Did you know that fraud was 81% more likely in online card-not-present sales, according to a Javelin Strategy and Research Study? As online sales continue to grow, it’s important for business owners to look out for fraudulent purchases.

Catching suspicious activity as it happens and safeguarding your site to deter would-be online fraudsters can save you the stress of having to deal with fraud investigations. The research by Aite Group estimates that merchant losses to e-commerce fraud are projected to grow to $6.4 billion in 2021, so business owners should identify how to minimize this risk.

To help you prevent credit card fraud for your online transactions, start by incorporating these eight simple strategies into your ecommerce business.

Use PCI-compliant payment vendors, software, and hardware.

When it comes to choosing a payment processing company to work with, as well as your e-commerce platform and hardware solutions, you should work with reputable vendors that value security. The gold standard to look for or ask about is PCI-DSS (Payment Card Industry Data Security Standard) Compliance. This means that a company meets a set of requirements that ensures transactions are encrypted and secured from end-to-end. If you use a third-party payment processor, they will handle most of the compliance burden for you. For those businesses using a merchant account, your provider should offer assistance with the annual PCI DSS self-assessment that your business is required to do. Lastly, make sure that all of the hardware and devices used for payments have high-end encryption.

Require CVV security codes.

The problem with card-not-present transactions is that you don’t get to look at and verify a physical card. It’s important to be cautious when taking payments over the phone and for online transactions. Having your online shoppers type in the CVV code printed on their actual credit card, or relay it to you over the phone, is another layer of protection worth implementing. While you’re at it, make sure your forms also require full contact information including a phone number, in case you need to reach out to the buyer to verify the order.

Look for any red flags with email addresses and/or shipping addresses.

An address verification service (AVS) will cross-check the customer’s billing address with the credit card issuer’s address on file. This is an important tool for spotting fraudsters who gain access to credit card numbers. You might also consider preventing shipments to P.O. boxes since those aren’t physical addresses that can be investigated in the case of fraud.

Set purchase limits.

The last thing you want is for someone with a fraudulent card to head to your ecommerce site and charge up thousands of dollars or make multiple purchases in a row. By having a limit in place, you won’t necessarily stop the fraud, but you can minimize the potential damage (and maybe send the thief to look for an easier target). Bonus tip: Regardless of limits, stay alert for any unusually large purchases, or if you notice multiple transactions from a single card to all different shipping addresses.

Perform security maintenance on your website.

Always having the latest software and plug-ins running is important as they often include security updates. There should also be regular scans on the website to look for malware and frequent site backups. investing in these security measures is well worth protecting your inventory and your customer data.

Have stringent password requirements for your admins and customers.

Make sure that everyone who touches your site uses strong passwords, both on the back end (from your admins and hosts to database managers), as well as your customers on the front end. The strong password will make it harder for hackers to get into your site, or thieves to place orders using someone else’s customer information.

Restrict IP addresses from areas you do not ship to.

Filtering and/or blocking IP addresses can help flag orders from areas outside of your shipping zone, such as from foreign countries if you only ship domestically. You should also use software to detect if an IP address and shipping address don’t match up (such as if they are in completely different parts of the world), which can be a sign of fraud.

Consider a fraud detection service.

There are many options and levels of anti-fraud solutions that use various tools to detect and stamp out fraud. Depending on your business type and your budget, you might go with a simple DIY solution, or you could hire a firm to manage it for you. Do your research and get referrals from other businesses in your industry to find the appropriate solution for your business.

Though it is difficult to prevent fraud completely, there are many options available to help you safeguard your online sales. Connect with a Merchant Services Business Consultant to determine what protection is best for your business.



This content is for informational purposes only. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. If professional advice is needed, the services of a professional advisor should be sought.

Unless otherwise specified, all advertised offers and terms and conditions of accounts and services are subject to change at any time without notice. After an account is opened or service begins, it is subject to its features, conditions, and terms, which are subject to change at any time in accordance with applicable laws and agreements. Please contact an M&T representative for full details.


Share this page

If you are interested in sending this page to a friend or relative, please enter the following:

* Indicates required fields
+ Add another

No personal information (including e-mail addresses) about you or your friend will be collected from this e-mail notification feature offered by M&T Bank.

Please Note:

By clicking "ok" below, you will leave mtb.com and enter a Third-Party Website.

Tenga en cuenta que:

Al hacer clic en “Aceptar”, abandonará mtb.com e ingresará en el sitio web de un tercero.

Please note that:

  • The Third-Party Website is governed by a different set of terms and conditions and privacy policy than mtb.com and you should review those terms, conditions and privacy policy prior to reviewing the content of the Third-Party Website
  • M&T is providing a link to the Third-Party Website as a convenience and does not necessarily control the content of, or endorse, the Third-Party Website, it's owner/operator or any information, products or services that are made available on or through it
  • M&T makes no representations or warranties regarding the information, products or services provided through the Third-Party Website

Such Third-Party Website's owner/operator may be regulated by governmental entities and laws that are different than those that regulate M&T.

Tenga en cuenta que:

  • El sitio web de un tercero está regido por un conjunto de términos y condiciones y una política de privacidad diferentes que mtb.com, por lo tanto, deberá revisar esos términos y condiciones y la política de privacidad antes de evaluar el contenido del sitio web de un tercero
  • M&T le proporciona un enlace al sitio web de un tercero para su comodidad y no necesariamente tiene control sobre el contenido, o se adhiere, al sitio web del tercero, su propietario/operador o ni a ninguna parte de la información, producto o servicio que se ofrezca a través de él
  • M&T no ofrece declaraciones ni garantías respecto de la información, productos o servicios prestados a través del sitio web de un tercero

El propietario/operador de ese sitio web de un tercero podría estar regulado por entidades gubernamentales o leyes que son diferentes a aquellos por los que está regulado M&T.