How to Prevent and Manage Online Payment Fraud in 2023

The risk of payment fraud is inherent in any business. A great payment solution is a boon to business: it provides customers with a positive, trustworthy experience, and encourages them to shop with you again. A terrible payment solution can sink your ship: today, we’re talking about fraud. But, a comprehensive payment platform can mitigate those risks, protect your customers, and keep your business secure. Best of all, a comprehensive platform helps merchants manage fraud without a lot of hassle or complexity. 

To help merchants manage risk according to your business needs, we’ve added a set of fraud protection tools to WooPayments. These tools will help you set risk levels, avoid disputes, and protect your business. But first: what exactly is payment fraud?

What is payment fraud?

Payment fraud occurs in any transaction where the cardholder did not authorize the payment. Fraudulent payments are often made with stolen credit card information, which is a type of identity theft. Fraud often results in financial or property loss by the merchant, consumer, or both. 

Fraud can come about in a number of ways: stolen credit card information, stolen account information, phishing, triangulation. We see the results of it in payment disputes (also known as chargebacks), which are costly and can create problems for any business. Fraud tactics are varied and will continue to evolve as our defense mechanisms improve. In this article, we’ll cover different types of credit card payment fraud.

Payment fraud attempts are increasing

In The State of Online Fraud report from Stripe, researchers found that fraud volume has increased significantly since the onset of the Covid 19 pandemic: 64% of global business leaders said that it has become harder for their businesses to fight fraud, and 40% more businesses saw an increase in attempted card testing attacks compared to previous years.

Online payment losses are projected to exceed $343 billion globally between 2023 and 2027, according to Juniper Research. It’s not a matter of if your business will be targeted, but when. Facing inevitable adversity, the best option is to defend your business with strong fraud prevention techniques. 

What’s causing this increase in fraud? Ecommerce growth. 

Stripe found that in 2021, businesses using their platform processed 60% more in payment volume than in 2020. This growth offered more opportunities for fraud.

Common types of payment fraud

Card testing or carding attacks

When card testing, a bad actor attempts to make small purchases with stolen credit card information to see if the card number works, often many times with many different cards. This allows fraudsters to quickly check whether the stolen information they have can be used to make larger purchases. Card testing typically happens when card info is purchased by malicious actors following a data breach. 

Card testing purchases are often made from a foreign country with delivery and billing addresses that do not match the customer’s IP address location. 

Declining or refunding suspicious transactions can help prevent this type of payment fraud. Charges that are fraudulent will be disputed and reversed if they are not refunded.

Stolen credit cards

A stolen card payment fraud occurs when customers make a real purchase using stolen credit card information. In this case, the billing and delivery addresses may be completely different because the fraudulent purchaser wants the product delivered to them, not to the cardholder. 

This type of fraud can be difficult to detect because there are lots of reasons why a customer might require different addresses, like travel or living away from home. For suspicious cases, a purchase may need manual review for whether the purchase looks right for your business and typical customer type. 

What are the risks of payment fraud?

Loss of revenue and customer trust top the list for payment fraud risks, but the business impact of fraudulent activity also includes much harsher repercussions: Major fines from violating regulations or even being shut down.

Lost revenue from payment disputes

When a customer finds a fraudulent transaction on their account, they’ll go through their card issuer to dispute it. The fraudulent transaction then becomes the merchant’s responsibility to refund. If you don’t respond to the dispute, you’ll be issued the chargeback fee by default. Read more about managing payment disputes in this blog post. 

Abandoned carts due to fraud prevention

Stripe found that “the more fraud a business tries to prevent, the more likely they are to block legitimate charges as well — reducing their payment conversion rates.” Preventative measures can sometimes get in the way of customers making a purchase.

If there are too many verification steps, or if you take customers to a popup or external site to enter their credit card information, they may become frustrated and abandon their purchase. 

Merchant responsibilities in fraudulent transactions

Merchants are responsible for the transactions that occur on their websites and in their stores. This includes deciding when to accept or decline a suspicious transaction.

