Ecommerce fraud prevention tools: What to look for (and how we can help)

Fraud has evolved quickly. With automation, bots, and AI-powered attacks, criminals can probe systems at scale and mimic genuine customer behaviour. As a result, online fraud, card testing, account takeover, friendly fraud, and advanced impersonation are now everyday challenges for online retailers and ecommerce platforms processing high transaction volume.

Against this backdrop, here's how many tools fall short:

They’re simple, fragmented, and can’t adapt in real-time

Most businesses already have CV2, address verification, 3D Secure, and some static rules such as velocity checks. Those measures are table stakes, but are no longer enough for modern fraud detection. Fraud tactics evolve faster than manual review processes can be updated. And a fragmented setup (acquirer, separate risk tool, separate fraud prevention software, and separate authentication tool) leaves you piecing together signals like IP address, device fingerprinting, and customer data instead of proactively preventing fraudulent activities.

3D Secure isn’t enough on its own

It’s easy to think: “I’m verifying my customers with 3D Secure, so the responsibility now sits with the card issuer, financial institutions, or payment gateways, and I’m covered.” But while 3D Secure adds a valuable layer of authentication for card-not-present transactions, it isn’t foolproof. Fraudsters are increasingly able to exploit social engineering, phishing, or compromised customer accounts to bypass controls.

On top of that, a blanket “3DS on everything” approach adds friction where you don’t need it, hurting online payments and online shopping conversion.

Rules-based systems are too manual, reactive, and prone to error

Historically, many businesses have relied on static rule-based systems to fight payment fraud. Global attractions group Merlin, for example, was no different. While these rules can stop some fraudulent transactions, they require constant manual intervention and reactive risk assessment.

As Merlin’s Head of Global Payment Risk, Carl Mason, explained, “If we saw a spike in chargebacks, we would have to analyse our data, looking for common data points that tie those cases together and then create rules. Often, by the time these were implemented, fraud tactics had changed again. It was a constant race to keep up.”

Watches of Switzerland had a similar issue: reactive rule-writing that never caught up with attackers. They’d find a type of fraudster and create a rule, only for a new type of fraud to emerge. And that was assuming they could spot it. In many cases, they’d only find out after the damage was done.

Machine learning can be more efficient, but can you trust it?

Machine learning fraud detection is a powerful way to scale defences using algorithms, risk scores, and behavioural analytics. But in some cases, AI-powered fraud protection solutions operate as black boxes. They return a simple accept/decline without explaining decisions or allowing fraud teams to tune models for high-risk scenarios, false positives, or specific payment methods.

Machine learning is vital for reducing your workload and improving your efficiency. But it shouldn’t come at the cost of transparency or control.

Rigid fraud defence is damaging your conversions

As Carl from Merlin observed, “Some customers inadvertently imitate fraudsters.” There are lots of reasons a genuine customer might suddenly seem suspicious, for example:

• A family booking last-minute tickets from a hotel abroad 

• A loyal customer switching to a new card, device, or IP address

• A high-value luxury watch purchase that doesn’t fit their usual pattern

In this case, you’re faced with two poor choices: lower your risk settings and expose your business to more fraud, or keep your settings as they are and risk losing genuine customers.

Every extra check adds friction. Every false decline hurts revenue. And every unnecessary manual review, identity verification, or 3DS challenge slows down the journey. The best fraud prevention solution helps you optimise both risk management and revenue optimisation.

Instead of “How do I block more fraud?”, you can ask:

• How can we reduce friction for good customers?

• Where can 3DS safely be skipped or downgraded?

• What can we do behind the scenes to increase our authorisation rates?

• Where might we accept a small amount of fraud to increase our revenue?

The right fraud tool depends on your specific business needs. Here are five key areas we encourage businesses to look into.

1. What are their core functionalities? 

First, you want to tick off the basics: Does the tool use machine learning and automation to analyse patterns at scale? Can you create custom rules where you need more control? Can you backtest fraud patterns, tune risk scores, and adapt to changing fraud tactics without heavy operational overhead for your fraud teams?

Ultimately, you want intelligence, control, and a safe way to iterate so your fraud strategy stays ahead.

2. Which payment methods do they cover (beyond cards)?

Your fraud tool is only as strong as the payment methods it can see. BNPL, wallets, and local methods like iDEAL, BLIK, Pix, WeChatPay, and China UnionPay all carry different risk signals. If your provider only covers some methods, you’ll have blind spots. So you’ll want to ensure your risk tool covers all relevant payment methods (including those you plan to implement in the future).

3. Do they offer chargeback management (and is that what you really want)?

Some providers will underwrite your chargebacks and offer a chargeback guarantee. This seems attractive: you get predictability, and someone else “owns” the risk.

But there’s a trade-off. If a provider is financially liable for chargebacks, they have a strong incentive to err on the side of caution. This can lead to more conservative risk thresholds. You might get fewer chargebacks, but you’ll also get fewer approved orders and more frustrated customers.

