Globally, the multi-billion dollar online payment fraud industry continues to expand, with historical data pointing to significant annual growth rates like 11% per year. Current projections indicate billions of dollars in losses annually, making fraud prevention more critical than ever. A significant percentage of online purchases is fraudulent, with digital and luxury goods under the most intense attacks. On the other side of that battle, there exists a multi-billion dollar e-Commerce fraud prevention industry, who do an increasingly excellent job at identifying and mitigating this fraud. Unfortunately, these companies offer packages that typically start at a few thousand dollars per month, way out of reach for small and mid-sized e-Commerce companies. For small and mid-sized e-Commerce companies, a clear roadmap for re-platforming can be invaluable. Thankfully, there are some pretty basic steps that small businesses can take that can dramatically mitigate credit card fraud. For advanced protection, consider our Migration Insurance Service. And the best part, is that because these tweaks are done within your own payment gateway, they are either for free (or nearly free) to implement.
4 Steps to Fight Fraudulent Transactions
In this article we’ll provide a walk-through of how to make basic payment gateway security changes that can significantly reduce your company’s exposure to online payments fraud. We’ll be using the built in iSpyFraud tool in the NMI Payment Gateway for all screenshots, however, most other mainstream payment gateways offer similar features. Understanding how to obtain API keys and tokens is a fundamental step for integration.
1. Require the card’s security code
If you’ve made a purchase over the phone with any large retailer, you’ve probably been asked for the 3 digit code on the back of your card (or 4 digits for American Express cards). That code is called a CVV, and it’s a surprisingly effective e-Commerce fraud prevention measure. That’s because when many credit cards are stolen they do not include the CVV number, so by requiring the customer to enter that number and enabling CVV Match to ensure that the number entered matches, you can immediately reduce a large amount of credit card processing fraud.
Enabling this protection is relatively simple. When configuring your payment gateway, block any transactions in which there is a CVV error (aka mismatch) or where the CVV information is not provided.
The Pros and Cons:
The downsides of requiring CVV are pretty minimal. But because each unnecessary field required in the customer’s checkout process will at least at some level lower the shopping carts conversion rate. Explore our checklist for the perfect shopping cart to optimize your store. And because AVS is technically an optional requirement, one can expect a small dip in the overall funnels conversion rate when implementing AVS.
2. Require a Zip Code Match
When purchasing gas throughout the U.S. it is now standard that the customer enters their zip code when swiping their credit card. The reason is that the gas station is conducting an AVS or zip code match. That is, they are checking whether the zip code that you entered matches the zip code of the credit card. The reason, is much like CVV codes, most individuals who are attempting to use stolen credit cards do not have the owner’s zip code. Moreover, the zip code is not listed anywhere on the credit card, which means that even if the fraudster stole the cardholders physical credit card they likely wouldn’t have the zip code.
Another benefit of zip code matches, is that it takes very little work by the cardholder and thus has a minimally negative impact on conversion rates. And unlike requiring a full address match, which does generate a lot of false positives due to customer types, requiring merely a zip code match accomplishes much of the same e-Commerce fraud protection while generating far fewer false positives as it only requires the customer to enter 5 digits.
The Pros and Cons:
Implementing zip code matches is easy, simply require a 5 digit zip code match for transactions to process in your payment gateway’s setup. Alternatively, you can also require a full address match (e.g. house number, street name, city name, etc.); however, the increased security benefits of a full address match are generally outweighed by the significantly increased rate of declined transactions due to legitimate customers committing typos.
3. Flag Suspicious Transaction Amounts
If your company’s typical ticket size is under $50 with very few purchases over $100, then consider flagging in your payment gateway any transactions which are over say $150. Similarly, if your average transaction size is $100 and you have very few sales under $50, flag transactions under $10. Why? Because unusual transaction sizes are often an early indicator of fraudulent activity.
You don’t necessarily want to block these transactions, because of course, they may be legitimate. But by setting them to be flagged by your payment gateway you can manually review them each day before the transactions actually post and stop any that seems fraudulent. Reviewing transactions might mean calling the customer to confirm the purchase, or could be as simple as doing a quick google maps search of the delivery property and see if it seems to match what you were expecting.
