E-commerce and Card Fraud

The Phantom Buyers

Priya Sharma had been a fraud analyst at Luxe Electronics for three years, and she thought she'd seen everything. Then the pattern appeared.

It started with a single chargeback. A $1,200 laptop purchased on Monday, delivered on Wednesday, disputed on Friday. Standard card-not-present fraud. She flagged it and moved on. But the next week brought seven more. Then fourteen. All high-value electronics. All delivered successfully. All disputed as unauthorized.

What caught Priya's attention wasn't the volume. It was the pattern.

The chargebacks came from cardholders in cities like Boston, Phoenix, and Seattle. But the orders shipped to completely different addresses: Atlanta, Tampa, Portland. And here's what made no sense: the shipping addresses checked out. Real people lived there. Real people who had ordered, received their items, and left positive reviews.

Priya pulled the delivery confirmation photos. Smiling customers holding their new laptops. Happy buyers who had no idea they were standing in the middle of a crime.

She dug deeper into the orders. The Boston cardholder never ordered a laptop to be shipped to Atlanta. The Phoenix cardholder had never heard of Luxe Electronics. Their card numbers were stolen, used to fulfill orders placed through a fake storefront called "TechDealsUSA.com" that advertised prices 40% below market rate.

It was triangulation fraud. A scheme where everyone thinks they got what they wanted, except the real cardholders. Across three weeks, Priya had tracked $47,000 in fraudulent purchases, all paid for with stolen credit cards.

This story is fictional, but the patterns are real.

---

Why This Matters

In Payment Systems 101, you learned how card transactions flow through multiple parties and why the authorization-settlement gap creates opportunities for fraud. In Wire & ACH Fraud, you saw how criminals exploit irreversible payment rails for high-value theft.

E-commerce fraud operates differently. Card transactions offer something wire transfers don't: the possibility of reversal through chargebacks. This creates a double-edged sword. Chargebacks protect consumers from fraud, but criminals and dishonest customers alike exploit this protection for profit.

The scale is staggering. Global e-commerce fraud losses reached $48 billion in 2023, with cumulative losses projected to exceed $343 billion between 2023 and 2027.^[1] North America accounts for 42% of all e-commerce fraud by value.^[1]

What makes e-commerce fraud unique is its variety. Criminals can attack merchants directly using stolen card data. Customers themselves can become fraudsters through false chargeback claims. Third parties can insert themselves as invisible middlemen. And the same transaction data that makes online shopping convenient also makes identity theft easier than ever.

---

How Card-Not-Present Fraud Works

The CNP Advantage for Criminals

Card-present fraud requires physical access to a card. A criminal needs a skimmer, a cloned card, or the actual stolen wallet. Card-not-present (CNP) fraud requires only data: the card number, expiration date, CVV, and maybe a billing address. This data can be bought in bulk on criminal marketplaces for as little as $10-40 per card (as covered in Criminal Infrastructure).

CNP fraud dominates online commerce. The shift to online shopping during and after 2020 accelerated this trend worldwide.

Why CNP Fraud Is Hard to Stop

When you swipe a physical card at a store, the terminal reads data from the chip that can't be copied. The merchant sees you. Security cameras record the transaction. These friction points deter fraud.

Online, none of these safeguards exist. The criminal enters card data from a coffee shop in another country. Device fingerprints can be spoofed. Addresses can be faked or rerouted. By the time the real cardholder notices the charge, the goods are gone.

The Attack Sequence

A typical CNP attack unfolds in stages:

1. Card acquisition: The criminal obtains card data through phishing, data breaches, skimming, or dark web purchases
2. Card testing: Small purchases ($1-5) verify the card works before larger orders
3. Velocity burst: Multiple high-value orders placed quickly, often to different addresses
4. Reshipping or resale: Goods go to drops, get reshipped internationally, or resold immediately

Merchants bear most of this risk. When a cardholder disputes a CNP transaction, the merchant loses both the merchandise and the payment. This is the "liability shift" in action: without chip verification, the merchant is responsible for fraud.

