The Complete Merchant Fraud Detection Handbook

Help your EU business cut losses while maintaining high approval rates

eCommerce fraud is getting more expensive every year. Global fraud losses jumped from $17.5 billion in 2020 to $44.3 billion in 2024 and are set to hit $107 billion by 2029. The European Central Bank also calls it the bloc’s most urgent risk and the numbers back that up.

European merchants lose 3.1% of total ecommerce revenue to fraud in 2025—the second-highest rate globally.

What is Merchant Fraud?

Merchant fraud is any deceptive activity targeting businesses that accept payments, particularly online retailers. It involves various schemes aimed at exploiting vulnerabilities in payment systems, authentication processes or fulfilment operations to steal goods, services or money.

Unlike consumer-focused scams, merchant fraud directly impacts your bottom line through lost inventory, chargeback fees and damaged reputation.

The most damaging aspect of merchant fraud is its multi-layered impact. Beyond immediate financial losses, it creates operational burdens through dispute management, increases processing costs as risk scores rise and erodes customer trust when legitimate transactions get incorrectly declined.

For many businesses, these secondary effects often exceed the direct losses from fraudulent transactions.

Key Businesses Affected By Merchant Fraud

While merchant fraud can strike any business that processes payments, certain sectors face disproportionate targeting due to their transaction volumes, product types or operational models:

• High-value digital goods retailers: Instant delivery combined with high resale value makes digital products prime targets for fraudsters seeking quick profits without shipping delays.
• Subscription services: Recurring billing models attract testing of stolen cards and account takeovers, creating ongoing revenue leakage until detected.
• Cross-border merchants: Operating across multiple jurisdictions creates verification challenges that fraudsters exploit through mismatched billing and shipping information.
• Luxury goods sellers: Premium products with strong resale value attract sophisticated fraud schemes willing to invest more effort per transaction.
• Travel and hospitality providers: Complex booking systems with future-dated services create opportunities for fraud that may go undetected until service delivery attempts.
• Marketplaces and platforms: Multi-party transaction flows create additional verification challenges and responsibility gaps that fraudsters target.

Five Types of Merchant Fraud And How They Work

Understanding your enemy is the first step in building effective defences. Each fraud type operates through distinct methods, targets specific vulnerabilities and creates unique damage

1. Card Testing Fraud

Card testing fraud occurs when criminals use a payment system to verify stolen card details. Fraudsters obtain batches of compromised card numbers, then run small test purchases—typically under £5—to identify which cards remain active before making larger fraudulent purchases elsewhere.

These micro-transactions often fly under detection thresholds, making them difficult to spot without specialised monitoring.

Online businesses with minimal purchase barriers face the highest risk, particularly those offering digital goods with instant delivery. The damage extends beyond the test transactions themselves.

Your business can experience increased decline rates as card issuers flag suspicious activity patterns, potentially blocking legitimate customer transactions. Additionally, you can face increased chargeback rates and potential merchant account penalties even though your business was merely the testing ground, not the final target.

2. Account Takeover Fraud

Account takeover fraud occurs when criminals gain unauthorised access to customer accounts through credential stuffing, phishing or malware. Once inside, they change account details, make unauthorised purchases or drain stored value before the legitimate owner notices.

This fraud variant has surged as more businesses store payment credentials for convenience.

Subscription services, ecommerce platforms with saved payment methods and loyalty programmes face the highest risk. The fraud typically begins with credential harvesting through data breaches or phishing campaigns, then scales through automated login attempts across multiple sites.

Businesses often fail to detect these attacks until customers report unauthorised charges. Beyond immediate financial losses, the reputational damage can be severe—customers blame your security practices for allowing access to their accounts, leading to permanent customer loss and negative reviews.

3. Friendly Fraud

Friendly fraud occurs when legitimate customers dispute valid charges with their bank rather than requesting refunds directly from merchants.

Whether intentional or due to confusion (forgotten purchases, unrecognised billing descriptors, family member purchases), these customers claim they didn’t authorise the transaction or didn’t receive the goods or services.

Banks typically favour cardholders in disputes, forcing merchants to provide extensive evidence to overturn chargebacks.

The most insidious aspect is that friendly fraudsters often continue making purchases while disputing previous transactions, creating an ongoing revenue drain that’s difficult to detect through standard fraud screening that focuses on new transactions.

4. Refund Fraud

Refund fraud exploits merchant return policies through deceptive practices to obtain money or merchandise. Common tactics include returning stolen merchandise for cash, claiming non-delivery of received items (also called “DNA fraud”) or returning counterfeit products or empty boxes while keeping the original items.

More sophisticated schemes involve purchasing items with stolen payment credentials, then requesting refunds to different payment methods.

Omnichannel retailers and high-value product merchants face the greatest exposure to refund fraud. The challenge in detection stems from the legitimate appearance of most refund requests and the customer service pressure to process returns quickly.

Many merchants lack systems that connect return transaction data with original purchase information, creating blind spots that fraudsters exploit. The costs extend beyond the fraudulent refunds themselves to include shipping, restocking and investigation expenses.

5. Triangulation Fraud

Triangulation fraud involves three parties: the fraudster, an unsuspecting customer and a legitimate business.

Criminals create fake storefronts offering heavily discounted products. When genuine customers make purchases on these sites, the fraudsters use stolen payment credentials to buy the actual products from legitimate retailers and ship them to the customers.

The unsuspecting buyers receive their products while the fraudsters pocket the payments, leaving merchants with chargebacks when the real cardholders discover the unauthorised transaction.

Detection proves difficult because shipping addresses match order details and the fraudsters carefully select cards from the same regions as their customers to avoid triggering geographical fraud alerts.