Ecommerce fraud prevention tools: How to choose the right solution

With automation, bots, and AI-powered attacks, criminals can now probe systems at scale and mimic genuine customer behaviour. As a result, online fraud, card testing, account takeover, friendly fraud, and advanced impersonation are now everyday challenges for online retailers and ecommerce platforms processing high transaction volume.

Against this backdrop, here's how many tools fall short: 

Legacy fraud tools struggle at scale

Most businesses already have CV2, address verification, 3D Secure, and some static rules such as velocity checks. Those measures are no longer enough for modern fraud detection. 

With fraud tactics changing, a fragmented setup leaves you piecing together signals like IP address, device fingerprinting, and customer data instead of proactively preventing fraudulent activities.

3D Secure alone won’t solve payment fraud

It’s easy to think: “I’m verifying my customers with 3D Secure, so the responsibility now sits with the card issuer, financial institutions, or payment gateways, and I’m covered.” 

While 3D Secure adds a valuable layer of authentication for card-not-present transactions, it isn’t foolproof. Fraudsters are increasingly able to exploit social engineering, phishing, or compromised customer accounts to bypass controls.

On top of that, a blanket “3DS on everything” approach adds friction where you don’t need it, hurting online payments and online shopping conversion.

Static rule-based systems can’t keep up

Historically, many businesses have relied on static rule-based systems to fight payment fraud. Global attractions group , for example, was no different. 

As Merlin’s Head of Global Payment Risk, Carl Mason, explained, “If we saw a spike in chargebacks, we would have to analyse our data, looking for common data points that tie those cases together, and then create rules. Often, by the time these were implemented, fraud tactics had changed again. It was a constant race to keep up.”

Watches of Switzerland, a luxury retailer, had a similar issue: reactive rule-writing that never caught up with attackers. They’d find a type of fraudster and create a rule, only for a new type of fraud to emerge. In some cases, they’d spot it after the damage was already done. 

Machine learning can be a black box

Machine learning fraud detection is a powerful way to scale defences using algorithms, risk scores, and behavioural analytics. But in some cases, AI-powered fraud protection solutions operate as black boxes. They return a simple accept/decline without explaining decisions or allowing fraud teams to tune models for high-risk scenarios, false positives, or specific payment methods.

While machine learning is vital for improving efficiency, it shouldn’t come at the cost of transparency or control.

Some tools struggle to distinguish between legitimate customers and bad actors

As Carl from Merlin observed, “Some customers inadvertently imitate fraudsters.” There are a few reasons a genuine customer might seem suspicious, for example:

• A family booking last-minute tickets from a hotel abroad 

• A loyal customer switching to a new card, device, or IP address

• A high-value luxury watch purchase that doesn’t fit their usual pattern

This leaves you with two choices: lower your risk settings and expose your business to more fraud or keep your settings as is and risk losing genuine customers.

Ready to discuss how we can help you reduce fraud while increasing conversion? Get in touch.

Every extra check adds friction. Every false decline hurts revenue. And every unnecessary manual review, identity verification, or 3DS challenge slows down the journey. The best fraud prevention solution helps you optimise both risk management and revenue optimisation.

Instead of “How do I block more fraud?”, you can ask:

• How can we reduce friction for good customers?

• Where can 3DS safely be skipped or downgraded?

• What can we do behind the scenes to increase our authorisation rates?

• Where might we accept a small amount of fraud to increase our revenue?

The right fraud tool depends on your specific business needs. Here are five key areas we encourage businesses to look into:

1. Core fraud detection and decisioning capabilities

First, you want to tick off the basics: Does the tool use machine learning and automation to analyse patterns at scale? Can you create custom rules where you need more control? Can you backtest fraud patterns, tune risk scores, and adapt to changing fraud tactics without heavy operational overhead for your teams?

Ultimately, you want intelligence, control, and a safe way to iterate.

2. Coverage across payment methods and channels

Your fraud tool is only as strong as the payment methods it can see. BNPL, wallets, and local methods like iDEAL, BLIK, Pix, WeChatPay, and UnionPay all carry different risk signals. If your provider only covers some methods, you’ll have blind spots. 

3. Chargeback management and risk ownership

Some providers will underwrite your chargebacks and offer a chargeback guarantee. This seems attractive: you get predictability, and someone else “owns” the risk.

But there’s a trade-off. If a provider is financially liable for chargebacks, they have a strong incentive to err on the side of caution. This can lead to more conservative risk thresholds. You might get fewer chargebacks, but you’ll also get fewer approved orders and more frustrated customers.

