Stop ecommerce fraud in its tracks with these security tips

12 minute read

As shoppers turn to ecommerce in record numbers, instances of fraud are on the rise. As a result, retailers have been faced with the task of balancing the increasing speed and volume of transactions with the rising number of fraud and security threats to their businesses.

Armed with the latest knowledge and technology, however, ecommerce retailers are pushing back. They’re using a multi-layered approach to security at every step to protect both themselves and their customers.

Looking to bolster your ecommerce security? The following solutions and tips can help protect your business and your customers throughout their online shopping experience:

How ecommerce fraud can impact your business

Watch out for signs of ecommerce fraud and take action to prevent it

Invest in secure checkout and payment processes

Prioritize delivery security

Handle returns strategically

Respond to fraud when it occurs

How ecommerce fraud can impact your business

As a retailer, having a strategy to prevent ecommerce fraud is easier once you understand the potential scope of its damage to your business.

Ecommerce fraud costs you money – serious money

Canadian ecommerce retailers of all sizes are seeing an increase in average monthly fraud attacks. A recent study from the American firm LexisNexis Risk Solutions showed that every US$1 (approximately CAN$1.26) of fraud costs mid to large Canadian ecommerce merchants up to US$3.02 (approximately CAN$3.83).1

Ecommerce fraud can be sophisticated and requires equally sophisticated solutions to fight

As the sophistication of ecommerce has grown, so has the sophistication of those trying to take advantage of its vulnerabilities. Increased online traffic has inadvertently provided fraudsters with ample opportunity. They can try and fly under the radar with fraudulent credit card details, address details or product purchases.

Never stop trying to improve your systems at every step of the customer journey. Sophisticated issues require sophisticated solutions. It’s always the right time to make improvements where and when you can.

Ecommerce fraud security can be a sales opportunity

Delivering peace of mind to your customers means building trust. Don’t view ecommerce fraud exclusively as a problem for your business to solve. Reframe the narrative by highlighting the strategies and solutions your business is taking to create a secure ecommerce environment for customers. Shoppers who feel secure are more likely to make repeat purchases from your business.

Watch out for signs of ecommerce fraud and take action to prevent it

You know your business and customers well, so if something doesn’t seem right don’t ignore it. Investigate any red flags associated with fraud.

Keep your business safe and prepare your team with these security and fraud insights and tips.

Download infographic

Wage a battle against the ‘bots’

Ever get asked to decipher a squiggly string of numbers and letters before making a purchase? Or click on all the buses in an arrangement of photos? Maybe you were simply forced to prove ‘I am not a robot’ by checking a box? These are just a handful of the most visible means of discouraging online bots.
A CAPTCHA grid of 9 images that says “Select all images with a bus. Click verify one there are none left.”

A CAPTCHA grid of 9 images prompts the user to select all that contain a bus.

Distinguishing customers from malicious bots in real time has become a challenge for online merchants seeking to provide security without creating unnecessary friction for legitimate customers. As synthetic identities and botnets pose an increasing challenge, particularly for newer mobile commerce, tap into as much real-time data as possible to combat it.

Stop gift cards from being a gift to fraudsters

Gift cards are convenient, nearly anonymous and abundant – making them the perfect vehicle for fraudsters. If you offer gift cards, adopt best practices at every step – from purchase to redemption. You can implement ways of individually tracking cards, tying cards to existing customer profiles or accounts, eliminating cash refunds on card purchases or closely monitoring use during peak shopping periods. Consider implementing a maximum purchase threshold for cards – such as no more than a certain dollar amount purchased per card and/or transaction to deter bulk gift card purchases.

If you flag a certain card or customer name buying a high volume of gift cards from your online store, flag the purchase and follow up with the contact.

Pay attention to high-value orders

If an item has a high resale value, is in high demand, and/or is purchased in bulk, consider manually reviewing the order before shipping it out. These types of items are attractive to fraudsters hoping to resell for their own profit.

