Remote Purchase Fraud in Europe: Rising Threat to E-commerce Security

In the UK alone, 2.6 million remote purchase fraud cases were reported in 2024, a 22% increase from the previous year, resulting in losses of approximately £400 million – an 11% rise. Given the similarity in payment infrastructures and fraud tactics across Europe, this pattern likely reflects a broader EU challenge.

Supporting this, Tietoevry Banking’s 2025 report, analysed over 3.7 billion European transactions, found a 43% increase in attempted digital payment fraud in 2024 compared to 2023, driven largely by sophisticated social engineering and AI-enhanced scams. Social manipulation scams rose by 156%, while phishing attacks increased by 77%, complicating fraud detection and prevention.

Criminals frequently use complex social engineering to trick consumers into revealing one-time passcodes (OTPs) sent by banks to authenticate transactions. With these codes, fraudsters bypass security measures to complete unauthorised purchases or link stolen cards to digital wallets. This exposes vulnerabilities in the current reliance on OTPs as a primary defence.

Data breaches at retailers and third parties further exacerbate the problem by supplying criminals with vast card data collections, which remain exploitable for months or years post-breach.

Interestingly, authorised push payment (APP) fraud, where victims are tricked into authorizing payments, declined by 2% to £450 million in the UK, reflecting effective consumer education and fraud detection efforts.

For the EU e-commerce ecosystem, these developments suggest that there must be a coordinated approach involving banks, retailers, payment providers, and regulators. Key measures include strengthening identity verification, implementing real-time payee checks, and educating consumers on evolving social engineering tactics.

As European online shopping grows, immediate action to combat remote purchase fraud is essential to protect consumers and preserve trust in digital commerce.