Resource center
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Topic
Region
Perspectives

Payment fraud trends (and how to fight them)

Fraud is occurring more often, and becoming more costly. Learn to find and fight emerging fraud types.

Link to the author's page
Yarden Mayer
November 18, 2024
Link to the author's page
Payment fraud trends (and how to fight them)

When it comes to scams in cyberspace, technological innovation moves at lightspeed. Of all the payment industry trends, keeping up to date on the latest in fraud is arguably most important. With merchant losses from fraud forecast at $91 billion in 2028, the financial impact is real and measurable.

Worryingly, the average global merchant reported 3.3% of orders accepted in the past 12 months turned out to be fraudulent. However, you are not defenseless. By looking at the weaknesses in your payment protocols and online security, you can make targeted investments that rescue revenue at risk from fraud. 

This article draws out the latest payment fraud trends, and shows you how to combat newly emerging types of fraud.

Summary of payment fraud trends

Fraud is particularly common in the world of online shopping, or ecommerce, as it’s known in the industry. Merchants estimate that 3% of their total ecommerce revenue is lost to fraud each year, per the Merchant Risk Council (MRC).

Research on over 1,000 merchants in the 2024 Global Payments and Fraud Report found:

  1. Merchants are experiencing more fraud attacks, on average
  2. The range of fraud attack types is increasing
  3. Fraud types increasing the most are: first-party misuse, account takeover, loyalty fraud, and triangulation schemes
  4. The most common types of fraud are: refund policy abuse and first-party misuse

While a decent amount of payment fraud involves stolen payment credentials, a growing proportion actually stems from individuals claiming their money back after a legitimate transaction. That means merchants not only need effective fraud prevention tools, but also careful review processes for customer returns and refund claims.

Checkout.com has partnered with MRC to provide online education on the essentials of fraud. It’s aimed at helping business professionals in the ecommerce industry gain awareness of the latest fraud trends.

Trend #1: Fraud is occurring more frequently

  • The majority of ecommerce merchants (59%) reported an increase in online payment fraud in 2022.
  • Over a third (38%) of merchants are seeing increased fraud rates as well as new types of fraud
  • More than half of merchants (56%) are seeing the unfortunate rise of “Fraud-as-a-service” (FaaS), where technically-skilled criminals hire out their software and services for a fee. 

With the emergence of innovative technologies such as advanced generative AI, there are newer, more efficient ways to carry out fraud at scale. However, that does not leave merchants powerless. There are ways to use artificial intelligence to detect and block fraud, too.

Indeed, 85% of senior payments professionals feel that the best use case for AI is fraud detection and prevention. This stands to reason, as the algorithms underpinning machine-learning fraud detection tools can adapt to new types of fraudulent activity faster than any individual human could.

Trend #2: Payment fraud losses are becoming more costly

We know from a range of sources that the value of losses to payment fraud is growing. There has been a steady uptick in the average cost of online purchase scams. For the consumer, the median monetary loss per online purchase scam jumped 13% between 2021 and 2022, worldwide. This put the median dollar amount lost per online purchase fraud event at $114.

Mid-market merchants report disproportionately high losses compared with other sizes of business. While enterprises are losing 2.3% of annual ecommerce revenue to payment fraud, mid-market businesses report 4.1%. 

Trend #3: The number of different types of fraud is increasing

As well as experiencing fraud more often, merchants are also seeing an increase in the number of payment fraud types. The average merchant experienced four different types of fraud in 2023, compared with three in 2022. 

This means awareness and education is more important than ever, as businesses are facing new varieties of fraudulent activities that threaten revenue and customer trust. Over a third (38%) of merchants named identifying and responding to new types of fraud attacks as the greatest challenge in managing ecommerce fraud in 2024.

At MRC Vegas 2024, Checkout.com surveyed merchants who identified the following types of online fraud as their greatest causes for concern:

  • Card testing
  • Chargeback fraud
  • Account takeover

Let’s look at each of these common payment fraud types, what they involve, and how to combat them.

1) Card testing fraud

Payment data thieves routinely carry out card testing fraud, which involves making small purchases on websites to verify if their stolen card details are available for use. These payments will either result in a fraudulent payment authorization or a decline. Both of these are risks to your revenue, reputation, and acceptance rates.

