Guides and reports

What is payment fraud and how to prevent it

Ever since the start of ecommerce, payment fraud has become easier to commit. In this article we define payment fraud and the best tactics to prevent it.

20 September, 2022
 ·  6 minutes

When stores closed during the pandemic, online shopping drastically increased. This sudden change in consumer behavior created many new opportunities for fraudsters. Consequently, resulting in a rise in payments fraud. Payments fraud statistics show that 71% of organizations were victims of payments fraud attacks in 2021.

Technological advancements have also unintendedly aided the increase in payments fraud. One-click payments make it harder for banks to detect and block fraud, while the dark web helps fraudsters cheat the system at a bigger scale. 

But technology has also had a positive effect on fraud. Businesses can detect and prevent fraud faster and reduce its negative impact, leading to a higher revenue and better customer experience.

Although some fraud attempts happen in store and over the phone, online payment fraud is the most prevalent and fastest growing, and what we’ll be focusing on in this article. Before we elaborate on this, let’s start with the basics.

Fraudulent and genuine customers

What is payment fraud?

Payment fraud is when a person, who's not the legitimate owner of the payment instrument, initiates a payment with the intention to commit fraud.

Types of payment fraud

The main challenge for businesses is to keep up with the different techniques used to commit fraud and identify them on time. It’s important to understand what types of fraud exist and how they can affect your business before looking at how to build an effective risk strategy.

Credit card fraud

Credit card fraud is a type of identity theft that involves fraudsters using stolen card details to commit fraud. The purpose of credit card payment fraud is to charge purchases to the account or remove money from it. During the first half of 2022, there were already 2.4 million cases of identity theft.

How to detect and prevent credit card fraud:

  • Perform an AVS (Address Verification Service) or CID (card identification) check on transactions to verify the payment location and that the card is present.

  • Apply behavioral analytics technology that flags suspicious behavior, such as someone purchasing an item multiple times, multiple purchases with the same email, or orders delivered to the same address using different payment details.

Card testing fraud

Card testing fraud is when stolen cards are ‘tested’ to see if they’re active. If they are, they can be sold on the dark web for a much higher price than those that go untested.

A common way fraudsters can see if a card is active is by entering the card details when signing up for a subscription-based service with a free trial. The subscription business then performs a zero-amount transaction before charging the actual amount to see if the card is active.

How to detect and prevent card testing fraud:

  • Apply behavioral analytics technology to identify fraudulent checkout attempts.

  • Know your shoppers’ behavior and use velocity risk checks as well as other business rules to ensure you’re blocking the correct scenarios.

  • Check time frames of orders. As card testers involving bots/scripts are on the rise, you can identify them by spotting many transactions within a small time frame.

Account takeover fraud

Account takeover fraud is a kind of identity theft that involves fraudsters getting access to shoppers’ accounts and making changes to the account details. Fraudsters can either use websites where shoppers have an account with saved payment details or create websites that look legitimate to steal the credentials of unsuspecting shoppers.

How to detect and prevent account takeover fraud:

  • Use timeline visualization to understand the normal behavior of genuine shoppers and how they differ after account takeovers have taken place.

  • Ask for verification once account details are changed, for example when a shipping address is changed.

Friendly fraud

Friendly fraud, also known as First Party Fraud, is when a shopper purchases goods on an ecommerce website and initiates a chargeback, despite having already received them.

How to detect and prevent friendly fraud:

  • Make sure your risk system can recognize patterns that identify serial friendly fraudsters, such as shoppers who have initiated multiple service-related disputes across different cards and identities.

  • Use blocked lists to make sure those bad shoppers don't return.

Refund fraud

Refund fraud is when a professional fraudster makes money by requesting refunds from businesses. It’s becoming increasingly common and can be very difficult to detect.

Retailers also see a trend where bad actors are returning different products than what they ordered, such as counterfeit merchandise or even bottles of water.

How to detect and prevent refund fraud:

  • Make sure your risk system has Unified Commerce capabilities so you’re able to fully understand the lifecycle of a shopper and view their past orders to identify refund fraud.

  • Use a combination of unique attributes and leverage custom risk rules to mitigate such scenarios and identify unique shoppers misusing those details.

Gift card fraud

Gift card fraud is a common way to commit transactional fraud because the cards are hard to trace and aren’t as heavily regulated as debit or credit cards. An example of gift card fraud is when a fraudster uses stolen payment details to buy a product online, and then returns it for a refund on a gift card.

How to detect and prevent gift card fraud:

  • Use contextual data to help build a much stronger defense against gift card fraud.

  • Use a combination of custom risk checks and block lists based on this data to help spot these types of transactions.

  • Identify misuse of gift cards by using custom risk rules and specified indicators to mitigate such events.

Detecting payment fraud by analyzing customer information

Detecting, preventing and responding to payment fraud

So far we’ve discussed different fraud types. But how do you build an effective risk strategy to protect your business from payment fraud?

Many businesses have prioritized security over customer experience. As soon as something stands out from normal customers' behavior, payments are blocked straightaway. Differentiating between fraudsters and customers can be difficult and lead to genuine customers being blocked. This will have a direct effect on revenue and leave customers unhappy with the buying experience.

At Adyen, we understand that every business is different and that risk management needs to be tailored to their unique challenges. Here are our tips on how to strike a sustainable balance between risk and revenue through detecting, preventing and responding to fraud.

  • Detect: Recognize genuine customers and spot fraudsters across all your sales channels.

  • Prevent: Maintain full control and reduce operational workload by combining risk rules with machine learning.

  • Respond: Increase your authorization rates and reduce chargebacks by adapting and optimizing your risk setup.


Fraud detection technology

Fraud detection technology uses historical and cross-platform data between businesses to detect behavioral abnormalities and determine which customers are genuine and which are fraudsters. Configurations can also be made for specific high-risk segments, such as specific industries or geographic regions with higher fraud rates.


Supervised machine learning

Supervised machine learning involves a combination of risk knowledge and machine learning. Businesses can create risk profiles to help automate part of the risk assessment, saving time and reducing risk management efforts.

Customizable risk rules

Different industries and businesses face different risks. Through customizable risk rules, businesses can create risk profiles tailored to their unique risks and use them as a base in the payment evaluation process to determine which transactions should be blocked and which should be accepted.


Fraudsters often use identity theft to commit fraud. To make sure a customer is genuine and not a fraudster, businesses can verify them through 3D Secure 2.

Manually review

Certain types of transactions are at a higher risk of being targeted by fraudsters, these include high-value transactions or transactions in high-risk markets. For an extra layer of fraud protection, businesses can manually review these types of transactions before they’re completed to avoid a chargeback.


Testing and experimenting

No one knows the best risk management approach for their business until they test it. To find out what works for you, configure different risk settings and A/B test them against each other to see which approaches are the most effective for your business.

Comparing two risk profiles to see which is most effective at blocking fraud

Risk management with RevenueProtect

The demand for online shopping is increasing, and the more people shop online, the more opportunities there are for fraudsters to commit payments fraud. To keep up, businesses need to provide a better and safer customer experience.

Although the techniques to commit fraud are evolving, the options to tackle them are just getting better. By leveraging the right technology and building an effective risk strategy, businesses are able to protect themselves and their customers against different types of fraud.

RevenueProtect is our unique risk management product with a range of tools to detect, prevent, and respond to fraud. We use a global, cross-industry network of data to accurately make the best risk decisions, stay on top of the latest trends, and fight fraud effectively.

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.