Fraud and financial crimes surged in 2021.
- In the United States, consumers reported fraud losses of $5.8 billion dollars — a 70-percent increase over 2020.
- In the United Kingdom, fraud and cybercrime losses totaled £2.4 billion — a 174-percent increase over 2020.
A key driver of that surge is payment fraud, which is a growing problem for both consumers and businesses around the world.
Below, Steve Goddard discusses what constitutes payment fraud, and how businesses can protect themselves and their customers against it.
What is payment fraud?
Payment fraud is when someone illegally inserts themselves into the payments value chain under false pretenses to acquire ill-gotten funds. The fraudster can achieve this by stealing someone’s payment information, or they can run elaborate scams in which they impersonate a legitimate transactor and divert funds to themselves.
It’s easier to understand when you break payment fraud down into two categories, authorized and unauthorized:
- Unauthorized payment fraud is when someone steals payment information to make unauthorized transactions or purchases.
- Authorized payment fraud is when someone poses as a legitimate actor (e.g., a business owner or an accounts receivables representative) to trick a payor into sending money to another account.
This is how a crime like identity theft fits into the world of payment fraud. When a fraudster steals someone’s banking details and passwords, for example, they can take over that person’s bank account and begin liquidating funds from it.
The same goes for merchant identity fraud. In this scam, the fraudster poses as a legitimate merchant. When a legitimate customer goes to buy from that merchant, the fraudster’s scam allows them to receive the payment without delivering any promised goods or services.
Types of online payment fraud
Here are some common types of online payment fraud that merchants, consumers and financial institutions all face every day:
- Credit card payment fraud. Credit card payment fraud happens when someone uses an illegally obtained credit card, or that card’s payment information, to make an unauthorized transaction. Fraudsters can acquire credit card data via scams like phishing, by stealing that data from unsecured websites, or by purchasing leaked credit card data that has been aggregated and made available for purchase on the black market.
- Card-not-present fraud. CNP fraud is a type of bank card fraud in which the scammer doesn’t actually have the physical card in hand, only the victim’s illegally obtained details.
- Account takeover fraud. Account takeover fraud happens when fraudsters gain access to a consumer’s or a business’s bank account via stolen login credentials.
- Man-in-the-middle attacks. Man-in-the-middle attacks happen when a criminal finds a security vulnerability in a website or digital storefront, then intercepts information such as a customer’s payment data.
- Authorized push payment fraud. APP fraud happens when fraudsters scam an individual or a business into sending them money. The scammer impersonates a legitimate transactor (e.g., by spoofing the email address of a company’s owner) to coax the other party into sending funds.
- Triangulation fraud. Triangulation fraud happens when a scammer poses as a legitimate business in a digital marketplace. When a customer makes a purchase from the scammer, the scammer turns around and purchases the customer’s order from a third-party using payment information that was illegally acquired. This is one tactic that criminal organizations use to launder stolen credit cards into seemingly legitimate funds.
Which types of payment fraud are on the rise?
The scams that are driving fraud today include:
- Phishing attacks, which give criminals the information they need to pull off account takeovers and CNP fraud.
- Man-in-the-middle attacks that send real customers to fraudulent websites.
- Friendly fraud, in which a customer simply orders products, then initiates a chargeback and claims the purchases were never delivered.
- Impersonation scams and romance scams that give fraudsters the cover they need to make seemingly legitimate requests for payment from their victims.
Fraud often thrives at the cutting edge of payments technologies. Novelty and people’s lack of familiarity with new tools present scammers with opportunities to commit fraud.
The digital transformations reshaping banking, finance and commerce right now certainly provide fraudsters with lots of novelty to exploit.
Take Buy Now Pay Later (BNPL) services, for example. In the runup to the 2021 holiday shopping season, merchants and retailers began to implement BNPL options for their customers in droves. During the onboarding phase, when the business is installing and its staff is learning how to use the BNPL technology, fraudsters have a window in which they can create fake accounts with falsified information, then make purchases that the software’s validation checks will greenlight.
How to recognize fraudulent transactions
Scammers and financial criminals have sophisticated methods for covering their tracks. Likely, you will not be able to spot a fraudulent payment on your own.
At the scale most businesses operate today, fraud detection software is necessary to keep your business and your customers safe.
How to keep your business safe from payment fraud
Most businesses have a handful of tools that are easily available to help them secure their payments and their transactions. Those include:
- Two-factor authentication. In the European Union, the PSD2 Directive requires customers to independently verify certain transactions with two-factor authentication. In practice, that usually means confirming the transaction via a push message on their phone or with an SMS code. For businesses, look for payment providers who offer multiple methods of authenticating customer payments.
- Fraud detection and prevention tools. These will help you spot suspicious transactions at scale and in real time.
- HTTPS. For online shopping, this is the standard for security. The HTTPS protocol encrypts data between the shopper and the merchant, and it is important to ensure software updates are up to date, known bugs patched etc.
- Customer education. Consumers get defrauded every day by spoofed emails. For business owners, follow best practices like never asking for log-in credentials or payment info over insecure channels like email. Further, tell your customers never to reply to a seemingly legitimate email or SMS from you with their payment or identity data.
How does Featurespace prevent and detect transaction fraud?
Featurespace’s ARIC™ Risk Hub uses machine learning (ML) to understand and predict individual users’ transaction behaviors. This way, the platform can recognize normal transactions and anomalous transactions in real time and at scale.
Automated Deep Behavioral Networks power the ARIC™ Risk Hub so that it can help businesses spot account takeovers, man-in-the-middle attacks, APP fraud and all of the other payment scams discussed above.
Protecting financial institutions against payment fraud
Our Automated Deep Behavioral Network technology represents the next generation of fraud detection and fraud prevention. It has been developed specifically for card and payments companies to spot a variety of attacks, reduce customer friction, and prevent fraud before money can leave a victim’s account.