The Complete Guide to Online Payment Fraud Prevention

Online payment fraud is one of the greatest concerns for merchants worldwide regardless of the business scale. According to estimates, the global eCommerce losses from it accounted for $20 billion in 2021, which represents a 14% increase from $17.5 billion recorded in the previous year¹.

Staying informed about emerging types of fraud and implementing all the necessary security measures is critical for keeping your business and clients protected. Read ahead to find out how to detect different forms of fraudulent activity and learn practical tips on how to prevent it!

Main Types of Online Payment Fraud Encountered by Merchants

Online payment fraud is the act of conducting a transaction with stolen information that deprives a victim (an individual or business entity) of their funds. There are many types of fraudulent activity, namely:

Phishing

This is the practice when fraudsters send out fake communications to potential victims. The criminals’ goal is to trick the recipients into believing that the message is coming from a reputable source and convince them to provide payment information and other sensitive data. Phishing scams tend to create a sense of urgency to make individuals feel the need to take immediate action.

Depending on the industry, type, and structure of your business, you might need to pay closer attention to certain subtypes of phishing practices, such as:

• Spear phishing - Unlike regular email phishing activities where fraudsters send out mass emails to thousands of recipients, this type of payment scam uses a personalized approach, with hackers targeting specific individuals within a company.
• Whaling - In this case, scammers target “the big fish” - high-level executives instead of regular employees in search of bigger gains.
• Smishing - This category of phishing attacks is conducted with the use of text messages with malicious links.
• Vishing - Yet another type of phishing attack where phone calls are used to communicate with the victims and lure out their payment details.

According to the latest statistics, 96% of phishing attacks occur via email, another 3% are carried out via malicious websites, and only 1% of them happen through phone calls².

Triangulation

Triangulation is a type of online payment fraud that gets its name from the fact that there are always three elements involved in the dishonest transaction:

• Customer
• Online store
• Stolen data

Here is how the triangulation scam process typically goes:

1. A consumer places an order at a marketplace, which happens to be a scam platform.
2. The fraudster then places the same order at a genuine retailer, such as Amazon or eBay. To complete this transaction, the illegitimate seller uses separate stolen payment information, such as a credit card obtained from the dark web.
3. The authentic retailer processes the purchase and ships the order to the provided address that was illegally obtained from the customer.
4. The unsuspecting client will receive the item they purchased and might even leave positive feedback for the fake storefront. However, the owner of the stolen credit card data will have the money missing from their account and is likely to reach out to the legitimate store for a refund. The scammer, on the other hand, will still keep the funds they got from the original shopper.

This is a common type of payment fraud that is particularly dangerous, as consumers may never realize that they support a dishonest player.

Merchant Identity Fraud

Another type of payment scam that often affects businesses is merchant identity fraud, which can be divided into three main categories:

• Identity swap – this type of merchant identity fraud happens when a scammer uses a fake or stolen identity to secure a merchant account when they are not allowed to set up one.
• Bust out fraud – in this scheme, a scam store markets a product or service, racks up a large number of orders, steals the funds, and closes down the store before getting caught.
• Transaction laundering – a fraudster unknown to a merchant processes payments through the facilities provided by the acquirer to the legitimate merchant.

Friendly Fraud

The so-called “friendly” fraud occurs when a consumer places an order online with their credit card and then proceeds to initiate a false chargeback claim. Some common reasoning that is used in such cases includes:

• Saying that the products were not delivered
• Stating that the item was returned, but the seller failed to issue a refund
• Pretending not to know that the purchase was made

While not all chargebacks are fraudulent, this might be the case in many cases. Chargebacks can result in penalties, increased processing costs, and even merchant account termination for businesses, so it’s critical to be able to detect and prevent friendly fraud, as well as other payment scam types.

How Is Payment Fraud Detected?

Knowing the main types of fraud that businesses encounter brings you one step closer to preventing such instances.

A common question among merchants is: “how do online transactions detect fraud?” In fact, the purchase has no way of marking itself as malicious. Monitoring the orders placed at your store and noticing signs of suspicious activity is the way to proceed.

Payment Fraud Red Flags

Some red flags that could be a sign of malicious activity in the eCommerce sphere include:

• The address seems sketchy. Pay close attention to the shoppers’ shipping and billing addresses. If they don’t match or appear non-existent, there are high chances that the transaction is fraudulent.
• The order value is suspiciously high. Since criminals that have stolen payment information only have limited time on their hands before the theft is discovered, they often try to spend as much money as possible in one transaction. Thus, any orders that significantly exceed the average sum spent should be considered suspicious.
• IP address registered in a high-risk area. While the IP address pointing to an area where higher rates of fraud are registered shouldn’t be an end-all decider, it is certainly a reason for you to look at the purchase closer and check if other red flags are present.
• Shady email. An email address that looks like a random set of numbers and letters, such as “[email protected]”, can indicate that you are dealing with a fraudster.
• Repetitive orders. Proceed with caution when receiving orders that feature a lot of similar items that vary only in minor characteristics like color or size.
• Card testing practices. Multiple cards used for identical orders, reattempted transactions with a smaller value, and too many declines on order attempts - all these are signs of card testing, a practice during which a scammer tries to determine whether payment card information is valid.

