As online retailers battle to navigate an increasingly complex economic, geopolitical and cyber landscape they will face new regulations coming into force on 1stย September aroundย fraudย risk responsibility.
That’s according to a PwC UK and Forter research paper that builds on their joint 2024 research, identifying the latest external threat trends for retailย fraudย leaders. Along with highlighting underlying drivers ofย fraudย risk, this will equip leaders with the insights needed to future-proof theirย fraudย prevention strategies.
The report identifies the key external market factors driving increased levels ofย fraudย risk. These include economic unpredictability, with increased financial pressure on consumers and businesses leading to a rise in opportunistic behaviour.
In conjunction with political and geopolitical changes, this can prompt retailers to reduce investment inย fraudย prevention. Increased cybersecurity risks due to remote working and supply chain vulnerabilities also increase overallย fraudย risk.
The report: โFutureproofing eCommerce fraud prevention in 2025: From supply chain to checkoutโ identifies the biggest fraud trends in 2025. While returns fraud holds its position from last year as the most prevalent eCommerce fraud risk, new emerging threats gaining traction in 2025 include:
- Remote access attacksย โ A type of cyber attack where an unauthorised individual gains access to a computer or network from a remote location. Forter recorded an 8% increase in remote access attacks during the 2024 Black Friday/Cyber Monday period compared to 2023.
- Card testingย โ Aย fraudster tries to determine whether stolen card information is valid so that they can use it to make purchases.ย This attackย fraudย type predominately affects low-value transactions and is commonly seen in crowdfunding or charitable sectors, digital goods, food delivery services and subscription services.
- Fraudย attacks on Quick Service Restaurants (QSRs) or fast-food restaurantsย โ Attacks on QSR platforms surged by 45% from 2023 to 2024.ย Over 85% ofย fraudย attempts on QSR sites involve returningย fraudsters.
- Loyalty pointsย fraudย โ This occurs when individuals exploit loyalty programmes, either stealing points, manipulating transactions, or creating fake accounts to redeem rewards. Accounts involved in loyalty programs face 4-5 times higher rates of attacks compared to regular accounts, and those holding stored value or points are 6-7 times more vulnerable toย fraud.
- Fake accountsย โ This involves the creation and use ofย fraudulent accounts on platforms such as social media, financial institutions, e-commerce sites, and other online services, with the intent to commitย fraud.ย Forterโs data indicates that 90% of fake accounts on digital commerce platforms are often created by a small subset of disciplinedย fraudย users.
Doriel Abrahams, Principal Technologist atย Forterย said: โTheseย fraudulent activities are rife and growing in retail. Not only isย fraudย costly and a drain on already-pressurised resources, but it can irreparably damage a retailerโs reputation. It is essential for eCommerceย fraudย leaders to maintain a holistic perspective โ not only understanding the underlying drivers ofย fraudย risk but also meeting new compliance needs and the current external threat trends. By staying vigilant and continuously reviewing theirย fraudย prevention strategies, merchants can better protect themselves and their customers from ever-changing eCommerceย fraudย risks.โ
An impending addition to the anti-fraud UK Government legislation โ Economic Crime and Corporate Transparency Act 2023 (ECCTA) โ will come into effect on 1st September 2025. This will make it a corporate offence for โfailure to prevent fraudโ (FtPF), or for an organisation to be held criminally liable if a โspecified fraud offenceโ were to be committed by an โassociated personโ that either directly or indirectly benefits the organisation. Even more so than at present, eCommerce organisations will need to have clear policies and processes in place to address their fraudrisks.
Harry Holdstock, Partner at PwC, said: โAs part of a strategic collaboration between PwC and Forter, this annual report is designed to empowerย fraudย and retail leaders within the eCommerce sector with key information to counter their biggestย fraudย challenges. Counter-strategies forย fraudย prevention must become part of the normal running of a business and not an optional extra โ even some of the โsmaller perceivedโย fraudย risks are too big now for any business to ignore at board level. Some of the most commonly overlooked measures are having a robust third-party risk strategy and ensuringย fraudย detection and prevention mechanisms appropriately match the scale and demands of your eCommerce business.โ
Three key actions to tackle fraud Issues
Many forward-thinking merchants have begun to adopt innovative strategies to tackle the growing complexity, sophistication, and volume of fraud. Three key elements for a future-proof fraud management strategy include:
- Comprehensiveย fraudย risk assessmentย โ Dynamic assessments reflecting the latest threat intelligence and regulatory guidance. To be effective, these must identify and address risks across the entire supply chain and checkout process.
- Building a culture ofย fraudย preventionย โ A robust culture ofย fraudย prevention must start with the C-suite and filter through every level of the business. Leadership must champion awareness, training, and accountability, ensuring that all employees understand their role in supportingย fraudย risk management across the organisation.
- An AI-basedย fraudย management platformย โ Machine learning-based detection models can transform account protection by enabling more accurate, real-time identification of anomalies and suspicious behaviour. Continuously learning from new data, these modelsย inform advancedย fraudย techniquesย and ensure that merchants can detect and respond to threats with exceptional speed and accuracy.
The report re-iterates the trending supply chain fraud risks of PwCโs Global Economic Crime Survey 2024, which found that 42% of UK organisations have experienced supply chain fraud and 35% have experienced procurement fraud in the last 24 months.
Throughout the retail supply chain โ from manufacturing to store shelves โ the 2025 report reveals some key fraudulent activities include employees accepting kickbacks and bribery in procurement, counterfeit goods in supplier fraud, theft in logistics fraud with falsified shipping documents and inflated fuel costs and expenses. In inventory management fraud, stock manipulation and phantom inventory, which is recorded in the system but doesnโt exist, are big drains on operational costs. Examples of financial fraud are duplicate payments or invoices and payment diversion to fraudulent accounts.
The big supply chain cybersecurity risks include data breaches, phishing attacks, with employees targeted with emails to gain access to sensitive information, and ransomware, which can see business operations paralysed with a ransom demanded to restore systems.
Photo byย Emiliano Vittoriosiย onย Unsplash
