E-Commerce Fraud Prevention: A Guide for Austrian Online Retailers

By Markus Bergthaler | March 2026

Fraud prevention isn't optional. But here's the paradox: the stricter you are, the more legitimate customers you lose. Through my work with over a hundred e-commerce companies across the German-speaking region, I've learned that the best fraud prevention is the kind customers don't notice. It must be intelligent, risk-based, and integrated into customer experience. This guide shows you how.

The Reality: How Much Fraud Are You Actually Losing?

In Austria and the German-speaking region, fraud rates at reputable e-commerce shops range from 0.5–2% of revenue. That sounds small, but it adds up: a shop with 1 million euros in annual revenue loses 5,000–20,000 euros to fraud. Add chargeback fees, admin costs, and reputation damage. But here's the good news: companies with intelligent fraud prevention systems reduce this rate by 40–70% while maintaining conversion rates.

Types of Fraud You Must Know

1. Card-Not-Present (CNP) Fraud

This is the most common e-commerce fraud risk. The fraudster has card data (through data breaches or phishing) and conducts a transaction without the physical card. These transactions are often discovered weeks later when the legitimate cardholder disputes the charge — that's the chargeback.

How to protect yourself:

• Use PSD2 & Strong Customer Authentication (SCA): In Austria, SCA has been standard since 2021. This means at least two independent factors are required (e.g., password + SMS code). This dramatically reduces CNP fraud.

• AVS (Address Verification System) & CVV Checks: These should be standard, but many ignore them. If the address doesn't match, that's a red flag.

• Velocity Checks: If suddenly 10 orders with different cards appear in an hour, that's fraud. Your system should flag it.

2. Kontenübernahme (ATO)

A fraudster hacks a customer account, changes the delivery address, and orders using the saved payment method. This is insidious because it looks legitimate.

How to protect yourself:

• Flag Abnormal Activity: New IP, unexpected location, rapid checkout, address change — these are red flags.

• Enforce Strong Passwords: And periodic password changes. Offer optional two-factor authentication (not mandatory, to avoid friction).

• Session Security: If an account logs in from two places simultaneously, that's suspicious. Request confirmation.

3. Friendly Fraud (Chargeback Fraud)

The customer buys, receives goods, then claims they never received them or the transaction wasn't authorized. That's "friendly fraud" — one of the worst for e-commerce since these chargebacks are expensive.

How to protect yourself:

• Document Everything: Shipping confirmations, tracking numbers, signatures (when possible). This is your weapon against chargebacks.

• Proactive Communication: Confirm order, confirm shipment, send tracking. Every step documented. This reduces chargeback claims because the customer clearly sees the goods were shipped.

• Risk Markers: Customers with multiple chargebacks should be flagged. New customers with high order values should be more heavily validated.

Regulatory Framework: PSD2 & SCA in Austria

The Payment Services Directive 2 (PSD2) and its implementation in Austria through the Zahlungsdienstegesetz aren't optional. You must understand what this means for your shop:

Strong Customer Authentication (SCA): Required for most card payments. This means at least two factors: something you know (PIN), something you have (phone), or something you are (biometric).

Secure Communication: Payment data must be encrypted in transit. HTTPS is no longer sufficient — you need additional security measures.

Transparency Requirements: You must clearly tell customers how their data is used.

Exceptions & Exemptions: There are certain exemptions (e.g., payments under 30 EUR without transaction limits can skip SCA). Use these wisely — too many exemptions lead to higher fraud.

Building a Modern Fraud Prevention Strategy

Layer 1: Prevention (Before Transaction)

Risk-Based Rules: Don't treat every order identically. A new customer from abroad ordering 500 EUR deserves more attention than a repeat customer ordering 50 EUR. Machine learning models can learn these patterns and auto-flag.

Geolocation & IP Checks: Compare billing address, shipping address, and IP location. Mismatches aren't always fraud, but they're red flags.

Device Fingerprinting: (Privacy-compliant) can identify abnormal devices.

Layer 2: Authentication (During Transaction)

Implement SCA: As mentioned, this is standard. But don't make it painful. The best SCA feels natural.

3D Secure: For card payments, 3D Secure is an additional security protocol. The latest version (3D Secure 2.0) is less intrusive but more secure.

Layer 3: Monitoring (After Transaction)

Chargeback Management: Implement a system to automatically recognize chargeback requests and respond. Use your shipping and communication logs to prove the transaction was legitimate.

Return & Refund Monitoring: Too many returns from one customer? Suspicious. Too many returns of a specific product? Could signal fraud.

KPIs: What You Should Measure

Many companies only measure fraud rate. That's insufficient. Here are the metrics that matter:

• Fraud Rate: Percentage of transactions identified/confirmed as fraudulent.

• False Positive Rate: Percentage of legitimate transactions falsely flagged as fraud. This is critical — too many false positives = lost customers.

• Chargeback Rate: Percentage of transactions triggering a chargeback. Direct revenue loss.

• Cost per Fraud Case: What does handling one fraudulent case cost (chargeback fee, admin time, reputation damage)?

• Conversion Impact: Does your fraud prevention add too much friction? Conversion falls = you lose real customers.

The goal isn't "zero fraud" (impossible). The goal is "optimal balance between fraud protection and conversion."

Best Practices: Real-World Implementation

For Small to Mid-Size Shops (1–10 Million EUR Revenue):

• Choose a Good Payment Processor: A processor like Stripe, Adyen, or Braintree offers built-in fraud detection. Often sufficient.

• Implement SCA: Not optional. But make it frictionless through exemptions for low amounts.

• Document Shipping & Communication: Your best weapon against chargebacks.

For Larger Shops (10+ Million EUR Revenue):

• Machine Learning Fraud Model: Specialists like Kount, Ravelin, or Sift Science offer ML-based fraud detection. The investment is worthwhile.

• Explicit Chargeback Management: A team or process to systematically handle chargeback requests.

• Risk-Based Routing: Route high-risk orders through different payment gates or with additional verification.

Don't Forget Customer Experience

The biggest mistake in fraud prevention is ruining the legitimate customer's experience. A customer suspected of being a fraudster isn't a happy customer. This problem is explored in depth in our article on the hidden costs of false positives. Here's how to find balance:

• Silent Checks: Many fraud checks should run in the background without interrupting the customer.

• Friendly Verification: If you need additional verification, be friendly: "To protect your account, please confirm this transaction with a code we'll send to your number."

• Clear Communication on Decline: If you decline a transaction, briefly explain why and offer quick alternatives.

Conclusion: Prevention Is Profit

Intelligent fraud prevention isn't a cost center — it's a profit center. A shop that manages fraud well has higher conversion rates, lower costs, and happier customers. The investment pays for itself. But it's a continuous process — fraud evolves, and your defense must evolve too. To achieve this balance, combine these fraud prevention strategies with the 5 CX strategies that boost revenue to optimize both goals simultaneously.