---

Triangulation Fraud: The Three-Party Scheme

Triangulation fraud is one of e-commerce's most insidious schemes because no single victim realizes they're in a fraud until the aftermath.

How It Works

Three parties form the triangle:

The customer never knows they participated in fraud. They paid money, received goods, and left a positive review. The legitimate retailer fulfilled a real order to a real address. Only later, when the chargeback arrives from a different person in a different city, does the crime become visible.

Why Triangulation Is Growing

In 2024, 26% of merchants reported experiencing triangulation fraud.^[2] One criminal network operated over 75,000 fake e-commerce storefronts, scamming more than 800,000 shoppers across the US and Europe, processing over $50 million in fraudulent orders over three years.^[3]

The scheme thrives because:

• Price arbitrage attracts victims: Fake storefronts advertise prices 20-50% below retail, luring bargain hunters
• Customers have no reason to complain: They received what they ordered
• Stolen card data is cheap and abundant: With 269 million card records posted on dark web platforms in 2024 alone, supply isn't a problem
• Chargebacks take time: The fraud window between order and dispute can be weeks or months

The Retailer's Double Loss

When triangulation fraud hits, the legitimate retailer loses twice. They shipped the product. Then the chargeback reverses the payment. They're out both the merchandise and the revenue, plus chargeback fees. For small and mid-sized merchants, these losses can reach six figures in a single quarter.

---

Friendly Fraud (First-Party Fraud)

Not all e-commerce fraud involves stolen card data. Sometimes the cardholder is the fraudster.

What It Looks Like

Friendly fraud, also known as first-party fraud, occurs when a legitimate customer makes a purchase, receives the product, and then disputes the charge as unauthorized. They keep the item and get their money back.

This isn't a gray area. A 2024 Socure survey found that 40% of Americans know someone who has committed friendly fraud.^[4] Among Gen Z shoppers, 40% admitted to committing first-party fraud during the 2024 holiday season.^[5]

Why It's So Common

Several factors drive friendly fraud:

• Ease of disputes: Banks make it simple to file chargebacks, often with a single phone call or app button
• Low perceived risk: Most friendly fraudsters face no consequences
• Consumer confusion: 72% of cardholders don't understand the difference between a chargeback and a refund^[6]
• Buyer's remorse: Regret over a purchase leads some customers to claim fraud rather than request a return

The Scale of the Problem

First-party fraud has surged, with 35% of Americans admitting to committing it.^[4] Chargebacks attributed to friendly fraud cost merchants over $100 billion annually, with 61% of all chargebacks falling into this category.^[1]

The damage compounds. Every dollar lost to fraud costs merchants $4.61 in 2025, accounting for investigation, fees, and operational overhead.^[6]

The Chargeback System's Design Flaw

Chargebacks exist to protect consumers from unauthorized transactions. When a criminal steals your card number and makes purchases, you shouldn't have to pay. Regulation Z limits consumer liability on credit cards to $50, and most banks waive even that.

But the system assumes disputed transactions are genuinely unauthorized. When customers abuse this protection, the burden falls entirely on merchants. Banks have little incentive to investigate friendly fraud claims because they recover the funds either way. Merchants can contest chargebacks through "representment," but they win only about 18% of contested cases on net.^[6]

---

Refund and Return Abuse

Beyond chargebacks, customers exploit refund policies directly.

Common Schemes

Wardrobing: Buying clothing, wearing it once (keeping tags hidden), then returning it as "unworn." Particularly common for special occasion items like prom dresses, suits, and party outfits.

Empty box claims: Customer reports the package arrived empty or with wrong contents. They keep the item and receive a refund.

Item not received (INR) claims: Customer claims the order never arrived, despite delivery confirmation. Especially effective for items left at doorsteps without signature.

Return fraud: Returning a different, cheaper, or broken item inside the original packaging. Or returning stolen merchandise to a store that sells the same item.

Scale

Refund and policy abuse has become the most common form of e-commerce fraud, impacting 48% of global merchants in 2024.^[2] In the US alone, return fraud cost retailers $103 billion in 2024, about 15% of all returns.^[7]

---

Buy Now, Pay Later Fraud

BNPL services like Klarna, Affirm, and Afterpay have created new fraud opportunities by extending instant credit with minimal verification. But what makes BNPL fraud different from traditional card fraud isn't just the speed of approval. It's who bears the risk.

