Blogs
What is payment fraud and how to prevent it
Payment fraud lessons from Ancient Rome to modern day: What it is and how to prevent it.
On March 28, 193 AD, Rome's Praetorian Guard (an elite force of spies and bodyguards) auctioned off the title of 'Emperor of Rome' for the modern equivalent of about £50 million. The problem was, they didn't own the title. They accepted payment for something they had no right to sell making it one of the earliest recorded cases of payment fraud.
In some ways, we've come a long since then; in other ways we haven't. While it might be harder to fraudulently sell off an entire Empire, the rise of ecommerce has made other types of payment fraud easier to commit. This has been exacerbated in recent years thanks to the pandemic driving more business online. As a result, payments fraud statistics show that 74% of organisations were victims of attempted or actual payments fraud in 2020.
Payment fraud has also been inadvertently helped along by advancements in technology designed to making paying easier. One-click payments streamline the process but it becomes harder to spot and stop fraud. And the dark web provides a wealth of resources for fraudsters to scale their attacks. During 2020 alone, 115 million stolen debit and credit card details were posted on the dark web.
But what can help, can also hinder; technology plays an important role in the prevention of fraud as well. And, while payment fraud can be found everywhere, it's most prevelant online - which is where we'll focus in this article. But first:
What is payment fraud?
Payment fraud is any transaction that is carried out in order to deprive a person or business of money, property, or sensitive information. A common form of this is when a person, who's not the legitimate owner of the payment instrument, initiates a payment with the intention to commit fraud.
Types of payment fraud
New fraud techniques emerge all the time and it's important to stay on top of emerging fraud trends to ensure your risk strategy remains effective. Here's a breakdown of the six main types of payment fraud:
Credit card fraud
Credit card fraud involves the use of stole card details to make purchases or simply withdraw money from the account associated with that card.
How to detect and prevent credit card fraud:
Perform an AVS (Address Verification Service) or CID (card identification) check on transactions to verify the payment location and that the card is present.
Apply behavioural analytics technology that flags suspicious activity, like someone repeatedly purchasing the same item, multiple purchases with the same email, or orders delivered to the same address using different payment details.
Card testing fraud
Card testing is the process of testing stole cards to see if they still work. Card details sold on the dark web are worth much more if they've been tested.
Card testing is especially prevalent in digital, low-value or even zero-amount transactions like those used to sign up for subscriptions or free trials.
How to detect and prevent card testing fraud:
Apply behavioural analytics technology to identify fraudulent checkout attempts.
Know your shoppers’ behaviour to ensure you’re blocking the correct scenarios.
Use velocity checks to monitor the time-frame of orders. Card testers often use bots/scripts to test large batches of cards at once. If the transaction was too fast to be done by a human, it probably wasn't.
Account takeover fraud
Account takeover fraud is a form of identify theft in which a shopper's store account is breached. Fraudsters can then make changes to the account, make purchases using saved payment details, or create lookalike websites to steal the credentials of other shoppers.
How to detect and prevent account takeover fraud:
Use timeline visualisation to understand the normal behaviour of genuine shoppers and how they differ after account takeovers have taken place.
Ask for verification once account details are changed, for example when a shipping address is changed.
Friendly fraud
Friendly, or First Party, Fraud is when a shopper initiates a chargeback despite having received (and intending to keep) the purchased goods.
How to detect and prevent friendly fraud:
Make sure your risk system can recognise patterns that identify serial friendly fraudsters, such as shoppers who have initiated multiple service-related disputes across different cards and identities.
Use blocked lists to make sure those bad shoppers don't return.
Refund fraud
Refund fraud is a tricky one since it's very hard to spot and it's on the rise. It occurs when a fraudster requests a refund from a business. They then fail to return the order or return a different product.
How to detect and prevent refund fraud:
Make sure your risk system has Unified Commerce capabilities so you’re able to fully understand the lifecycle of a shopper and view their past orders to identify refund fraud.
Use a combination of unique attributes and leverage custom risk rules to mitigate such scenarios and identify unique shoppers misusing those details.
Gift card fraud
Gift card fraud is pretty easy to commit since gift cards are hard to trace and don't have the stringent regulations debit and credit cards are subject to. A fraudster might use stole card details to buy a product online and then return it for a refund or a gift card.
How to detect and prevent gift card fraud:
Use contextual data to help build a much stronger defense against gift card fraud.
