How to detect online fraud transactions and protect your business

As the methods of fraudsters evolve, so must the technology and intelligence used to identify and combat these threats, making it essential to pinpoint the sources and perpetrators.

Link to the author's page
December 18, 2023
Link to the author's page
How to detect online fraud transactions and protect your business

Online shopping is booming like never before. In Europe, 96% of consumers said they made a purchase online in the past 12 months. Similar figures are found in other geographies, also.

But as the volume of online sales goes up, so do the instances of online fraud, creating new challenges for merchants across all sectors. The Cyber Security Breaches Survey 2020 points out that large businesses saw a 78% increase in fraud. Medium-sized companies saw a 68% increase. In the ecommerce space, fraud cost the industry $35.54 billion. So this is obviously a problem that can't be ignored.

Given the negative impacts of fraud, both direct and indirect, businesses cannot afford to stand still. Now more than ever is the time to put in place best-in-class fraud prevention practices to reduce costs, protect the business' reputation and customers.

If learning how to accept payments online is the first step, detecting fraud is the second step.

How to detect fraud in online transactions

As fraudsters' methods evolve, so does the technology and intelligence needed to stop them. Identifying who is behind the threats and where they are coming from is vital. And to do this, businesses need to have the right technology, support and service on hand to detect online fraud transactions and stop them in their tracks.

Find out how helps businesses to fight fraud.

10 tips for fraud detection in online transaction

Use an Address Verification Service

As paying online is a card-not-present (CNP) transaction, an Address Verification Service, or AVS, will send a request at the payment gateway asking for user verification from the issuing bank.

At the point of purchase, the card user has to provide their billing address and postcode. If these don’t fully match (known as an AVS mistmatch), the transaction needs further investigation.

Check CVV (Card Verification Values)

Card Verification Value (CVV) — the three numbers on the back of a card take merchants a step closer to identifying online fraud transitions. If the CVV entered at the checkout doesn’t match the card, the transaction should be declined.

Also, those merchants that ask for the CVV in combination with using an AVS also give themselves the best chance of winning should the cardholder dispute the payment.

Use 3D Secure payer authentication

3D Secure payer authentication is a triple-threat tool against online fraud transactions. The latest 3D Secure protocol, 2.0, requires customers to provide a combination of a minimum of two of the following authentication elements:

  • Something the consumer knows: One-time password, SMS code, PIN, password, personal information or security question.
  • Something the consumer owns: Credit or debit card, key fob, mobile device, token, or wearable device.
  • Something the consumer is: Biometric data like a fingerprint, iris scan, or facial or voice recognition.

3DS 2.0 also facilitates a richer exchange of data between the cardholder’s device and the issuer. This enables the issuer to perform Risk-Based Authentication (RBA). And, depending on the issuer’s decision, the authentication will either go through a frictionless flow — where the transaction is perceived as secure. Or through a challenge flow where the user may be prompted to provide further verification.

Look up email addresses

An email is practically an online passport. Checking an email is genuine is a smart idea in the fight to identify online fraud transactions. Using a reverse email lookup service is a quick way to find out who the email owner is.

Use device identification

Just like people, devices have unique fingerprints — ones that fraudsters can’t manipulate. Device identification analyses the computer, not the user. It looks at the operating system, internet connection and browser to see if it’s been declined or flagged for risk. This practical step can block and detect possible online fraud transactions from slipping through the net.

Flag large transactions

Fraudsters with stolen cards will try to pull off the largest transaction they can before the card gets blocked. So setting a limit that automatically flags transactions over a certain amount is necessary to stop any potential fraud and chargebacks. If a fraudulent charge does go through, the business will have to bear the cost, it'll damage their standing with the schemes, and their cost of accepting payments will likely increase.

Look for patterns

A mixture of these red flags can quickly help detect online fraud transactions. Paying attention to who the user is, how much time they spend on a website, checking their ID and the device they’re using will rapidly surface patterns you’ll know to recognize. And importantly, know when to shut transactions down.

Compare user location and shipping destination

Most legitimate transactions will have the same billing, shipping and IP address location. Transactions that have a big distance between different addresses should be flagged and investigated.

However, some legitimate customers may use a virtual private network (VPN) to give them anonymity online. Fraudsters also use VPNs, but when building a profile of them, other elements can be pulled in to double-check the origin of the transaction.

Learn more: what is an IP fraud score?

Check the shipping destination

If a business is shipping products overseas, it must do due diligence on its customer base. If any red flags are found in particular markets, it's a good idea to request extra ID verification, such as direct contact with the company, and further checks to mitigate the risk of fraud.

Be aware of IP proxies

Proxies are a popular tactic for fraudsters to hide behind. The proxy acts as an intermediary, passing information from one computer to another, while masking the real IP address of where the information is coming from.

Proxy piercing is a method merchants can use to identify whether the potential fraudster uses an IP proxy.

How Checkout can help you with fraud detection in online transaction

Preventing online fraud before it happens is the best strategy for keeping a business safe. Part of this approach is choosing a payment provider that gives businesses the data needed to understand patterns of fraudulent behavior.

However, finds most organizations don't receive this data — or the desired support — from their payments provider. This puts them on the back foot when it comes to fighting fraud, potentially impacting the bottom line of the business and damaging its reputation. offers businesses an end-to-end platform that leverages data in order to give them a detailed view of every transaction. Businesses are also able to get advice from the inhouse teams to know how to take action. To stop fraudsters, a business should have a custom risk strategy that can be easily adapted when tactics change. 

The Fraud Detection Pro solution offers is tailored to fit the unique risk profile of your business. It's designed to adapt specifically to the demands of your industry and your payment strategy. Equipped with machine learning, adaptable risk rules, comprehensive reporting, and robust testing features, this solution provides all the necessary technological tools to effectively protect your transactions.

To find out more about how you can use data in fraud prevention to gain a competitive advantage, speak to our team.

Stay up-to-date

Get news in your inbox.

Back to top button
December 18, 2023 17:17
December 18, 2023 12:20