Credit Card Fraud: Our Advice to Detect and Protect Yourself Against it

One of the main concerns for an e-commerce site or even a tourism site is to be the target of credit card payment fraud. To minimize the risks as much as possible, it is necessary to know how to detect the warning signs, and to put in place precautionary measures.


Bank card payment fraud is considered to be any payment by bank card having been made without the consent of its holder. Bank data may for example have been recovered: 

  • By theft of the physical card
  • By hacking banking data on the Internet, when purchasing on an unsecured site, or by sending “phishing” emails 
  • Via an ATM or DAC (computer data)

For an e-commerce site, piracy can have significant consequences, both on turnover and on customer relations, as well as under the law. It is therefore necessary to know how to guard against it.


Protecting your customers’ banking data is not just a necessity. It is also an obligation, about PCI DSS compliance. The latter urges companies around the world that allow online payments to put in place several measures to protect their customers’ banking data.

We have grouped here the main precautionary measures to be implemented to avoid piracy.

Protect connection / transaction

Your customers’ information is most vulnerable when they log into their customer account or perform online banking. Here are some ways to protect them during these crucial stages:

  • Switch your site to HTTPS. You know, any web address begins with http: // www … .. When a site begins with https (Hypertext Transfer Protocol Secure, is “secure hypertext transfer protocol), it indicates that it has a system data encryption. This system helps protect the confidentiality of information sent by the customer when creating an account, logging in, or even carrying out an online transaction. 
  • Subscribe to the 3D Secure protocol. The 3D Secure protocol is what makes it possible to verify the legitimacy of a transaction. To do this, the bank sends a code by text message to the cardholder, which the latter must enter to confirm the transaction. Once the confirmation is given, the bank then authorizes the payment. Often, the 3D Secure protocol is set to trigger a certain amount. However, we invite you not to neglect the verification of small amounts. Indeed, fraudsters, aware of this, do not hesitate to make a maximum of purchases of small baskets before payment is stopped. Note that if you do not activate the 3D Secure protocol, and in the event of opposition during the fraudulent use of a customer’s card, it is up to you to reimburse the amount committed.

Protect stored data

By allowing online payments, you may need to store bank data (especially if you allow the latter to be recorded on the customer account). To ensure their safety:

  • Use hosting with a high level of security: favor hosting on a dedicated server, do not hesitate to check the reputation of suppliers (specialized forums, social networks, etc.), test their after-sales service by contacting them and questioning them on their assistance methods, the resolution times in the event of a problem, compare the offers and security options offered, do not rush to low-cost providers.
  • Secure your computer network using professional anti-virus and firewalls. Perform the necessary updates regularly to avoid any security breach.
  • Use a secure e-commerce platform (CMS, Saas solution, etc.) and make sure it stays that way: pay attention to your publisher’s site and watch for updates. Apply these updates to your site as often as needed.
  • Protect the administration area of ​​your e-commerce platform: for example, use passwords with a high level of security (alphanumeric characters with lowercase, uppercase, numbers, and special characters), limit access through filtering on the IP address of your administrator.
  • Regularly assess the security level of your hosting, your network, and your applications by carrying out intrusion tests: these are services provided by experts simulating hacker attacks. They allow you to detect any vulnerabilities and provide you with detailed reports of corrective actions to be implemented. 

All these precautionary measures do not however exempt you from keeping a vigilant eye on the orders placed on your site, to detect potentially suspicious transactions.


By remaining attentive, you may spot certain suspicious signs that will allow you to put an order on hold while it is time to verify its legitimacy  :

  • If the total amount of a basket is abnormally high, and especially if it is a new customer, it may be a fraudulent order.
  • Likewise, a basket with inconsistent content should put you on the hook. If you sell clothes to private customers, you should be alerted to a basket that combines both women’s and men’s items with sizes ranging from S to XL. 
  • Be vigilant if the buyer seeks to conceal his IP address, or if his IP address comes from abroad (and in particular from a country with a high rate of fraud, such as Côte d’Ivoire, Nigeria, or even certain cities. American like Las Vegas), or if the country to which the customer’s IP address belongs is different from the country to which the bank card belongs.
  • If the buyer’s contact information is inconsistent, it may be wise to verify the origin of the purchase before sending the order. Indeed, fraudsters create accounts under false names and addresses, so as not to be found. So beware of a billing address that is not the same as a delivery address, a postal code that does not correspond to the city indicated, or a telephone indicator located in a region other than that of the delivery address.
  • If you decide to contact the buyer to verify the legitimacy of their order, and they are not answering your calls or emails, it is safer to put their order on hold until they are getting in touch with you.

Taken separately, each of these signs can come from a completely legitimate order. However, they should force your vigilance, especially if several of these signs are cumulative.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *