In 2022 alone, businesses experienced $41 billion in fraud related losses, highlighting the need for more awareness and preventive measures. As a merchant, it is crucial to understand the common fraud tactics and develop strategies to spot and prevent fraudulent activities. In this article we will explore some of the common fraud tactics and what you as a merchant can do to mitigate fraud losses.
- The total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, from just over $41 billion in 2022.
- Merchants stand to lose $206 billion for the period between 2021 and 2025.
- Remote physical goods purchases are the leading cause of online payment fraud; accounting for over 47% of fraud losses in 2021.
Common fraud tactics
The first step in beating fraud is to understand it and learn to recognize the various tactics used by fraudsters to deceive merchants and exploit vulnerabilities in their systems. The most common fraud tactics include:
Credit card theft
Credit card fraud remains one of the most common types of fraud, where criminals use stolen or fake credit cards to make purchases. In cases of merchant fraud, stolen credit card numbers may be used to transact with fake businesses, defrauding credit card companies.
Identity theft
This occurs when personal information is stolen. Fraudsters use the stolen identity to open credit card accounts and make unauthorized purchases, resulting in significant financial losses.
Account takeover
This occurs when cybercriminals gain unauthorized access to login credentials often obtained through a data breach. Fraudsters can then change information such as delivery addresses and make fraudulent purchases using the saved payment information. In some cases, the account is held for ransom and the owner is ordered to pay a sum of money to have it returned.
Friendly fraud/ chargeback fraud
This occurs when a customer decides to falsely claim a purchase as fraudulent to obtain a refund. The customer may say that they did not receive their purchase and file a chargeback dispute with their bank, alleging non-receipt of the item.
In the 2023 Global Payments and Fraud Report by MRC, it was found that over one-third of merchants experience first-party misuse or “friendly fraud”. Roughly 9 in 10 have submitted compelling evidence to resolve friendly fraud disputes, and 7 in 10 are aware of the recent card scheme updates to these policies.
Friendly fraud is now ranked as the second most popular method of fraud, moving from fourth in 2022, with a staggering 43% of merchants experiencing this type of fraud, up from 35% in 2022.
Phishing / pharming / whaling attacks
Slightly more sneaky, phishing attacks occur when a fraudster poses as someone or something else to gain login credentials. For example, a fraudster may pose as a user’s bank and send an email requesting the user to update their account details. The link in the email will track to a fake website in order to obtain the login details. Criminals can then use this information to gain unauthorized access to the user's bank account and perform fraudulent transactions.
Card testing
This occurs when fraudsters systematically attempt small transactions across various online platforms to test the validity and limits of the stolen cards. By conducting multiple small transactions, the fraudsters can avoid immediate detection. The fraudulent activity is generally detected through sophisticated fraud prevention measures employed by the merchants, which flag and block the suspicious card testing activities.
Fraud in action
One recent case that hit the media involved names like Netflix and Spotify and a 23-year-old IT professional from Australia.
Evan McMahon from Sydney is facing prison after he was found to have made over 1 million dollars over 3 years from a website scheme. McMahon operated 4 different websites that sold stolen login credentials for popular streaming services like Netflix, Hulu and Playstation, allowing users to access these services at a discounted rate offered through McMahon. At the time of his arrest McMahon had sold 85,925 logins. That’s a lot of lost revenue!
How to prevent fraud in your business
Spotting fraud
Spotting fraud early is essential in minimizing its impact. Merchants should be vigilant for signs such as unusual purchasing patterns, mismatched billing and shipping addresses, multiple declined transactions, multiple transactions from the same IP address, and suspicious customer behaviour.
Fraud detection tools
There is a vast collection of tools that a merchant can access to steadfast their protection against fraud, with the most popular being:
- Credit card verification services
- Identity validation
- Two factor phone authentication
- 3-D Secure authentication
- Internal customer order history/website behaviour analysis
- List management
- Credit history checks
- Device based results
While this list is effective, merchants are yet to really capitalise on the usage of biometric indicators, company specific fraud scoring and multi-merchant purchase velocity- all of which were cited by the MRC as the most effective tools in the combat of fraud. Although merchants have been slow to adopt these tools, the use of AI machine learning and intelligent payment routing has increased with around 4 in 10 merchants utilizing these approaches.
