In 2025, Brazilian e-commerce is expected to break another record. But what comes with this avalanche of orders and clicks is also worrying. We're talking about the rise in digital fraud.
The Brazilian Electronic Commerce Association (ABComm) projects revenue of R$224.7 billion for the sector this year, 10% more than in 2024. There will be approximately 435 million orders and 94 million consumers browsing, buying, and (sometimes) taking risks in virtual storefronts. All this in a market that has already been growing continuously for eight years.
Dates like Cyber Monday, Father's Day, Christmas, and even sales periods require, more than ever, prepared and secure platforms. Retail's so-called "hot seasons" make the end of the year not only a strategic warm-up for promotions but also for fraud attempts.
Black Friday is set for November 28th. While these promotions boost the digital economy, they also open the door to scammers. But growth comes at a cost. And it's not just financial.
The 2024 edition has already shown signs of what to expect. According to ConfiNeotrust and ClearSale, 17,800 attempted frauds were recorded by noon on the Saturday following Black Friday alone. The estimated value of the blocked attempts? R$27.6 million. The average ticket price for these scams is impressive: R$1,550.66, more than triple the average value of a legitimate purchase.
And their favorite targets? Games, computers, and musical instruments.
Even with a 22% drop in the total value of fraud compared to the previous year, experts are categorical: digital criminals remain active and more sophisticated.
Meanwhile, PIX is soaring. Last Black Friday, transactions using the instant payment system jumped 120.7% in a single day, moving R$130 billion, according to the Central Bank. A historic achievement. But one that's also concerning.
More speed, more access, more instantaneity, more vulnerabilities. And not all platforms are prepared for this. Slowness, instability, and security breaches become the perfect gateway for those on the other side: alert and opportunistic fraudsters.
These failures directly affect user experience and brand reputation. A PwC study reveals that 55% of consumers would avoid buying from a company after a negative experience, and 8% would abandon a purchase after a single unfavorable incident.
"Digital security isn't a final step. It's an ongoing process that begins before the first line of code," summarizes Wagner Elias, CEO of Conviso, an application security (AppSec) specialist.
To protect e-commerce software, the application security (AppSec) industry — expected to generate $25 billion by 2029, according to Mordor Intelligence — works to find vulnerabilities before they become real problems.
The goal of AppSec is to identify security breaches before they can be exploited by attackers. Elias compares it to building a house: "It's like building a house with access points in mind: you don't wait for someone to try to break in before installing locks or cameras. The idea is to anticipate risks and strengthen defenses from the start," explains Elias.
The CEO warns that ideally, companies should constantly review their platforms to identify and correct potential security breaches, creating a continuous culture of protection. "The key is to offer a genuine guarantee for both the product and the consumer, strengthening trust in the platform and throughout the purchasing process. And this is only possible with preparation that begins months in advance."
One solution that can support e-commerce businesses in this process is Site Blindado, now part of Conviso, an application security company and a leader in AppSec. The trust seal operates at different levels, serving online stores that require everything from basic protection to those that require greater proof of authenticity or even more stringent certifications, such as PCI-DSS, which is required for those who handle credit card data.
Those who take security seriously reap the rewards. Visa, for example, blocked 270% more fraud in 2024 compared to the same period the previous year. This was only possible thanks to a robust investment: more than US$11 billion in technology and security over the last five years.
The key? Artificial intelligence, machine learning, and real-time behavior analysis. All in milliseconds. Without disturbing the real consumer, who simply wants to secure the discount at checkout.
Prevention starts at the grassroots. But how can you protect yourself? The recommendations are clear and involve both businesses and consumers,” emphasizes Conviso's CEO.
Tips for companies:
- Include security in the systems development phase;
- Perform penetration tests (pentests) frequently;
- Integrate protection tools into your DevOps without losing agility;
- Train technology teams with a focus on good security practices;
- Create a culture where safety is routine, not the exception.
And for the consumer who goes digital shopping:
- Avoid promotions that are too good to be true;
- Check if the website is trustworthy (https, security seals, CNPJ, etc.);
- Give preference to already known platforms and apps;
- Avoid links received via email or social media — especially from strangers;
- Enable two-factor authentication whenever possible.
"While consumers need to learn to recognize signs of risk, companies have a duty to offer secure environments. It's the combination of the two that sustains trust in platforms and keeps the market healthy," concludes Elias.
