PaylobbyGuidesFraud management › Fraud management in e-commerce

Fraud management in e-commerce

The customer has selected the goods and completed the order. The only step left is the payment. Online retailers are losing an average of two percent of their sales through unsuccessful payment - and the trend is on the rise. This has been the result of the study "Online payment transactions as seen by the Merchants" of the E-commerce Center Trade at the Institute for Trade Research in Cologne. Good risk management and fraud management are therefore essential.

Why did the online payment fail?

In principle, two main risks can be distinguished. On the one hand, insolvent buyers would lead to a failure to complete payment. The creditor, i.e. the trader, consequently no longer receives payment on the foreseen transaction. The second risk implies a disruption of payment. This is usually preceded by a payment failure and describes a non-payment until it is clear whether the payment still takes place or ultimately fails. Frequent reasons for failure and disruptions are fraudulent attempts such as identity theft, commercial credit fraud and stolen credit cards. Other sources of failure to pay also include incorrect entries, customer’s lack of knowledge or misunderstandings.

Security for credit card payments - 3D-Secure

A common first step in ecommerce fraud prevention is the 3D-Secure method. The identity of the card owner is then being verified before the purchase is authorized. During the payment process, the online shop sends a request to the card issuing bank. This in turn opens an input window in the browser and the customer must enter his personal security code, also known as SecureCode. If the confirmation of the authentication check is successful, the order proceed is confirmed. However, if it fails, the payment process is terminated immediately and the transaction is cancelled. For further information on the subject, read our guide on payment process of the credit card.

Automated risk checks in the checkout process

Automated controls on customer data can be integrated directly into the checkout process by the online retailer. The customer data is compared with the online retailer client database. It is then determined whether the buyer is already a customer of the company, having previously successfully completed transactions. This allows the trader to create blacklist mechanisms. Customers who are often negatively noticed or have still open invoices are only supplied against prepayment. Additionally, the merchant can also set up a shopping cart control. For example, certain items and products may be marked as allowing for a lower-risk payment method. For e-commerce, a number of coordinated measures have to be considered.

Best practices in online payment risk management

In order to effectively avoid or minimize risks, effective measures need to be taken. The instruments for this are described below.

Address verification

The system checks whether the address is correct. For this purpose, an address database is activated in order to verify the existence of the address. These databases are not country-dependent. Credit card providers can check the address provided with the registered address. If, for example, the customer specifies a German delivery address, with an IP originating from another country, this can already be a sign of fraud. Also, the client's IP may have been obscured by an anonymization service.

Identity control

Commercial database providers can be asked to verify if the customer is really living at the address stated. In addition, most European countries’ personal identifications card feature an e-ID function, allowing the user to confirm their identity. However, it must be mentioned here that this method must be manually enabled by the cardholder.

Credit score verification

Negative characteristics are used to check the solvability of a customer. These can be collection databases with information on the current payment behavior, debtors' directories of the courts or the comparison with blocked lists from the stationary trade, the telecommunication sector and the police fraud file Kuno.


The scoring process calculates the probability of a faulty payment. The score is composed of various point, each representing different characteristics. The points ​​are collected through statistical evaluations. The higher the overall score, the higher is the credit rating. For example, if a person took a loan and repaid it in time, it has a positive effect on the score. Additional informations such as family data, place of residence or occupational group can be included in the scoring procedure. These differ from provider to supplier.

Payment control

The results of the above-mentioned methods of verification can be actively used to determine the type of payment control. Payment methods which are not recommended for this customer due to their purchasing and payment behavior are then ruled out. This minimizes the risk of fraud for the merchant. It is also possible to use the payment method only for certain payment types. This means that only very reliable customers can use the "risky" methods of payment. Most payment service providers offer a number-type control.

Risk management for payment service providers

Risk management tools are offered as services by payment providers. Merchants can access it for a fee. Some payment providers like Billpay or Paypal have included risk management in their prices. However, the trader has no influence on risk management decisions. Payment service providers provide a large number of risk management tools. If the merchant uses this service, the PSPs' experts constant analyze may enable immediate intervention. Traders have the advantage not to lose potential customers by erroneous refusals and are also optimally protected against fraud attempts. In the case of payment providers such as Six Payment Services or Sage Pay, the merchant can decide which payment methods they wish to make available to certain customers. The risk management has to be adapted individually for every industry and size of the commodity basket. For example, the risk of an online grocery store's failure risk is different from that of a computer retailer.


  • I accept the terms and condition and privacy policy

Fraud in mobile payment

The mobile channel is the newest victim of fraudster. Learn more about the fraud in mobile payment.