Security is paramount in the fight against fraud. Merchants should prioritize the use of secure payment gateways, implement encryption protocols to safeguard sensitive data, and conduct regular security audits. Compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements and stringent data protection measures further fortify a merchant's defences against fraud.
Effective Chargeback Management
Effectively managing chargebacks is another crucial aspect of fraud prevention. By implementing robust chargeback management processes, merchants can combat friendly fraud and unauthorized transactions, reducing financial losses and preserving customer trust. Utilizing insightful statistics and analytics, merchants can gain valuable insights into chargeback patterns and proactively take steps to mitigate risk.
Recently, Visa updated their policy on chargebacks with the introduction of Visa Compelling Evidence 3.0. This set of updated guidelines outlines what merchants, acquirers, and issuers can do to more successfully prove that a chargeback was fraudulent. According to the CE 3.0 policy, merchants are required to show proof of past valid transactions made with the same payment card, dating back over 120 days. These transactions must not have been disputed or marked as fraudulent. To comply with the policy, merchants must provide at least two of the following transaction details: IP address, device ID or device fingerprint, shipping address, or user account. However, it is essential that one of the two details includes either an IP address or a device ID or device fingerprint.
Similarly, to Visa, Mastercard has their own Dispute Management process which streamlines transaction dispute handling, offering a secure and efficient solution for businesses and cardholders. It simplifies chargeback processes and helps protect against fraudulent claims. Their pre-transaction solutions like Mastercard Identity Check verify cardholders in advance, reducing fraud risks.
Keep up with fraud trends
Fraud is constantly in the news, so it helps to be aware of the trends happening in this space. Your payments partner can also advise you on activity in this area, however attending networking events and subscribing to relevant email newsletter lists can also help keep on top of new developments.
How payabl. can help
At payabl., our advanced fraud detection tools and systems, combined with address verification services and multi-factor authentication, help identify and flag potentially fraudulent transactions, allowing merchants to take prompt action.
Personalised risk management
Your Client Relationship Manager knows the intricacies of your industry and it’s with this expert knowledge that they can work with you to set the unique fraud rules that apply to your business needs.
Businesses have the flexibility to establish rules based on customer location, IP address, or purchase history. This enables them to customize their fraud prevention strategies according to their specific business model and risk profile.
The payabl. Risk team is highly experienced in fraud prevention, dispute management and compliance and we’re with you all the way from setting up and defining rules based on your needs, to enhanced consultation on how to handle disputes. We also set you up for success right from the get-go with in-depth support documents when you join us and offer continuous updates on market activity and best practices.
Real-time transaction monitoring
The payabl. real-time dashboard allows you to keep track of transactions and detect any anomalies and suspicious activity. Using data and analytics to manage fraud is essential to understanding how fraudulent attacks are impacting a business and how they can be mitigated.
The power of AI and human risk assessment
Manually monitoring fraud and risk is time consuming, in fact, 6 in 10 merchants are now seeking to reduce or eliminate this aspect of fraud management. Our highly experienced risk experts use AI machine learning to monitor and review transactions to flag any suspicious activity.
Double-Shield Protection with 3D Secure 2.2
payabl. ensures steadfast protection against fraudulent payments by utilizing 3D Secure v2.2. 3DS requires the cardholder to enter an additional password or verification code to confirm their identity when making purchase.
Strong Customer Authentication
Strong Customer Authentication (SCA) is a European regulatory requirement to reduce fraud and make online and contactless offline payments more secure. It is part of Payment Services Directive 2 (PSD2) which requires customers to use two-factor authentication. In 2023 approximately 85% of merchants have started implementing Strong Customer Authentication (SCA) to comply with the EU’s PSD2 regulations, but roughly half (49%) have yet to complete this process. Partnering with a payments provider like payabl. that is SCA and PSD2 compliant will ensure that the uptake percentage continues to rise.
The ever-present threat of fraud requires merchants to be proactive and vigilant. By staying informed about common fraud tactics, adopting robust prevention measures, ensuring data security, and employing effective chargeback management, merchants can protect themselves and their customers from the damaging effects of fraud.
At payabl., we are committed to assisting merchants in their fight against fraud through our advanced fraud monitoring and analytics tools. Together, we can create a safer and more secure business environment.
If you require any additional information or assistance regarding fraud prevention or risk management, feel free to reach out to our team at payabl. We are dedicated to helping merchants navigate the complex landscape of fraud prevention and safeguard their businesses.