Here’s a startling statistic: card-not-present channels now account for roughly 80% of all fraudulent transactions in the US.
Investing in resources to detect fraud is an absolute necessity for any business that accepts and processes card-not-present transactions. But, to meet this challenge, you need to craft a comprehensive game plan.
What kind of fraud detection strategy is right for your business? What exactly should it entail? And, should you build your own in-house solution or hire a fraud detection service to handle the heavy lifting?
That's what this guide covers. Whether you're just starting to think seriously about fraud detection or looking to optimize an existing program, the chapters below walk through everything you need to know—from foundational concepts to implementation details.
Before you can build an effective fraud detection program, you need to understand what fraud detection actually means — and how it differs from related concepts like fraud prevention and fraud management. This chapter defines fraud detection in a payments context, introduces the fraud detection lifecycle (before, during, and after the transaction), and covers the key metrics you’ll use to measure success. If you’re new to the topic or want to ensure your team shares a common vocabulary, start here.
Read MoreFraud detection systems analyze transaction data against known fraud patterns and behavioral baselines—but how does that actually happen? This chapter explains the mechanics behind fraud detection, including the difference between rule-based systems and machine learning approaches, the categories of data these systems analyze (transaction data, device signals, historical patterns, network intelligence), and how real-time and batch processing work together. Understanding these fundamentals helps you evaluate solutions and set realistic expectations for what any system can achieve.
Read MoreRules-based fraud detection uses predefined logic to flag or block transactions that match specific risk criteria. It’s straightforward, transparent, and gives merchants direct control over their fraud filters. However, static rules can’t adapt to new fraud patterns on their own and may generate false positives if not carefully tuned. Most effective fraud strategies combine rules-based detection with machine learning and other tools.
Read MoreThinking of new ways to fight fraud? Technology may hold the answer. In this post, we’ll discuss what fraud detection machine learning technology is and how it works. We’ll also outline the benefits and show you some areas where it may — or may not — help you stop criminals.
Read MoreA fraud detection strategy isn’t something you buy off the shelf—it’s a framework you build around your specific business risks, customer expectations, and operational capacity. This chapter walks through how to assess your vulnerabilities, set thresholds based on data rather than fear, balance security against customer friction, and measure the outcomes that matter. The goal isn’t eliminating all fraud (that’s impossible without also eliminating sales); it’s finding the right calibration for your business.
Read MoreShould you rely on your payment processor’s built-in tools, build fraud detection capabilities in-house, or outsource to a specialized provider? Each approach has real tradeoffs in cost, control, and capability. This chapter breaks down all three options—including the hybrid approaches that are increasingly common—and provides a framework for deciding what’s right based on your transaction volume, fraud exposure, and operational capacity. There’s no universal answer, but there is a right answer for your business.
Read MoreIf you’ve decided to work with a third-party fraud detection provider, the next question is which one. This chapter covers what to look for when evaluating vendors: the features that matter most, the questions to ask during the sales process, how to understand pricing models, what chargeback guarantees actually cover, and how to assess whether a provider is right for your specific industry and risk profile. We also provide an overview of the major players in the market with honest assessments of their strengths and limitations.
Read MoreChoosing a fraud detection approach is only the beginning — the real work is making it perform in the real world. This chapter covers the full implementation lifecycle: integrating without disrupting sales, surviving the ramp-up period when false positives are highest, tuning rules and thresholds based on actual outcomes, and building processes for continuous improvement. Fraud detection isn’t a project with an end date; it’s an ongoing operation, and the merchants who treat it that way consistently outperform those who don’t.
Read More
Fraud detection is a series of manual and automated processes aimed at identifying and responding to potential acts of fraud. Fraud detection is usually carried out through automated frameworks like machine learning software, a series of manual review practices, or some combination of the two. The process usually involves fraud detection tools like AVS, geolocation, and 3-D Secure.
Often, your merchant services provider or payment processor will provide built-in options for fraud prevention. These generally consist of pre-loaded software that runs checks on a per-transaction basis.
For more comprehensive fraud protection, you may have to opt-in. Shopify’s Fraud Protect, for example, must be enabled by the merchant.
While there’s no simple, universal way to detect fraudulent transactions, certain tools (velocity checks, Address Verification) can help identify fraud pre-transaction. More comprehensive solutions cast a wider net, pinpointing fraud that happens before, during, or after transactions.
Fraud investigators typically look at data from a wide range of sources in the hopes of finding correlations or anomalies that could be traced to fraudulent activities.
Fraud prevention focuses on stopping fraud before it happens through authentication, security protocols, and checkout controls. Fraud detection focuses on identifying fraud that’s being attempted or has already occurred. Both are necessary components of a complete fraud management strategy.
Common fraud detection tools include address verification (AVS), card verification codes (CVV), 3-D Secure authentication, device fingerprinting, velocity checks, geolocation analysis, and machine learning scoring. Most effective strategies layer multiple tools together.
Costs vary widely. Built-in processor tools are typically free. Third-party providers usually charge per transaction (often $0.01-$0.10 per transaction) or a percentage of transaction value. In-house solutions require significant investment in personnel and infrastructure; often $500K+ annually for a serious capability.
There’s no universal benchmark, as it depends on your industry and risk tolerance. Most merchants aim to catch 90%+ of fraud while keeping false positive rates below 5%. The real measure is whether your chargeback rate stays safely below network thresholds (Visa's VAMP program triggers at 0.9%).
Review performance monthly at minimum. Update rules whenever you see new fraud patterns, rising false positive rates, or significant business changes like new products, new markets, or seasonal volume shifts. Fraud tactics evolve constantly; your detection needs to evolve with them.
Rule-based systems follow predefined logic you set (e.g., "flag orders over $1,000 from new accounts"). Machine learning systems analyze patterns in historical data to identify fraud signals automatically. Most modern solutions combine both approaches.
No system is perfect. A legitimate customer might trigger fraud signals by using a VPN, shopping from an unusual location, or placing an order that doesn't match their typical behavior. Manual review exists to catch false positives before they become declined sales.
Track your chargeback rate, false positive rate, and manual review volume over time. A working strategy keeps chargebacks below network thresholds while minimizing false positives and maintaining a manageable review queue.
It depends on your margins and industry. Most eCommerce merchants aim for fraud rates below 0.5-1%. The real question is whether the cost of reducing fraud further exceeds the fraud losses you'd prevent.
At minimum, you should track fraud rate, false positive rate (or decline rate as a proxy), chargeback rate, and manual review volume. More sophisticated operations also track approval rates by risk segment, time-to-decision, and customer friction indicators.
