On March 28, 193 AD, Rome's Praetorian Guard (an elite force of spies and bodyguards) auctioned off the title of 'Emperor of Rome' for the modern equivalent of about £50 million. The problem was, they didn't own the title. They accepted payment for something they had no right to sell making it one of the earliest recorded cases of payment fraud.
In some ways, we've come a long since then; in other ways we haven't. While it might be harder to fraudulently sell off an entire Empire, the rise of ecommerce has made other types of payment fraud easier to commit. This has been exacerbated in recent years thanks to the pandemic driving more business online. As a result, payments fraud statistics show that 74% of organisations were victims of attempted or actual payments fraud in 2020.
Payment fraud has also been inadvertently helped along by advancements in technology designed to making paying easier. One-click payments streamline the process but it becomes harder to spot and stop fraud. And the dark web provides a wealth of resources for fraudsters to scale their attacks. During 2020 alone, 115 million stolen debit and credit card details were posted on the dark web.
But what can help, can also hinder; technology plays an important role in the prevention of fraud as well. And, while payment fraud can be found everywhere, it's most prevelant online - which is where we'll focus in this article. But first:
What is payment fraud?
Payment fraud is any transaction that is carried out in order to deprive a person or business of money, property, or sensitive information. A common form of this is when a person, who's not the legitimate owner of the payment instrument, initiates a payment with the intention to commit fraud.
Types of payment fraud
New fraud techniques emerge all the time and it's important to stay on top of emerging fraud trends to ensure your risk strategy remains effective. Here's a breakdown of the six main types of payment fraud:
Credit card fraud
Credit card fraud involves the use of stole card details to make purchases or simply withdraw money from the account associated with that card.
How to detect and prevent credit card fraud:
Perform an AVS (Address Verification Service) or CID (card identification) check on transactions to verify the payment location and that the card is present.
Apply behavioural analytics technology that flags suspicious activity, like someone repeatedly purchasing the same item, multiple purchases with the same email, or orders delivered to the same address using different payment details.
Card testing fraud
Card testing is the process of testing stole cards to see if they still work. Card details sold on the dark web are worth much more if they've been tested.
Card testing is especially prevalent in digital, low-value or even zero-amount transactions like those used to sign up for subscriptions or free trials.
How to detect and prevent card testing fraud:
Apply behavioural analytics technology to identify fraudulent checkout attempts.
Know your shoppers’ behaviour to ensure you’re blocking the correct scenarios.
Use velocity checks to monitor the time-frame of orders. Card testers often use bots/scripts to test large batches of cards at once. If the transaction was too fast to be done by a human, it probably wasn't.
Account takeover fraud
Account takeover fraud is a form of identify theft in which a shopper's store account is breached. Fraudsters can then make changes to the account, make purchases using saved payment details, or create lookalike websites to steal the credentials of other shoppers.
How to detect and prevent account takeover fraud:
Use timeline visualisation to understand the normal behaviour of genuine shoppers and how they differ after account takeovers have taken place.
Ask for verification once account details are changed, for example when a shipping address is changed.
Friendly, or First Party, Fraud is when a shopper initiates a chargeback despite having received (and intending to keep) the purchased goods.
How to detect and prevent friendly fraud:
Make sure your risk system can recognise patterns that identify serial friendly fraudsters, such as shoppers who have initiated multiple service-related disputes across different cards and identities.
Use blocked lists to make sure those bad shoppers don't return.
Refund fraud is a tricky one since it's very hard to spot and it's on the rise. It occurs when a fraudster requests a refund from a business. They then fail to return the order or return a different product.
How to detect and prevent refund fraud:
Make sure your risk system has Unified Commerce capabilities so you’re able to fully understand the lifecycle of a shopper and view their past orders to identify refund fraud.
Use a combination of unique attributes and leverage custom risk rules to mitigate such scenarios and identify unique shoppers misusing those details.
Gift card fraud
Gift card fraud is pretty easy to commit since gift cards are hard to trace and don't have the stringent regulations debit and credit cards are subject to. A fraudster might use stole card details to buy a product online and then return it for a refund or a gift card.
How to detect and prevent gift card fraud:
Use contextual data to help build a much stronger defense against gift card fraud.
Use a combination of custom risk checks and block lists based on this data to help spot these types of transactions.
Identify misuse of gift cards by using custom risk rules and specified indicators to mitigate such events.
Detecting, preventing and responding to payment fraud
Payment fraud comes in many guises and it evolves all the time. So how do you stay on top of it?
One approach is to put security at the forefront; keep your defences high and block anything remotely suspicious. The challenge is when genuine customers inadvertently behave in ways algorithms identify as 'suspicious'. Blocking these transactions will lead to frustration, a lost sale, and possibly even a lost customer.
Every business (and customer) is different and risk management needs to be tailored to each unique set of challenges. Here's how to strike a sustainable balance between risk and revenue through detecting, preventing and responding to fraud.
Detect: Recognise genuine customers and spot fraudsters across all your sales channels.
Prevent: Maintain full control and reduce operational workload by combining risk rules with machine learning.
Respond: Increase your authorisation rates and reduce chargebacks by adapting and optimising your risk setup.
Fraud detection technology
Fraud detection technology uses historical and cross-platform data between businesses to detect behavioural abnormalities and determine which customers are genuine and which are fraudsters. Configurations can also be made for specific high-risk segments, such as specific industries or geographic regions with higher fraud rates.
Supervised machine learning
Supervised machine learning involves a combination of risk knowledge and machine learning. Businesses can create risk profiles to help automate part of the risk assessment, saving time and reducing risk management efforts.
Customisable risk rules
Different industries and businesses face different risks. Through customisable risk rules, businesses can create risk profiles tailored to their unique risks and use them as a base in the payment evaluation process to determine which transactions should be blocked and which should be accepted.
Fraudsters often use identity theft to commit fraud. To make sure a customer is genuine and not a fraudster, businesses can verify them through 3D Secure 2.
Certain types of transactions are at a higher risk of being targeted by fraudsters, these include high-value transactions or transactions in high-risk markets. For an extra layer of fraud protection, businesses can manually review these types of transactions before they’re completed to avoid a chargeback.
Testing and experimenting
No one knows the best risk management approach for their business until they test it. To find out what works for you, configure different risk settings and A/B test them against each other to see which approaches are the most effective for your business.
Risk management with RevenueProtect
Although the techniques to commit fraud are evolving, the options to tackle them are just getting better. By leveraging the right technology and building an effective risk strategy, businesses are able to protect themselves and their customers against different types of fraud.
RevenueProtect is our risk management product, which comes with a range of tools to detect, prevent, and respond to fraud. We use a global, cross-industry network of data to accurately make the best risk decisions, stay on top of the latest trends, and fight fraud effectively. On top of that, our local and global risk teams work alongside our customers to monitor performance and make suggestions for further optimising the risk settings.
If you'd like to explore how we can help you combat payment fraud, get in touch; we'd be delighted to walk you through our solution.