LHV blog
Lauri Teder
Business/Financial wisdom/Banking

Risks of online payments and how to mitigate them

13. april 2026LHV

Lauri Teder, CEO at LHV Paytech, stresses that we are living in an era where the number of digital fraud cases is increasing at an alarming rate, even faster than e-commerce itself.

In 2025 alone, people in Estonia lost around 23 million euros to digital fraudsters. Globally, e-commerce fraud losses amounted to 44 billion dollars in 2024, and are projected to grow to 107 billion dollars by 2029. These figures are not abstract. Behind every number are merchants who lost sales revenue, and customers who lost trust.

The good news is that most of the risks are preventable. To do this, however, it is necessary to understand exactly what digital crime involves.

Fraudsters target people

The first and most important observation: the root cause of today’s fraud is no longer a technological security vulnerability, but human weakness. Criminals are professionals who deliberately exploit people’s weaknesses and systematically take advantage of them.

Three reasons why merchants are at risk

There are generally three sources of merchant risk when accepting payments.

  • Malicious customer – the customer uses stolen card details or submits an unfounded chargeback (friendly fraud). Transactions with stolen card or payment details are one of the most common types of fraud. This may result in a subsequent challenge to the transaction and financial loss. An unfounded chargeback is a situation where the customer deliberately or accidentally claims that they did not make a certain transaction, and demands a refund either directly from the merchant or through a chargeback.

  • Weak information security – through the international security standard PCI DSS, card organisations have set themselves requirements to protect payment card data. If the systems do not meet these requirements, it opens the door for criminals to take over bank accounts and modify the website content in a way that allows them to collect your customer or bank card details. The biggest risks in this field are weak passwords and employees falling victim to phishing emails. The consequence may be reputational damage, fines, or costly mandatory investigations. We recommend familiarising yourself with the PCI DSS introduction for merchants.

  • Inadequate internal processes – without clear rules and trained staff, suspicious card transactions go unnoticed or a favourable environment for errors is created, which can have costly consequences. Such cases include, for example, the refund of finances to a means of payment other than the original one, errors caused by haste, and the delivery of goods/service in situations where there are clear signs of fraud.

Know your customer and business

The best anti-fraud tool is awareness. If you know your customer and your business, you can offer a better user experience to the customer and mitigate your risks in the case of an unknown customer.

Ask yourself three questions.

1. What are you selling? Is your product easily cashable? Gift cards, electronics and luxury goods are the favourite targets of fraudsters. Products with a higher risk must be subject to stricter controls.

2. Who is your customer? In which country are they located, and which country’s payment method do they use? What is their typical purchasing pattern, i.e., average amount, quantity and frequency? Here is an important nuance: VIP customers’ transactions are often very similar to those of fraudsters. Therefore, larger amounts and repeat purchases do not automatically mean a trustworthy customer: you need to look at the whole set of their behavioural patterns, not a single signal. Use different fraud prevention tools to identify patterns. For example, if a customer with a U.S. card suddenly wants to make a large purchase from you or uses multiple bankcards to complete a successful purchase, it may be fraud. Sometimes, criminals try to make purchases in different amounts to find out how much money is on the payment card. It’s like a security gate in a physical store.

3. What is the appropriate payment method? Card or bank payment, Apple Pay or Google Pay – each method has its own risk profile and allocation of liability. For example, 3D Secure authentication shifts liability to the cardholder’s bank in the event of a dispute. Without 3D Secure protection, the potential damage will be borne by the merchants themselves. For certain transactions, it is worth considering pre-authorisation. Be aware that Apple Pay and Google Pay payments are strongly authenticated, which means that from the merchant’s perspective, in certain disputes, the liability lies with the cardholder. At the same time, these methods are very convenient for the customer. A bank payment cannot be disputed by the customer so easily, however, a card payment is often preferable for them, as it may come with bonuses or purchase insurance.

If something seems too good or too urgent, take some time to think

This is the simplest, yet most important rule. Fraudsters rely on speed and emotions – they create artificial pressure to act before you think.

Recommendations for preventing fraud and mitigating risks

  • Follow the requirements of the PCI DSS standard; these are the minimum rules for information security. Ensure that all employees use secure passwords and are familiar with the rules of digital security.

  • Be aware of prevalent types and trends of fraud and how to protect yourself and the company in such situations. For example, smaller payment limits and the four-eyes principle can assist you.

  • If your product or service is easy to resell, pay close attention to such fraud patterns where a fraudulent customer tries to obtain the product using, for example, a stolen means of payment in order to later resell it at a lower price.

  • Know your regular customer. Set up fraud prevention rules so that you can spot distinguishable transactions and assess their authenticity. If it is a large purchase and you are seeing the customer for the first time, find a reason and call the customer. This way, you can make sure that they’re a real customer and not a fraudster. If you notice that your customers are using foreign bankcards or different bankcards, be vigilant and make sure that they aren’t fraudsters.

  • In the case of a refund, always return the money to the same means of payment that was used for the purchase. If it was a card payment, make the refund to the card, and if the original payment was made at the bank, make the refund to the bank account.

  • Keep your sales records in order. This way, in the event of a dispute, you can quickly provide all the necessary sales, payment and shipping evidence.

  • You can offer a wider range of payment methods to identified customers. For a first-time or unauthenticated customer, choose methods where you are not liable for the transaction. Such methods are, for example, strongly authenticated card payments (3D Secure), Apple Pay, Google Pay, and bank payments.

All in all, the risks of online payments do not disappear, but they can be managed consciously. Start with three things: know your customer and their purchasing patterns, choose a payment method that matches the risk profile, and keep your processes and staff up to date on the latest developments in digital fraud. And if something seems too good or too urgent, take some time to think. This pause for reflection is often worth more than any technical solution.

LHV choir on big stages: the lasting joy of choral singing is a great treat for mental health10. april 2026Banking
Leasing covers the purchase of heavy machinery, while insurance covers the risk1. april 2026Business/Insurance
How is the price of card payments formed for the merchant?24. march 2026Business/Banking
When and how to start with a child's finances? Three steps for a conscious beginning20. march 2026Youth Bank/Banking/Financial wisdom
Increasing numbers of women are shaping their own financial futures18. march 2026Financial wisdom/Banking/Economy