transactions from being processed.

By implementing good practices, such as strong password requirements and verifying the billing data with the AVS (address verification system), the companies can reduce the probability of account takeovers and credit card detail theft. However, it is not enough to keep their customers safe, considering the intensifying activity of fraudsters in the e-commerce field.

Some eCommerce merchants invest in the plugins or tools available in the SaaS model. These, however, may compromise safety to a certain extent since they are designed to serve any company from any field. By picking a custom fraud prevention solution, they can adjust the model to the specifics of their particular niche and its most common risks.

How Is Machine Learning Being Used for eCommerce Fraud Prevention?

Machine learning helps the fraud detection and prevention system users adjust to the dynamic nature of the fraudulent activity. The fraudsters naturally tend to change their patterns quite often, and that’s why rule-based programming keeps them one step behind. In traditional detection systems, the rules are reverse-engineered based on the occurring fraudulent incidents. That means that anytime a new type of fraud emerges, the system requires redesigning.

Machine learning systems already support retail, eCommerce, and marketing sectors with various solutions for natural language processing (NLP). Many fraud detection systems rely on analyzing documents and textual data, which are hard to process without a dedicated NLP model.

Machine learning approach to eCommerce fraud detection

Machine learning approach to eCommerce fraud detection

Also, the standards of the industry and every particular eCommerce website (for instance, average cart value) change, making the rules irrelevant with time. That’s not the case with machine learning, where the model establishes its own logic and identifies patterns that would often be undetectable otherwise.

Let’s give an example. We have a female American customer that travels often, and their purchase history is quite international - however, it’s always the EU country. This time, their order comes from a nearby country that is not an EU member and has a relatively strict visa policy, particularly for American citizens. That could be the hint that the transaction is fraudulent.

Aside from the location, the model analyses the user’s shopping history to check whether the purchase shows signs of unusual character. It turns out that it is a type of product the user would never buy before, and its cost is much more than the average spendings. Also, it is male-targeted. With that information, the ML model proceeds to analyze additional variables through the prism of patterns identified in the learning process until it can decide on whether to issue an alert.

Production ML fraud detection and prevention models usually analyze a wide range of data. During the initial model development process, we try to investigate all the available data. The data that is used depends on what is available and what the company wants us to focus on. In many cases, we may use data from social media lookup, attribution data, behavior analytics, logistics provider data, and customer complaints but also external data sources that will give us information on the particular customer to highlight any fraudulent behaviors and assign a preventive process whenever possible.

The Benefits of Using Machine Learning for eCommerce Fraud Detection

With machine learning, it is less likely for the retailers to miss the often subtle signs that indicate fraudulent activity. In e-commerce frauds, there is rarely any big red flag that would discredit a suspicious customer. It’s rather a combination of variables. The machine learning model can use what it has learned about the particular customer and the purchase patterns in the online shop to find that little deviation from the norm.

Features of successful fraud detection and prevention systems for eCommerce

Machine learning models for e-commerce fraud detection help retailers reduce the number of false alerts since their accuracy is much higher. Traditional systems often make the legitimate customers migrate to other online store as it affects their user journey negatively. Also, by engaging artificial intelligence-based systems, the retailers can reduce the size of the fraud analyst team, cutting costs significantly. Of course – machine learning models still may need some verification mechanisms, but they reduce the amount of engagement required, unlocking funds for investments in the other fields.

The Future of eCommerce Fraud Prevention

Fraud prevention will likely become even more machine learning-dependent in the future. Lately, it has become increasingly common to apply deep learning techniques to detect fraudulent activity. When it comes to fraud protection, the more data, the better – and neural networks are the best at processing them effectively. Combined, supervised, and unsupervised deep learning methods enable companies to detect fraud in real-time, significantly reducing fraud-related harm. We also notice a strong migration towards custom detection systems that make accurate feature extraction and pattern identification easier.

Contact us today and learn how you can prevent fraud with a custom machine learning system for eCommerce fraud detection.

About the author

Dorota Owczarek

Dorota Owczarek

AI Product Lead & Design Thinking Facilitator

Linkedin profile Twitter

With over ten years of professional experience in designing and developing software, Dorota is quick to recognize the best ways to serve users and stakeholders by shaping strategies and ensuring their execution by working closely with engineering and design teams.
She acts as a Product Leader, covering the ongoing AI agile development processes and operationalizing AI throughout the business.

Would you like to discuss AI opportunities in your business?

Let us know and Dorota will arrange a call with our experts.

Dorota Owczarek
Dorota Owczarek
AI Product Lead

Thanks for the message!

We'll do our best to get back to you
as soon as possible.

Becoming AI Driven

Insights on practical AI applications just one click away

Sign up for our newsletter and don't miss out on the latest insights, trends and innovations from this sector.


Thanks for joining the newsletter

Check your inbox for the confirmation email & enjoy the read!

This site uses cookies for analytical purposes.

Accept Privacy Policy

In the interests of your safety and to implement the principle of lawful, reliable and transparent processing of your personal data when using our services, we developed this document called the Privacy Policy. This document regulates the processing and protection of Users’ personal data in connection with their use of the Website and has been prepared by Nexocode.

To ensure the protection of Users' personal data, Nexocode applies appropriate organizational and technical solutions to prevent privacy breaches. Nexocode implements measures to ensure security at the level which ensures compliance with applicable Polish and European laws such as:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (published in the Official Journal of the European Union L 119, p 1); Act of 10 May 2018 on personal data protection (published in the Journal of Laws of 2018, item 1000);
  2. Act of 18 July 2002 on providing services by electronic means;
  3. Telecommunications Law of 16 July 2004.

The Website is secured by the SSL protocol, which provides secure data transmission on the Internet.

