Resource center
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Topic
Region
Perspectives

Common types of online payment fraud and how to prevent them

In this article we look at all things payment fraud – how big of a problem is it? What are the most common types of payment fraud? What can you do as a merchant to prevent them?

Link to the author's page
Ayush Rodrigues
October 17, 2024
Link to the author's page
Common types of online payment fraud and how to prevent them

As ecommerce grows to dominate an ever larger segment of the global economy, criminals will inevitably follow the money.

Payments providers, merchants, and ecommerce platforms are locked in a perpetual arms race with fraudsters, who are constantly developing more sophisticated ways to swindle and deceive.

For example, bot attacks, which deploy automated agents to mimic malicious human behaviors, and click farms, which exploit large numbers of low-paid workers to similar effect, both allow criminals to ramp up their efforts, leaving merchants akin to participants in an eternal game of whac-a-mole.

Nevertheless, merchants must use every method at their disposal to fight payment fraud. Failure to do so will not only cost you financially, but expose you to reputational damage.

Now you've learned how to accept payments online, you need to know the common types of payment fraud and how to prevent them. 

What is payment fraud?

Payment fraud involves the unauthorized use of false or stolen payment information with the intent to steal money, goods, or services. 

It involves deceptive practices where someone fraudulently accesses another person’s payment details or exploits payment systems to gain financial benefits. 

While payment fraud can occur in different ways, it often targets businesses, financial institutions, and consumers shopping online. Criminals can use sophisticated techniques to steal credit card information, bank account details, passwords, and more. They take advantage of weaknesses in security measures. 

How big of a problem is online payment fraud?

Online payment fraud is a significant problem for everyone who buys and sells over the internet. According to the European Banking Authority, payment fraud amounted to €4.3 billion in 2022. And in a recent report, Juniper Research estimated that online payment fraud will exceed $362 billion globally between 2023-2028. The same report predicts the losses to merchants in 2028 alone will be $91 billion. 

There are two main types of card transactions. Card present transactions, where both the cardholder and their card are physically present at a card machine (such as in a retailer or restaurant). A card-not-present (CNP) transaction is a remote transaction, conducted online, over the phone, or by mail, where neither the customer nor their card are physically present.

Card-present fraud (or in-store payment fraud) is predicted to decline over the next decade. However, card-not-present transactions - such as payments conducted online or over the phone - are continuing to grow as a percentage of total spending, and these are far more at risk from fraudulent activity.

These fraudulent activities, such as identity theft, phishing, and account takeovers are becoming more complex and increasingly hard to detect. Especially when fraudsters gain access to genuine shopper accounts, making it increasingly difficult for fraud tools to identify the fraudulent purchase as suspicious. That’s why it’s more important than ever for businesses to implement robust security measures, such as fraud detection software, to protect themselves and their customers.

Why is payment fraud more common online?

As mentioned above, fraud involving CNP transactions is far easier than card present transactions. Why is that? The main reason is simply that the cardholder isn’t physically present to verify their identity.

Fraudsters just need to steal the card details, which can be given away in a scam, in order to commit the crime. On top of this, the internet provides a vast amount of personal information - including social media profiles, and information stolen in data breaches - that can be used to impersonate someone.

Types of online payment fraud

1. Stolen cards (identity theft)

Stealing someone’s card online is essentially identity theft. Identity theft involves a fraudster stealing someone’s personal details, such as their name, social security number, credit card number, or any other sensitive info, and using it to make purchases in their name.

According to the European Banking Authority, around two-thirds of remote card fraud is due to card details theft. In the first half of 2023, it accounted for 64% of remotely initiated card fraud volume. 

There are several ways that identity thieves can obtain this personal information:

  • Phishing scams - fraudsters use emails, texts, or social media messages to trick people into providing personal information or clicking on a link that installs malware on their computer.
  • Hacking - a company's computer systems are hacked into and the thief steals sensitive information.
  • Social engineering - fraudsters win someone’s trust and then con them into giving up personal information, either over the phone or in person.
  • Card skimming - fraudsters place small devices on card readers to steal credit card information when a card is swiped.
  • Searching through your trash - criminals search through trash or recycling bins to find personal information that they can exploit.

The loss to the customer is clear, but what about businesses? Firstly, you’re likely to have to refund the purchase and incur any resulting chargeback costs. In addition to these refund and chargeback costs, you could also incur severe financial penalties if your chargeback ratio exceeds the card scheme limits for consecutive months.

You may also suffer reputational damage if the customer holds you responsible for not protecting their personal information. At best this risks putting off new or returning customers, but at worst, this could lead to lawsuits and fines for falling foul of compliance regulations.

How to protect your business from stolen card information

  • ID verification - validating the identity of the person attempting payment is a simple and effective way to reduce card fraud, and can be achieved by comparing anything from biometric data to identity documents or mobile data to a verified data set.
  • Two-factor authentication - this extra layer of protection requires the customer to verify their identity when logging into a platform by completing an additional step such as entering a one-time SMS security code.
  • 3D Secure (3DS) - similarly, 3DS is an additional authentication step where, for example, a customer will approve a payment using biometric data within their banking app.

