Payment fraud is, at its core, a false or illegitimate transaction. Before the internet, payment fraud was typically a simple case of bounced checks or erroneous chargebacks. However, with the advent of eCommerce, it’s become much more complex. Consumers are losing personal identity data and credit card numbers to phishing scams, malware links in text and instant messages, and bogus phone calls. 

The global eCommerce market has reached $4.9 trillion in annual sales in 2021, with forecasts of $7.4 trillion by 2025. The cost of payment fraud to online businesses was estimated at $33.6 billion the same year and is only expected to grow. 

What are the types of payments a business might process?

  • Card Present (CP): Card-present transactions are seen only at brick-and-mortar locations where shoppers need to have a physical credit card to make a purchase. The merchant will typically have a point of sale (POS) system that includes a card reader
  • Card Not Present (CNP): Online shoppers cannot present a physical credit card to an eCommerce merchant, so transactions are made with the card number, expiration date, and CVV number. CNP transactions can also be conducted by mail or phone
  • ACH Payments: This payment type is common with subscription models that require regular monthly payments. It’s also popular with software as a service (SaaS) platforms. The shopper needs a bank routing and account number to transact in this manner

The common denominator for each of these payment methods is that they all involve disclosing numbers, either a credit card or a bank account. But numbers can be stolen: That’s the heart of the payment fraud problem. Consumers are taught to protect their information, and merchants do their best to guard it, but hackers and identity thieves are experts at getting around security measures. 

How can eCommerce merchants protect themselves and their customers?

Brick-and-mortar businesses can insist on seeing a matching ID with a physical credit card. Preventing online shoppers from using stolen information is more difficult because these shoppers are not physically present when making purchases. 

payment fraud image

Protect yourself with a fraud prevention solution

Dealing with online payment fraud is an ongoing battle that necessitates keeping on top of new fraud trends and methods and constantly investing in technological innovation. While many merchants choose to have in-house teams or technology, others can’t or aren’t interested in making that investment. The right fraud prevention vendor can help merchants scale their business, expand into new markets and products, adopt new payment methods, and increase their sales, while offering better cost predictability and lowered risk at a lower investment of time and resources. 

Other prevention steps can include:

  • Stay up to date on current payment fraud trends: Hackers make it a point to stay current on all the latest cybercriminal trends. Understanding their tactics could help you stop them
  • Consider hiring an ethical hacker: These individuals have the same skill set as their “black hat” counterparts. Think of it as a “stress test” to protect your customers and prevent payment fraud
  • Install a password protocol: Asking customers to change passwords periodically may seem like an inconvenience, but it’s a security measure for their protection. Every change requires hackers to start over again
  • Write a privacy and security policy: Customers need reassurance that their transactions are safe. Write a privacy and security policy to explain what you’re doing in those areas. Post those policies on your site where customers can see the links and easily click on them for quick reference
  • Require a user login for purchases: This is a feature that sometimes confuses customers because it seems like they were logged out while browsing your site, but that’s not the case. Requiring an additional login before customers make the final purchase is a security measure. It ensures that the buyer didn’t simply pick up the real account holder’s mobile device and use auto-saved settings to run up their credit cards
  • Code your site with a timed user logout: Automatic logout closes the application if the user has been dormant for a specific period. Customers often leave their computer or mobile device and forget which apps they left open. Accidentally doing this in a public place leaves them vulnerable to identity thieves and online “shoplifters.”

How can consumers protect themselves against payment fraud?

Consumers should generally take caution online: change passwords often, shop with reputable vendors, avoid clicking on suspicious links, and track their purchases. Unfortunately, the vast majority of eCommerce consumers will fall victim to fraud at some point, despite their best efforts. At this point, consumers can:

  • Contact the seller. Any reputable business will have a customer support team dedicated to addressing such issues.
  • In the case of CNP fraud, consumers also have a time window (which can change from one card network to another) to file a chargeback for fraudulent transactions. 
  • Report the issue to their local authorities, such as the US Federal Trade Commission.