The scale of e-commerce fraud in Nigeria

In Nigeria, e-commerce and internet banking are the main targets of fraudulent activities, according to Nigeria Inter-Bank Settlement System Plc (NIBSS).

‍

Digital payment fraud losses reached ₦52.26 billion in 2024, with more than half of that figure coming from a single incident at a company.

‍

However, by 2025, losses had dropped to ₦25.85 billion, a 51% decrease, but the danger remains. 

‍

Social engineering is still the common way fraudsters attack, and insider-assisted fraud is becoming frequent. 

‍

The figures we see for losses are just the direct reported costs. The actual cost is much bigger and hidden. Globally, businesses end up spending $4.60 for every $1 they lose to fraud once the cost of investigations, chargebacks, operational overhead, and lost inventory is taken into account.

‍

So, a fraud incident of ₦500,000 doesn’t just cost ₦500,000. It’s more likely to have a total impact of around ₦2.3 million.

‍

Nigeria’s e-commerce market is getting bigger, being worth $9.35 billion in 2025 and expected to almost double by 2031.

‍

As the market grows, the number of transactions increases, and with more transactions comes more risk exposure. 

‍

If you’re a retailer processing orders every day that are paid for with credit cards, bank transfers, or a WooCommerce storefront, preventing fraud should be a priority and an operational cost, and knowing how fraud attacks work is what distinguishes a business that grows well from one that slowly loses profit to it.

‍

The types of fraud Nigerian retailers actually face

Here are the kinds of fraud Nigerian online retailers are actually dealing with, and they all follow similar patterns. Once you learn to spot them, you’ll start to see them in your orders, disputes, and in your customer support requests. 

‍

Card-not-present fraud:

A customer uses a stolen credit card number to make an order, the goods are delivered, and then, sometime later, the actual card owner tells their bank the payment wasn’t theirs, and the transaction is reversed. You've lost the item, the profit from the sale, and you have to pay a chargeback fee as well. 

‍

Card-not-present fraud is the simplest form of online fraud. In Nigeria, card payments are in Naira only, which means this risk is mostly within the country. Stolen card details are sold on unofficial markets, and without proper authentication, any retailer accepting card payments is at risk.

‍

Friendly fraud and chargeback abuse:‍

This is when a real customer makes a purchase, gets the item, and then disputes the charge with their bank. They might say the item didn’t arrive, or they didn’t approve the payment. The bank reverses the payment. 

‍

Globally, first-party fraud, of which friendly fraud is the biggest driver, now makes up 36% of all fraud reported; it was 15% in 2023 and is the biggest type of fraud in the world. Most customers find it easier to get a chargeback than to ask the retailer for a refund, and for Nigerian retailers, this is bad, as chargebacks can cost $50 per transaction. That quickly adds up if you get several complaints a week. 

‍

It’s important to understand this: a refund is something you start, and it doesn't cost a lot. A chargeback is started by the cardholder with the bank, begins a formal complaint process, and does have fees. A reversal is an automatic cancellation, usually because of a technical problem. 

‍

Account takeover:

‍Criminals get into a customer's account on your website, using stolen usernames and passwords, by swapping the customer's SIM card, or by phishing. Then, while logged in as the customer, they use any payment details that are saved to make orders, change the delivery address, or use any credit on the account. 

Account takeover is harder to detect than credit card fraud because the transaction is coming from a legitimate account. The customer only finds out something is wrong when they look at their account or get a delivery notification for something they didn’t buy. In Nigeria, where SIM card swapping is common, and many people use the same password for different sites, this is a growing problem.

‍

Social engineering targeting your team:

A lot of online fraud doesn’t target your customers; attackers go directly for your team with fake invoices from companies you work with, emails pretending to be from your payment processor or bank, or customer service requests asking for delivery changes or refund overrides.

In Nigeria, NIBSS reports social engineering as the most common fraud technique, with insider fraud as a major threat. Businesses without clear internal protocols to process and verify refund requests, supplier payments, and alterations to deliveries or accounts are the most exposed. 

‍

Identity fraud and synthetic identities:

Criminals could also create accounts on your site with stolen or fake details, and then use these to order goods, exploit offers, or try out stolen bank cards. 

For retailers, these completely fabricated identities are hard to detect because at first glance, they appear legitimate. The trouble begins later with Chargebacks, abuse of promotional offers, and your site getting a bad reputation if known as easy to defraud. 

‍

Why Nigerian e-commerce is especially vulnerable

Generic fraud playbooks assume stable infrastructure, consistent user behaviour, and mature payment systems.

‍

That is not the reality most Nigerian retailers operate in.

‍

Nigeria’s e-commerce infrastructure introduces specific conditions that increase fraud exposure and make global best practices inapplicable without adaptation. 

