How to Manage Online Payment Fraud
Fraud types, detection tools and strategies to protect your business without blocking legitimate sales
Online payment fraud costs merchants over $40 billion annually worldwide. But the real cost goes beyond the defrauded amount: it includes chargeback fees, the operational cost of disputes, card network penalties and reputational damage.
The fraud paradox is that fighting it too aggressively also has a cost. False positives — legitimate transactions that are declined — can represent 5 to 10 times more lost revenue than actual fraud. This guide explains how to find the right balance.
Types of online payment fraud
Online fraud takes many forms, each with different attack vectors and prevention strategies. Understanding the most common types is the first step towards designing an effective defence.
- Stolen card fraud: use of card data obtained through phishing, data breaches or skimming. The most frequent type
- Card testing: bots test lists of stolen cards with small transactions to verify which ones are valid before using them for larger purchases
- Friendly fraud: the legitimate cardholder makes the purchase but disputes the charge claiming not to recognise it. Accounts for up to 40% of chargebacks
- Account takeover: the attacker gains access to a legitimate user’s account and makes purchases with their stored payment data
- Synthetic identity fraud: combines real and fictitious data to create fake identities that pass basic verification
- Triangulation fraud: the fraudster acts as an intermediary, selling products at low prices and purchasing them with stolen cards for delivery to the buyer
Fraud prevention tools
Modern payment gateways include built-in anti-fraud tools. Stripe Radar, Adyen RevenueProtect and PayPal Seller Protection offer automatic detection layers powered by machine learning that analyse dozens of variables per transaction.
Beyond gateway tools, specialised solutions like Signifyd, Riskified, Sift and Forter offer real-time risk decisions with chargeback guarantees: if they approve a transaction that turns out to be fraud, they absorb the cost.
- Stripe Radar: included by default, analyses thousands of signals with ML. Advanced version allows custom rules
- Adyen RevenueProtect: integrated risk management with configurable rules, lists and risk models
- Signifyd / Riskified: risk decisions with chargeback guarantee. Pay-per-approved-transaction model
- Sift: fraud prevention + trust and safety. Strong in account takeover and content abuse
Machine learning in fraud detection
Machine learning has transformed fraud detection by enabling the analysis of complex patterns that manual rules cannot capture. Models are trained on millions of transactions (both legitimate and fraudulent) to learn to distinguish normal behaviour from anomalies.
Stripe Radar, for example, analyses over 1,000 signals per transaction: device data, IP, card history, velocity patterns, address matches and hundreds of other variables. The model is continuously updated with new data from the network effect across the entire platform.
- ML models detect patterns that static rules cannot capture
- The network effect (data from the entire gateway network) improves accuracy
- Models are continuously updated to adapt to new fraud tactics
- Custom rules should complement ML to address patterns specific to your business
Custom rules and lists
Machine learning is powerful but not sufficient on its own. Custom rules allow you to tailor prevention to your specific business context: blocking countries where you do not sell, limiting attempts per IP, declining orders above an unusual amount or requiring additional verification for first-time purchases.
Lists (allowlists and blocklists) complement rules: you can mark trusted customers so their transactions are automatically approved, or block emails, IPs or card BINs associated with previous fraud. List management should be dynamic and reviewed periodically.
Chargeback management
A chargeback occurs when the cardholder disputes a charge with their bank. The merchant has a limited window (typically 30 days) to respond with evidence proving the transaction was legitimate.
The chargeback rate is a critical metric: if it exceeds 1% of total volume, card networks (Visa, Mastercard) can impose penalties, increase fees or, in extreme cases, revoke the ability to accept card payments. Managing chargebacks proactively is essential.
- Respond to every chargeback with evidence: shipping confirmation, buyer IP, transaction logs, prior communications
- Implement clear billing descriptors to reduce “I don’t recognise this charge” disputes
- Use chargeback alerts (Verifi, Ethoca) to resolve disputes before they become formal chargebacks
- Monitor chargeback rate by segment, country and product to identify patterns
Balancing prevention and conversion
The most effective fraud prevention minimises real fraud without blocking legitimate sales. An overly aggressive system declines good transactions (false positives), leading to lost revenue and customer frustration.
The optimal strategy uses a layered approach: ML-based risk scoring as the first line, custom rules to adjust for business context, 3DS2 as additional authentication for medium-risk transactions, and manual review only for high-value edge cases. Continuously monitor approval, decline and fraud rates to calibrate the system.
- Measure and compare: fraud rate, false positive rate and approval rate
- Apply 3DS2 selectively: only for medium-to-high risk transactions
- Implement manual review for high-value transactions the model cannot resolve
- Recalibrate periodically: fraud tactics constantly evolve
Key Takeaways
- Real fraud is costly, but false positives can generate 5 to 10 times more lost revenue
- Gateway ML tools (Stripe Radar, Adyen RevenueProtect) cover the majority of cases
- Custom rules complement ML to address patterns specific to your business
- Keeping the chargeback rate below 1% is critical to avoid card network penalties
- Optimal prevention uses a layered approach: ML + rules + selective 3DS2 + manual review
Need a fraud prevention strategy for your platform?
We help you set up fraud prevention, fine-tune rules and minimise false positives so you sell more and lose less.