The verdict in three sentences
In Senegal in 2026, online payment fraud sits around 1-3 % of transactions, and the most common scenario is not card hacking but the fake payment screenshot from Wave or Orange Money. The only reliable defense is to never trust a visual proof and to confirm every payment with a server call to the provider's status API. Combine that with 3-D Secure on cards, a blacklist and a per-customer cap, and you eliminate most of the risk.
Risk signals to monitor
Fraud leaves statistical traces. Here are the most predictive signals seen on Senegalese stores, with an indicative risk weight (2026 order of magnitude).
| Risk signal | Frequency in fraud | Risk weight | Recommended action |
|---|---|---|---|
| "Payment done" screenshot sent over WhatsApp | Very high | Critical | Ignore, check status API |
| Transaction ID not found on the API | High | Critical | Block the order |
| 3+ payment attempts in under 5 min | Medium | High | Apply velocity limit |
| Delivery address ≠ city of mobile number | Medium | Medium | Manual review |
| International card + high amount + 1st order | Medium | High | Force 3DS |
| Disposable email / created same day | Low | Medium | Add to score |
| Order > 2x average basket, express delivery | Low | Medium | Confirmation call |
The golden rule: a screenshot is not proof of payment. A fraudster edits an image in two minutes. Only the signed webhook or the provider's getStatus call is authoritative.
The technical anti-fraud checklist
Here are the controls to implement, from most to least profitable, with an indicative setup effort.
| Control | Effect on fraud | Dev effort | Cost |
|---|---|---|---|
| Server verification (webhook + status API) | -70 to -90 % | Medium | 0 (included by provider) |
| Number / card blacklist | -10 to -20 % | Low | 0 |
| Per-customer / per-day cap | -10 to -15 % | Low | 0 |
| Velocity blocking (X attempts / window) | -10 to -20 % | Low | 0 |
| 3-D Secure 2 on cards | -60 to -80 % card fraud | Medium | Included with Stripe |
| Weighted risk score | -15 to -25 % | High | Low |
| Manual review above threshold | variable | Low | Human time |
Key point for mobile money: never validate an order based on a customer message. Configure the Wave/Orange Money confirmation webhook so the provider's server says "paid", never the buyer.
Mini case study
Awa runs a cosmetics shop in Dakar with 200 orders/month, average basket 25,000 FCFA, i.e. 5,000,000 FCFA revenue. She used to validate on screenshots: 6 frauds/month (3 % of volume) cost her 6 × 25,000 = 150,000 FCFA of lost goods every month.
By wiring up status-API verification and a per-customer cap, she drops to 0.3 % fraud, under 1 fraud/month: ~125,000 FCFA saved monthly, or 1,500,000 FCFA/year. The server-control development was a one-off integration, paid back in under two weeks.
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
FAQ
Can a Wave screenshot prove a payment?
No, never. An image is forged in minutes and it is the #1 fraud in Senegal. Only the signed webhook or the provider's status API truly confirms that a transfer of, say, 25,000 FCFA arrived.
What is a realistic e-commerce fraud rate in Senegal?
The 2026 order of magnitude is 1-3 % of transactions depending on sector and basket. With strict server verification, you bring that under 0.5 %.
Is 3DS enough to secure everything?
3-D Secure cuts card fraud by 60-80 % and shifts liability to the issuing bank, but it does not protect against fake mobile money screenshots. You need 3DS for cards plus API verification for Wave/OM.
How do I block a repeat fraudster?
Keep a blacklist of numbers, cards and emails, and a per-customer cap (e.g. 3 orders or 100,000 FCFA per day). Add velocity blocking above 3 payment attempts in 5 minutes.
How much do these protections cost?
The most profitable controls (server verification, blacklist, caps, velocity) have zero infrastructure cost: they are included in the Wave, Orange Money and Stripe APIs. The investment is mostly development time, paid back within weeks.
Let's talk about your project. We secure your store with server verification, 3DS and anti-fraud from launch day. WhatsApp +221 77 596 93 33.
Mohamed Bah
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.
