The Growing Threat of Payment Fraud for Online Retailers

Black Friday is almost upon us, and this year, online retailers will likely exceed last year’s holiday sales figures of nearly $8 billion. Researchers predict that over the next three years, global e-commerce will grow six times faster than traditional in-store sales to reach $5.8 trillion by 2022.

While that’s exciting news for e-commerce firms, there is a sobering counterpoint: they must also confront the growing problem of online payment fraud and account abuse. The figures are alarming: Juniper Research estimated that annual online payment fraud losses from e-commerce, airline bookings, money transfer and banking services will reach $48 billion by 2023 (from $22 billion in 2018).  

The Numbers

Compounding the problem is that apart from the actual dollar value directly lost through fraudulent transactions, merchants must also deal with legal costs, interest, charge backs, merchandise replacement, and various other expenses. For every dollar lost through payment fraud in 2019, LexisNexis Risk Solutions estimates that merchants will incur total losses to the tune of $3.13, an increase of 6.5% over 2018 (and a big jump from $2.40 in 2016).  

[You may also like: Retailers, How Much of Your Holiday Traffic is Actually Human?]

Payment fraud involving CNP (‘Card Not Present’) transactions is forecast to cost merchants an estimated $130 billion in revenue 2019 and 2023, according to Juniper Research. In the United States alone, CNP fraud grew 34% from 2015 to 2016 to $4.57 billion according to latest available statistics from the Federal Reserve Payments Study.  

With data breaches that expose payment card details having become worryingly regular events, the pool of potential victims of payment fraud is growing deeper by the day. Risk Based Security’s ‘Mid-Year Quick View Data Breach Report’ counted 3,813 data breaches in H1 of 2019 that compromised over 4.1 billion records, an increase of 52% over the previous year.  

How Can Payment Fraud Be Thwarted?

Initiatives such as PCI-DSS (Payment Card Industry Data Security Standard) and Mastercard’s Identity Check, among others, aim to reduce fraud by promoting and enforcing data security standards, and by leveraging several types of identifying data to ensure that only card holders, not bots, are able to carry out online transactions.

Organizations such as the European Cybercrime Center, the Internet Systems Consortium, the Malware Anti-Abuse Working Group and Spamhaus have all coordinated takedowns of botnets that were implicated in payment fraud. However, when one group of cyber criminals is thwarted, others quickly join the fray. And as technical vulnerabilities are patched, cyber criminals soon seek other methods to perpetrate fraud.  

[You may also like: A Healthy Bot Management Strategy]

Our experience with e-commerce customers indicates that the best way to stop payment fraud is to stop cyber criminals right at the outset ─ as soon as they visit your site.

Generally, when fraudsters try to use stolen user account credentials or payment card details, they traverse through various pages on your site or app to view product listings and descriptions, add items to shopping carts, and finally land on your payment page.

With the help of behavioral analysis by bot management solutions like Radware Bot Manager, you should be able to stop payment fraud and carding attempts well before they reach your payment page. This helps you protect your customers as well as your business from payment fraud, as well as other threats posed by bots.  

[You may also like: Navigating the Bot Ecosyste]

The escalating cost of fraud ─ and the difficulties that conventional web security systems have in differentiating between real shoppers and bad bots ─ make it crucial for retailers to adopt dedicated solutions that can detect and block automated attacks in real-time. With no comprehensive solution to payment fraud available today, online retailers simply cannot wait until a technically-robust authentication system is developed and widely adopted. This is why e-commerce businesses are increasingly adopting specialized bot management solutions that are designed to detect malicious automation that can effectively stop payment fraud and other automated threats.  

Read “The Ultimate Guide to Bot Management” to learn more.

Download Now

Siddharth Deb

Siddharth is a Senior Content Developer at Radware's Bot Management group. He has worked with over 150 organizations across a diverse range of industries over the past decade and a half, writing research articles, blogs, scripts, white papers, web content and much more. Siddharth has a BBA from UT Arlington, and is a passionate motorcyclist who regularly rides to his favorite destinations.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center