.webp)
.webp)
Ecommpay has published a free guide for online merchants on common eCommerce fraud risks and steps businesses can take to reduce them.
It comes as fraud losses rise in the UK. Ecommpay cited industry figures showing payment fraud losses of £1.17 billion in 2024, and described a threat landscape that includes more sophisticated social engineering and identity-based attacks alongside long-standing card fraud and chargeback disputes.
The resource, titled "E-commerce fraud defence: A quick guide for merchants", outlines nine fraud threats it considers most critical for online businesses. These include identity theft and account compromise, as well as newer tactics using generative artificial intelligence.
Fraud can harm a business beyond the immediate loss from an unauthorised transaction. Disputed payments add operational costs and can disrupt customer service. Repeated incidents can also raise questions about a merchant's controls and strain relationships with payment providers.
Chargeback disputes
The guide highlights "friendly fraud", where a customer disputes a legitimate charge. It also covers cases in which customers request a refund because they do not recognise a transaction and believe it is unauthorised.
Ecommpay put friendly fraud at 45% of all chargebacks. Chargebacks can reduce revenue, add fees, and increase administrative work. Dispute rates can also influence how payment partners assess risk.
Refund pressure
The guide also addresses refund fraud, in which criminals exploit return policies. Examples include "decoy" returns and shipping empty boxes. These scams can be difficult to detect when merchants process high volumes of returns and rely on automated workflows.
Refund fraud is not limited to the UK. Ecommpay cited an estimate that it cost £103 billion globally in 2024. For retailers, the impact can include inventory loss, write-offs, and higher handling costs. It can also lead to tougher returns policies that affect customer experience.
Account takeovers
Account takeover is another risk covered in the guide. In these attacks, fraudsters gain access to customer accounts to make purchases, drain loyalty points, or change account details.
Such incidents can be difficult to reverse quickly, particularly when digital goods, vouchers, or loyalty points are involved. Ecommpay reported that account takeover attacks increased by 76% in 2024. The guide links them to password reuse, phishing, and weaknesses in authentication processes.
AI tactics
Ecommpay also pointed to generative AI as a driver of new fraud techniques, saying more than 50% of modern fraud now involves generative AI tools. It highlighted convincing phishing emails and deepfake videos that can bypass verification checks.
Merchants and payment providers have paid greater attention to AI-driven threats in recent years. The same tools used for legitimate marketing and customer service can also make it easier for criminals to scale social engineering and harder for staff to spot suspicious activity during manual reviews.
The guide recommends a layered approach that combines transaction monitoring, identity checks, customer communications, and human review. Many merchants already use some combination of these measures, though the mix varies by sector, product type, and geography.
Ecommpay operates as a payments platform and sells risk management tools. It said its risk management platform delivers a 97%+ fraud-prevention rate, but did not provide details on how it calculates the figure or the time period covered.
The guide's publication comes as merchants continue to balance fraud controls with conversion rates. Extra steps at checkout can reduce fraud but also increase basket abandonment, making fraud policy a commercial decision as well as a security one, particularly for businesses competing on convenience.
Willem Wellinghoff, Chief Compliance Officer and UK Chair at Ecommpay, said the pace of change in eCommerce fraud means merchants should treat it as an ongoing operational risk rather than a one-off technical project.
"The best way to tackle the ever-evolving fraud techniques used in eCommerce today is through a multi-layered security approach, combining advanced technology with proactive communication and expert human oversight. Based on our expertise and firsthand experience with our merchant partners, our new guide aims to help merchants identify where they can increase security to better protect customers and revenue," said Willem Wellinghoff, Chief Compliance Officer and UK Chair, Ecommpay.
Ecommpay expects the mix of fraud types to keep changing as criminals adopt new tools and test merchant controls across different channels, including email, mobile, and social platforms.