‍

Cash-on-delivery ambiguity. Around 23% of online sales in Nigeria are paid for with cash on delivery. This makes it uncertain when there’s a problem with a delivery; did the item even get there, or was it the wrong thing? And without proof on a computer that the customer did receive it, resolving these issues is slow and expensive.

‍

Rapid market growth. The Nigerian e-commerce market is increasing by more than 12% each year. At many businesses, the number of sales is increasing more quickly than their systems can prevent fraud.  More customers, different payment methods, and new ways of getting items to buyers all give fraudsters more opportunities.

‍

Concentrated risk. A huge 63.43% of all fraud in the country happens in Lagos. So, if your business and most of your customers are in Lagos, your exposure per transaction is higher than the national average. 

‍

Understanding these factors is the difference between a fraud prevention strategy that works on paper and one that works in practice.

‍

How to reduce your fraud exposure

Fraud starts with how your customers check out

To lower the chance of fraud, think about your customers' payment methods. Nigerian card payments are the most likely to be fraudulent, as the card isn't physically used. Bank transfers, conversely, make the customer authenticate the payment through their bank app. Virtual bank accounts connect each payment to a specific customer, making it much harder for a fraudster to use stolen details. 

‍

This does not mean you should stop accepting cards, but offer a variety of payment options, including those with built-in security. A checkout page with cards, bank transfers, and virtual accounts will both get you sales and give you protection. 

‍

Verify customer identity at onboarding

You don’t need to fully check everyone’s ID, but do it during the sign-up process. A 3,000 Naira order from someone who’s bought from you before doesn't need the same level of scrutiny as a 500,000 Naira order from a first-time buyer. “Tiered” verification lets you do as much checking as the risk involved. So, for new customers making a big purchase, verify their BVN or NIN before the order goes through. 

‍

For returning customers who have a good record, lighter, quicker checks are enough. The important thing is to have the ID checks as part of the sign-up process, before the transaction, not after a dispute.

‍

Monitor transaction patterns. 

Fraud shows up in your sales data. For example, lots of orders from the same IP address in a short time, a delivery address that’s different from the address the payment came from, an order that's much bigger than the usual average, or a new account making their first order at 3 am. You don't need a special team to see these patterns. You just need to be able to look at your sales data and have rules that flag anything unusual for someone to review. Even simply limiting the number of orders one account can make within a certain time, “velocity checks” - will reduce your risk. 

‍

Keep an eye on how many chargebacks you get. 

There’s a compliance risk that comes with frequent chargebacks. Card networks and payment companies have limits on how many chargebacks you can have. 

Kora maintains a threshold of 0.5%, and going over it could mean a fine of up to $25,000 a month. Mastercard starts to charge you after two months over the limit, and Visa after four. If your chargeback rate stays too high, your payment company could cancel your account and put you on the MATCH list (Member Alert to Control High-Risk Merchants). This is a blacklist that banks and processors use to identify high-risk merchants. Once you are on it, other acquirers will avoid you. Getting off the list is difficult and slow.

The calculation is simple: divide the total number of chargebacks for a month by the total number of transactions in that month. Check this number every month. If it's going up, find out why before it goes over the limit. When you do get a chargeback, you can accept it, say you don't agree with it and provide proof ("representment"), or do nothing. If you do nothing, your payment company will accept it for you. Always reply within the timeframe given.

‍

Secure your checkout and payment process. 

For card payments, use 3D Secure (Verified by Visa, Mastercard SecureCode) - this asks the cardholder to confirm the payment with their bank as an extra step. This means the bank is responsible for fraudulent payments, not you, and reduces chargebacks.  Make sure your checkout uses SSL encryption and that your payment process uses "tokenisation" - meaning the actual card number never goes on to your servers. If you use WooCommerce for your retail store, Kora’s WooCommerce plugin makes the checkout secure without needing to do any coding, and handles card tokenisation and 3D Secure automatically.

‍

How we help Nigerian retailers prevent fraud

We’ve designed our system to tackle each type of fraud mentioned in this article with a particular ability within our structure. Nigerian retailers shouldn’t have to get fraud protection by getting five different companies to provide bits of it. 

‍

Accept payments through channels with built-in security.

Our Pay-ins give you all the main payment methods in Nigeria using just one integration:

• Card payments with 3D Secure authentication, meaning an extra verification at the bank for every card payment. 
• Bank transfers where the customer confirms the payment in their own banking app
• Virtual bank accounts connecting each payment to a specific customer, making it much harder for fraudsters to use stolen details
• Payment links for selling on social media or WhatsApp, where you get a special link for each order. 

‍

Each payment type has its own likelihood of fraud. However, we offer all of them through a single API, so your customers can select what they feel safest with, and overall, you reduce your exposure risk to fraud.

‍

Verify customers before high-risk transactions.

Our Identity service lets you verify a customer’s identity in real-time. In Nigeria, this means looking at their BVN, NIN, virtual NIN (vNIN), phone number, and, for business customers, their CAC certificate of incorporation. 