The BNPL Risk Model

Traditional card fraud works like this: criminal uses stolen card, merchant ships goods, chargeback hits, merchant loses both the goods and the money. The merchant bears the fraud loss.

BNPL works differently. When a customer checks out with Klarna or Affirm, the BNPL provider typically pays the merchant upfront (minus a fee). The customer then owes the BNPL provider, not the merchant. The specific arrangements vary by provider and contract. Some BNPL providers absorb all non-payment risk. Others have chargeback mechanisms, holdback reserves, or clawback provisions that shift some risk back to merchants.

But those protections only work against legitimate merchants who stick around. A fraudulent merchant planning to disappear doesn't care about clawbacks. They'll be gone before anyone tries to claw anything back.

BNPL transaction values are projected to grow from $334 billion in 2024 to $687 billion by 2028.^[8] Fraud grows with it.

Consumer-Side BNPL Fraud

The attacks you'd expect all work on BNPL:

Synthetic identity fraud. Criminals create fake identities by combining real Social Security numbers (often from children, the elderly, or deceased individuals) with fabricated personal details. These synthetic identities pass basic verification and accumulate BNPL credit they never intend to repay. Synthetic identity fraud in BNPL surged 26% in the first half of 2024.^[9]

Bust-out schemes. Fraudsters create accounts, build a brief payment history to increase credit limits, then max out multiple BNPL accounts simultaneously across different merchants. They disappear with the goods.

Friendly fraud crossover. BNPL users dispute legitimate purchases, claiming the transaction was unauthorized or the item was defective. The same chargeback abuse patterns from credit cards now apply to BNPL.

Merchant-Side BNPL Fraud

BNPL is attractive to fraudulent merchants because providers pay quickly and verification is light. The scheme might involve real customers, fake customers, or both. Either way, the BNPL provider pays out and the merchant disappears.

Fake customer schemes. The merchant creates synthetic identities or recruits accomplices to pose as "customers." These fake customers make BNPL purchases. The BNPL provider pays the merchant. The fake customers never pay back. No real goods change hands, or the same items get "sold" repeatedly.

Real customer scams. The merchant advertises products at attractive prices and accepts BNPL at checkout. Real customers place orders. The BNPL provider pays the merchant. The customers never receive what they ordered, or receive junk instead. The merchant vanishes. Customers are stuck with BNPL debt for goods they never got.

Phantom transactions. A fraudulent merchant processes BNPL transactions for purchases that never happened. They might generate fake order confirmations and shipping tracking (easy enough to fabricate). The BNPL provider pays out. By the time anyone investigates, the merchant has closed shop.

BNPL bust-out. Similar to card processing bust-out, but targeting BNPL specifically. A merchant integrates with multiple BNPL providers, runs volume for a few weeks, collects payments, then disappears. BNPL providers are left chasing a ghost.

Why BNPL Fraud Is Hard to Stop

BNPL providers face a dilemma. Their value proposition is instant approval at checkout. Add friction, lose customers to competitors. But that speed means minimal verification.

The merchant gets paid quickly because that's the point. Delay merchant payments, merchants won't offer BNPL at checkout. But fast payment means fraudulent merchants can extract money before anyone detects the problem.

And because BNPL is relatively new, fraud patterns are still emerging. The playbooks that work for card fraud don't map perfectly. BNPL providers are learning expensive lessons about who to trust.

---

Marketplace Fraud: Both Sides of the Transaction

Platforms like Amazon, eBay, Etsy, and Facebook Marketplace host millions of independent sellers and buyers. Both sides can commit fraud.

Seller-Side Fraud

Non-delivery scams: Seller collects payment, never ships the product, and disappears. Common on new seller accounts with suspiciously low prices.

Counterfeit products: Fake designer goods, knockoff electronics, or unauthorized replicas sold as authentic. The luxury goods market loses approximately $30 billion annually to counterfeits sold through online marketplaces.

