Ecommerce Fraud Prevention Software: Buyer’s Guide

How ecommerce fraud screening works, chargeback-guarantee vs. score-based pricing, false-decline costs, and the vendor landscape: Signifyd, Riskified, Forter, Sift and more.

Key takeaways

  • Card-not-present fraud costs you twice: once through chargebacks, and again through legitimate orders your filters wrongly refuse — false declines are widely considered the bigger hidden loss.
  • Modern screening combines device fingerprinting, behavioral signals, consortium data pooled across thousands of merchants, and link analysis to score every order in milliseconds.
  • Two commercial models dominate: chargeback-guarantee vendors that take on fraud liability for a fee on every approved order, and score-based platforms that cost less but leave liability — and the tuning work — with you.
  • Guarantees align incentives imperfectly: vendors typically cover only fraud-coded chargebacks, not "item not received" or friendly-fraud disputes.
  • Judge any shortlist on shadow-mode results — approval rate, chargeback rate, and manual-review rate on your traffic — never on a demo.

What ecommerce fraud actually costs

When a stolen card is used on your store, the cardholder disputes the charge, the issuer claws the money back, and you lose the goods, the revenue, the shipping, and a chargeback fee on top. Under card network rules, liability for most card-not-present fraud sits with the merchant — unlike in-store EMV chip transactions, where it generally shifted to issuers. Every fraudulent order that slips through is your loss, and if your dispute ratio climbs too high, the networks' monitoring programs add fines and processing restrictions to the bill.

For scale: consumers reported losing more than $12.5 billion to fraud in 2024, according to the FTC's Consumer Sentinel Network data — and that is only what victims reported. Merchants absorb a separate, largely unpublished layer of loss through card-not-present chargebacks.

The less visible cost is the orders you turn away. Every fraud filter makes two kinds of mistakes: approving bad orders and declining good ones. The industry consensus — echoed by merchants, card networks, and vendors alike — is that revenue lost to false declines often exceeds direct fraud losses, because a wrongly refused customer rarely tries again and frequently never comes back. That is why serious buyers evaluate fraud software on net revenue impact, not on chargeback rate alone.

A fraud tool that brags about a near-zero chargeback rate may simply be declining aggressively. Blocking 5% of your legitimate customers to stop 0.5% fraud is a terrible trade. Always ask what a vendor's decisions do to your approval rate, not just your loss rate.

How ecommerce fraud screening works

Whatever the pricing model, the underlying machinery is similar across the market. Each incoming order is scored against several layers of signal:

A machine-learning model condenses these signals into a decision: approve, decline, or route to review. Two timing choices matter. Pre-authorization decisioning screens the order before the card is charged, which avoids wasting authorizations on obvious fraud (and helps with card-testing attacks). Post-authorization decisioning screens after approval but before fulfillment, which gives the model the issuer's response as an extra signal. Many stacks do both, and most platforms let your team layer custom rules and manage a manual-review queue on top of the model.

Note the boundary of this category: it protects the checkout. Credential-stuffing and account-hijacking attacks upstream of checkout are a related but distinct problem — see our guide to account takeover prevention — and marketplaces that onboard sellers usually pair order screening with identity verification software.

The two commercial models

Chargeback-guarantee (liability shift to the vendor)

The vendor makes the approve/decline decision and reimburses you for fraud chargebacks on orders it approved. You pay a fee on every approved transaction, typically quoted as a percentage of order value. The pitch is alignment: because the vendor eats the fraud, it is motivated to approve as much good volume as possible rather than decline defensively — and you can often shrink or eliminate your manual-review team.

The caveats are real, though. Guarantees generally cover only chargebacks with fraud reason codes; "item not received," "not as described," and friendly-fraud disputes remain yours (and are the territory of chargeback management software). Reimbursement terms, exclusions (certain SKUs, shipping methods, or geographies), and what happens to declined-order data all live in the contract, not the sales deck. And a percentage-of-sales fee on all approved orders can exceed your entire historical fraud loss if your fraud rate was already low.

Score and decision platforms (you keep liability)

The platform returns a risk score or decision plus the evidence behind it; your team sets thresholds, writes rules, and owns the outcome. Pricing is usually per-transaction or per-check — often fractions of a cent to a few cents per event at volume, sometimes bundled as a platform fee with tiers. This model is materially cheaper per order and gives sophisticated teams full control, but it assumes you have (or will hire) analysts to tune rules, work review queues, and monitor drift.

Pricing structures you'll see in the market

The vendor landscape in 2026

The names below come up in nearly every ecommerce fraud RFP. This table describes who each vendor typically serves — it is not a ranking, and inclusion is not an endorsement.