Be mindful of purchases from the same IP address with different info

Customers shop in many ways, and multiple purchases made within a short period of time by the same user doesn’t always indicate fraud. Look for hints within the purchases that might signal something fishy. For example, while fraudsters might have multiple email addresses at hand to place orders with, they may not bother to change their IP address. Don’t be afraid to contact the customer and ask questions if something isn’t adding up. A legitimate customer will likely appreciate the added security.

Mark your calendar for key dates/high selling periods

Increases in customer traffic means greater chances of fraud, so pay attention to the calendar as your busy season is also prime time for fraudsters.

In 2020, the holiday season saw a 435.2 per cent increase in suspected online retail fraud when compared to the same period in 2019.2 The days with the highest percentage of suspected fraudulent transactions during that period were:

Fraud increased 2.84% (U.S. Thanksgiving), 2.14% (Black Friday), 1.67% (Nov. 28), 6.04% (Nov 29) and 35.03% (Cyber Monday).

Suspected fraud increased in 2020 by 2.84% on U.S. Thanksgiving, 2.14% on Black Friday, 1.67% on November 28, 6.04% on November 29 and 35.03% on Cyber Monday when compared to 2019.3

Confirm customer ID

When a shipment requires visual verification of identity, your delivery partner is required to complete a visual verification of the recipient. With Canada Post, for example, all carded items require photo ID verification at pickup from any post office location. This helps minimize fraudulent purchases as shoppers are required to have an ID matching the name and address on the package.

Be mindful of mobile commerce channels

Not all channels are created equal when it comes to fraud. Be mindful of the different ways fraudsters can exploit your selling channels.

For instance, mobile commerce is still an emerging area for Canadian traditional and ecommerce retailers – especially when compared to its use in the United States. Accelerated in popularity by COVID-19 lockdowns, however, mobile commerce looks to be a dominant force going forward in Canada.

Trends in the United States indicate that this popularity comes with a price. Mobile browsers and apps are starting to represent a sizeable portion of retail fraud losses for mid to large U.S. retailers, even prior to the pandemic shutdowns. This is mainly an area where fraudsters use multiple device linkages to slip past traditional verification checks.

Monitor international sales

International orders should draw special attention in your processes. A sizeable portion of mid to large Canadian retailers’ fraud losses are related to international transactions, especially among those conducting international transactions with mobile commerce.4

Leverage the same security checks being used for domestic purchases and keep an eye on your website traffic. If you see a large number of purchases from an international location, but only one or two website views from that area in the same time frame – it may be a sign of fraudulent activity.


When running a business, you should always err on the side of caution to prevent fraud. When in doubt, press pause and conduct a manual review. Speed should never displace security.

Invest in secure checkout and payment processes

Striking the right balance between a good customer experience and a secure customer experience is not an impossible task for retailers who observe a few considerations.

Use Card Verification Codes (CVV) at checkout

Credit card fraud is the primary type of payment fraud among Canadian ecommerce merchants, particularly larger ones, far outpacing other payment methods like debit or third party (e.g., PayPal, e-wallet, etc.).5

Conducting card security code checks will help you prevent fraudulent transactions. Asking for the three-or-four-digit number on the back of a customer’s credit card (known as the CVV) at checkout confirms that the owner of the card is the one making the purchase and that the more visible front-of-card details haven’t been fraudulently obtained.

Use Address Verification (AVS) checks at checkout

An unauthorized user might not know what billing address information is associated with the credit card they are trying to use at checkout. Making an AVS check mandatory will allow you to compare the billing address and postal code used in the transaction with the information on file with the credit card issuer. This is a widely used fraud prevention tactic that e-merchants rely on to verify the validity of their orders.

Use address autocomplete to avoid human data entry errors

Not all address errors are fraud, but they may require you to waste time treating them as such until you can confirm.

Your customers are human, so they may make errors and typos when inputting their address details manually. They may also fail to fully complete their address information – like forgetting to include their suite number or reversing digits. Catching errors like this may require manual review of your orders. If errors and omissions like these go unnoticed, you may ship deliveries to the wrong destinations rather than into your shopper’s hands.
An address confirmation screen from Dynamite Clothing.