Bait and switch: Listing shows one product; buyer receives an inferior substitute. Listings might show name-brand items but deliver generic alternatives.

Hijacked seller accounts: Criminals gain access to established seller accounts with positive feedback. They list high-demand items at attractive prices, collect payments, and vanish. The legitimate seller's reputation provides cover.

Buyer-Side Fraud

False claims: Buyers claim items arrived damaged, defective, or not as described when they were fine. They return nothing or ship back a different item.

Feedback extortion: Buyers threaten negative reviews unless the seller provides partial refunds or free additional items.

Return switch: Buyer purchases a genuine item, returns a counterfeit or broken version in the same packaging.

Platform Liability Questions

When fraud happens on a marketplace, who's responsible? Platforms generally disclaim liability for third-party transactions. This leaves buyers and sellers to resolve disputes, often with the platform acting as reluctant arbiter. Consumer protection varies dramatically by platform, payment method, and jurisdiction.

---

Merchant Fraud: When Businesses Are the Criminals

Everything above assumes the merchant is the victim. But sometimes the merchant is the perpetrator.

Merchant fraud flips the script. Instead of criminals attacking businesses with stolen cards, the business itself exists to commit fraud. These operations exploit the trust that payment processors extend to merchants, extracting as much money as possible before disappearing.

Getting a Fraudulent Merchant Account

Before criminals can process payments, they need a way to accept them. This has become remarkably easy.

Individual seller accounts. Modern payment platforms like Stripe, Square, PayPal, and Shopify let anyone start selling online with minimal verification. An email address, a bank account, and basic identity information might be all that's required. Criminals use stolen or synthetic identities to open accounts as "individuals" or "sole proprietors" without any business documentation at all.

Fake business documentation. For processors that require more verification, criminals forge what they need: LLC paperwork, business licenses, bank statements. They don't actually register anything. A professional-looking website and a virtual office address complete the illusion.

Shell company purchases. Rather than building from scratch, some criminals buy existing businesses with established merchant accounts. A struggling retail store or dormant company with processing history is worth more to fraudsters than its legitimate assets. The new "owners" inherit the merchant account and its processing limits.

Insider collusion. In some cases, employees at acquiring banks or payment processors approve applications they know are fraudulent. They receive a cut of the proceeds. These schemes are harder to detect because the account looks legitimately approved from the outside.

Bust-Out Schemes

Once criminals have a merchant account, the bust-out begins. The goal is to extract maximum value before the account gets shut down.

Quick hit. The criminal processes as many transactions as possible immediately, staying just under the velocity limits that trigger automatic review. A merchant approved for $50,000 monthly volume might process $45,000 in the first week across hundreds of small transactions. By the time fraud alerts fire, the money has already settled and been withdrawn.

Slow burn. Some operations play a longer game. They process legitimate-looking transactions for weeks or months, building trust and increasing their approved limits. Then they strike: a massive burst of fraudulent volume over a few days, followed by account abandonment. The higher limits mean bigger payouts.

Volume play. Rather than maximizing a single account, some criminals open many merchant accounts across different processors. Each account stays under the radar with modest transaction volumes. But twenty accounts processing $20,000 each adds up to $400,000. When chargebacks eventually hit, the criminals have moved on.

The transactions themselves might be entirely fake (phantom sales with no actual customers), or they might use stolen card numbers to "purchase" goods that don't exist. Either way, the merchant collects the funds, and the chargebacks arrive after the money is gone.

Transaction Laundering

Transaction laundering uses a legitimate merchant account to process payments for a different, usually illegal, business. The merchant account holder might not even know it's happening.

Here's how it works: a criminal operates an illegal online pharmacy, gambling site, or other prohibited business. They can't get their own merchant account because processors won't approve those business types. So they find a legitimate merchant (a gift shop, a consulting firm, whatever) and route their transactions through that merchant's account. The gift shop's statement shows thousands of sales. In reality, those "sales" are payments for illegal pills or offshore gambling.