The charges that result from fraud will often be disputed and reversed, and will incur a fee as a result. You can prevent these fees by declining and refunding suspicious transactions. On the other hand, it’s important to respond to chargeback disputes for legitimate charges by providing evidence that no fraud occurred. 

Merchants can make these decisions quickly and reduce the burden of handling payment fraud, with tools like WooPayments: an all-in-one payment solution built to integrate seamlessly into your Woo store and help you execute on the five strategies below.

Five strategies for reducing payment fraud

Each of these five strategies are tools or services that can be built in house or purchased from a third party. In-house risk management may be the best option for large-scale businesses with the resources to support them, while purchased tools can simplify transaction management for small, busy teams. 

Integrate fraud prevention tools

Software that sets fraud thresholds will hold or prevent high-risk purchases that fit your set criteria. Fraud threshold tools will hold a payment that looks atypical or raises red flags based on data points like IP location or an unusual customer profile.  

An in-house solution can take a lot of time and resources to develop, but may be a good choice for companies with high customization needs or that handle sensitive information. A third-party solution is faster to deploy, but may come with a per-transaction fee.

WooPayments offers a set of built-in fraud filters that provide protection for your business. Explore the features of WooPayments Fraud Protection in its product documentation.

Identifying the scope and sensitivity of your fraud risk can help you decide which type of tool is best for your business.

Hire fraud and risk management teams

Designating a person or team for transaction review is a common practice for manual fraud prevention. Flagged transactions can be reviewed and approved or declined based on rules and guidelines set in place by your business, or by your payment provider. Manual approvals for higher-risk or higher-value transactions can help reduce your costs or losses due to fraud.

Purchases that look like fraud should be rejected or refunded. Disputes should always be responded to when there is evidence to provide, or accepted if they are fraud. Many disputes can be won when good evidence is provided, eliminating a fee and keeping the revenue. Examples of strong evidence include a tracking ID, screenshot of the delivery, customer service interactions, or proof of usage. Possible evidence varies based on the nature of your business, but providing any evidence of receipt or use is a good foundation for dispute protection.

Develop fraud prevention processes

Fraud prevention and response processes will look different for every business. It’s helpful to start with a risk assessment, which will help you or your team understand what your typical customer looks like, what types of fraud your business is at risk for, and how fraudsters might find ways around your current fraud prevention strategies.

Use the results of your risk assessment to update your fraud threshold criteria and fraud response processes. 

Adopt an all-in-one payment solution

An all-in-one solution, like WooPayments, provides payment processing and offers the key tools for managing fraud and chargebacks. All of this functionality is built into a single solution, which simplifies your transaction workflow and helps paint a clear picture of your payment risk.

For small and medium sized businesses, an all-in-one solution can be the best option for both your budget and your time. 

What to look for in an all-in-one payment solution

Machine learning

Machine learning models are trained for decision-making by being fed massive amounts of relevant existing input and output data. With given inputs, a model determines the probability of each given output. It then uses this probability to make decisions in its fraud assessment of each transaction.

Solutions built on a broad payment processing network, like WooPayments, can prevent bad actors who have previously committed fraud. 

Risk filters and customizable rules

Custom risk filters allow businesses to set risk tolerance thresholds that will flag suspicious transactions when they meet certain criteria. These thresholds can be tuned to meet your business needs. Filters can be set for a variety of factors, such as:

  • Authorized IP addresses from specific servers or regions
  • Blocked IP addresses known for fraudulent activity
  • Rapid, repeated transactions from the same IP address
  • Shipping address verification
  • Transaction amount or volume

Customizable rules give flexibility to different business types. Where a clothing merchant might flag excessively large purchases, a construction wholesaler might focus on shipping and billing information. 


Strong risk management practices are an important part of every business’s payments strategy. WooPayments now has customizable rules that can help you manage risk and prevent payment fraud right from your WooCommerce dashboard, making it an all-in-one solution built specifically for your Woo store. Get started with WooPayments today. 

Get WooCommerce Payments