Instead of looking at chargebacks as a standalone metric, you can find a solution that gives you the tools to defend where it makes sense. For example, they’ll automatically defend certain 3DS liability-shifted chargebacks, help you increase your authorisation rates, or work to reduce avoidable fraud in the first place.

4. Data quality and model training

Machine learning is only as good as the data it trains on. So, when you’re evaluating a tool, it’s important to dig into where this data has come from and how relevant it is to your specific business.

For example, understanding how many businesses they support and what volume of transactions flows through their systems gives a good indication of the breadth of the data they can access. 

It’s also important to know which verticals they serve. Different industries have different nuances, risk profiles, and potential weak spots. 

A risk tool that’s trained solely on high-volume, low-value transactions (like a streaming or gaming platform) won’t be much use for a luxury retailer. On the other hand, if a provider processes a large number of transactions for businesses similar to yours, you’ll benefit from those learnings.

Some providers will use third-party data to train their models. If so, they should be transparent about where the data comes from.

5. Transparency and control over fraud decisions

Finally, if the tool uses machine learning, you’ll want to understand how decisions are made and how much influence you have over them.

Can you see why a transaction was accepted or declined? Can you understand the reasoning without having a data science background? Can you override or complement decisions with your own rules where needed?

In our experience, many businesses are still reticent about moving 100% away from rules to machine learning. So, it’s likely that you’ll want to retain some degree of control. An ideal solution will let you incorporate some custom rules to allow for nuances or seasonal peaks.

Adyen’s risk solution, Protect, forms part of a suite of optimisation tools called Adyen Uplift. To us, risk management is one part of a bigger optimisation story: we’re able to influence the complete payment journey because we own it, end-to-end.  

We work with enterprises to help create great online and in-store checkout experiences. Here are some ways you’ll benefit from working with us:

Work with a single team focused on both fraud and conversion

Our risk team works hand-in-hand with our auth-rate team. No one is blinkered by a single departmental objective. Good fraud rates are only celebrated if conversion rates are also strong.

Get a tool backed by huge volumes of platform data

During peak season 2025, Adyen processed up to 199k transactions every minute. Each payment helps train our machine learning models, allowing us to build a comprehensive view of customers. We use signals like devices, email addresses, and payment details alongside behavioural insights like frequency and past fraudulent activity.

We call this behavioural approach to fraud defense Dynamic Identification, which is a model built from trillions of interactions. It is a core layer of our infrastructure, made possible because we can connect signals end-to-end, from payment to payout, onboarding to risk, authentication to settlement. As Carl from Merlin put it: 

“We might not have seen this person before, but Adyen has. This gives us greater insight before we send the payment for authorisation and ensures we're making the best decisions.”

Benefit from machine learning but retain control over your decisioning

Many businesses are looking for an automated tool that does the heavy lifting, but with the ability to set rules manually for edge cases.

Protect combines machine learning with configurable rules, giving you a scalable fraud engine that you can still tune for seasonal patterns, vertical nuances, or policy requirements. 

Our explainability layer means you can see exactly why the model made a decision, something our customers cite as a key reason for switching to us.

How Michael Kors went from outsourced manual reviews to full automation

Luxury retailer, Michael Kors, had outsourced all manual reviews to a payment management and fraud prevention platform. 

Now, with our automated solution, they’ve brought fraud defense in-house even without a dedicated risk manager. This has given them more control without the added workload.

How Watches of Switzerland put an end to manual chaos

The watch retailer relied on a manual, reactive approach to fraud defence. This put them on the back foot, adapting rules only to discover new fraud techniques too late.

In one example, they found that a customer was returning boxes of shower gel instead of watches. When the team realised, the damage was already done. 

Another time, the team found themselves overwhelmed by the task of managing manual rules. As Ecommerce Manager Mitul Tejura recalls, “I had to set calendar reminders to remember to remove the block on New Zealand, which had been blocked for weeks because I forgot.”

By moving to Adyen’s fraud solution, Watches of Switzerland replaced their approach with an approval uplift of 75% and a fraud decrease of 83%.

They still review very high-value transactions manually, but the machine learning does the bulk of the work.

How the Ambassador Theatre Group coped with dynamic volumes

Major theatre operator, Ambassador Theatre Group, struggled to contain fraud. With demand spikes around seasons, shows, and tours, fraud patterns were hard to spot. 

With Protect, they now spend less time writing reactive rules after each spike and benefit from platform-wide data about known fraudsters. Plus, they can maintain a smooth customer journey for each guest.