In 2025, Brazilian e-commerce is expected to set another record. But what comes along with this avalanche of orders and clicks is also concerning. We are talking about the increase in digital fraud.
The Brazilian Association of Electronic Commerce (ABComm) projects a revenue of R$ 224.7 billion for the sector this year, 10% more than in 2024. There will be around 435 million orders and 94 million consumers browsing, shopping, and (sometimes) taking risks on virtual storefronts. All of this in a market that has been growing uninterruptedly for eight years.
Dates like Cyber Monday, Father's Day, Christmas, and even continuous sale periods require, more than ever, prepared and secure platforms. The so-called "hot seasons" in retail make the year's final stretch not only a strategic warm-up for promotions but also for fraud attempts.
Black Friday is scheduled for November 28. And if, on one hand, promotions boost the digital economy, on the other hand, they also open the doors wide for scammers. But growth comes at a cost. And it's not just financial.
The 2024 edition has already shown signs of what to expect. According to ConfiNeotrust and ClearSale, only until noon on the Saturday following Black Friday were 17,800 fraud attempts recorded. Estimated value of blocked attempts? R$ 27.6 million. The average ticket for scams is impressive: R$ 1,550.66, more than triple the average value of a legitimate purchase.
And the preferred targets? Games, computing, and musical instruments.
Even with a 22% decrease in the total value of frauds compared to the previous year, experts are categorical: digital criminals remain active and more sophisticated.
Meanwhile, PIX is triggered. On the last Black Friday, transactions with the instant system jumped 120.7% in a single day. R$ 130 billion were moved, according to the Central Bank. A historic achievement. But which also worries.
More speed, more access, more immediacy, more vulnerabilities. And not all platforms are prepared for that. Slowness, instability, and security breaches become the perfect gateway for those on the other side—attentive and opportunistic fraudsters.
These flaws directly affect the user experience and the brands' reputation. A PwC study reveals that 55% of consumers would avoid purchasing from a company after a negative experience, and 8% would give up on a purchase after a single unfavorable incident.
"Digital security is not a final step. It is an ongoing process that begins before the first line of code," summarizes Wagner Elias, CEO of Conviso, an application security (AppSec) specialist.
To protect e-commerce software, the application security (AppSec) sector — which is expected to reach $25 billion by 2029, according to Mordor Intelligence — works to identify vulnerabilities before they become real problems.
The goal of AppSec is to identify security gaps before they are exploited by intruders. Elias compares it to building a house: "It's like constructing a house while already thinking about access points: you don't wait for someone to try to break in before installing locks or cameras. The idea is to anticipate risks and strengthen defenses from the start," explains Elias.
And the CEO warns that ideally, companies should constantly review their platforms to identify and fix potential security breaches, creating a continuous culture of protection. The fundamental is to offer a real guarantee for both the product and the consumer, strengthening trust in the platform and the entire purchasing process. And this is only possible with preparation that begins months before the date.
One of the solutions that can support e-commerce in this process is Site Blindado, now part of Conviso, an application security company and a reference in AppSec. The trust seal operates at different levels, serving everything from online stores that need basic protection to those requiring greater proof of authenticity, or even more rigorous certifications such as PCI-DSS, which is required for those handling credit card data.
Those who take security seriously reap results. Visa, for example, blocked 270% more frauds in 2024 compared to the same period last year. This was only possible thanks to a robust investment: over $11 billion in technology and security in the last five years.
The key? Artificial intelligence, machine learning, and real-time behavior analysis. Everything in milliseconds. Without bothering the actual consumer, who just wants to ensure the discount at checkout.
Prevention starts at the grassroots. But how to protect yourself? "The recommendations are clear and involve both companies and consumers," reinforces the CEO of Conviso.
Tips for companies:
- Include security already in the system development phase;
- Perform penetration tests (pentests) frequently;
- Integrate protection tools into your DevOps without losing agility;
- Train technology teams with a focus on good security practices;
- Create a culture where safety is routine, not an exception.
And for the consumer who shops online:
- Stay away from deals that are too good to be true;
- Check if the website is trustworthy (https, security seals, CNPJ, etc.);
- Prefer platforms and apps that are already well-known;
- Avoid links received via email or social media — especially from strangers;
- Enable two-factor authentication whenever possible.
"While consumers need to learn to recognize warning signs, companies have a duty to provide secure environments. It is the combination of the two that sustains trust in the platforms and keeps the market healthy," concludes Elias.