Instead of looking at chargebacks as a standalone metric, you’re better off looking for a solution that gives you the tools to defend where it makes sense. For example, they’ll automatically defend certain 3DS liability-shifted chargebacks, help you increase your authorisation rates, or work to reduce avoidable fraud in the first place.

When considering outsourcing your chargeback management, it’s worth asking yourself: Am I buying peace of mind at the expense of revenue and customer experience?

4. What data do they use to train their ML models?

Machine learning is only as good as the data it trains on. So, when you’re evaluating a tool, it’s important to dig into where this data has come from and how relevant it is to your specific business.

For example, understanding how many businesses they serve and what volume of transactions flows through their systems gives a good indication of the breadth of the data they can access. 

It’s also important to know which verticals they serve. Different industries have different nuances, risk profiles, and potential weak spots. A risk tool that’s trained solely on high-volume, low-value transactions (like a streaming or gaming platform) won’t be much use for a luxury retailer. On the other hand, if a provider processes a large number of transactions for businesses similar to yours, you’ll benefit from those learnings.

Some providers will use third-party data to train their models. If so, they should be transparent about where the data comes from.

5. How explainable is machine learning decision-making?

Finally, if the tool uses ML, you’ll want to understand how decisions are made and how much influence you have over them. Can you see why a transaction was accepted or declined? Can you understand the reasoning without having a data science background? Can you override or complement ML decisions with your own rules where needed?

In our experience, many businesses are still reticent about moving 100% away from rules to ML. So, it’s likely that you’ll want to retain some degree of control. An ideal solution will let you incorporate some custom rules to allow for nuances specific to your business or seasonal peaks.

Adyen’s risk solution, Protect, forms part of a suite of optimisation tools called Adyen Uplift. To us, risk management is one part of a bigger optimisation story: we’re able to influence the complete payment journey because we own it, end-to-end.  

We work with businesses like Merlin Entertainment and Watches of Switzerland to help create great online and in-store checkout experiences. Here are some ways you’ll benefit from partnering with us:

Work with a single team focused on both fraud and conversion

Our risk team works hand-in-hand with our auth-rate team. No one is blinkered by a single departmental objective. Good fraud rates are only celebrated if conversion rates are also strong.

Get a tool backed by huge volumes of platform data

During peak season 2025, Adyen processed up to 199k transactions every minute. Each payment helps train our machine learning models, allowing us to build a comprehensive view of customers. We use signals like devices, email addresses, and payment details alongside behavioural insights like frequency and past fraudulent activity.

We call this behavioural approach to fraud defence Dynamic Identification, which is a model built from trillions of interactions. It is a core layer of our infrastructure, made possible because we can connect signals end-to-end, from payment to payout, onboarding to risk, authentication to settlement. As Carl from Merlin put it: 

“We might not have seen this person before, but Adyen has. This gives us greater insight before we send the payment for authorisation and ensures we're making the best decisions.”

Benefit from ML but retain control over your decisioning

As we move into a world of AI, many businesses are looking for an automated tool that does the heavy lifting for them, but with the ability to jump in and set rules manually for edge cases.  

Adyen Protect combines ML with configurable rules, giving you a scalable fraud engine that you can still tune for seasonal patterns, vertical nuances, or policy requirements. Our explainability layer means you can see exactly why the model made a decision, something our customers consistently cite as a key reason for switching to us.

How Michael Kors went from outsourced manual reviews to full automation

Luxury retailer, Michael Kors had outsourced all manual reviews to a global payment management and fraud prevention platform. Now, with our automated solution, they’ve brought fraud defence in-house even without a dedicated risk manager. This has given them more control without the added workload.

How Watches of Switzerland put an end to the manual chaos

The luxury watch retailer relied on a manual, reactive approach to fraud defence. This put them on the back foot, adapting rules only to discover new fraud techniques too late.

In one example, they found that a customer was returning boxes of shower gel instead of watches. When the team realised, the damage was already done. Another time, the team found themselves overwhelmed by the task of managing manual rules. As Ecommerce Manager Mitul Tejura recalls, “I had to set calendar reminders to remember to remove the block on the whole of New Zealand, which had remained blocked for weeks because I forgot.”

By moving to Adyen’s ML fraud solution, Watches of Switzerland replaced their approach with an approval uplift of 75% and a fraud decrease of 83%.

They still review very high-value transactions manually, but the ML does the bulk of the work.

How the Ambassador Theatre Group coped with dynamic volumes

Major theatre operator, Ambassador Theatre Group, struggled to contain fraud. With demand spikes around seasons, shows, and tours, fraud patterns were hard to spot.  With Adyen Protect, they now spend less time writing reactive rules after each spike and benefit from platform-wide data about known fraudsters, all while maintaining a smoother customer journey for genuine guests.