As organizations move more critical business transactions and interactions online, fraudsters are discovering more targets to exploit.

Online channels and service platforms have risen to overcome pandemic restrictions, while digital communication tools have put businesses in touch with customers worldwide. Simultaneously, the shift from B2B to B2C business models has fast-tracked the adoption of digital payments and turned a renewed focus on cryptocurrencies.

Nevertheless, the reliance on digital platforms and cloud computing has put more sensitive data within reach of cyber criminals. A recent poll by the Association of Certified Fraud Examiners (ACFE) found that incidents of ransomware, identity theft, payment fraud, and other cyber incursions are as prevalent as ever, with 85% of respondents saying they've seen an increase since the pandemic.

Recognizing the threat

Online transaction fraud is thriving in the wake of the global pandemic. According to the same ACFE poll[1], 88% of respondents expect cyber-fraud activities to increase well into 2021. Moreover, over three-quarters admit that fraud prevention and fraud investigation are more challenging now than in 2019 (pre-pandemic).

The nature and intent of fraudulent transactions can vary, and can originate from inside or outside a business. Common schemes include ransomware infections, in which cyber attackers hold critical data or digital systems "hostage" in exchange for money, as well as malware, which corrupts data for a hacker's gain. Fraudsters are also becoming adept at accessing "secure" customer databases to get the information they need to steal identifies or create synthetic IDs, and honing their skills when it comes to using stolen credit card information to shop online or conduct phishing scams.

If successful, these schemes often result in severe financial loss due to lost or stolen inventory and potential legal issues arising from stolen identifies. Financial losses that result from online fraud may need to be covered by the vendor – not the bank or credit card company – unless basic fraud prevention and detection measures can be demonstrated.

Of course, online fraud is about more than wreaking financial damage. Falling victim to payment fraud, data theft, or any manner of cyber attack poses threats to an organization's operations and its reputation. Beyond corrupting key systems and technologies, cyber attackers can shut down entire functions and permanently erode consumer trust. In fact, a 2020 KPMG poll found that 70% of Canadians would close their account with a business that suffered a data breach.

Taking action

Many online vendors are hiring fraud, cyber security specialists, and business consultants to help implement best practices and create fraud prevention programs that outmaneuver their would-be attackers as businesses shift from B2B to B2C.

Step one is sounding the alarm. Effective fraud prevention strategies require an awareness throughout the organization that fraud risks exist and a commitment from leadership to take these threats seriously. This means recognizing and classifying the digital assets that are of the most value to fraudsters (e.g., the "crown jewels") and the cyber threats unique to one's operations. Leading organizations regularly conduct fraud risk assessments to better understand their specific risks and attack vectors.

The next step is establishing robust "know-your-customer" controls and processes (e.g., dual verification, data analysis, etc.) to ensure the individuals doing business with your company are who they say they are in every transaction. That said, it is important to ensure authentication measures do not create too much friction in the transaction process, leading to negative customer experience.

The next step is raising awareness for how the organization can be impacted by fraud, and providing strategy, training, and resources to ensure everyone knows how to detect and respond to fraudulent activity. This involves learning to recognize and respond to red flags throughout the organization, be it a suspicious email, unusual online behaviour, or an attempt to solicit sensitive information.

Lastly, organizations should treat fraud prevention as a living, breathing program. Now is not the time to let fraud prevention programs collect dust on a shelf. This means following the trends, knowing the red flags, and keeping up to speed with best practices.

Several red flags that could indicate online fraud are:

  • Mismatched shipping addresses between a user's account, payment info, or delivery pick-up address.
  • Various payment cards that are linked to the same address.
  • An unusual number of orders from the same IP address;
  • Multiple attempts to make small transactions.
  • Frequent, repeated, or larger than expected orders.
  • Expensive or unusual online purchases.
  • Unusual email requests from executives or suppliers for invoice payments.


Stephan Drolet is the National Forensic Practice Leader at KPMG in Canada.

Rohan Sethi is a Director in the GTA Forensic Practice at KPMG in Canada.

[1] Covid-19 Benchmarking Report December Edition.pdf (

As organizations continue to move online, they must do so in a way that stays one step ahead by investing in the people, technologies, and best-practice strategies that will drive safe and secure digital transactions.

KPMG can help companies combat online fraud with a carefully considered, strategic approach. COVID-19 has undoubtedly been a crisis, but it provides us with opportunities to analyze the present and invest in future resilience – and, hopefully, come out stronger on the other side.

Contact us to learn more about fraud prevention strategies or to discuss a fraud risk assessment for your organization.

Read KPMG's recently published whitepaper: Battling economic crime – and winning together.

Connect with us

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today