1. Definitions

  1. User – a person that uses the Website, i.e. a natural person with full legal capacity, a legal person, or an organizational unit which is not a legal person to which specific provisions grant legal capacity.
  2. Nexocode – NEXOCODE sp. z o.o. with its registered office in Kraków, ul. Wadowicka 7, 30-347 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Department of the National Court Register, under the KRS number: 0000686992, NIP: 6762533324.
  3. Website – website run by Nexocode, at the URL: whose content is available to authorized persons.
  4. Cookies – small files saved by the server on the User's computer, which the server can read when when the website is accessed from the computer.
  5. SSL protocol – a special standard for transmitting data on the Internet which unlike ordinary methods of data transmission encrypts data transmission.
  6. System log – the information that the User's computer transmits to the server which may contain various data (e.g. the user’s IP number), allowing to determine the approximate location where the connection came from.
  7. IP address – individual number which is usually assigned to every computer connected to the Internet. The IP number can be permanently associated with the computer (static) or assigned to a given connection (dynamic).
  8. GDPR – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and onthe free transmission of such data, repealing Directive 95/46 / EC (General Data Protection Regulation).
  9. Personal data – information about an identified or identifiable natural person ("data subject"). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of identifiers such as name, identification number, location data, online identifiers or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
  10. Processing – any operations performed on personal data, such as collecting, recording, storing, developing, modifying, sharing, and deleting, especially when performed in IT systems.

2. Cookies

The Website is secured by the SSL protocol, which provides secure data transmission on the Internet. The Website, in accordance with art. 173 of the Telecommunications Act of 16 July 2004 of the Republic of Poland, uses Cookies, i.e. data, in particular text files, stored on the User's end device.
Cookies are used to:

  1. improve user experience and facilitate navigation on the site;
  2. help to identify returning Users who access the website using the device on which Cookies were saved;
  3. creating statistics which help to understand how the Users use websites, which allows to improve their structure and content;
  4. adjusting the content of the Website pages to specific User’s preferences and optimizing the websites website experience to the each User's individual needs.

Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number. On our Website, we use the following types of Cookies:

  • "Session" – cookie files stored on the User's end device until the Uses logs out, leaves the website or turns off the web browser;
  • "Persistent" – cookie files stored on the User's end device for the time specified in the Cookie file parameters or until they are deleted by the User;
  • "Performance" – cookies used specifically for gathering data on how visitors use a website to measure the performance of a website;
  • "Strictly necessary" – essential for browsing the website and using its features, such as accessing secure areas of the site;
  • "Functional" – cookies enabling remembering the settings selected by the User and personalizing the User interface;
  • "First-party" – cookies stored by the Website;
  • "Third-party" – cookies derived from a website other than the Website;
  • "Facebook cookies" – You should read Facebook cookies policy:
  • "Other Google cookies" – Refer to Google cookie policy:

3. How System Logs work on the Website

User's activity on the Website, including the User’s Personal Data, is recorded in System Logs. The information collected in the Logs is processed primarily for purposes related to the provision of services, i.e. for the purposes of:

  • analytics – to improve the quality of services provided by us as part of the Website and adapt its functionalities to the needs of the Users. The legal basis for processing in this case is the legitimate interest of Nexocode consisting in analyzing Users' activities and their preferences;
  • fraud detection, identification and countering threats to stability and correct operation of the Website.

4. Cookie mechanism on the Website

Our site uses basic cookies that facilitate the use of its resources. Cookies contain useful information and are stored on the User's computer – our server can read them when connecting to this computer again. Most web browsers allow cookies to be stored on the User's end device by default. Each User can change their Cookie settings in the web browser settings menu: Google ChromeOpen the menu (click the three-dot icon in the upper right corner), Settings > Advanced. In the "Privacy and security" section, click the Content Settings button. In the "Cookies and site date" section you can change the following Cookie settings:

  • Deleting cookies,
  • Blocking cookies by default,
  • Default permission for cookies,
  • Saving Cookies and website data by default and clearing them when the browser is closed,
  • Specifying exceptions for Cookies for specific websites or domains

Internet Explorer 6.0 and 7.0
From the browser menu (upper right corner): Tools > Internet Options > Privacy, click the Sites button. Use the slider to set the desired level, confirm the change with the OK button.

Mozilla Firefox
browser menu: Tools > Options > Privacy and security. Activate the “Custom” field. From there, you can check a relevant field to decide whether or not to accept cookies.

Open the browser’s settings menu: Go to the Advanced section > Site Settings > Cookies and site data. From there, adjust the setting: Allow sites to save and read cookie data

In the Safari drop-down menu, select Preferences and click the Security icon.From there, select the desired security level in the "Accept cookies" area.

Disabling Cookies in your browser does not deprive you of access to the resources of the Website. Web browsers, by default, allow storing Cookies on the User's end device. Website Users can freely adjust cookie settings. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject is provided in the help or documentation of the specific web browser used by the User. The User can decide not to receive Cookies by changing browser settings. However, disabling Cookies necessary for authentication, security or remembering User preferences may impact user experience, or even make the Website unusable.

5. Additional information

External links may be placed on the Website enabling Users to directly reach other website. Also, while using the Website, cookies may also be placed on the User’s device from other entities, in particular from third parties such as Google, in order to enable the use the functionalities of the Website integrated with these third parties. Each of such providers sets out the rules for the use of cookies in their privacy policy, so for security reasons we recommend that you read the privacy policy document before using these pages. We reserve the right to change this privacy policy at any time by publishing an updated version on our Website. After making the change, the privacy policy will be published on the page with a new date. For more information on the conditions of providing services, in particular the rules of using the Website, contracting, as well as the conditions of accessing content and using the Website, please refer to the the Website’s Terms and Conditions.

Nexocode Team