Dynamisez la croissance de votre entreprise avec la nouvelle série d'Ecwid Igniter M'y emmener
Tout ce dont vous avez besoin pour vendre en ligne

Set up an online store in minutes to sell on a website, les médias sociaux, ou sur les marchés.

Bonjour. Notre blog a été traduit automatiquement pour votre confort. Veuillez nous excuser pour les erreurs de traduction éventuelles.

L'état de la sécurité des paiements dans le commerce électronique

20 min read

When the pandemic hit, ecommerce blew up.

With people locked down and with little to do, buying online seemed the only escape. The global ecommerce market jumped to $26.7 billion. Customer habits, trop, were changing. In one survey, 60% des répondants agreed that COVID-19 had changed their relationship with technology.

But it wasn’t just the sales that were soaring. And it wasn’t just the ecommerce industry’s businesses that were busy–but its fraudsters, trop.

In just a single year (entre 2020 et 2021), ecommerce fraud rose 18%: à partir de $17.5 billion to $20 milliards de dollars. One look at the similarly burgeoning ecommerce fraud prevention market–expected to hit a whopping $70 billion by 2025–and it’s clear this line of ‘work’ is only rising in popularity.

La ligne de fond? Ecommerce fraud is something you can’t afford to turn a blind eye to. Après tout, it’s not just a threat to your profits but your brand image. If customers don’t feel they can pay securely through your website, they won’t trust you. Once you lose that consumer confidence, it’s extremely difficult to win back.

Ci-dessous, we’ll unpack the state of payment security, starting with the most common types of ecommerce fraud. We’ll also offer actionable advice for protecting your customers, votre site web, and–ultimately–your bottom line. Continuer à lire!

Most Common Types of Ecommerce Fraud

As the world of ecommerce expands and evolves, so too do its villains. So over the last few years, it’s not only the nombre of fraudulent transactions–and the overall value of the stolen wares–that has risen. C'est le type of ecommerce fraud, trop.

From pharming and account takeovers to ‘friendly’ and ‘silent’ fraud (not to mention straight-up identity theft), fraudsters’ methods are becoming increasingly dynamic and diverse. Let’s take a look at a few.


Pharming is a type of ecommerce fraud in which fraudsters redirect web users (without their knowledge or consent) to a fraudulent website. This website might look and feel like the one the customer intended to reach, but with a key difference–it’s completely fake.

Designed only to simulate the original website, its fake counterpart exists for one reason only–to trick the user into entering their personal information and credit card details. Fraudsters can then use this info to steal the individual’s money, or worse–their identity.

Fraude par rétrofacturation

Also known as ‘friendly fraud,’ chargeback fraud is when a customer fraudulently attempts to claim a refund by abusing the chargeback system.

A chargeback is a step introduced by banks way back in the ’70s to boost public confidence in the credit card (qui, at that stage, was a new-fangled thing). It allows consumers to dispute a card payment, and after the bank sides with their case, claim a refund.

Let’s say you’re off to Santorini for a holiday, and your card is stolen at the airport. By the time you get to Greece, you realize the thief has made $700 in fraudulent purchases on your card. Dans cette situation, vous pourriez (quite legitimately) request a chargeback.

Le problème? When it’s not legitimate. Whether maliciously or ‘innocently’ (customers forgetting about a transaction on their statement or a recurring billing cycle), fraudsters can take advantage of the chargeback process to claim money back on totally valid purchases.

The worst part? Cette, when a chargeback claim is upheld by the bank, the bank then claims the money (along with a fee on top, for their troubles!) back from you. Add that to the stock you’ve already lost to the fraudster, and chargebacks offer an all-too-real threat.

Identity Theft

Because of popular movies dealing with the subject (The Talented Mr. Ripley, quelqu'un?), identity theft is one of the more well-known types of ecommerce fraud. But that doesn’t make it any less dangerous.

Ici, a fraudster falsely assumes another person’s identity: using their name, renseignements personnels, and documents to open credit cards, then hitting the high street.

Beyond the impact on the victim, why is this bad news for your online business? Après tout, you’re still selling…right?

Mal. Think back, for a second, to our Santorini example above. Pretty soon, the person whose identity was stolen will become aware of the litany of fraudulent purchases made under their name and–you guessed it–raise a chargeback. When the bank upholds this, they’ll be claiming the money back–from you.

