We give a detailed explanation of what payment fraud is, how it can affect your organization and your customers, and top strategies for preventing it.
What Is Payment Fraud?
Payment fraud occurs when someone uses misappropriated payment details to make unauthorized transactions in order to steal money or property.
Types of payment fraud include:
- CNP payment fraud
- Chargeback fraud (friendly fraud)
- Account takeover
- Account enrollment fraud
Most forms of financial fraud involve impersonation or identity fraud, accounting for as much as $56 billion in losses per year, according to the 2021 Identity Fraud Study from Javelin Strategy & Research. And there are no signs of slowing down. As more businesses utilize digital channels to serve their customers, fraudsters seek new ways to exploit them.
This can include scams designed to steal credit card, P2P payments, and other account information in order to make illicit transactions. It can also entail the use of compromised login credentials to hijack bank and payment accounts in account takeover (ATO) attacks—either directly or through the use of automated bots.
It can also entail so-called “friendly fraud” through which unscrupulous customers abuse “returnless refunds” and other forms of chargeback fraud to attain merchandise without having to pay for it.
Increasingly, it can also involve falsified account enrollment, where fraudsters use synthetic identity information to open bank, credit card, and new payment forms such as Buy Now, Pay Later accounts.
Examples of Payment Fraud
Below we’ll explore the different types of payment fraud, explain how the attack works, and what you can do to defend your business from it.
CNP Payment Fraud: A Growing Problem
Card-not-present (CNP) fraud has risen sharply during the ecommerce boom triggered by the COVID-19 pandemic. According to the Aite-Novarica Group CNP fraud could lead to $17.2 billion in lost revenue annually. To mitigate this threat, financial services organizations, credit card companies, and others are layering in new defenses against CNP fraud, but with varying success.
For instance, confirming CNP transactions with the customer via text message has been a growing trend, especially when the amount being transacted is unusually high. In practice, however, this can create friction that can lead impatient consumers to abandon the purchase, never to return. As it stands now, as much as 88% of online shopping orders are abandoned, according to Statistica.
Knowing how CNP fraud works is vital to understanding how to stop it without creating friction for legitimate transactions.
Fraudsters carry out CNP fraud through the following methods:
- Engaging in phishing scams – CNP fraud often occurs through online phishing scams, where criminals create malicious clones of real websites that steal customer information. These phishing campaigns are usually spread via email, but they can also spread through text messages, fraudulent social media pages and rogue mobile apps.
- Facilitating fraudulent business purchases – This can also occur at restaurants where dishonest employees hand-copy credit card information before processing your transaction.
- Exploiting data compromised through data breaches – But by far the most common way fraudsters obtain stolen credit card information is via Dark Web marketplaces where the card and other personal information is harvested from data breaches.
You can prevent CNP fraud by doing the following:
- Require billing address (AVS) & CVV verification
- Take down phishing sites impersonating your brand to reduce credentials harvesting
- Implement solutions that leverage and enhance the EMV® 3-D Secure (3DS) payment authentication protocol
Chargeback Fraud (Friendly Fraud)
Chargeback fraud occurs when a customer initiates a chargeback through their bank for a product they already received. When this happens accidentally, for instance, if a customer forgot they placed the order, it is referred to as friendly fraud. Unfortunately in both cases, chargeback fraud cuts into profits through chargeback fees and chips away at inventory.
Fraudsters carry out chargeback fraud through the following methods:
- Claiming they never received the product – The customer keeps the product, then issues a chargeback stating they never received it.
- Claiming they never authorized the purchase – The customer orders the product, receives it, but then initiates a chargeback claiming they did not make the purchase.
- Simply forgetting they ordered the product – Sometimes customers forget they make purchases, especially if shipping is delayed, causing them to dispute the charge once they see it on their statement.
- Abusing “returnless refund” policies – Fraudsters or even everyday consumers exploit policies that allow them to receive a full refund for an item without having to return it, in order to save the business shipping and processing costs.
In one recent survey, 44% of merchants report experiencing return abuse of some kind in the last 12 months, and 66% say it’s getting worse. But preventing this form of payment fraud before it happens can be tricky.
New fraud detection methods can prevent chargeback fraud before the transaction is completed thanks to advancements in artificial intelligence and machine learning.
You can prevent chargeback payment fraud by doing the following:
- Confirming all orders via email/text
- Reminding customers of recurring payments
- Applying frictionless transaction monitoring in your business
- Using recognizable transaction descriptions
Account Takeover
Criminals use account takeover attacks to commit payment fraud using payment details on file or stolen payment information. The price tag: As much as $16.9 billion per year. According to HelpNet Security, ATO attacks increased 307% between 2019 and 2021. This can be tough for businesses to spot because transactions are coming from a legitimate cardholder or customer account, when, in fact, it has been stolen.
Once inside the stolen account, attackers can transfer money, update billing information, and even set illegitimate beneficiaries.
Fraudsters steal customer accounts through the following methods:
- Sending phishing messages – Victims unknowingly log in to a malicious clone of a trusted website where attackers copy their account information.
- Installing malware – Spyware allows attackers to see the keystrokes and actions of a customer.
- Rogue mobile apps – The installation of fraudulent branded apps designed to fool victims into revealing login credentials increased 49% just within the third quarter of 2021.
- Credential stuffing – Criminals purchase entire databases of stolen account information on the dark web and then use software to test and validate passwords that haven’t been changed.
That last point is key. ATOs fueled by data breaches increased 850% between Q2 2020 and Q2 2021. With login credentials so readily available, the trick to stopping account takeover is to recognize fraudulent transactions and logins from legitimate accounts. One of the best ways to prevent this form of payment fraud is to use a fraud prevention system. These services use data science and machine learning to distinguish normal account behavior from fraudulent activity—no matter who is signed into the account.
You can prevent account payment fraud by doing the following:
- Offering two-factor authentication to your customers
- Preventing fraudulent logins with a fraud prevention system
- Setting login attempt limits to prevent credential stuffing
- Training staff to identify the signs of an account takeover
Account Enrollment Fraud
Increasingly, cybercriminal networks use small pieces of stolen identity information to stitch together fraudulent, or “synthetic” identities that can be used to open credit card, banking, BNPL, and other payment accounts, as well as apply for loans.
Synthetic identity fraud is a $6 billion problem that the FBI calls one of the fastest-growing forms of financial crime. In fact, the American Bankers Association reports the average synthetic identity profile is used to successfully steal between $81,000 and $97,000.
You can prevent synthetic identity fraud by doing the following:
- Use machine learning-based account enrollment fraud prevention solutions
- Verify each piece of new customer information during account registration.
- Automatically monitor all transactions for signs of fraud
- Keep up to date with identity screening best practices
- Use anti-fraud systems that leverage global data-sharing networks
- Apply extra scrutiny to account applicants using CPNs rather than an EIN or SSN.
Stopping Fraud, Not Transactions
Payment fraud and the myriad avenues for fraudsters to perpetrate it can feel overwhelming. But you don’t have to handle it alone.
Our own solutions, for instance, empower the digital economy to grow by authenticating billions of transactions annually. Our payment and account monitoring solutions increase revenue and reduce customer friction for card issuing banks, payment processors, and merchants worldwide.
By leveraging intelligence from 20 billion annual transactions across 6,000 institutions contributing to our global data network, our identity-based science prevents 95% of all fraudulent transactions, with customer intervention rates as low as 5%. That’s the best performance in the industry.
By seeing what others can’t, we stop fraud long before an account is created or a fraudulent transaction occurs. To learn how you can protect your customers through the power of frictionless fraud prevention, request a free demo today.