You decide when this verification happens. If a new customer is placing an order above a certain price? Check their BVN. Is a new business account asking for bulk prices? Look at their CAC registration. A returning customer who normally spends a certain amount, ordering within their usual range? Don’t bother with extra verifications. 

This tiered approach in stages means you don't add verification steps to every transaction. You only add them where it will lower the chance of fraud, and won’t stop people from completing their purchases.

‍

Manage chargebacks directly from your dashboard.

As soon as a chargeback happens, you’ll see it in the Disputes part of your Kora dashboard. For each chargeback, you’ll see the ID, the customer’s name, when it was disputed, the date you need to respond by, and the amount of money. You can look at the original transaction and decide what to do.
To reject a chargeback, say if you’re rejecting all or part of it, give your reason and upload proof (proof of delivery, messages with the customer, details of the transaction). Submit it by the deadline. If you don’t reply on time, we will automatically accept the chargeback for you, and you won't be able to argue against it. For a full walkthrough of the process, watch our chargeback management video guide.

‍

The Chargebacks 101 report walks through the full six-stage chargeback lifecycle: initiation, representment, pre-arbitration, arbitration, pre-compliance, and compliance.

‍

You can download it for a lot of detail on getting evidence to reverse a chargeback and how to manage each step. We have a chargeback limit of 0.5%. If you stay under that, you avoid the penalties the card networks give to retailers with lots of chargebacks.

WooCommerce integration for plug-and-play security

Lots of Nigerian retailers use WooCommerce

‍

Our WooCommerce plugin fits directly into your WordPress store to give your customers a safe way to pay with cards, bank transfers, and other Nigerian payment options. You won’t need to do any special coding or integrate with a payment vendor separately. 

‍

The plugin itself manages card tokenisation, 3D Secure checks, and sends you webhook confirmations of payments . You get the same strong security as businesses that connect to us directly using APIs, without needing an engineering team to set it up. 

‍

One dashboard for transaction visibility

It’s much easier to see fraud patterns when all your payment information is together. Our dashboard shows you, in real time, your Pay-ins, payment disputes, Settlements, and account balance. You can sort your transactions by date, amount, completion status, and payment method to identify anything unusual.

‍

If, for example, you see a sudden increase in chargebacks for a particular type of product, or lots of large orders from new customers all at once, you can look into it before it becomes a major issue. Having everything in one place isn’t just a nice feature; it actively helps prevent fraud.

‍

Our security systems are at the highest level:

We are PCI DSS Level 1 certified, the most stringent level of payment card security, and we also have ISO 27001 and ISO 22301 certifications for information security management and business continuity. We control access with multiple verification steps and by IP whitelisting. 

‍

When your customers pay you through our system, their card details are protected to the very high standards that the largest payment companies in the world are held to. This is important for your customers to trust you, and to show the CBN and the card networks that you're following the rules.

‍

Dedicated support when fraud happens

When fraud does happen, you need to act quickly. 

‍

Losing the deadline to challenge a refund by even one day means you lose the money and the costs. A lot of fraudulent orders need to be investigated right away, not left in a support queue. Our All The Support You Need™  means we'll provide technical and non-technical help throughout your set-up and after.  When we identify something suspicious in your payments, or you need to provide proof to resolve a refund dispute, our team will work with you to resolve the issue. And that support doesn't stop after you’re set up; it continues. You get support that matches the speed of the risk

‍

What to do when fraud happens anyway

Even if you are good at preventing fraud, it won't be eliminated. And how quickly you respond to fraud determines how much it will cost you.

‍

Immediately record all details: Transaction records, customer communications, proof of delivery, the IP address, and details of the device used. The stronger your evidence, the better your chances in representation. Put all the documents into a single PDF file to submit.

‍

Respond to chargebacks within the deadline. If you use Kora, go to your dashboard, Transactions, Disputes, and deal with each request before it's due. If you miss the deadline, you automatically accept. 

‍

Report fraud to the right bodies.  NIBSS runs the  Nigeria Electronic Fraud Forum (NeFF)  and has a database of over 13,000 people who have been involved in fraud since 2019 (the Person of Interest Portal). Reporting fraud helps everyone in the system and will make your case stronger if the same fraudster targets other merchants.

‍

Review and improve your systems. Every instance of fraud gives you information. How did they pay? Was the customer new or returning? What time was it? Use each incident to make your verifications, transaction monitoring rules, and internal protocols. The retailers who get better at fraud prevention are the ones who treat every incident as a feedback loop.

For retailers that sell to other countries, the chances of fraud go up with each new country.  Cross-Border Payments and Ecommerce Report explains the specific difficulties and fraud risks of taking payments across African borders.

‍

Create an account to start accepting payments with built-in fraud prevention. Or talk to our team about how our infrastructure handles security for Nigerian e-commerce.

‍