Examples:

In one case detected by Checkout.com, fraudsters targeted a merchant offering Amazon gift cards with each purchase. They used stolen cards to make a series of transactions and obtain the vouchers at scale.

Checkout.com’s system detected unusual patterns and blocked the fraudulent transactions, preventing further damage. For example, spikes in traffic from specific BINs (Bank Identification Numbers) are indicative of card testing.

Card testing attacks can be on a very large scale. In another example, A small merchant selling digital courses faced a massive fraud attack where a bot purchased a million courses using stolen credit cards. The merchant received the money but faced significant issues as the transactions were fraudulent.

Checkout.com’s fraud detection systems, which analyze transaction velocity, geographic inconsistencies, and other anomalies, were able to stop the attack, protecting the merchant from financial loss and reputational damage.

How to fight back:

The way in which you tackle card testing fraud will vary according to your specific business model and industry. It’s wise to consider your average order value, and consider flagging transactions which fall significantly below this threshold. 

It can be harder to detect unusually low transaction values in a mobile gaming business which typically accepts microtransactions, for instance. To meet this challenge, you may consider monitoring for a high rate of declines from the same user or card. Your payment services provider (PSP) could help you to carry out such velocity checks even more effectively; a PSP has oversight of far more transactions across the payments network than any single merchant.

Advanced authentication methods such as risk-based authentication can help you to initiate targeted challenges to customer payments which present a certain risk of fraud.

2) Chargeback fraud and first-party misuse 

Chargeback fraud is when a customer deliberately takes advantage of their rights as a cardholder to defraud your business. It typically involves a cardholder winning back a purchase value amount through the dispute process of their credit card or other payment method. The merchant loses the dispute – and reimburses the customer – if unable to prove that the purchase was legitimate.

First-party misuse is a specific type of chargeback fraud where the customer makes a wrongful claim that a transaction using their payment details was fraudulent. This is a significant problem, affecting almost one in two (45%) online merchants. It can arise due to something as simple as choosing a confusing payment descriptor, which the customer fails to recognize as a legitimate purchase.

There’s a subtle difference between chargeback fraud vs friendly fraud, although you can use the same techniques to minimize incidents of both (see “How to fight back”, below).

Example:

You may see sophisticated examples of chargeback fraud, where the fraudster uses various methods to conceal their own identity. This is known as layered buyer fraud. For example, a fraudulent actor can use a “proxy buyer” to receive a physical product bought online. The proxy buyer then sends the parcel on to the fraudster, believing they’re carrying out a legitimate mail forwarding service. 

The cardholder, whose details were used without their knowledge, files a dispute with their credit card company. This results in a chargeback which the merchant is liable for. In this scenario, it’s extremely difficult for the merchant to trace where the goods have gone. Thus, the fraudster leaves no records of their name and location on the merchant’s systems.

How to fight back:

The main way to reduce chargeback fraud is to increase the proportion of customer payments which are authenticated. This can seem unappealing because authentication often requires additional user interaction, such as entering a passcode, verifying a payment through an app, or taking a phone call from their account provider. 

However, there are ways to automate the authentication process that can help you challenge (and win) fraudulent disputes, reduce chargebacks, and protect your revenue. 

  • Authenticate your customers' payments with 3D Secure; this provides convincing proof that the cardholder willingly made the payment.
  • Intelligent Acceptance promptly determines whether a transaction necessitates 3DS authentication and automatically incorporates any available 3DS authentication information into the payment request if it was omitted initially.
  • Fraud Detection Pro will identify and block suspicious transactions, protecting your business from chargebacks that arise from fraud.
  • Rapid Dispute Resolution, offered in partnership with Verifi, automatically resolves Visa transaction disputes before they become chargebacks.
  • Visa Compelling Evidence 3.0 enables merchants to share two previous transaction records that prove the legitimacy of a disputed payment.

3) Account Takeover & Social Engineering

Another major type of fraud is account takeover, affecting roughly one in three (32%) online merchants. A criminal may create or purchase malware which steals login credentials, and trick the user into downloading it onto their device. The criminal then can then access the account from their own device. Fraud detection systems can usually pick up such account takeover activity, since it will be a new login pattern (new device, IP address, and unusual account behavior). For this reason, account takeover (ATO) scams are becoming more sophisticated.

