American consumers reported $15.9 billion in fraud losses in 2025—up from $12 billion the year before and nearly five times the level recorded in 2020, according to the Federal Trade Commission.1 For merchants operating in e-commerce, those numbers represent both direct exposure and a growing set of downstream costs that extend well beyond any single transaction.
Reported $15.9 billion in fraud losses in 2025—up from $12 billion the year before and nearly five times the level recorded in 2020, according to the Federal Trade Commission.1
Every checkout is a door you’ve chosen to open
E-commerce fraud takes many forms: unauthorized transactions, account takeovers, stolen payment credentials, refund and loyalty program manipulation and synthetic identity schemes. What ties them together is opportunity. The explosion of online shopping has created an enormous attack surface, and criminals are exploiting every inch of it.
Modern fraudsters are using AI to generate deepfakes, synthetic identities and transaction patterns that mimic legitimate buyer behavior. The credentials look valid. The user appears authenticated. The payment seems normal. But traditional detection tools—built around static rules and known patterns—often can’t tell the difference.
Every point of entry in your e-commerce experience—checkout flows, authentication steps, account creation screens, refund policies—is a door you’ve chosen to size. How wide it opens, how much friction surrounds it and how closely it’s monitored are all decisions, whether you made them deliberately or inherited them from a platform default setting.
Someone will walk through those doors with bad intentions. That’s a given. The real question is whether you’ve sized them appropriately for your business today—and whether you’re revisiting that sizing as conditions change.
The cost of getting it wrong in either direction
Most merchants err toward one of two failure modes.
Lock down too hard—aggressive transaction flagging, extra verification steps, restrictive refund policies—and you lose legitimate customers who quietly disappear. They skip the complaint. They just leave. Sales conversion drops. Loyalty erodes. Revenue vanishes because of the blunt-force response to fraud, rather than the fraud itself.
Open up too wide, and you absorb the losses directly: stolen credentials, unauthorized transactions, chargeback fees, higher processing rates and the operational drain of investigating suspicious activity and managing disputes. These costs compound. One bad transaction becomes a chargeback, which becomes a rate increase, which becomes a resource allocation challenge that pulls attention away from running the business.
Why traditional defenses force a bad choice
For years, fraud prevention has relied heavily on rule-based systems and manual review. Set a threshold, flag anything that crosses it, and investigate. That approach worked when fraud was simpler and slower. It’s less effective against adversaries who test, adapt and scale their attacks in real time.
Static rules are necessary, but they create a painful trade-off. Tighten them, and you catch more fraud but create friction for more legitimate customers; loosen them, and you let more bad actors through. Manual review adds a human layer but can’t operate at the speed or volume modern e-commerce requires. The defense posture is always a step behind: reactive rather than predictive, rigid rather than adaptive.
The instinct is to treat fraud as something to combat—invest in the right tool, deploy the right model, eliminate the threat. But fraud operates more like weather than warfare. It shifts, it adapts, it finds new paths. The goal is to find a balance point where your countermeasures are sustainable against your other priorities: growth, customer experience and operational capacity. That balance point looks different for every business. And it moves.
Why the calculus is shifting
The tools available for detection and screening are evolving faster than most fraud-prevention strategies account for. AI and machine learning are increasingly part of modern fraud programs, which is putting pressure on merchants to learn more about data, technology and how they impact their fraud strategies. According to the 2026 Global eCommerce Payment & Fraud Report published by Visa, around 40−50% of merchants, globally, consider accuracy of AI/ML fraud tools, fraud orchestration, increasing automation of fraud prevention, and expanding data availability and access a top priority.2
That matters because it changes what’s possible at each door—in both directions. A checkout flow you narrowed last year because you lacked effective screening might be one you can widen today, because better detection can bring confidence without added friction. A refund policy you tightened to limit abuse might have room to breathe once your monitoring catches exploitation patterns earlier in the cycle. But the reverse is also true. A new class of synthetic identity fraud might mean narrowing an account creation process that was working fine six months ago—tightening the door until your detection capabilities catch up to the threat. The point is that these are active, ongoing decisions, informed by what you’re seeing in your own data and what’s emerging across the broader landscape.
Better tools give you more agency in those decisions. They inform your judgment about what’s right for your business—and they let you revisit doors that may need to open wider or close tighter as conditions shift.
A decision that deserves a real conversation
The right fraud posture is an ongoing calibration—one that depends on your business model, your customer base, your growth trajectory and what you’re seeing in your own transaction data. It’s also the kind of assessment that benefits from a payments platform with visibility across thousands of merchants and billions of transactions—one that can show you how businesses like yours are navigating the same trade-offs.
That’s a conversation worth having with your J.P. Morgan Payments team—about how your fraud-prevention posture might evolve alongside your business.
References
Disclaimer
© 2026 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured. Non-deposit products are not FDIC insured. The statements herein are confidential and proprietary and not intended to be legally binding. Not all products and services are available in all geographical areas.
Visit jpmorgan.com/paymentsdisclosure for further disclosures and disclaimers related to this content.