VendorFocusTypical buyer
SignifydChargeback-guarantee decisioning with commerce-platform integrationsMid-market and enterprise online retailers
RiskifiedChargeback-guarantee decisioning at high volumeLarge enterprises in retail, travel, ticketing, and digital goods
ForterGuaranteed decisions across the buyer journey (checkout, returns, account abuse)Enterprise retailers and marketplaces
SiftScore-based platform covering payment fraud, account abuse, and content integrityDigital businesses and marketplaces with in-house risk teams
NoFraudChargeback-guarantee screening with human review of borderline ordersSmall and mid-size ecommerce merchants
KountScore- and policy-based fraud platform with configurable rulesMid-market merchants and payment providers wanting rule control
ClearSaleManaged review and guarantee options with a focus on cross-border and Latin American commerceMerchants selling internationally, especially into Latin America
Stripe RadarMachine-learning screening built into Stripe's payment stackBusinesses that process payments on Stripe

For adjacent categories — chargeback disputes, ATO defense, AML monitoring — start from our fraud prevention software hub.

Browse all prevention buyer's guides

How to run an evaluation

Fraud vendors are unusually easy to test empirically, because you can replay your own traffic through them. Insist on it.

  1. Establish your baseline first. Before any vendor call, document your current approval rate, fraud-chargeback rate (in basis points of sales), manual-review rate and cost per review, and your best estimate of false declines. Without a baseline, every vendor claim is unfalsifiable.
  2. Run shadow mode. Have the vendor score 30–90 days of historical orders, or run live in parallel without acting on its decisions. Compare its verdicts against known outcomes: the chargebacks you actually received and the good orders it would have declined.
  3. Score the four metrics that matter. Approval-rate uplift, projected chargeback rate, manual-review rate, and decision latency (checkout-speed budgets are tight; sub-second decisions should be table stakes).
  4. Stress the edge cases. High-value first-time buyers, gift cards and digital goods, cross-border orders, address mismatches from gift purchases, flash-sale spikes, and promo/returns abuse. Averages hide where tools break.
  5. Read the guarantee like a lawyer. Which reason codes are covered, reimbursement timing, category and geography exclusions, chargeback-documentation duties, price escalators, termination terms, and whether you can export your decision data if you leave.
  6. Plan the 3-D Secure interplay. EMV 3DS can shift fraud liability to the card issuer on authenticated transactions, and PSD2 Strong Customer Authentication makes it unavoidable for most European card payments — but authentication adds friction and some abandonment. Decide which risk bands you will send to 3DS, which you will approve outright, and how the vendor's decisioning supports that routing.

One structural note: retailers mostly fight buyer-side fraud, while marketplaces fight both sides — fake sellers, collusion between buyer and seller accounts, and money-out risk. If you run a marketplace, weight vendors on seller-onboarding and link-analysis strength, not just checkout scoring.

When the fraud is coming from inside

Order screening catches outside attackers. It does nothing about an employee approving kickback invoices or a partner billing for goods never shipped. Insider schemes are an investigations problem, not a software category — and if the scheme touches government money, securities, or tax fraud, the person who uncovers it may qualify for a federal whistleblower reward program. Our directory of U.S. whistleblower reward programs explains how those official programs work and where to report.

Frequently asked questions

What is a chargeback guarantee?
A commercial arrangement where the fraud vendor makes the approve/decline decision on each order and reimburses you for fraud-coded chargebacks on orders it approved, in exchange for a fee on every approved transaction (usually a percentage of order value). Guarantees typically do not cover non-fraud disputes such as "item not received" or friendly fraud — those remain your problem, and are addressed by chargeback management software.
What are false declines and why do they matter so much?
A false decline (or "insult") is a legitimate order your fraud controls wrongly refuse. Unlike a chargeback, it never shows up on a loss report — the revenue simply doesn't happen, and the customer often defects permanently. Industry consensus is that false-decline losses frequently exceed direct fraud losses, which is why approval rate belongs next to chargeback rate in every vendor evaluation.
Do I still need 3-D Secure if I use fraud screening software?
They solve different problems and most merchants use both selectively. EMV 3DS authenticates the cardholder and can shift fraud liability to the issuer, but it adds checkout friction; in Europe, PSD2 Strong Customer Authentication makes it mandatory for most card payments. A common pattern is risk-based routing: approve low-risk orders outright, send medium-risk orders to 3DS, and decline the worst — with the screening platform making that routing call.
Is the fraud tool built into my payment processor enough?
For a small merchant with low fraud pressure, processor-native screening (such as the tooling bundled with a payment provider) is a reasonable starting point at low cost. Merchants tend to graduate to dedicated platforms when fraud attacks get targeted, when false declines start costing real revenue, or when they need guarantees, custom rules, or coverage across multiple processors and channels.
How is ecommerce fraud prevention different from account takeover prevention?
Ecommerce fraud screening evaluates orders at checkout — mostly stolen-card fraud. Account takeover (ATO) prevention defends the login: credential stuffing, phishing-driven hijacks, and abuse of stored payment methods inside legitimate customer accounts. Some platforms cover both, but they are scored, priced, and evaluated differently — see our account takeover prevention guide.
What metrics should a proof of concept report?
Four core numbers, measured on your own traffic in shadow mode: approval rate (versus your baseline), projected fraud-chargeback rate in basis points, manual-review rate, and decision latency. Ask vendors to show the trade-off curve — how approval rate moves as you tighten or loosen the risk threshold — rather than a single cherry-picked operating point.

Last updated: July 4, 2026. AntiFraud.com links only to official and nonprofit help channels — never paid "recovery services" — read our methodology.

← All fraud prevention guides