Use a combination of custom risk checks and block lists based on this data to help spot these types of transactions.
Identify misuse of gift cards by using custom risk rules and specified indicators to mitigate such events.
Detecting, preventing and responding to payment fraud
Payment fraud comes in many guises and it evolves all the time. So how do you stay on top of it?
One approach is to put security at the forefront; keep your defences high and block anything remotely suspicious. The challenge is when genuine customers inadvertently behave in ways algorithms identify as 'suspicious'. Blocking these transactions will lead to frustration, a lost sale, and possibly even a lost customer.
Every business (and customer) is different and risk management needs to be tailored to each unique set of challenges. Here's how to strike a sustainable balance between risk and revenue through detecting, preventing and responding to fraud.
Detect: Recognise genuine customers and spot fraudsters across all your sales channels.
Prevent: Maintain full control and reduce operational workload by combining risk rules with machine learning.
Respond: Increase your authorisation rates and reduce chargebacks by adapting and optimising your risk setup.
Detect
Fraud detection technology
Fraud detection technology uses historical and cross-platform data between businesses to detect behavioural abnormalities and determine which customers are genuine and which are fraudsters. Configurations can also be made for specific high-risk segments, such as specific industries or geographic regions with higher fraud rates.
Prevent
Supervised machine learning
Supervised machine learning involves a combination of risk knowledge and machine learning. Businesses can create risk profiles to help automate part of the risk assessment, saving time and reducing risk management efforts.
Customisable risk rules
Different industries and businesses face different risks. Through customisable risk rules, businesses can create risk profiles tailored to their unique risks and use them as a base in the payment evaluation process to determine which transactions should be blocked and which should be accepted.
Authentication
Fraudsters often use identity theft to commit fraud. To make sure a customer is genuine and not a fraudster, businesses can verify them through 3D Secure 2.
Manually review
Certain types of transactions are at a higher risk of being targeted by fraudsters, these include high-value transactions or transactions in high-risk markets. For an extra layer of fraud protection, businesses can manually review these types of transactions before they’re completed to avoid a chargeback.
Respond
Testing and experimenting
No one knows the best risk management approach for their business until they test it. To find out what works for you, configure different risk settings and A/B test them against each other to see which approaches are the most effective for your business.
Risk management with RevenueProtect
Although the techniques to commit fraud are evolving, the options to tackle them are just getting better. By leveraging the right technology and building an effective risk strategy, businesses are able to protect themselves and their customers against different types of fraud.
RevenueProtect is our risk management product, which comes with a range of tools to detect, prevent, and respond to fraud. We use a global, cross-industry network of data to accurately make the best risk decisions, stay on top of the latest trends, and fight fraud effectively. On top of that, our local and global risk teams work alongside our customers to monitor performance and make suggestions for further optimising the risk settings.
If you'd like to explore how we can help you combat payment fraud, get in touch; we'd be delighted to walk you through our solution.
Payment fraud detection
Fraud detection is the process of identifying fraudsters and fraudulent behavior. There are different tactics businesses can use to differentiate legitimate customers from fraudsters, such as using machine learning, pattern recognition, and data analysis.
Payment fraud solutions can detect behavioral abnormalities and determine whether customers are genuine or fraudsters. Due to the different types of payment fraud, a 'one-size-fits-all' approach will not work. A better way to detect fraud is to invest in financial technology that takes a nuanced approach that balances risk and conversion decisions to reduce costs and maximize revenue.
Payment fraud prevention
Fraud prevention is the process of preventing fraudulent activities from impacting the business, customer, or financial institution. To do this effectively, businesses need to maintain full control and reduce operational workload. This is done by combining risk rules with machine learning and manual reviews.
Supervised machine learning Supervised machine learning involves a combination of risk knowledge and machine learning. Businesses can create risk profiles to help automate part of the risk assessment, saving time and reducing risk management efforts. The bigger the scale of the platform the machine learning model is learning from, the more your business will benefit. These models can learn from multiple channels, payment instruments and regions to build strong shopper understanding and ensure that automated decisioning does the heavy lifting.
Customizable risk rules Different industries and business models face different types of risks. Through customizable risk rules, businesses can create risk profiles tailored to their unique needs and use them to complement the payment evaluation process of machine learning models. This can help optimize underperforming risk profiles or rules, and monitor the impact of changes. .