2. Chargeback fraud

Chargeback fraud, also known as ‘friendly fraud’ or ‘first-party fraud’, is when a consumer disputes a charge on their credit card, which means businesses have to reverse the charge and refund the customer. Contrary to what the term ‘friendly fraud’ denotes, it’s a threat to be taken seriously because 34% of merchants experience it globally. 

Because chargebacks are often initiated by a customer making a legitimate claim, chargeback fraud can be difficult to detect and prevent, and it can also be hard to prove they had dishonest intentions.

If fraudulent, a customer could falsely claim that:

  • They did not authorize a transaction in order to get a refund or to avoid paying for goods or services that they received
  • They never received the goods or services that they ordered, when in fact they did
  • The goods or services they received were not as described or were defective

These chargebacks can be costly for merchants, as they can result in lost revenue, chargeback fees, and increased processing costs – card schemes penalize merchants with high levels of fraud through increased fees and lower authorization rates. According to Mastercard, merchants absorb more than 75% of the financial impact of chargebacks. 

How to prevent chargeback fraud

The best way to prevent chargeback fraud is to have clear policies and procedures in place for handling customer complaints and disputes, and to document all transactions and customer interactions so that you can use them as evidence in the event of a claim.

You should also require signatures upon receipt of goods, provide tracking information for deliveries, and clearly communicate your return and refund policies to customers.

For known customers who have committed friendly fraud, you can add them to your risk engine’s decline list to automatically block them should they try to transact with you again.

Learn more: What is a merchant of record?

3. Card testing

Card testing fraud is a type of credit card fraud where fraudsters use automated software to test the validity of stolen credit card numbers. They do this by generating a large number of transactions, each for a small amount, to establish which credit card numbers are valid and which aren’t. For every successful transaction, the thief knows they have valid credit card details, and can then use the card to make larger purchases or even resell the information on the black market.

These small transactions aren’t often flagged as fraudulent, meaning card testing fraud can go unnoticed for long periods. This is particularly harmful to merchants because if you don’t have procedures in place to prevent the fraud, you could incur chargebacks and penalties.

How to prevent card testing fraud

You can help prevent card testing fraud by implementing security measures such as Address Verification System (AVS) checks and Card Verification Value (CVV) checks.

Many card testing fraudsters don’t have valid CVV data, so requiring validation will block these attempts. Stolen credit card numbers are also often missing complete address and ZIP code information. The fraudsters will try to transact with random or partial address data resulting in an AVS mismatch.

It’s also a good idea to check for suspicious patterns of small transactions. You could use fraud detection software with built-in machine learning that can detect and automatically flag potentially fraudulent transactions. Alternatively, you can use rules, in particular velocity-based rules. Velocity rules check for unusually high instances of an action within a certain timeframe - e.g. a large number of attempted transactions for a particular Bank Identification Number or card in one hour - or for a high number of cards used per device, which are typical signs of bot activity. These customers can then be flagged as risky or blocked from making a transaction.

4. Marketplace fraud

Marketplace fraud is a wide-ranging term for any fraud committed on an online marketplace, such as Amazon, eBay, or Facebook. It can take many forms, including:

  • Listing fake or counterfeit versions of popular products, such as designer handbags or electronic devices, which are often made of lower-quality materials and may not work properly
  • Sellers listing non-existent items that they don't actually have in stock and then disappearing after receiving payment
  • Scammers creating fake seller accounts and using them to list fake or overpriced items

These scams can cause big problems for marketplace platforms as, if a customer complains but the seller has disappeared and the funds can’t be recovered, the marketplace is usually held responsible for refunding the amount.

How to prevent marketplace fraud

With the sheer number of transactions taking place on marketplaces every day, this type of fraud can be difficult to fight. The best first line of defense is to implement strict onboarding criteria for new sellers, including comprehensive identification checks, a review of their track record, an assessment of their financial and credit history, as well as their compliance with any relevant regulations.

You should also monitor fraud rates on a per-seller basis. That way you can assign more fraud rules and stricter thresholds to your highest-risk sellers to make it harder for them to engage in fraudulent activity. Fraud detection software can help you do this.

5. Refunds to an alternative payment method

Alternative refunds involve a fraudster deliberately paying more than they should for a product or service. They then contact you claiming to have accidentally entered the wrong amount, and request a partial refund by an alternative method such as a wire transfer, check, or gift card. Once the refund has been issued, the thief will disappear, leaving you to absorb the loss of both the disputed amount (that you’ll have to send via chargeback) and the amount sent via refund to the alternative method.

Fraudsters have a variety of tactics in their arsenal to convince you to issue the refund in their preferred form. For example, they might claim that the original payment method is no longer valid or that they can’t receive a refund to the same card or account. They could also impersonate a customer service agent or someone in a position of authority in a particular company to gain your trust.

