Identifying payment fraud
Payment fraud presents a real threat to all of us who use the internet to pay or receive payment. As cybercrime becomes ever more sophisticated, it’s vital to understand how it works and how to guard against it.
Understanding payment fraud
The convenience of online trading is sadly but inevitably threatened by fraudsters keen to get their hands on the vast amount of money that’s transferred across the internet. In 2020, as COVID-19 restrictions sent online sales spiraling, global losses from payment fraud of more than US$32 billion were recorded – three times the amount in 2011.1 According to a 2021 study by digital technology market research specialist, Juniper Research, merchants are forecast to lose US$206 billion by 2025 as payment fraud escalates.2 Cybersecurity is now more important than ever but you don’t need to be an IT expert to understand the warning signs of potential online payment fraud and how to prevent it.
How fraudsters operate
While the mechanics of eCommerce frauds are complicated, the basic methods behind payment scams are simple to understand. There are two primary approaches used by fraudsters:
Account takeover occurs when a hacker gets hold of an account holder’s log-in details and takes over bank, credit and eCommerce accounts in order to steal from them.3 Much of this information is bought on the Dark Web.4 Fraudsters can also obtain information on private accounts by phishing – sending what looks like innocuous, official emails that invite you to reveal personal or confidential information, which can then be used for illegal purposes.5 Another method is by planting malware, which disrupts or damages your computer as well as allowing the hacker access to your private files.
When an account is taken over, the fraudster retains the account holder’s name and other details, but changes the delivery address to obtain the goods they have stolen. The genuine account holder will probably not discover this until the cost of the stolen goods appears on their account statement or when they realise their bank account has been compromised.6
Identify theft occurs when a criminal acquires – again, frequently from the Dark Web – a real person’s identity, such as from a social security number/national identity number, onto which they would fabricate other details to make up a new fake ID. The social security number or national identity number could come from a deceased person or a very young child, who might not discover the theft until they require the number in adulthood. Using the same number, fraudsters add an address and other false personal details to build up a new ‘synthetic identity’. They will then attempt to open a credit account with the new identity they have created. Eventually, it is possible to build up multiple credit accounts until such time when fraudsters max out on them all – and disappear without trace.7
The common factor in payment card frauds is that they are very difficult to trace. Indeed, the innocuous-sounding names given to two very common frauds belie the serious criminality behind them:
Clean fraud is a euphemism that describes a transaction made on a genuine card that is unlikely to appear on a deny list for known fraud accounts. One method is for a fraudster to steal credit card information, including the holder’s username and password, by first convincing the unwitting account holder to make a purchase through a fake website, from which the thief can steal the data to make their own purchases with the stolen account. Another way is by intercepting a genuine transaction and again stealing the account holder’s details.8
Friendly fraud is anything but friendly and is a common type of clean fraud that involves the customers themselves – the genuine cardholders – requesting reimbursement for the unsatisfactory fulfilment of an order. Friendly fraud gets its name because the claims frequently look genuine. Indeed, in many cases the reasons given are legitimate, which makes fraud so difficult to detect. Here, your customer orders an item, receives it, but finds an excuse for claiming reimbursement. The usual reasons include:
- The item failed to arrive
- The item doesn’t match the online description and is not wanted
- The item was returned but a refund has not been given
- The customer cancelled the order, but it was still sent
- The customer doesn’t remember the purchase so the card must have been compromised9
Who pays the bill for online fraud?
There is a distinction between ‘card present’ and ‘card not present’ transactions, i.e. card present transactions are where a cardholder makes his payment on a physical machine, such as in a shop or restaurant, in contrast to keying in the details when shopping online. In certain cases, the bank may bear the cost of card present transactions but the merchant will have to foot the bill for card-not-present, remote online purchases.10
Reduce your chance of falling prey to fraudsters
As payment fraud escalates, it’s more important than ever to be on your guard. One way to help keep your payments safe is by buying fraud protection tools, a program designed to help you to avoid accepting fraudulent purchases. There is a wide variety of these available, depending on the needs of your individual business, but a main component of any of them is an address verification service that checks the cardholder’s address matches the billing address and also that the customer is the genuine cardholder. Another important function of fraud protection tools is machine learning, which takes into account factors such as delivery address, average consumer purchase size, historic chargebacks, buying behaviour and the types of products each consumer normally buys, their location – these build up a picture of each customer’s normal buying behaviour and can swiftly highlight deviations for further scrutiny.11
In addition, you can help your business by working with your in-house team and industry partners. Involve your customers by setting up a contact channel or forum where they can report suspicious behaviour. And, of course, ensure your workforce is on the alert for strange emails that could allow hackers into your system.12
How PayPal can help to safeguard your online payments
It’s PayPal’s priority to keep your accounts and transactions safe and monitor for potential fraud. For further security, PayPal Seller Protection protects eligible transactions from illegitimate chargebacks, reversals, and their associated fees, giving you further peace of mind. And if there’s a dispute with a transaction, we can put the funds on hold while we help you resolve it.
To find out more on how you can protect your business against fraud with PayPal, please click here.
Sources:
1 Merchant Savvy, https://www.merchantsavvy.co.uk/payment-fraud-statistics/, October 2020.
2 Juniper Research, https://www.juniperresearch.com/researchstore/fintech-payments/online-payment-fraud-research-report, April 2021.
3 One Span, https://www.onespan.com/topics/account-takeover-fraud.
4 Equifax, https://www.equifax.co.uk/resources/identity-protection/how-financial-crimes-are-hidden-in-the-dark-web.html.
5 Merriam-Webster, https://www.merriam-webster.com/dictionary/phishing.
6 Comtact, https://comtact.co.uk/what-are-the-different-types-of-malware/, March 2019.
7 Thomson Reuters, https://legal.thomsonreuters.com/en/insights/articles/synthetic-identity-fraud.
8 Corporate Vision, https://www.corporatevision-news.com/5-common-types-of-ecommerce-fraud-and-how-to-fight-them/, August 2021.
9 Verifi, https://www.verifi.com/chargebacks-disputes-faq/what-is-friendly-fraud/.
10 Nerd Wallet, https://www.nerdwallet.com/article/credit-cards/merchants-victims-credit-card-fraud, July 2020.
11 Ravelin, https://www.ravelin.com/insights/machine-learning-for-fraud-detection.
12 Forbes, https://www.forbes.com/sites/forbesfinancecouncil/2021/08/04/how-businesses-can-protect-their-customers-and-themselves-from-online-fraud/, August 2021.
We'll use cookies to improve and customise your experience if you continue to browse. Is it OK if we also use cookies to show you personalised ads? Learn more and manage your cookies