Protecting Your Business and Customers from Scammers: A Guide for Merchants

In our previous article, we explored the rapid rise of e-commerce in Southeast Asia — a boom that brings undeniable opportunity, but also a surge in fraud that’s costing the region billions and putting countless lives at risk. According to research by Oliver Wyman, consumer scams are escalating across SEA, with estimated losses exceeding US$5 billion.

‍
In this article, we’ll shift our focus to the merchant’s side, exploring the types of e-commerce fraud on the rise and how merchants can better protect themselves and their customers.

What’s E-commerce Fraud

E-commerce fraud refers to malicious activities related to online purchasing. It can affect retailers, customers, and financial institutions, taking many forms—from unauthorized access to personal data and theft of financial information to delivering low-quality products that are nothing like those advertised.

Below are some examples of e-commerce fraud.

‍

Types of E-commerce Fraud

‍

Identity Theft

Identity theft occurs when a fraudulent person uses someone’s personal or financial information to make unauthorized purchases, open unauthorized accounts, or commit criminal activities. 

Phishing
Many of us have probably received suspicious emails or SMS messages asking for our personal information. That’s phishing, a tactic that uses deceptive messages to trick victims into revealing information, which is then used to commit fraud or gain access to bank accounts and other sensitive data.

Chargeback Fraud
Chargeback fraud is when customers intentionally dispute a legitimate transaction, usually after receiving their orders, to obtain a refund.

In Southeast Asia, a rising type of fraud has emerged—somewhere between triangulation and chargeback fraud—but adapted to the region’s popular real-time payment method: QR codes. While not identical to the traditional definitions, this approach shares key similarities.

A scammer sets up a fake store and, upon receiving an order from a buyer, places that order with a legitimate seller to obtain a real QR code from an e-commerce platform. The scammer then forwards the QR code to the buyer, who unknowingly completes the payment. Once the payment is confirmed, the scammer submits a refund request through the marketplace, effectively reclaiming the money and leaving the buyer a victim with no item received and a financial loss.

Affiliate Fraud
An affiliate program is a business strategy that rewards users with commission fees for promoting products or services. However, some people misuse these programs by farming clicks or creating bots to generate fake traffic and earn commissions illegitimately.

Triangulation Fraud
Triangulation fraud occurs when a scammer, posing as a middleman or fake store, purchases an item from a legitimate seller using the victim’s payment details, which would be stolen during the transaction process and often kept for future unauthorized use.
‍
Dropshipping Fraud
Merchants who facilitate sales without holding inventory are known as dropshippers. This model allows businesses to scale without significant upfront investment. However, things can get tricky when scammers enter the picture. For example, a dropshipper might unknowingly promote fraudulent sellers who never fulfill orders.

These fraud types are just a few examples among many. Scammers are constantly evolving, and new methods of fraud emerge every day. Staying updated on these trends is essential for merchants to stay one step ahead.

‍

How to Safeguard Your Online Store from Fraud
‍

As you can see, scammers are highly adaptable, making them difficult to stop once they’ve struck. That’s why prevention is key. Here’s how merchants can protect themselves and their customers from fraud.

‍

‍

Recognizing Suspicious Transaction Patterns
One of the first things merchants can watch for is irregular purchase patterns, such as unusually high-value orders from new customers, mismatched shipping and IP addresses, or the use of multiple cards from the same IP or account. If these purchases turn out to be fraudulent, merchants risk losing both inventory and revenue when the actual cardholders dispute the unauthorized transactions.

Promoting Customer Education
A thousand tactics from scammers won’t succeed if customers are well-informed. That’s why education is the first line of defense. From setting strong passwords and enabling two-factor authentication to avoiding payments over public Wi-Fi, empowering customers with knowledge is key to prevention.

Utilizing 3D Secure Authentication
3D Secure adds an extra layer of protection to online payments by asking customers to verify with a one-time code, like the OTPs you get via SMS. For merchants, enabling 3D Secure means a safer checkout experience for both their business and their customers, especially high-volume ones who carry higher cybersecurity risk. According to a study, 3D Secure can reduce credit card fraud by up to 40%.

Strengthening Internal Security
Working hard to create a business will amount to nothing if there are no measures to protect it. Therefore, strengthening internal security is important and it can be done in many ways.

1. Manage access carefully. Even in a start-up environment where everyone feels equal, owners should grant access to payment systems only to the minimum number of necessary employees and review these permissions regularly.
   
   
2. Set up multi-factor authentication. Always enable multi-factor authentication for access to critical systems to reduce the risk of unauthorized access.
   
   
3. Storing and Auditing Transaction Records: Properly store all transaction records and conduct regular audits. This helps in early detection of suspicious transaction patterns.
   
   
4. Teach staff basic security practices. Educate employees on keeping software and systems updated on their devices, using strong passwords and changing them every three months, and staying alert to phishing emails.

‍

Choosing the Right Payment Provider
‍

Apart from these internal measures, online stores can further enhance security by choosing payment providers that are PCI-DSS compliant and offer advanced protection technologies such as multi-level screening and fraud detection systems. Omise is a leading provider in the Asia-Pacific region and the United States, offering secure, reliable solutions to help businesses manage transactions with confidence.

Learn more about how Omise can help you prevent fraud here.

‍

Resources

^{Raman, J., Karandikar, A., & Heckmann, J. (n.d.). 3 Key analytics-led levers for ASEAN banks to tackle scams. Oliver Wyman. https://www.oliverwyman.com/our-expertise/insights/2024/mar/cracking-scams-with-analytics-southeast-asia.html}

^{PYMNTS Intelligence: How 3D Secure 2.0 can help merchants, banks and issuers put a stop to card fraud. (2022, March 8). PYMNTS.com. https://www.pymnts.com/fraud-prevention/2022/pymnts-intelligence-how-3d-secure-2-0-can-help-merchants-banks-and-issuers-put-a-stop-to-card-fraud/}

^{3D Secure: Discover the simplest way to implement it for your business. (2023, December 4). Opn. https://www.opn.ooo/my-en/blog/payments/3d-secure-guide/}

^{Checkout security: How to protect your online transactions. (n.d.). https://www.omise.co/en/blogs/checkout-security-protect-online-transactions-en}

^{Austria’s FACC, hit by cyber fraud, fires CEO. (2016, May 25). Reuters. Retrieved June 19, 2025, from https://www.reuters.com/article/idUSKCN0YG0ZF/}