If a lucrative account proves difficult to access via technological means, fraudsters may use psychological pressure to convince account holders to transfer funds or provide access through disclosing sensitive data.

Social engineering refers to any kind of interpersonal manipulation tactics used to gain access to sensitive data, such as passwords and payment details. This can involve spoofed emails, phone calls, and websites which seem legitimate, but are actually fakes created by cybercriminals.

Examples:

At Checkout, we have intercepted fraudulent requests to change merchants’ bank account details. We ensure a rigorous multi-factor authentication process to protect merchant accounts from unauthorized changes to payment details. 

Specialized malware can send a notification to the fraudster once you login to one of your accounts. Then the fraudster takes over the session without the user realizing. This is known as a “remote overlay attack”. The user may see a loading screen or error page while the fraudulent actor carries out criminal activities (such as transferring funds to their own account). 

This is harder for fraud systems to detect, because the user is the one that made the login, so it's not suspicious.

How to fight back:

  • Implement robust authentication methods such as two-factor authentication or multi-factor authentication for altering customer payments data and sensitive account details
  • Limit access to sensitive customer data from both technological and human permission standpoints
  • Educate employees with on the signs of account takeover attempts (for example, the scammer may create a sense of urgency to obtain access to the account) 
  • Set up a reporting system to flag suspicious emails, texts, and messages to your company’s information security team
  • Partner with a large global PSP (like Checkout.com) that can leverage the power of its global network to detect and prevent fraud using insights from across regions, industries, and issuers.

How to fight fraud and win consumer trust

By understanding emerging fraud trends and implementing effective prevention strategies, merchants can protect against financial loss and reputational damage. Fraud prevention is vital in protecting brand reputation and gaining customer trust, too.

We know consumers feel reassured when merchants take proactive steps to manage their payment details responsibly. An encouraging 64% of online shoppers say they’re more likely to buy from businesses that securely store their payment details. This is good evidence to support investment in payment data security, as it helps to strengthen sales and build customer loyalty.

Our in-house fraud teams are constantly researching sophisticated techniques in the fight against fraud. We apply our findings to our fraud prevention tools in response to the latest trends in fraud. Using a combination of machine learning, customizable fraud rules, and automated dispute resolution, our payments experts ensure your business  thrives.

Learn more about Fraud Detection Pro, the sophisticated fraud blocking engine for your payments.

Download PDF

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button

Most recent articles

Interchange fees explained
Blog
Nov 14, 2024

Interchange fees explained

Read article
Future-proofing your career: Education in payments and fraud
Blog
Nov 13, 2024

Future-proofing your career: Education in payments and fraud

Read article
What is a PayFac & what are the benefits of becoming one?
Blog
Nov 7, 2024

What is a PayFac & what are the benefits of becoming one?

Read article
What is Visa Direct?
Blog
Nov 7, 2024

What is Visa Direct?

Read article
How to prevent buy now, pay later (BNPL) fraud
Blog
Nov 5, 2024

How to prevent buy now, pay later (BNPL) fraud

Read article
What is Octopus Wallet?
Blog
Nov 4, 2024

What is Octopus Wallet?

Read article
Five ways retailers can prepare payments for the peak season rush
Blog
Nov 1, 2024

Five ways retailers can prepare payments for the peak season rush

Read article
Do omnichannel payments thrill your customers? Or do you just need more simplicity?
Blog
Oct 24, 2024

Do omnichannel payments thrill your customers? Or do you just need more simplicity?

Read article
Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday
Blog
Oct 23, 2024

Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday

Read article
Data privacy and identity verification in the US
Blog
Oct 23, 2024

Data privacy and identity verification in the US

Read article
What happens in 336 ms? The journey of a payment transaction
Blog
Oct 21, 2024

What happens in 336 ms? The journey of a payment transaction

Read article
What are Level 2 and Level 3 data in credit card processing?
Blog
Oct 17, 2024

What are Level 2 and Level 3 data in credit card processing?

Read article
Return to home
November 18, 2024 10:45
November 18, 2024 10:45