Dynamite uses a tool to verifies their customer’s address at checkout.

To avoid mishandled deliveries and flagging orders by mistake, Canada Post’s AddressComplete autocompletes and validates addresses at checkout. It also provides additional insights into your customers’ addresses – including whether an address is a multi-unit location, a business or a residential address – which can help you make optimal shipping decisions and keep deliveries on track.

Highlight your online security measures to your customers

Among Canadians, 9-in-10 agree security is very important when shopping online, however only half always take security measures such as checking website legitimacy or using e-wallets instead of card numbers.6

Be sure to highlight that your ecommerce website is secure and trustworthy. Share information about the security systems that you have put in place to protect consumer information on your website – especially on checkout pages. Building trust is an excellent way to boost conversions for your business – especially with first-time shoppers who may have found you through search or paid media.
Davids Tea checkout page is secured by SECTIGO.

Davids Tea’s checkout is secured by SECTIGO.

There are many different types of technology tools and applications available to help e-merchants protect themselves from risky transactions and fraud. These can be used in the context of an ecommerce platform or a marketplace and/or a storefront. They can help you automatically detect and cancel high-risk orders, authenticate customers, create custom filters and block and redirect visitors based on geolocation.

Make sure to do your research to determine which solutions and practices will work best for your business.

Contact your customers if needed

Due to lifestyle changes triggered by COVID-19, your customers may continue purchasing high-ticket items they may not have purchased online in the past or with an increased frequency. This can result in false red flags for your business because your system has detected what it sees as unusual purchase behaviour.

If a long-time customer dramatically changes their order patterns, don’t be afraid to contact them by phone or email. In most cases of fraud, the contact information submitted will be suspicious or inaccurate. If you reach someone using the contact information provided in the questionable transaction, have them confirm their identity and the details of their order before processing it.

Keep up with fraud trends

Do what you can to stay up to date on the latest techniques being used to facilitate fraud and adapt your security measures accordingly. Read trade publications, attend events, even download thought leadership publications like the Get Cyber Safe Guide for Small and Medium Business from the Government of Canada for some baseline tips and tricks.

Prioritize delivery security

Just under three-quarters of Canadians will shop more with retailers that use a delivery company that ensures their parcels are secure. It is worth your time and energy to deliver on those expectations.

Work with partners who ensure safe parcel delivery

Security should be a top priority for your delivery partners. Their security measures should extend from their retail outlets and distribution to the frontline delivery agents who end up at your customers’ doors. Are their teams able to help you keep your customers safe from fraud and theft? Make sure they can work closely and transparently with you if problems arise.

Intercept fraudulent purchases at any stage

Even with robust security measures in place, there is still a chance you may not detect a fraudulent order until after it’s left your store or distribution centre. Work closely with your delivery partner once the problem is identified.

For example, Canada Post has addressed this problem with its Package Redirection tool. The tool enables retailers to redirect potentially fraudulent parcels while the item is in the Canada Post network – before it gets into the wrong hands. This tool is a great one to add to your arsenal, as it will help you avoid chargeback fees.

Fight parcel theft with the right delivery partner

Security vulnerabilities like ‘porch piracy’ threaten repeat sales. A quarter of Canadians say they have been a victim of porch pirates and nearly 36 per cent of Americans report having been victims of parcel theft.7

Your delivery partner will be your biggest ally, should parcel theft occur. The right partner will have a customer service department and/or dedicated security team ready to help. Contact them immediately.

Offer alternative pickup options

Put your customers’ minds at ease by offering a variety of options for how they receive their purchases – from curbside and in-store pickup to other specialized options offered by your delivery partner. Be sure to partner with a carrier that enables your business to deliver securely and empowers your customers with customized delivery options, accurate timelines and delivery updates.

