What is payment fraud and how to prevent it
There’s a delicate balance between blocking fraudsters and allowing legitimate customers for digital payments.
As a business, you need to consider authentication, fraud management, and customer experience as complementary to each other - not individually, as they are often treated today.
Understanding the most pressing fraud challenges and where they lie is essential to helping you strengthen your line of defense.
To kick off our three-part fraud prevention series, we’ll explain how you can detect, investigate, and solve the most common fraudulent activity in payment transactions.
The world of financial technology has thrust into digitalisation. Payments are increasingly cashless, opening doors for new, faster payment types. The main challenge for businesses is to keep up with the different and frequently changing techniques used to commit fraud and identify them on time.
To do that, it’s important to understand what types of fraud exist and how they can affect your business before looking at how to build an effective risk strategy.
A Card-Not-Present (CNP) payment is when the buyer makes an online or telephone transaction. That is why they are hard to detect and prevent, unlike card-present fraud.
Fraudsters use card testing to determine the validity of card numbers. They do this by purchasing or stealing card details on the dark web or via phishing or spyware software.
Once they have these numbers, they attempt small purchases on an unsuspecting merchant’s site to see if the card was approved. Declined numbers are weeded out, and fraudsters move on to make larger purchases or resell the validated information on the dark web.
No single action can prevent fraud, and protection must be multi-layered. Fortunately, best practices and strong fraud management software can help prevent fraud attacks. Here are a few ways you can protect your business.
Be vigilant and look for anomalies
Always investigate if you notice a sudden spike in your average daily transactions. An increase in credit card declines indicates that fraud may be occurring.
Remember, data is power when it comes to effective fraud management. Ensure you are collecting the right information to distinguish your genuine shoppers from anomalies (for example, email, and IP address tracking).
Adequate controls at account validation
Account validation is often the easiest entry point for fraudsters to gain access to your ecosystem. Effective fraud gatekeeping at the point of entry will reduce the fraud mitigation cost downstream.
Triangulation fraud occurs when a fraudster intervenes in the ecommerce buying process. They typically operate as a merchant, accept orders, and use stolen cardholder data to purchase goods from a third party and then ship them to the buyer.
This type of fraud is supposed to sound confusing because that’s what it is. It’s much harder to track down the source of fraud if no one is looking for it.
Triangulation fraud is supposed to sound confusing because that’s what it is. It’s much harder to track down the source of fraud if no one is looking for it.
Leverage basket data insights
If you suspect triangulation fraud is occurring, review your analytics and look for items that fraudsters are repeatedly purchasing. Some fraudsters run a specialty operation, typically buying the exact item (or items).
Triangulation fraud often targets higher-value, limited-edition items with higher resale value. Ensure that your fraud strategy considers these nuances. It would help to refine your fraud rules and set a stricter threshold for these goods.
With digital ecommerce becoming increasingly popular over the last few years, we’ve seen the rise of first-party fraud, which consists of legitimate online purchases that are later disputed.
A typical scenario is when a parent’s card is saved on file with a child’s gaming system, and the parent refutes the charges as unauthorised.
Visa has put in place new compelling evidence rules effective in April 2023 to help merchants better fight first party fraud. It will expand the list of compelling evidence merchants can provide to help invalidate certain customer disputes. In turn, this will improve merchants’ chances of winning those disputes.
Keep transaction records
By keeping meticulous transaction records and saving copies of your communications with customers, you can submit compelling evidence to contest first-party misuse chargebacks. The card networks’ reason codes usually spell out the evidence needed for a successful representation.
Identify customers engaging in first-party misuse
It’s also important to identify customers who engage in first-party misuse and prevent them from becoming repeat offenders. When a fraudster realises they can get away with stealing from a merchant through this process, they will do so repeatedly until the merchant blocks them.
With the myriad of ways cybercriminals can commit payments fraud, a rigid 'one-size-fits-all' approach simply won't work. Nor will a zero-tolerance approach where you prioritise fighting fraud but accept that legitimate customers will get blocked, or an approach to prioritise sales and hope that the higher sales volume counters the higher rates of fraud.
These approaches aren’t sustainable and will likely lead to lost revenue, increased chargeback rates, higher transaction costs, customer churn, and damage to your brand’s credibility.
Instead, a better way to counter fraud is a nuanced approach that balances risk and maximises revenue. Hence, it's important to keep educating yourself and your employees to better distinguish between legitimate authentication processes and illegitimate ones.
Invest in the right financial technology
If you're a business that doesn't have a complete fraud task force in place, it's critical to invest in a fraud prevention tool that can provide you with a clear overview of your payment activity and help you detect blind spots.
To get to know your customers better and protect your business, you should have a tool to help you deep dive into payments data and optimise risk procedures by learning and adapting in real time.
Merchant Risk Council
Joining or working with a partner member of the Merchant Risk Council (MRC), a global community of payments and fraud prevention experts, means that there's a community to tap into as a resource to find solutions together. This benefits your business as knowledge can be passed down and implemented accordingly.
All members can access benchmarking reports, whitepapers, presentations, and webinars. The MRC also hosts annual in-person conferences, regional networking meetings, and virtual summits to build better business connections.
Joining or working with a partner member of the Merchant Risk Council (MRC), a global community of payments and fraud prevention experts, means that there's a community to tap into as a resource to find solutions together.
You can join one of our monthly risk awareness webinars, which we run for fraud teams of all sizes and across industries. In these webinars, an Adyen expert offers advice, exchanges best practices, shares emerging trends, and answers questions.
Fighting fraud should never be about solely prioritising security. A holistic approach must consider the customer experience equally and protect legitimate transactions. Continuously building up knowledge as a business on risk assessment and the proper detection tools provides the best start to meet digital payment challenges head-on.