Making up 71% of all attacks, identity theft is by far the most common type of ecommerce fraud. Plus, fraudsters are also becoming more sophisticated, now using the personal devices, IP addresses, and user accounts of targets to assume their identities, which makes them a threat to be alert to.

Account Takeovers

At some stage or other while shopping online, all our customers have done it. Ticked that box that says ‘Save My Credit Card Details.’ It’ll save them a minute the next time they come back to make a purchase, so it’s a no-brainer, droit?

Droit. A moins que ce ne soit, a fraudster is able to get their sticky-fingered paws on that customer’s login details. Should that happen, the thief has easy access to their payment details. Meaning all they have to do is change the shipping address and start buying.

And when they do? Expect chargebacks from the real customer, leaving your business out of pocket.

Malware and Ransomware

Does your computer keep freezing up? Are there ads popping up everywhere? Do links take you to the wrong destination, or are new icons appearing on your desktop and browser?

Si oui, you may have inadvertently installed malware (mal = bad, ware = software…it’s bad software) on your device. Even the term ‘malware’ itself includes a range of different malicious code types, each more nefarious than the last. These include spyware, ‘Trojan Horses,’ and ransomware–code that locks you out of your system until you pay the hacker a ‘ransom’ to get back in.

The problem for ecommerce store owners is that malware, whether on your system or that of your customers or admins, can steal sensitive data. That includes the names and address details of your customers, as well as their payment information. If any of that’s compromised, it won’t just be profits or data you’ll be losing, it’ll be your credibility.

Quoi de plus, malware attacks pave the way for an emerging form of ecommerce deception called ‘silent’ fraud. After using malware to illegally access a number of accounts, fraudsters, instead of snatching thousands, hundreds, tens, or even ones, swipe a few cents alone. Done at scale and with regularity, these thefts can total huge amounts of stolen funds. Not so ‘silent’ after all!

Ways to Protect Your Customers

Knowing what the main types of ecommerce fraud are is one thing. But being able to effectively insulate you and your customers from fraud’s ill effects is quite another.

Ci-dessous, we’ve rounded up our top tips for helping you, your customer base, and your business remain beyond the covetous clutches of fraudsters.

Safeguard Customer Information

The first way you can protect your customers? Safeguarding their most important details. Voici comment:


By filtering and monitoring incoming (and outgoing) le trafic, firewalls help maintain the security of your website, acting, fondamentalement, as a literal wall between your network and the wild, wild West of the internet at large.

Through this lens, firewalls are vital not only for securing your data systems but for maintaining PCI compliance. PCI DSS (Payments Card Industry Data Security Standards) is a set of regulations all businesses accepting credit and debit cards must follow. PCI compliance is a kind of ‘seal of approval’ that shows your customers, regulators, and the wider market that you can be trusted to handle sensitive data.

If you sell online with Ecwid par Lightspeed, your store is already PCI DSS compliant. Ecwid by Lightspeed is a PCI DSS validated Level 1 Fournisseur De Services. Il s'agit de la norme internationale la plus élevée pour les échanges de données sécurisés pour les magasins en ligne et les systèmes de paiement.

Enable Two-Factor Authentication (2cela peut les exposer aux cyberattaques)

Ensure 2FA is implemented, so anyone attempting to access your business’s backend platforms and processes will need to log in through two devices. If you or one of your team members is logging in from a desktop computer, par exemple, you’ll also need to confirm the attempt on another device, such as your phone, to gain access.

Other variations include:

  • Two-step variation (2SV): involves receiving a one-time code or password via email, un message, or phone call which you must enter to log in.
  • Authentification multifacteur: a mix of multiple forms of authentication for one of the highest levels of security.

Business owners selling online with Ecwid by Lightspeed can use their Google or Facebook accounts to sign in to their Ecwid store. Activer l'authentification à deux facteurs for your Google or Facebook account and thus protect your login information for Ecwid as well.

If you want to add other team members (like fulfillment staff or a designer) pour votre Ecwid magasin, never share your Ecwid login with them. Au lieu de cela, create separate staff accounts for each user in your store. Staff accounts have separate logins and don’t have access to your profile and billing pages.

Use a Secure Payment Gateway

If you want to offer your customers the highest level of payment peace of mind possible, a secure payment gateway is a must.

