Contact our Team


Confirm your details, and one of our friendly local team will get in contact to discuss your requirements.

Detecting and Preventing Online Fraud


10 March 2021

7 minute read

Online payment fraud continues to remain a major problem for businesses of all sizes. Not only does it affect your profitability, but your customers and reputation can be impacted, too. As an online retailer, the sooner you detect payment fraud, the quicker you can mitigate the problems that can arise. To help, we've broken down the best ways you can detect online fraud, and what you should do to protect your business in the future.

Bambora au blog medium image detecting online fraud Bambora au blog medium image detecting online fraud Placehoder

Australian eCommerce businesses have a lot to be happy about right now. During 2020, spending on cards grew by 9.3% to reach more than $819 billion, and online payment fraud actually fell by more than 19% to $464 million.

Even still, online payment fraud is a big problem for businesses of all sizes. Fraud can impact your relationships with customers, damage your online reputation, and impact profitability.

So, as an online retailer, you must be aware of the potential risk of fraud, and be aware of the steps to take to protect your business. Here we outline warning signs to look for, and ways to protect your business now and in the future.


Online payment fraud is any type of false or illegal payment transaction. A cybercriminal steals monetary funds, personal property or sensitive information via the internet.

Online payments are a primary target for fraud since you don't need the physical card to make a purchase. Here are some of the most common types of online payment fraud.

Card-not-present (CNP) fraud

CNP fraud accounts for 87% of all credit card fraud in Australia and occurs when a 'customer' doesn't physically present a card for payment and makes a fraudulent transaction, using stolen card details. Card-not-present fraud occurs via online or telephone transactions. This type of fraud is common as it can be hard for businesses to identity and combat it.

Identity theft

Identity theft happens when a criminal steals someone's personal information and uses it illegally. In terms of making fraudulent transactions using such information, cybercriminals can often bypass many security measures because they have access to more than just card digits. This makes payment information appear more valid, and thus a payment is more likely to be accepted.


Phishing is a means by which fraudsters attempt to elicit personal information, including credit card details, bank account numbers or passwords, from individuals by misrepresenting a real organisation via emails. If users are tricked into supplying such information, it's then stolen and used to carry out illegal transactions, either by the attacker, or by third-parties that purchase the details.


The sooner you can detect payment fraud, the sooner you can mitigate the financial fallout. Here are seven ways you can spot online fraud.

Different billing and shipping addresses

One of the biggest red flags to watch for is when billing and shipping addresses differ. While there are legitimate reasons for these addresses to be different, cybercriminals will likely be shipping to an address not previously used by a customer, and this should raise a flag, particularly if an address is in another state or country even.

Address verification service (AVS)

AVS is one of the most effective ways to detect and verify online payment fraud, and is provided my major credit card processors to provide authentication within the payment process. When a customer makes a purchase, they have to verify their billing address. AVS will automatically check to see if the address entered matches that of the cardholder's information linked to the credit card being used.

The scheme or issuing bank responds using AVS to confirm if the address matches their records. If the address doesn't match, the decision to allow, deny or investigate further sits with the merchant accepting the transaction.

Card verification Value (CVV)

A CVV is the three or four-digits on the rear of credit card. Having a CVV filter can serve as an added layer of protection against payment fraud.

If an order is placed on your website and the CVV doesn't match, your payment gateway will automatically deny the card. Using a CVV filter and verification process will not only protect you from CNP fraud, but will also help to reduce your total chargebacks.

Device Identification

With device identification, you can analyse the device used to visit your website. The software profiles the operating system, internet connection and browser used to asses the risk of fraud. By identifying the device used, the process can determine if prior transactions have been made on the same device and how often the device has been used to make transactions.

Know the high-risk countries

Shipping goods overseas is often more risky and you should pay special attention and use caution when doing so. There are countries that are marked as high-risk, and below are some of those countries with the highest risk of online payment fraud.

  • Romania
  • Mexico
  • South Africa
  • Venezuela
  • Indonesia

Flag large transactions

When a cybercriminal steals credit card information, they may attempt a large dollar-value transaction as there's often only a small window of time before the card is flagged as stolen. If you receive an order, typically larger that what your business receives, you should consider the potential that it's a fraudulent transaction. Before shipping any merchandise, you should always attempt to ensure the transaction is legitimate.

Flagging abnormally large transactions will not only protect your business from fraud, but also save you the possibility of having your merchant account suspended should it continue to occur.

Velocity checks

Velocity checks are the functionality to either decline or approve a transaction based on real-time rules applied on a transactional level - designed to detect and block suspicious activities before or as they happen.

In order to defend against a 'velocity attack', where an individual repeatedly submits a credit or debit card to make unauthorised transactions, a velocity check monitors recurring patterns and relationships between transactions within a specified timeframe. Unlike monitoring for single, large value transactions, velocity checks assist in monitoring recurring attempts, of usually small dollar-value payments, that aim to test the validity of cards.

Various types of data can inform such checks, and the below are potential checks that could be included and monitored:

  • How many transactions has a customer performed in the last 24-hours?
  • How much has a customer spent in the last 24-hours?
  • How many transactions have been made from a single device in the last 24-hours?
  • How many orders have been placed with the same credit card number in the last 24-hours?
  • How many transactions have originated from one IP address in the 24-hours?


Protecting your business from fraud is an ongoing process because cybercriminals are always finding new loopholes and ways to game the system. If you've been the victim of a cyber breach, here are some steps you can take to protect your business in the future.

Develop a response plan

Many businesses are caught off-guard by such breaches because they were unprepared. Develop a comprehensive plan for how your business will respond if it were to happen again.

Update software regularly

Updating your software and operating systems regularly, and ensuring you're employing relevant protective tools for your business are the best first defence. There are many cost-effective ways to strengthen your network and assist in preventing breaches. Understanding the scalability of tools is important, too, as your business continue to grow.

Educate your employees

Studies have shown that employees can be the weakest link when it comes to cybersecurity. Infiltrating networks that could provide access to your customers' personal information is very tempting to fraudsters, so employees need to be conscious of their password choices, aware of phishing attempts, and any other access that may expose the company to harmful virus or security breaches. Regular training is vital to upholding online security for a business.


Using a secure online payment processor is the best way to keep your customers safe and protect your business from fraud. A payment processor like Bambora allows you to leverage our PCI-compliance, and provides tools for fighting online fraud - a valuable way to keep your business safe. Get in touch if fighting payment fraud is one of your top priorities.