Each delivery company has unique offerings that may enable your business to ship securely. For example, FlexDelivery from Canada Post allows your customers to send parcels directly to the post office of their choice. For Canadians living in apartments and condos, parcel lockers provide the convenience that completes the perfect shopping experience. For merchants, parcel lockers help build customer loyalty and deliver repeat business. This option is increasing among residents in other areas, as well.

Combat fraud with the latest technology

Delivery partners should be able to offer you comprehensive tracking capabilities (with access via their website or mobile app) to make package tracking seamless and simple. Many of these tools can offer you and your customer additional control and visibility of enroute packages. This allows shoppers to choose the receiving experience that works best for them. For you, the additional control helps to minimize fraud and keep your products safe from theft.

Handle returns strategically

Returns create a bit of vulnerability when it comes to fraud. They arise at a point in the customer journey where balancing a smooth customer experience can clash with protection measures in place for your business. How you handle them matters.

Create clear return policies – and stick to them

Protecting yourself from returns fraud might mean being a bit less forgiving – which might not be popular with all customers. Set expectations for your customers by creating a return policy made up of clear language and timelines. Make sure it’s easily discoverable on your website prior to purchase. Include information that outlines the conditions for a return, including exchanges versus refunds and no-return items.

Eliminate instant refunds

If your business allows returns by mail, ask customers to complete and include a return slip that notes the reason for their return (such as wrong sizing, wrong colour, damage upon arrival, etc.). Include this as part of their shipment as a packing slip and/or order invoice that notes the exact product and its details. This can make it easier to ensure that what’s being sent back to them is what was ordered and clarifies what was sent to them to begin with.

Many fraudulent returns can be avoided by eliminating instant refunds. Issue refunds only when the item/package arrives and is processed and verified by your team to ensure that items are in good condition and match the return slip.

Eliminate returns as much as possible

Sounds simple, but the easiest return is the item not returned in the first place. Keep returns to a minimum by helping customers choose the right item. Provide detailed product information prior to purchase on your site, such as multiple size charts, FAQs and useful visualizations. Such additions improve shopper confidence in buying.

Respond to fraud when it occurs

Despite your best efforts, you may still find yourself navigating instances of fraud. No need to panic. There are numerous resources to help in the moment and learnings to build on for the future.

Contact your shipping partner

When security concerns happen, your deliver partner should be poised to help. Contact them immediately if you suspect fraud.

At Canada Post, our Security and Investigation Services team includes more than 80 professionals, many with top-secret clearance mandated through the Canada Post act, to securely manage all mail and parcels throughout our network. We also have postal inspectors that are recognized as an investigative body which allows them to investigate Criminal Code of Canada offences related to mail and assets.

Share the news

When it comes to fraud, we are all in this fight together. Don’t keep the news to yourself. Report fraud immediately to the Canadian Anti-fraud Centre where a constantly updated list of scams affecting businesses is maintained. Also, stay in touch with your competitors and technology partners – they are your strongest allies when it comes to navigating this rapidly changing environment.

Create a fraud prevention plan and train your team

If you are a victim of fraud and don’t have a security plan in place, now is the time to create and implement one. Your team should be involved in the process of ensuring security for your business and customers every day. Explain your fraud prevention plan, its benefits and how it complements your overall business strategy. Your team should be trained to identify real customers and detect fraud.

1 LexisNexis Risk Solutions. 2020 True Cost of Fraud™ Study: E-commerce/Retail Edition, 2020.
2-3 Canadian Security. E-commerce fraud in Canada spikes 435% from Black Friday to Cyber Monday, Dec. 9, 2020.
4-5 LexisNexis Risk Solutions. 2020 True Cost of Fraud™ Study: E-commerce/Retail Edition, 2020.
6 Retail Insider. Canadians Concerned About Fraud when Shopping Online: Survey, Aug. 21, 2020.
7 Canada Post, 2020 Fall Survey, 20-214, October 2020

Think like an ecommerce leader

Book a consultation to learn how your business can leverage our ecommerce expertise.

Talk to an expert