Payment Dispute Standards and Compliance Council

Menu
  1. Home
  2. Research and Trends

Blog

Click and Collect Fraud: What UK Merchants Need to Know in 2025

Research and Trends

Click and collect, has become a cornerstone of modern retail. Especially in the UK, where consumers value convenience and often seek to avoid delivery fees or missed parcel drop-offs, the model has gained huge traction. But as with many digital conveniences, click and collect has also introduced new risks—in particular, a surge in targeted fraud.

Click and collect fraud happens when criminals use stolen or fake payment information to make online purchases and retrieve the goods in person before the fraud is discovered. Because fulfilment is immediate—and because the transaction often seems legitimate at first—many merchants are left vulnerable. Once the cardholder disputes the charge and a chargeback is filed, the merchant loses the revenue, and the item, and often incurs further costs.

According to a 2024 report in Infosecurity Magazine, click and collect fraud saw a 55% year-on-year increase globally, with UK retailers among those most affected. As over 60% of UK e-commerce brands now offer in-store pickup, this fulfilment method has become a growing target for cybercriminals and fraud rings.

How Are Criminals Exploiting Click and Collect Services?

Fraudsters have identified click and collect as a weak spot in the retail journey. With minimal ID verification at the point of collection and a very short window between order and pickup, it’s an attractive option for those looking to exploit the system. Usually, fraudsters operate by using stolen card details to purchase high-value goods like electronics, trainers, or beauty products, then sending a ‘mule’ to collect the order. These individuals, sometimes recruited online, act as intermediaries to help keep the original fraudster anonymous.

Another tactic involves using compromised loyalty accounts or login credentials to place orders that appear legitimate. Fraudsters will impersonate the actual account holder or present fake email confirmations and ID, preying on overworked or undertrained store staff who may feel pressured to provide quick service.

Social engineering is also playing a growing role. Some scammers deliberately arrive at busy times, such as lunchtime or just before closing, to reduce the likelihood of in-depth checks. They may claim to have lost their ID, present a blurry phone screen confirmation, or claim a family member placed the order. The goal is always the same: to walk out with the goods before any red flags are raised.

What Are the Consequences for Merchants?

The financial impact on merchants can be significant. For every fraudulent transaction, the merchant often loses the cost of the product, incurs chargeback fees, and absorbs the time and resource cost of dispute handling. According to UK Finance, merchants lose an estimated £2.50 for every £1 lost to fraud when associated admin and the operational losses are considered.

Beyond direct losses, reputational damage is a major concern. If customers feel that fraud is frequent or poorly handled, they may avoid shopping with the brand in the future. Retailers may also find themselves facing scrutiny from their acquiring banks and payment processors, particularly if fraud rates exceed industry thresholds. In extreme cases, businesses could be classified as high-risk merchants, resulting in increased transaction fees or additional compliance obligations. The ripple effects can touch everything from staffing and training to digital infrastructure.

Are Merchants Legally Required to Prevent Click and Collect Fraud?

While fraud prevention has long been viewed as an industry necessity, new legislation is making it a legal one too. The Economic Crime and Corporate Transparency Act 2023, which comes into effect from 1 September 2025, introduces the new offence of ‘Failure to Prevent Fraud’ for large UK organisations. Under this legislation, companies that do not take reasonable steps to prevent fraud within their operations can be held criminally liable if fraudulent conduct occurs. The law applies to businesses that meet two of the following criteria: they must have over 250 employees, a turnover of more than £36 million, or gross assets exceeding £18 million.

Even if your business does not fall within this scope, the message is clear: fraud prevention is no longer optional. Regulators, payment networks, and consumers increasingly expect retailers to have processes in place to detect, report, and prevent fraud. Therefore, failure to act could result in legal exposure, increased compliance costs, and reputational damage.

What Practical Steps Can Merchants Take to Protect Themselves?

Protecting against click and collect fraud doesn’t mean a complete overhaul of your operations. Instead, it’s more about embedding safeguards at each stage of the customer journey—all the way from order placement to collection.

A good place to start is by reviewing your checkout process. Is your fraud detection software up to date? Are you using tools that flag suspicious activity based on IP address, unusual purchase patterns, or mismatches between billing and collection information? Behavioural analytics and machine learning tools can be highly effective in identifying high-risk transactions in real time.

At the collection point, procedures matter. Staff should be trained to verify ID against the name on the order, request the payment card used, and follow a clear protocol for confirming that the collection is legitimate. Collection lockers, barcode scanning, and tamper-evident pickup bags are increasingly being used to reduce manual error and tighten handover security.

For retailers seeing a rise in chargebacks linked to click and collect fraud, it can also be highly beneficial to work with a chargeback solution provider. This can help you understand the root causes of disputes, reduce chargeback ratios, and strengthen your dispute resolution process—in turn, freeing up your internal team and improving your bottom line.

What Support and Resources Are Available to Help Merchants Tackle This Issue?

There’s a growing range of support available to help merchants safeguard against click and collect fraud:

  • ‘UK Finance’ provides regular fraud insights and publishes best practice guidance for businesses of all sizes.
  • The ‘National Cyber Security Centre’ (NCSC) offers resources on account security, staff training, and other threat intelligence.
  • ‘Action Fraud’, the UK’s national reporting centre for cybercrime and fraud, supplies helpful toolkits for small and medium sized enterprises.
  • Many acquirers and payment service providers now offer dashboards that allow you to track and act on fraud data in real time.

For more tailored support, working with an experienced fraud or chargeback partner can offer insights beyond what’s available off the shelf. These partners can help monitor for signals of click and collect abuse, build up your defences, and help reduce your fraud-to-sale ratio—something especially important if you operate in a high-risk category like fashion, consumer electronics, or gift cards.

Final Thoughts: Why It’s Time to Take Click and Collect Fraud Seriously

Click and collect is here to stay. For consumers, it offers convenience and speed; for merchants, it boosts footfall and revenue. But left unchecked, it also opens the door to fraudsters eager to exploit the fine cracks between online and offline systems.

For businesses, the rise of click and collect fraud is a wake-up call. With fraudsters staying ahead of the game, increasingly sophisticated tactics, and rising regulatory expectations, taking a passive approach is no longer an option. Whether that means tightening ID checks, investing in fraud tools, or partnering with a specialist to manage chargebacks and dispute trends, now is certainly the right time to act.

Ultimately, the brands that thrive in 2025 and beyond, will be those that blend convenience with caution, offering seamless service without compromising on security.