The list goes on - as eCommerce evolves, so do fraudulent practices. Taking all the necessary precautions is essential to detect and avoid various types of payment scams effectively.

How Can Fraud Payments Be Avoided?

While paying attention to suspicious activity goes a long way, there are other steps you can take to avoid online payment fraud, namely:

1. Staying Informed on the Latest Fraud Trends

Hackers are always looking for new and advanced ways to avail of money illegally, so fraud comes in all kinds of shapes and forms.

Some of the most popular payment scams by the end of 2021 were:

• Authorized Push Payments (APP)
• Account takeovers
• New account fraud
• Transaction fraud

As for the predictions regarding 2022 and beyond, a survey conducted by the Association of Certified Fraud Examiners (ACFE) demonstrates that experts anticipate an increase in payment fraud instances by 71%³. Some of the reasons behind this forecast are:

• Ongoing adjustments to the shifts in consumer behavior driven by the pandemic
• Changes in regulatory requirements
• Supply chain disruptions influencing the sales environment

Hence, continuously monitoring the news regarding fraudulent practices is essential to protect sensitive data and funds.

2. Delaying the Shipping of Suspicious Orders

If, after examining a transaction, especially an international one, you have doubts about whether it is legitimate or not, it makes sense to delay shipping the items for at least 24 hours. This would give a legitimate credit card owner some time to notice an unwanted transaction and report it to their bank.

3. Collecting Signatures Upon Delivery

Instead of simply dropping the product off at the customer’s door or releasing it without confirmation, it is highly advisable to ask the receiver to sign a document. This will help you tackle a couple of potential issues:

• Undelivered item claims – having proof of receipt will automatically mean that the product was delivered to the client personally, without them being able to dispute this fact.
• Not remembering the purchase – if the client didn’t remember ordering an item and the purchase is truly fraudulent, they would not sign the document upon item delivery. In this case, the shipping company would return the product to the merchant, helping them to avoid a possible fraudulent chargeback.

4. Implementing Advanced Tech Solutions

While it certainly helps the detection process, manually reviewing every transaction is not the most efficient way of tracking potential fraud. Tech solutions are essential for your business and clients to be protected from advanced scamming techniques.

Some excellent security elements include:

• IP address verification - Payment scams are often conducted with the use of a virtual private network (VPN) for the sake of the fraudsters’ anonymity. This makes IP address verification indispensable for identifying the entities merchants are dealing with, preventing data leaks, and banning unauthorized access to their networks.
• AI and Machine Learning-based solutions - AI and ML-based systems enable companies to analyze large volumes of financial events and generate optimized models that enable faster and better decision-making.
• 3-D Secure payment authentication - The latest 3D Secure 2.0 protocol requires users to provide at least two of the following authentication elements:
  • Something they know, such as an SMS verification code, a password, or an answer to a security question.
  • Something they own, like a banking app or security token.
  • Something they are, typically featuring biometric data like a fingerprint.
• Login scoring - Fraudsters know how to use stolen payment data and can sometimes even take over their victims’ devices. Login scoring plays the role of a roadblock and helps detect when a bank card or device is being abused by a dishonest party by not allowing suspicious system entry attempts.
• Payment gateway - This versatile solution combines a number of effective techniques to detect and prevent transaction fraud. A payment gateway will typically flag suspicious purchases, perform device identification, conduct risk scoring, implement lockout mechanisms, and beyond.

Choosing the right service provider is fundamental for ensuring the correct implementation of security solutions and advanced fraud protection.

Payneteasy: Your Reliable Fraud Prevention Partner

Payneteasy is a leading payment platform provider with a strong focus on creating a safe environment for your customers.

Our white label payment gateway boasts Risk Management technology that is designed to increase transaction approval ratios and mitigate fraudulent activity. Some of its features you are sure to appreciate include:

• 150+ customizable anti-fraud filters
• 3-D Secure authentication
• Effective chargeback prevention with Ethoca integration
• Consumer behavior analysis
• Customer DNA insights for smart scam prediction

The combination of these risk management elements ensures that your business’s security, revenues, and reputation are safe. Contact us without delay if you have any queries or wish to take a critical step in preventing payment fraud!

¹ - Statista - Value of e-commerce losses to online payment fraud worldwide in 2020 and 2021
² - Tessian - Must-Know Phishing Statistics of 2022
³ - Brighterion - Merchant fraud predictions for 2022: a pandemic-driven increase