Sometimes the legitimate merchant is complicit, taking a percentage for lending their account. Sometimes they've been compromised and don't know their account is being used. Either way, the acquiring bank sees apparently normal retail transactions while actually processing payments for prohibited goods and services.

Why Merchant Fraud Matters to Investigators

Merchant fraud connects to the broader criminal supply chain covered in Criminal Infrastructure. The same networks that sell stolen card data also sell "aged" merchant accounts, fake business documentation, and insider contacts at processors.

When chargebacks spike from a particular merchant, it's worth asking: is this merchant a victim of fraud, or is this merchant the fraud? The answer shapes everything about the investigation.

---

Mobile Commerce Fraud

Mobile shopping introduces additional attack surfaces.

Fake Shopping Apps

Criminal developers create apps mimicking legitimate retailers. These appear in app stores (sometimes bypassing review processes) or distribute through sideloading. Users enter payment credentials, which are harvested. Some fake apps actually process orders through triangulation schemes.

Mobile-Specific Vulnerabilities

Location spoofing: Fraudsters fake their GPS location to bypass geographic restrictions or manipulate local pricing.

SIM swapping: Criminals port a victim's phone number to a new SIM card they control. This intercepts SMS verification codes, enabling account takeover of shopping accounts, BNPL services, and payment apps.

One-tap purchase abuse: Mobile wallets and saved payment methods reduce checkout friction, but they also mean a compromised device enables immediate fraud without entering card details.

---

The Cross-Border Dimension

E-commerce fraud becomes exponentially harder to address when it crosses borders.

Why International Fraud Thrives

Jurisdiction fragmentation: A fraudster in Country A runs a fake website hosted in Country B, victimizing customers in Country C, using stolen cards from Country D. No single law enforcement agency has clear authority.

Currency arbitrage: Fraudsters exploit exchange rate differences and price disparities between regions.

Shipping complexity: International returns are expensive and time-consuming. Many victims don't bother pursuing small-value fraud across borders.

Legal barriers: Evidence collection, asset freezing, and prosecution require international cooperation that rarely materializes for individual fraud cases.

Money Movement After E-commerce Fraud

Once criminals extract value from e-commerce fraud, the cash-out follows familiar patterns:

• Resale: Stolen goods sold through secondary markets, often internationally
• Gift card conversion: Items purchased with stolen cards converted to gift cards, then to cash
• Reshipping networks: Goods sent to domestic drops, repackaged, and shipped overseas
• Cryptocurrency conversion: Proceeds converted to crypto through exchanges or peer-to-peer trades

---

Key Takeaways

• Card-not-present fraud dominates online commerce because stolen card data is cheap and verification is limited.
• Triangulation fraud hides victims from each other by inserting a fake storefront between customers and legitimate retailers.
• Friendly fraud has become normalized with over 40% of Americans knowing someone who has committed it.
• Chargebacks protect consumers but create merchant vulnerability because the system assumes disputed transactions are unauthorized.
• BNPL shifts fraud risk from merchants to providers. Because BNPL providers pay merchants upfront, fraudulent merchants can exploit this through collusion schemes and phantom transactions.
• Marketplace fraud operates from both buyer and seller sides, exploiting platform trust systems.
• Merchant fraud flips the script. Sometimes the business itself is the criminal, using fraudulent merchant accounts for bust-out schemes or transaction laundering.

---

Key Terms

---

References

1. Mastercard - E-commerce Fraud Trends and Statistics 2024↗

2. Merchant Risk Council - 2025 Global eCommerce Payments and Fraud Report↗

3. PYMNTS - Online Merchants Grapple With Surge in Triangulation Fraud↗

4. Socure - First-Party Fraud Survey 2024↗

5. Socure - Holiday First-Party Fraud Survey 2024↗

6. Chargebacks911 - Chargeback Statistics 2025↗

7. Appriss Retail/Deloitte - Consumer Returns in the Retail Industry 2024↗

8. Juniper Research - BNPL Transaction Value to Rise 106% by 2028↗

9. ACI Worldwide - Holiday Spending and Fraud Report 2024↗

---

Generated with AI assistance. Reviewed by humans for accuracy.