What Is Payment Fraud & How Do You Prevent It
Payment fraud is, at its core, a false or illegitimate transaction. Before the internet, payment fraud was typically a simple case of bounced checks or erroneous chargebacks. However, with the advent of eCommerce, it’s become much more complex. Consumers are losing personal identity data and credit card numbers to phishing scams, malware links in text and instant messages, and bogus phone calls.
The global eCommerce market has reached $4.9 trillion in annual sales in 2021, with forecasts of $7.4 trillion by 2025. The cost of payment fraud to online businesses was estimated at $33.6 billion the same year and is only expected to grow.
What are the types of payments a business might process?
- Card Present (CP): Card-present transactions are seen only at brick-and-mortar locations where shoppers need to have a physical credit card to make a purchase. The merchant will typically have a point of sale (POS) system that includes a card reader
- Card Not Present (CNP): Online shoppers cannot present a physical credit card to an eCommerce merchant, so transactions are made with the card number, expiration date, and CVV number. CNP transactions can also be conducted by mail or phone
- ACH Payments: This payment type is common with subscription models that require regular monthly payments. It’s also popular with software as a service (SaaS) platforms. The shopper needs a bank routing and account number to transact in this manner
The common denominator for each of these payment methods is that they all involve disclosing numbers, either a credit card or a bank account. But numbers can be stolen: That’s the heart of the payment fraud problem. Consumers are taught to protect their information, and merchants do their best to guard it, but hackers and identity thieves are experts at getting around security measures.
How can eCommerce merchants protect themselves and their customers?
Brick-and-mortar businesses can insist on seeing a matching ID with a physical credit card. Preventing online shoppers from using stolen information is more difficult because these shoppers are not physically present when making purchases.
Protect yourself with a fraud prevention solution
Dealing with online payment fraud is an ongoing battle that necessitates keeping on top of new fraud trends and methods and constantly investing in technological innovation. While many merchants choose to have in-house teams or technology, others can’t or aren’t interested in making that investment. The right fraud prevention vendor can help merchants scale their business, expand into new markets and products, adopt new payment methods, and increase their sales, while offering better cost predictability and lowered risk at a lower investment of time and resources.
Other prevention steps can include:
- Stay up to date on current payment fraud trends: Hackers make it a point to stay current on all the latest cybercriminal trends. Understanding their tactics could help you stop them
- Consider hiring an ethical hacker: These individuals have the same skill set as their “black hat” counterparts. Think of it as a “stress test” to protect your customers and prevent payment fraud
- Install a password protocol: Asking customers to change passwords periodically may seem like an inconvenience, but it’s a security measure for their protection. Every change requires hackers to start over again
- Write a privacy and security policy: Customers need reassurance that their transactions are safe. Write a privacy and security policy to explain what you’re doing in those areas. Post those policies on your site where customers can see the links and easily click on them for quick reference
- Require a user login for purchases: This is a feature that sometimes confuses customers because it seems like they were logged out while browsing your site, but that’s not the case. Requiring an additional login before customers make the final purchase is a security measure. It ensures that the buyer didn’t simply pick up the real account holder’s mobile device and use auto-saved settings to run up their credit cards
- Code your site with a timed user logout: Automatic logout closes the application if the user has been dormant for a specific period. Customers often leave their computer or mobile device and forget which apps they left open. Accidentally doing this in a public place leaves them vulnerable to identity thieves and online “shoplifters.”
How can consumers protect themselves against payment fraud?
Consumers should generally take caution online: change passwords often, shop with reputable vendors, avoid clicking on suspicious links, and track their purchases. Unfortunately, the vast majority of eCommerce consumers will fall victim to fraud at some point, despite their best efforts. At this point, consumers can:
- Contact the seller. Any reputable business will have a customer support team dedicated to addressing such issues.
- In the case of CNP fraud, consumers also have a time window (which can change from one card network to another) to file a chargeback for fraudulent transactions.
- Report the issue to their local authorities, such as the US Federal Trade Commission.
Online marketplaces have always encountered fraud from both ends of the transaction. Sometimes, their users are the victims – buyer and seller accounts are vulnerable to takeovers and card-not-present (CNP) fraud. Other times, users are the ones stepping into the fraudster role, deceptively filing chargebacks or publishing deceptive listings.
If you had a successful ride on the roller coaster that is the holiday shopping season, your refund policy could soon be coming back to haunt you in the form of empty box scams. Across the board, policy abuse including promo abuse and item-not-received (INR) is on the rise, and merchants have come to expect more of these grey-area cybercrimes during and post-holidays.
The old Hollywood myth of the hooded fraudster working from their basement is no longer true - and the repercussions for eCommerce are significant.