A payment gateway is the tech merchants use to accept credit and debit card purchases: both in-person and online. But not all payment gateways are created equal, particularly when it comes to fees and payout times. So be sure to pick the right one for your business’s unique needs.

Ecwid by Lightspeed is integrated with dozens of secure payment gateways. You can choose a payment system that is convenient both for your business and your customers.

Plus: Comment choisir un système de paiement pour votre boutique en ligne

Share Advice and Info with Your Customers

One of the easiest ways to protect your customers? Informing them.

Whether through emails, des textes, or dedicated sections on your website, let your customers know of the fraud that exists and how they can protect themselves from it. (And help you protect them from it!)

Be sure to clearly lay out:

  • How your business greets its customers (so they can spot discrepancies)
  • How your business doesn’t greet its customers, and what it won’t request (c'est à dire, their login details or to click a link to log in)
  • Claire, actionable tips for customers to keep their account details safe (if your business keeps customer accounts)
  • How to get in touch if something doesn’t look right or if the customer has questions
  • What security checks you’re introducing, si tout
  • How the customer can safely update their details
  • What to do if they receive a scam email (c'est à dire, a fraudster posing as your business) and how to report the fraudulent communication

Inutile de dire que, these kinds of comms are vital. Not only do they inspire trust and offer an excellent user experience, but they also help reduce the risk of your customers falling prey to ecommerce fraud.

Rappelez-vous, trop, to make this info as accessible as possible. Your customers might not read their emails or thoroughly read through your website. So the more channels you can publicize this advice on, le mieux!

Keep Your Site Updated and Conduct Regular Security Audit

Plus tôt, we analogized the wider internet as a kind of ‘Wild West’: a frontier state where bandits and lawlessness abound.

Maintenant, while that might be a little on the harsh side, there are plenty of threats out there and myriad methods via which phishers, hackers, and fraudsters can derail your business:

  • DoS (Denial of Service) attacks: a hacker attempts to stop users from accessing your site’s services.
  • DDoS (Distributed Denial of Service) attacks: the perpetrator doesn’t attack you directly but instead uses your site as a ‘zombie’ with which to harm another site. In a DDoS attack, your servers are inundated by requests from a bunch of untraceable IP addresses, crashing your site, and stopping traffic and sales.
  • Brute force attacks: ici, hackers hit your website with thousands of different password combinations in an attempt to gain access.
  • Man in the middle (MITM) attacks: if your customer is accessing your site via a vulnerable network (c'est à dire, public WiFi), hackers can ‘listen in’ to the transaction and use it to extract sensitive data.
  • SQL injections and cross-site scriptings: these attacks exploit vulnerabilities in your site. In an SQL injection, hackers target your forms to gain access to, corrupt and steal information from your site’s backend. In cross-site scripting, hackers insert malicious snippets of code that steal your visitors’ information.

The fact that all these modes of attack exist? That’s the bad news. La bonne nouvelle, cependant, is that these hackers are opportunists. They’re looking for vulnerabilities in your site’s security and fraud prevention setup. Cela signifie que, by keeping your site updated and regularly identifying, understanding, and plugging its vulnerabilities you can reduce the risk of a hacker targeting your website and business.

Pour ce faire, conduct regular security audits. Assess your site’s infrastructure for loopholes, exploring the backend and code (including extensions and themes) for anything hackers can exploit. Ensure:

  • Your passwords are strong
  • Your software is up to date
  • Your site’s SSL (Couche de sockets sécurisée) certificate is up to date

Speaking of SSL certificates, if you created your ecommerce website with Ecwid by Lightspeed, vous avez déjà un certificat SSL par défaut.

If you added your Ecwid store to an existing website, you already have the free SSL certificate for your store. Cependant, the rest of the website is a separate matter. You need to purchase an SSL certificate to protect sensitive information. Learn how to do that in the Ecwid Centre D'Aide.

Another way to protect your website is to revise the list of your online store’s staff accounts and remove the staff members that you do not work with anymore. De cette façon, you prevent hackers from taking advantage of these ‘back channels’ to gain access to your site.

Key Times to Protect Your Website

Ainsi,, now that we’ve explained what fraud to look for and how to protect your website from it, let’s look at the when–at the key times throughout the year when hackers are most active.

Public Holidays

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends–when offices are normally closed–in the United States, as recently as the Fourth of July holiday in 2021.Ransomware Awareness for Holidays and Weekends, 2021.

