And why the answer everyone gives you — “accept that you’ll have to turn customers away” — is the most expensive advice in e-commerce.
It’s one of the quiet ironies of building an online business. You spend months getting the product right. You pour budget into ads. Your search ranking finally starts to climb, the traffic starts to come, the orders start to land — and then, almost on cue, the fraud shows up too.
If this is happening to you, the first thing worth saying is: it’s not a sign you did something wrong. It’s a sign you did something right. Visibility attracts buyers. It also attracts the people who make a living off buyers. The two arrive together, and they almost always arrive at the same moment in a company’s growth — right when you can least afford to lose the revenue.
So let’s actually answer the question. Why is your business experiencing fraud, why now, and what can you realistically do about it?
Why now? Because you finally got noticed
In the early days, most stores sell to a tight circle — friends, family, the first few customers who found you by word of mouth. Fraud is rarely a problem at that stage, because nobody’s looking.
Then the marketing works. The ad campaigns convert, the SEO compounds, and your store becomes easy to find. That’s the goal. But “easy to find” cuts both ways. Fraudsters actively hunt for newly visible stores, because a growing merchant has a very specific profile: eager to accept every order, light on fraud experience, and unlikely to have a dedicated team scrutinizing transactions.
Bigger, older companies expect to cancel a certain share of orders as a cost of doing business. A new merchant usually doesn’t have that reflex — turning away even a single sale feels painful when you’re fighting for every dollar of growth. Fraudsters understand this better than most merchants do. They look for the businesses that most need the cash, precisely because those businesses are the least likely to say no.
Why is fraud so hard to catch when you’re small?
Two things tend to work against newer and smaller merchants, and neither is a failure of effort.
The first is experience. Spotting fraud is, to a large degree, pattern recognition built over thousands of hours of looking at good orders and bad ones. Large fraud teams have seen the patterns so many times they can feel when something’s off. A small team simply hasn’t had the reps yet — and the most damaging fraud is specifically designed to look normal to anyone who hasn’t.
The second is resources. Manually reviewing orders doesn’t scale. You can call a customer to “verify” a suspicious order, but a competent fraudster is more than happy to pick up the phone and answer your questions convincingly. Hiring a full-time analyst to review orders is out of reach for most growing businesses. So the review either doesn’t happen, or it happens inconsistently — and inconsistency is exactly the gap fraud walks through.
The fraud you should actually worry about doesn’t look like fraud
Here’s where most “intro to fraud” advice stops short. It tells you to watch for the obvious red flags: mismatched addresses, suspicious IPs, rushed shipping on a high-value order. That advice isn’t wrong. But it’s incomplete in a way that quietly costs merchants the most.
The truly expensive fraud doesn’t trip any of those wires at checkout. The card is real. The identity is real. The billing address matches. There is nothing at the moment of purchase that separates this order from a perfectly good one.
And then, after the payment is approved, things change. The delivery address shifts. The account starts behaving oddly. The buyer disputes a charge for a product they genuinely received. This is the territory of friendly fraud and first-party fraud — and it’s grown into one of the largest categories of loss in e-commerce, precisely because it’s invisible to systems that only look at the moment of checkout.
By the time it shows up in your data as a chargeback, the goods are already gone and the dispute is already filed. You weren’t failing at fraud detection. You were missing everything that happened after the order was approved.
“Can I just stop fraud?”
The honest answer the rest of the industry gives you is bleak: the only way to stop all fraud is to stop selling. Since that’s not an option, the standard advice is to brace yourself, tighten your filters, and accept that you’ll have to decline a chunk of orders as the price of safety.
We think that advice is quietly disastrous — and here’s the number that proves it.
Roughly 80% of declined transactions are legitimate customers.
Read that again. For every fraudulent order an aggressively tightened filter blocks, it turns away around four real buyers. Their revenue is gone. Their loyalty is gone. And none of that loss shows up on a fraud report or a chargeback dashboard — it just disappears quietly into the difference between the business you have and the business you could have had.
We’ve watched this happen. A merchant under chargeback pressure deploys one of the most popular checkout-level fraud tools on the market, and it cancels close to 60% of incoming orders. The fraud problem technically improves. The business is now in a worse crisis than the one it started with. Declining your way to safety isn’t a solution — it’s trading a visible problem for an invisible, more expensive one.
A better way to think about it: accept first, verify continuously
The reason the “tighten everything” approach fails is that it forces a single yes-or-no decision at the one moment you have the least information — checkout. You’re guessing, under pressure, with a few seconds of data, and you’re punished for guessing wrong in either direction.
The alternative is to stop treating that one moment as the whole game. Approve the orders that deserve approval so you don’t bleed legitimate customers — and then keep watching. The window between approval and fulfillment is where the real signals live: the address change, the behavioral shift, the pattern that doesn’t match a genuine customer’s history. Catch risk there, continuously, and you don’t have to choose between protecting revenue and protecting margin. You get both.
That’s the entire idea behind FUGU. Fraud isn’t a single checkpoint you pass or fail at the door. It’s a behavior that unfolds over the whole life of a transaction — so that’s where it should be watched.
If your business is experiencing fraud for the first time, you don’t need to panic, and you definitely don’t need to start strangling your own conversion rate. A few principles will take you a long way:
- Expect fraud as a sign of growth, not a verdict on your competence. It means you got visible. Plan for it the way larger merchants do.
- Don’t fight it with blunt instruments. Every order you decline to “be safe” has roughly an 80% chance of being a real customer you’ll never see again.
- Look past checkout. The fraud that drives sustained losses hides in what happens after approval. If you have no visibility into that window, that’s the gap to close first.
- Measure both sides. Track the fraud you stop and the legitimate orders you reject. A fraud strategy that only counts one of those numbers is hiding half its cost.
The best defense in online fraud was never about blocking more. It’s about seeing more — across the entire payment, not just the front door.
Every payment counts. Make sure you’re not letting fear of fraud quietly decide which of your real customers gets turned away.
Want to see what continuous, post-payment fraud monitoring would catch in your own order flow? Talk to FUGU — or keep reading the FUGU Insider for the rest of the series on fraud, chargebacks, and protecting revenue on both sides of the decision.