Defending Yourself from Payment Fraud
Payment fraud is a great big thorn in the side of the e-commerce sector. Fraud, theft, and financial crimes affect every industry, but electronic payment fraud is especially problematic in purely digital environments. Cybersecurity firms try valiantly to stay ahead of sophisticated fraudsters’ tricks, but they’re stuck in a high-tech arms race that shows no signs of ending soon.
Merchants have to take responsibility for their own protection and learn how to recognize and thwart the attacks that target them. What types of payment fraud do merchants need to look out for, and what are the best ways to stop them?
The last few years have been particularly lucrative for fraudsters, as the COVID-19 pandemic shunted a significant amount of commerce onto online channels.
Consumers who had little previous experience with the pitfalls of e-commerce fraud were suddenly making all of their purchases through online channels, and merchants were dealing with higher volumes of sales traffic than they were used to handling. All in all, it has been a perfect environment for fraud to flourish, and global e-commerce fraud losses topped $20 billion in 2021.
Consumers may feel pangs of panic when they lose a credit card, but fraud involving actual stolen cards is a well-managed problem since the EMV chip was introduced.
Online, thieves can steal and share stolen payment credentials without the victim being the least bit aware that their data has been compromised, and merchants are stuck relying on imperfect identity verification methods to ensure that customers are who they claim to be. Consequently, card-not-present fraud is 81% more frequent than fraud at brick-and-mortar stores and other card-present environments.
Luckily for cardholders, they’re well-protected from the consequences of fraud, with US law limiting their liability to no more than $50 in most cases and most banks having a zero fraud liability policy.
It's ultimately the merchants who take the brunt of the impact, losing both the goods sold to fraudsters and the revenue from disputed transactions. Like it or not, managing fraud and chargebacks is a big part of every merchant’s job description now, and you have to know what you’re up against.
What Is Payment Fraud?
Payment fraud refers to any of the many schemes that involve payment transactions, with credit cards being the most common targets. Cybercriminals will opportunistically attack any vulnerable merchant, but some merchants make more attractive victims than others. Fraudsters like high-volume merchants who are less likely to closely scrutinize transactions, stores that sell valuable goods that can be resold easily, and “risky” industry sectors that are already swamped with disputes and payment issues.
Most payment fraud will fall into one of the following categories:
Credit card fraud, in which the fraudster steals the victim’s payment credentials and uses them to make unauthorized purchases.
Identity theft, where the fraudster impersonates the victim in order to gain access to their funds. For e-commerce merchants, this commonly takes the form of an account takeover attack, in which the fraudster logs into somebody else’s account and uses their stored payment credentials to make purchases.
Refund or return fraud, which involves a fraudster making a legitimate purchase but then conning the merchant into giving their money back by making false claims or exploiting loopholes in the merchant’s return policy.
Friendly fraud, also known as chargeback fraud, where again the fraudster poses as a real customer and makes a purchase with their own credit card, then disputes the transaction under false pretenses to obtain a chargeback from their bank.
Fraudsters may use sophisticated software tools like bots and malware to breach vulnerable systems, steal data, and automate fraud attacks. As the method by which many fraudsters obtain their victims’ login information and payment credentials, phishing is a common precursor to payment fraud.
Why Is Payment Fraud so Harmful to Merchants?
Consumers may rightly find it upsetting when they become the victims of payment fraud, but the law is set up to make them whole again and restore their confidence in the payments ecosystem. Not so for merchants, who are on the hook for the fraudulent charges once the disputes work their way through the system and turn into chargebacks.
Fraud losses are more costly than returned item refunds. In addition to the loss of the product, merchants pay for the time and overhead spent on making the sale and dealing with the dispute. They also get hit with chargeback fees. When you add it all up, the typical chargeback costs merchants more than double the amount of the original transaction.
Worse yet, banks and card networks hold chargebacks against the merchant. Chargeback-to-transaction rates are tracked, and when they exceed a certain threshold—usually 1%--the merchant may be required to follow a remediation program, which often comes with additional fees. Merchants who carry excessive chargeback rates for too long can even have their merchant accounts terminated, imperiling their ability to accept any card payments in the future.
How Can Merchants Avoid Payment Fraud?
Because payment fraud comes in many forms, mitigating it requires a multi-pronged approach that accounts for the specific circumstances and attack patterns that the merchant is experiencing. Analyzing your fraud and chargeback data is a crucial first step to coming up with a prevention strategy.
Anti-fraud software is your best bet for reducing true credit card fraud. Solutions that use AI and machine learning to analyze customer behavior and transaction data can sniff out fraud attempts before the payments are completed.
Tools that verify customer identities, such as 3-D Secure and other multi-factor authentication solutions, are also very helpful for preventing both credit card fraud and account takeover attacks.
To deal with return fraud and friendly fraud, it helps to create sales agreements and policies that protect you from customers acting in bad faith. It’s hard to see these attacks coming, as they always start out as normal transactions. When you receive a chargeback and identify it as friendly fraud, you can fight it—and win—if you have the right evidence on your side.
Trying to stay one step ahead of the fraudsters can feel overwhelming at times. Data analytics are especially helpful because they can identify the specific threats you’re dealing with, allowing you to narrow down your defenses to the ones that will have the greatest impact on your actual situation. With the right tools and a smart strategy, you can protect your revenue and your customers from cybercriminals, and never forget that there are always experts you can call in for assistance if things get really bad.