How to protect your business from alternative refunds

There’s one simple way to protect against alternative refund fraud: never refund payments via an alternative method. If a customer’s card has been legitimately closed, just issue a normal refund and it’s then the customer’s responsibility to contact their card provider and retrieve the funds.

Benefits of fraud protection

Fraud protection is essential for preventing both financial losses and reputational damage for your business, as well as keeping your customers’ data safe. 

Reduce risk of financial loss

Payment fraud can result in significant financial losses through chargebacks, refunds, or loss of goods and services. Then there’s the risk of fines and penalties that can occur if fraudsters succeed due to lack of compliance on your end. Fraud protection tools, such as fraud detection, authorization, and identity verification, help businesses avoid these losses by detecting and blocking fraudulent transactions before they’re completed. 

Protect customer data

Keeping your customers’ data safe is not just important to earn their trust and loyalty, it’s also a regulatory requirement in many industries and regions. You have a responsibility to your customers to ensure your security systems are thorough and you have fraud protection tools in place to reduce the risk of data leaks, identity theft, card testing, and more. 

Build customer trust and loyalty

Reputational damage can go a long way in hurting your revenue. Although this may not be the only reason to protect customer data, it’s certainly a big consideration. The safer it is to spend on your platform, the more customer trust and loyalty you’ll build and maintain, and the more you’ll protect your business from reputational damage. Putting sophisticated fraud protection measures in place means your platform will be the safest it can be for consumers to spend on, giving them one less reason to shop elsewhere. 

Stay compliant

Certain industry and regional regulations require you to uphold a certain level of data security or else face fines and penalties. Often, criminals will take advantage of weaknesses in your systems to commit fraud, which could expose lack of compliance if any corners have been cut. Advanced fraud protection covers all bases on the compliance front, ensuring you’re doing everything you can to protect customer data and your financial assets. 

Prevent payment fraud with Fraud Detection Pro

Need help fighting fraud? We’ve launched Fraud Detection Pro, an enterprise-grade solution designed to help merchants tackle online payment fraud while balancing risk and maximizing revenue.

Fraud Detection Pro offers a hybrid of machine learning and rules. Machine learning acts as your first line of defense, identifying patterns of legitimate and fraudulent behavior from vast swaths of data. Checkout.com processes billions of transactions globally and we incorporate multiple signals on each transaction, such as email, device, and IP data. So when a genuine shopper or fraudster tries to buy from you, there’s a strong chance our machine learning has already seen this person before.

As valuable as machine learning is for pattern recognition, it isn’t a silver bullet. It has blind spots, such as identifying edge cases and responding to types of fraud it hasn’t encountered before. This is where rules come in. There are scenarios where you want to block, accept, or send a transaction for further verification, and rules give you the granular control to do this.

Secondly, during a live fraud attack, you must act fast to minimize the impact on your business and rules are the ideal instrument for such use cases.

Fraud Detection Pro has a robust rules engine where you can build rules from an infinite range of rule types and combinations, including your own data. You can also assign weighted scores to rules for a more nuanced assessment.

You can also get super granular in how you treat different groups of customers by building custom segments. For example: new versus repeat customers and high-risk versus low-risk products. Then you can apply unique risk strategies to each segment based on the individual risk profile.

Fraud Detection Pro also empowers you with powerful fraud analytics, reporting, and testing, so you can maximize performance and continually evolve your strategy.

Download PDF

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button

Most recent articles

Black Friday Shopping Trends 2024
Blog
Dec 18, 2024

Black Friday Shopping Trends 2024

Read article
What is a payment dispute?
Blog
Dec 18, 2024

What is a payment dispute?

Read article
What are recurring payments? Examples, benefits, and strategy
Blog
Dec 12, 2024

What are recurring payments? Examples, benefits, and strategy

Read article
Credit card payment processing explained
Blog
Dec 11, 2024

Credit card payment processing explained

Read article
Card issuer rejection explained
Blog
Nov 29, 2024

Card issuer rejection explained

Read article
How to choose the right payment methods
Blog
Nov 27, 2024

How to choose the right payment methods

Read article
Top 10 ecommerce KPIs for online merchants
Blog
Nov 22, 2024

Top 10 ecommerce KPIs for online merchants

Read article
Five ways businesses can prepare payments for the peak season surge
Blog
Nov 20, 2024

Five ways businesses can prepare payments for the peak season surge

Read article
Payment fraud trends (and how to fight them)
Blog
Nov 18, 2024

Payment fraud trends (and how to fight them)

Read article
Interchange fees explained
Blog
Nov 14, 2024

Interchange fees explained

Read article
Future-proofing your career: Education in payments and fraud
Blog
Nov 13, 2024

Future-proofing your career: Education in payments and fraud

Read article
What is a PayFac & what are the benefits of becoming one?
Blog
Nov 7, 2024

What is a PayFac & what are the benefits of becoming one?

Read article
Return to home
October 17, 2024 12:05
October 17, 2024 12:05