Manual review Certain types of transactions are at a higher risk of being targeted by fraudsters, these include high-value transactions or transactions in high-risk markets. For an extra layer of fraud protection, businesses can choose to manually review these types of transactions before they’re completed to avoid negative bottom line impact.
Respond to fraud
The best way to optimize your risk setup is to test and experiment. It is hard to know which risk strategy will best evolve with your business and the market unless you test it. To find out what works for you, you can backtest the impact before you activate a new rule, or change the settings of an existing rule. You can run the rule on historical data to give you more confidence in the effect of the rule before you turn it on. You can set up different configurations and A/B test them against each other to experiment which methods are the most effective for your business.
How to measure the success of your payment fraud strategy
To know if your fraud strategy is working, you need to be able to measure success in a way that makes sense for your business - taking into account the latest trends, operational particularities, conversion goals and risk appetite. To do this, you need to:
Define success
Decide KPIs
Measure fraud
Benchmark
How to protect your customers
There are different tactics businesses can use as part of their risk strategy to reduce fraud and differentiate fraudsters from genuine customers.
Delegated authentication
Delegated authentication allows businesses to prevent fraud without compromising on conversion rates. It involves handing over the authentication process to a third party and optimizes authentication experiences, especially for returning shoppers. This allows businesses to offer safe and seamless experiences while increasing conversion rates.
3D Secure
3D Secure 2 (3DS) is a security measure for online payments that allows businesses to prevent payment fraud while providing customers with safe and effortless payment experiences.
With 3DS, the acquirer, scheme, and issuer interact with each other to exchange information and authenticate transactions. This improves the payment experience for your customers and saves you the costs of fraudulent chargebacks.
3D Secure is mandatory for countries mandated under Payment Services Directive 2 (PSD2). However, businesses anywhere can also use it to protect themselves against fraud.
Tokenization
Tokenization allows businesses to replace sensitive data with non-sensitive ones. This allows businesses to recognize their customers, enables one-click and zero-click payments, increases security and compliance with regulations, and reduces fraud and chargebacks.
Peak season
Fraud increases during peak season. And it’s important to be ready to protect your customers without losing sales. Here are a few things to consider for peak season:
Fraud setup and rules
Conversion optimization
Monitoring and analysis
What industries are most at risk?
Risk threats change based on industry, which means that the solutions to support them will vary.
Hospitality
The hospitality industry is especially vulnerable to cyberattacks, with many hotels finding it challenging to keep up with evolving regulations. To address this, hotels need a financial technology partner to implement secure systems that adhere to regulations throughout the entire payment data lifecycle, across different geographies.
Employing tokenization can also help safeguard guest information from start to finish, enhancing guest experiences while ensuring compliance.
Digital
Combating fraud with manual rules is a time-consuming and ineffective process for digital businesses within the mobility, gaming, or software industry, putting revenue and customer satisfaction at risk.
By using machine learning (ML), businesses can automate complex decisioning to save time and focus on improving customer experiences rather than maintaining static rules.
Online businesses can also use to protect customers from online payments fraud. Digital wallets like Apple Pay and Google Pay, and major card schemes use network tokens to create effortless and secure online payments experiences.
Discover how GetYourGuide is using fraud prevention technology to enhance the customer experience.
Retail
Many retailers have operations and channels across regions. Building risk strategies and collecting insights in one place will create important synergies but it can be a big challenge. With a unified fraud solution, retailers can respond to fraud with customizable risk rules with speed and ease across all their brands and channels.
Discover how True Alliance reduced fraud from 3.5% to under 0.1%.
Payment fraud protection
The more people shop online, the more opportunities there are for fraudsters to commit payment fraud. To keep up, businesses must provide a better and safer customer experience while not losing sight of conversion.
Although the techniques for committing fraud are evolving, the options for tackling them are improving. By leveraging the right technology and building an effective risk strategy, businesses can protect themselves, their customers, and their bottom lines.
RevenueProtect is our unique risk management product, which includes various tools to detect, prevent, and respond to fraud. Our solution assesses thousands of characteristics of an incoming transaction to determine the likelihood of fraud and either block it or direct it to additional risk checks. Our models are trained on a global, cross-industry data network to ensure you continually optimize for conversion and squeeze more revenue out of every transaction.
RevenueProtect video
Fresh insights, straight to your inbox
Subscribe to email alerts
By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.