UK eCommerce faces rising fraud risks as regulations tighten for 2025

A new report by management consultancy PwC and Forter, a digital commerce trust platform, has highlighted the top five fraud risks expected to impact eCommerce in 2025 as UK retailers prepare for tighter regulatory oversight.

The research, titled 'Futureproofing eCommerce fraud prevention in 2025: From supply chain to checkout', points to a surge in established and novel fraud tactics confronting online retailers amid mounting economic, geopolitical and cybersecurity pressures. The report serves as an update to previous findings, combining fresh data with an analysis of evolving risks and regulatory changes facing the sector.

Multiple fraud threats

The report lists several key areas of escalating concern. Returns fraud remains the most prevalent eCommerce fraud risk, but significant increases have been recorded in other forms of illegal activity. Remote access attacks, which involve unauthorised access to systems from afar, rose by 8% during the 2024 Black Friday and Cyber Monday period compared to the previous year. Card testing schemes, which typically impact low-value transactions in sectors such as digital goods and food delivery, are also identified as growing threats.

Quick Service Restaurants (QSRs) have seen a 45% jump in attacks between 2023 and 2024, with more than 85% of fraud attempts on these platforms attributed to repeat offenders. Meanwhile, loyalty points fraud, in which individuals either steal program points, manipulate transactions, or create fake accounts to claim rewards, is now four to five times more likely to affect accounts involved in loyalty programmes than standard user accounts. According to Forter, stored value or points accounts are six to seven times more vulnerable to attacks.

Fake accounts, often established to facilitate fraudulent activities across platforms - from financial services to online retailers - present a persistent challenge. "Forter's data indicates that 90% of fake accounts on digital commerce platforms are often created by a small subset of disciplined fraud users," the report states.

Drivers of risk

According to the analysis, several external factors are contributing to the evolving threat landscape. Economic unpredictability is placing financial pressures on both consumers and businesses, resulting in more opportunistic behaviour. In combination with political instability and changes in the global environment, organisations may be tempted to scale back investment in fraud prevention, heightening the exposure to risk. Remote and hybrid working environments, along with supply chain vulnerabilities, are further amplifying cybersecurity concerns.

"These fraudulent activities are rife and growing in retail. Not only is fraud costly and a drain on already-pressurised resources, but it can irreparably damage a retailer's reputation. It is essential for eCommerce fraud leaders to maintain a holistic perspective – not only understanding the underlying drivers of fraud risk but also meeting new compliance needs and the current external threat trends. By staying vigilant and continuously reviewing their fraud prevention strategies, merchants can better protect themselves and their customers from ever-changing eCommerce fraud risks."

This was stated by Doriel Abrahams, Principal Technologist at Forter.

Regulatory changes

The introduction of the Economic Crime and Corporate Transparency Act 2023 (ECCTA), effective from early September 2025, will represent a significant regulatory shift for UK eCommerce operations. The new rules establish a corporate offence for failing to prevent fraud. Companies could be held criminally liable if a 'specified fraud offence' is perpetrated by any associated person that benefits the organisation, directly or indirectly. The legislation will require eCommerce entities to have robust policies and controls addressing fraud risk across the organisation.

"As part of a strategic collaboration between PwC and Forter, this annual report is designed to empower fraud and retail leaders within the eCommerce sector with key information to counter their biggest fraud challenges. Counter-strategies for fraud prevention must become part of the normal running of a business and not an optional extra – even some of the 'smaller perceived' fraud risks are too big now for any business to ignore at board level. Some of the most commonly overlooked measures are having a robust third-party risk strategy and ensuring fraud detection and prevention mechanisms appropriately match the scale and demands of your eCommerce business."

Harry Holdstock, Partner at PwC, made these observations regarding the increasing importance of embedded fraud management strategies.

Strategic actions identified

The report recommends a three-pronged approach for businesses to address the breadth and sophistication of modern fraud threats. The first is comprehensive and regularly updated fraud risk assessments, incorporating the latest intelligence and regulatory expectations across the end-to-end supply chain. The next is fostering a culture of fraud prevention led from board level and filtered through all organisational tiers, ensuring strong awareness, training, and accountability. Finally, deploying artificial intelligence in fraud management platforms is advised, with machine learning models providing real-time pattern and anomaly detection that adapts to emerging threats.

Supply chain vulnerabilities

Findings from PwC's Global Economic Crime Survey 2024 are echoed in the new report. In the last two years, 42% of UK businesses experienced supply chain fraud and 35% faced procurement fraud. Notable supply chain fraud risks include bribery, counterfeit products, falsified shipping documents, inflated logistics costs, stock manipulation or phantom inventory, duplicate invoices, and payment diversions. Cyber-enabled threats, such as data breaches and phishing attacks, remain prevalent, with ransomware posing further risk to operational continuity.