To accomplish this online fraud prevention measure you need to do two things. The first is to make sure that your credit card processor sets your batch time to provide whomever will be reviewing flagged transactions with the maximum amount of time to do so. Thus, if your business sells the majority of its products between 9 a.m. and 1 p.m., then set your batch time to 5 p.m. That way you’ll have a few hours to check on that days flagged credit card sales and do any verification necessary before the transactions actually post. By contrast, a midnight posting time (which is often the default) means that you’re exposed to fraud perpetrated by savvy fraudsters who attempt to make purchases at 11 p.m, and you’ll have no one to review the flagged transaction before it posts at midnight.
Once you’ve set the batch time, you simply need to configure your payment gateway’s fraud filter to flag transactions both on a dollar amount and by an IP that exceed the thresholds that make sense for your business. Need tailored solutions? Our Migration Customization Service can help.
The Pros and Cons:
The downsides to flagging transactions are minimal. From the customer’s perspective, the transaction will still process as before, so it won’t impact conversion rates negatively. It does, however, add a labor requirement that someone in your company has to be assigned to review flagged transactions on a daily basis. But given the cost of payment fraud, this is typically worthwhile, leading to a significant reduction in overall credit card fraud suffered by the company. Consider reviewing our pre-migration tips for comprehensive store health.
4. Block or Flag Based on Geography
Look through your recent customer list. Is everyone from the US? Or alternatively, the US and Canada? For all but the most international of companies, typically your entire customer list can be reduced to being from 3-4 countries. And if that’s the case, you should consider using geographically based filters to reduce fraud.
That’s because the majority of large scale fraud operations originate from third world countries against first world merchants. Thus a major category of payment fraud can be mitigated by configuring your payment gateway to flag, if not blocked entirely, transactions in which the originating IP or the billing address indicates that the customer is outside of your expected geographic region.
This is simple to accomplish via a payment gateway’s configuration panel. Most offer the ability to simply block or flag all non-US transactions, or for slightly more international companies to specify individually which countries to permit transactions from.
If you have an online store that has issues with fraud, however, you may need to implement a hybrid approach that automates some decisions, and pushes for manual review of more suspicious activity, to expedite the process of transaction investigation. Fraud prevention solutions like ClearSale use a combination of machine learning and manual review techniques which result in better security and higher sales.
The Pros and Cons:
The downsides affecting these geographic filters are pretty obvious. If you block transactions from customers outside your country you will largely miss out on all international customers. You can mitigate this effect somewhat by showing the customer an error message that instructs the international customer to call your offices in order to have the transaction manually approved. For most companies whose customer base is almost exclusively from their home country. However, the loss of these very few international customers is typically outweighed by the significant reduction in overall credit card fraud suffered by the company.
Launch the automated data export right now!
You only need to go through a simple 3-step migration setup via Cart2Cart and the service will do all the rest.
Let's tryConclusion
e-Commerce fraud is a booming multi-billion dollar industry. And as large multinational eCommerce platforms spend millions in order to beef up their security, fraudsters are increasingly targeting smaller e-Commerce companies who do not employ sophisticated risk monitoring tools. By using the very basic (and largely free) payment gateway configuration techniques described above, however, even a small business can eliminate the vast majority of payments fraud.
About the Author
Brad Martin is the Chief Marketing Officer at Soar Payments, a high risk merchant account provider. Learn more about the company, and read their latest blog articles on their Facebook page.
Monthly Update – September 2025
As the e-commerce landscape evolves, so do the sophisticated methods employed by fraudsters. In September 2025, a critical trend for online merchants is the increased reliance on AI-driven behavioral analytics to detect anomalies that traditional rule-based systems might miss. Payment gateways are now integrating advanced machine learning models that can identify suspicious patterns in user behavior, such as unusually fast checkouts, inconsistent shipping addresses, or rapid successive purchases from different IPs. Small and mid-sized businesses should prioritize auditing their payment gateway settings to ensure these AI features are optimally configured. Furthermore, with the rise of cross-border commerce, understanding and adapting to varied regional fraud patterns is crucial. Regularly engage with your payment processor to leverage their latest fraud intelligence and tailor your defenses, especially against new threats like synthetic identity fraud and sophisticated account takeovers. Proactive monitoring and adaptive strategies are key to safeguarding your revenue.
For more details, explore our FAQ section or schedule a call with a migration expert.
