As online retailers battle to navigate an increasingly complex economic, geopolitical and cyber landscape they will face new regulations coming into force on 1st September around fraud risk responsibility.
That’s according to a PwC UK and Forter research paper that builds on their joint 2024 research, identifying the latest external threat trends for retail fraud leaders. Along with highlighting underlying drivers of fraud risk, this will equip leaders with the insights needed to future-proof their fraud prevention strategies.
The report identifies the key external market factors driving increased levels of fraud risk. These include economic unpredictability, with increased financial pressure on consumers and businesses leading to a rise in opportunistic behaviour.
In conjunction with political and geopolitical changes, this can prompt retailers to reduce investment in fraud prevention. Increased cybersecurity risks due to remote working and supply chain vulnerabilities also increase overall fraud risk.
The report: ‘Futureproofing eCommerce fraud prevention in 2025: From supply chain to checkout’ identifies the biggest fraud trends in 2025. While returns fraud holds its position from last year as the most prevalent eCommerce fraud risk, new emerging threats gaining traction in 2025 include:
- Remote access attacks – A type of cyber attack where an unauthorised individual gains access to a computer or network from a remote location. Forter recorded an 8% increase in remote access attacks during the 2024 Black Friday/Cyber Monday period compared to 2023.
- Card testing – A fraudster tries to determine whether stolen card information is valid so that they can use it to make purchases. This attack fraud type predominately affects low-value transactions and is commonly seen in crowdfunding or charitable sectors, digital goods, food delivery services and subscription services.
- Fraud attacks on Quick Service Restaurants (QSRs) or fast-food restaurants – Attacks on QSR platforms surged by 45% from 2023 to 2024. Over 85% of fraud attempts on QSR sites involve returning fraudsters.
- Loyalty points fraud – This occurs when individuals exploit loyalty programmes, either stealing points, manipulating transactions, or creating fake accounts to redeem rewards. Accounts involved in loyalty programs face 4-5 times higher rates of attacks compared to regular accounts, and those holding stored value or points are 6-7 times more vulnerable to fraud.
- Fake accounts – This involves the creation and use of fraudulent accounts on platforms such as social media, financial institutions, e-commerce sites, and other online services, with the intent to commit fraud. Forter’s data indicates that 90% of fake accounts on digital commerce platforms are often created by a small subset of disciplined fraud users.
Doriel Abrahams, Principal Technologist at Forter said: “These fraudulent activities are rife and growing in retail. Not only is fraud costly and a drain on already-pressurised resources, but it can irreparably damage a retailer’s reputation. It is essential for eCommerce fraud leaders to maintain a holistic perspective – not only understanding the underlying drivers of fraud risk but also meeting new compliance needs and the current external threat trends. By staying vigilant and continuously reviewing their fraud prevention strategies, merchants can better protect themselves and their customers from ever-changing eCommerce fraud risks.”
An impending addition to the anti-fraud UK Government legislation – Economic Crime and Corporate Transparency Act 2023 (ECCTA) – will come into effect on 1st September 2025. This will make it a corporate offence for ‘failure to prevent fraud’ (FtPF), or for an organisation to be held criminally liable if a ‘specified fraud offence’ were to be committed by an ‘associated person’ that either directly or indirectly benefits the organisation. Even more so than at present, eCommerce organisations will need to have clear policies and processes in place to address their fraudrisks.
Harry Holdstock, Partner at PwC, said: “As part of a strategic collaboration between PwC and Forter, this annual report is designed to empower fraud and retail leaders within the eCommerce sector with key information to counter their biggest fraud challenges. Counter-strategies for fraud prevention must become part of the normal running of a business and not an optional extra – even some of the ‘smaller perceived’ fraud risks are too big now for any business to ignore at board level. Some of the most commonly overlooked measures are having a robust third-party risk strategy and ensuring fraud detection and prevention mechanisms appropriately match the scale and demands of your eCommerce business.”
Three key actions to tackle fraud Issues
Many forward-thinking merchants have begun to adopt innovative strategies to tackle the growing complexity, sophistication, and volume of fraud. Three key elements for a future-proof fraud management strategy include:
- Comprehensive fraud risk assessment – Dynamic assessments reflecting the latest threat intelligence and regulatory guidance. To be effective, these must identify and address risks across the entire supply chain and checkout process.
- Building a culture of fraud prevention – A robust culture of fraud prevention must start with the C-suite and filter through every level of the business. Leadership must champion awareness, training, and accountability, ensuring that all employees understand their role in supporting fraud risk management across the organisation.
- An AI-based fraud management platform – Machine learning-based detection models can transform account protection by enabling more accurate, real-time identification of anomalies and suspicious behaviour. Continuously learning from new data, these models inform advanced fraud techniques and ensure that merchants can detect and respond to threats with exceptional speed and accuracy.
The report re-iterates the trending supply chain fraud risks of PwC’s Global Economic Crime Survey 2024, which found that 42% of UK organisations have experienced supply chain fraud and 35% have experienced procurement fraud in the last 24 months.
Throughout the retail supply chain – from manufacturing to store shelves – the 2025 report reveals some key fraudulent activities include employees accepting kickbacks and bribery in procurement, counterfeit goods in supplier fraud, theft in logistics fraud with falsified shipping documents and inflated fuel costs and expenses. In inventory management fraud, stock manipulation and phantom inventory, which is recorded in the system but doesn’t exist, are big drains on operational costs. Examples of financial fraud are duplicate payments or invoices and payment diversion to fraudulent accounts.
The big supply chain cybersecurity risks include data breaches, phishing attacks, with employees targeted with emails to gain access to sensitive information, and ransomware, which can see business operations paralysed with a ransom demanded to restore systems.
Photo by Emiliano Vittoriosi on Unsplash
