COVID19: E-commerce Nightmares & Surprises Series

Share this post

Amid accelerated online purchases and skyrocketing e-commerce, fraud attacks have been the centre of attention with the spread of the virus causing a much higher ratio of first-time users entering the online markets. In addition, the growing proportion of shopping done online in this period means lots of large amounts in play every day.

Last week, ACI Worldwide Research announced that global e-commerce sales had achieved a 209% YOY revenue growth – hitting an all time record. This is followed by a 282% increase in account takeover fraud. And chargebacks due to non-fraudulent reasons (i.e. “friendly fraud”) have also increased by 25%.

Currently fraud online still costs up to 22bp or 20-50 billions of dollars lost each year. Nevermind the hacking and phishing frauds that likely multiply this figure several times.

As e-merchants face high market volume and risk volatility, they will benefit from setting a North Star to focus their aspirations on customer experience while effectively managing #fraud and #transaction risk.

Cybertonica e-commerce saga

At Cybertonica we Trust in Transaction. We make systems to make trust and frictionless commerce safe and secure for businesses and consumers. We know that outdated rules and operations occasionally introduce almost Kafka-like situations and thought it would help us to see the end customer and merchant point of view.

So we decided to collect stories from the people in our network and customers as well as their clients telling us how their e-commerce is going in this period – both the nightmares and the nice surprises.

We asked them to tell us about their online shopping experiences during the lockdown to paint a vivid picture for the merchants. From surprise champagne deliveries to account takeovers, we have some good stories lined up for you!

Story No: 1 

A working-from-home employee purchasing a laptop from a global online platform that became an #e-commerce nightmare that should never have happened…..

Using the CFO’s company card made it impossible for the platform to reconcile the identity and the payee. This led to her account getting blocked for more than a week due to unusual activity. The merchant asked to verify the transaction as legitimate by logging into her account and following on-screen instructions to verify this card payment.

Step 1

And that is exactly what she did. She provided the merchant with her employee contract along with her company’s address and the necessary financial credentials. As this was a requirement by the retailer to confirm the purchase. Unfortunately, this wasn’t enough and the response from the merchant was that the information provided (official documents!) is insufficient.

Step 2 

She sent another invoice with the necessary company information. And again – this was not enough.

It’s been a week now – her account is blocked, and she can’t use it for other purchases. She is also not able to verify the transaction even though she provided the company with all the necessary information to prove its legitimacy.

Step 3

She asks higher management to write an official email to the merchant confirming the legitimacy of her purchase and indicate that the transaction was necessary for business continuity. And to everyone’s relief, the merchant responded confirming the issues with the purchase order had finally resolved.

During this process, which took just over two weeks, her account had been blocked which led her to sign up to a competitor’s site. The merchant had lost a loyal customer due to the high levels of friction experienced.

The Solution

It can be challenging to quantify the benefits of a #secure and frictionless customer experience. The merchant was within their right to increase friction in order to avoid fraudulent #transactions and #chargebacks.

It’s within any business’s peril to ignore or underestimate the risk of fraud – and many of the online sellers are doing just that. However, increasing the security steps on a legitimate transaction can create unnecessary friction and delays. Which might result in the loss of a long-time loyal customer – the nightmare of any business.

Expert Advice

Our CPO, Olaf Hofmann, indulged us on how the above scenario could have been avoided. He said that

“This case is really interesting and happens very frequently. Surely our colleague should have created a business e-commerce account instead of purchasing a business-related product with a business credit card via their personal account. But as said, this used to happen constantly when flights are getting booked for business purposes.”

He added:

  • Merchants in such scenarios need to utilise additional data points. This will enable them to validate their customers and verify the legitimacy of their transaction.
  • #BehaviouralData is key to verification. For example, if the IP address belongs to a business and the order is placed out-of-office hours, the system can cast that transaction as fraudulent.
  • Understand which types of items are likely to be purchased with a business credit card vs personal credit cards.
  • Merchants usually add friction when they see a higher than average transaction value. However, there is a limit to friction as it will reduce conversation rates.
  • They take the higher risk rather than losing the customer. And trust the issuer will have additional customer/credit card insights, and decline authorisations to keep the merchant safe.
  • Further, this risk is actually shifting to the issuer once the PSD2 regulations start. From this point on, it becomes the issuer’s responsibility to authenticate the customer (see #SCA).
A laptop, credit card, cybersecurity -Cybertonica Trust in TransAction


As #digital fraud evolves, so does the need to protect the entire customer journey. Research by PWC shows that “there is a clear link between fraud prevention investments made upfront and reduced cost when fraud strikes”.

Prioritising the data science to link the person and the business that is making the purchase builds #trust and removes inconvenience, improving customer experience.

Cybertonica systems would help e-commerce merchants avoid these huge disruptions with a good client and reduce false positives, making the buyer come back for more, more often. Typically this adds up to 20% to the top line.

Tell us your story – we would love to hear it! Contact us on and we will feature it in our blog! #ecommercenightmare

Get in touch with our expert fraud team now to find out more about how you can build your business around your customers, minimising risk and cost while increasing sales.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?