Noël, Pâques, Memorial Day, Independence Day–though the rest of us are spending time with our families and unwinding, hackers are doing anything but relax.

Increased distraction on the part of the customer or end-user and less staff and resources on the business’s end means conditions are rife for hacking.

Against this backdrop, don’t let your business get caught out. Don’t wait until the next holiday to set your site’s security up for success, or find yourself scrambling to audit your site mere days before the long Mother’s Day weekend. Remember that old Chinese proverb?

Le meilleur moment pour planter un arbre était 20 il y a des années. The second best time is today.

Fins de semaine

Hackers tend to target businesses when they’re most vulnerable and when they’re closed.

That’s why weekends, particularly long ones, where public holidays are involved, are ripe opportunities for hackers. Encore, that doesn’t mean you should let your guard down during the rest of the week. Hackers, en moyenne, attack a staggering 26,000 fois par jour, so you need to remain vigilant.


As the opportunities of ecommerce evolve, so do its threats.

With so many scaremongering statistics out there, it can be easy to want to put your fingers in your ears, turn a blind eye, and take an ‘ignorance is bliss’ approach.

But this mentality doesn’t take into account that with those threats come even more exciting opportunities.

To make the payment process safer, Plus facile, more convenient and more consistent than ever before. To build your brand, engender customer loyalty, and boost trust with your audience by showing them that you value their privacy and respect the sensitivity of their data. Et, in the process, lay the foundations for your ecommerce business’s solid, sustainable success.


Table des matières

Vendez en ligne

Avec Ecwid Ecommerce, vous pouvez vendre facilement partout et à tout le monde : sur Internet et dans le monde entier.

A propos de l'auteur

Rob Binns is a freelance copywriter and editor based in Melbourne, L'australie. When not penning content about ecommerce and digital security, he’s playing (or watching!) Football, or relaxing in the sun with a book and a cold beer.

Ecommerce that has your back

So simple to use – even my most technophobic clients can manage. Easy to install, quick to set up. Light years ahead of other shop plugins.
I’m so impressed I’ve recommended it to my website clients and am now using it for my own store along with four others for which I webmaster. Beautiful coding, excellent top-notch support, great documentation, fantastic how-to videos. Thank you so much Ecwid, you rock!
I’ve used Ecwid and I love the platform itself. Everything is so simplified it’s insane. I love how you have different options to choose shipping carriers, to be able to put in so many different variants. It’s a pretty open e-commerce gateway.
Facile à utiliser, abordable (and a free option if starting off). Looks professional, many templates to select from. The App is my favorite feature as I can manage my store right from my phone. Highly recommended 👌👍
I like that Ecwid was easy to start and to use. Even for a person like me, without any technical background. Very well written help articles. And the support team is the best for my opinion.
For everything it has to offer, ECWID is incredibly easy to set up. Highly recommend! I did a lot of research and tried about 3 other competitors. Just try ECWID and you'll be online in no time.

Your ecommerce dreams start here

En cliquant sur « Tout accepter », vous acceptez le stockage de cookies sur votre appareil pour améliorer la navigation sur le site, analyser son utilisation et contribuer à nos efforts de marketing.
Votre confidentialité

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. Cependant, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information

Plus d’informations

Cookies strictement nécessaires (Toujours actif)
Ces cookies sont nécessaires au fonctionnement du site Web et ne peuvent pas être désactivés dans nos systèmes. Ils sont généralement établis en tant que réponse à des actions que vous avez effectuées et qui constituent une demande de services, telles que la définition de vos préférences en matière de confidentialité, la connexion ou le remplissage de formulaires. Vous pouvez configurer votre navigateur afin de bloquer ou être informé de l'existence de ces cookies, mais certaines parties du site Web peuvent être affectées. Ces cookies ne stockent aucune information d’identification personnelle.
Cookies pour une publicité ciblée
Ces cookies peuvent être mis en place au sein de notre site Web par nos partenaires publicitaires. Ils peuvent être utilisés par ces sociétés pour établir un profil de vos intérêts et vous proposer des publicités pertinentes sur d'autres sites Web. Ils ne stockent pas directement des données personnelles, mais sont basés sur l'identification unique de votre navigateur et de votre appareil Internet. Si vous n'autorisez pas ces cookies, votre publicité sera moins ciblée.
Cookies de fonctionnalité
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookies de performance
These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.