How to Detect Payment Fraud: 9 Effective Tips for Merchants

If payment fraud wasn't already a complex issue for many merchants, movement restrictions introduced as a way to counter the global COVID-19 pandemic brought new opportunity for fraudsters in the ecommerce industry.

According to Statista, 45% of online merchants reported a net increase in cyberattacks compared to before the pandemic. In 2021, the estimated ecommerce losses as a result of online payment fraud reached 20 billion US dollars globally, a growth of 14% compared to the previous year.

_Value of e-commerce losses to online payment fraud worldwide in 2020 and 2021(in billion U.S. dollars). Source: [Statista.com](https://www.statista.com/statistics/1273177/ecommerce-payment-fraud-losses-globally/#:~:text=E-commerce payment fraud losses worldwide 2020-2021&text=According to estimates%2C e-commerce,recorded in the previous year.)_

With these statistics in mind, it is becoming more and more important for merchants to be able to detect payment fraud and most importantly - prevent it before it happens.

In this article, we will discuss some of the most effective techniques, tools and best practices that merchants can implement in order to detect payment fraud and suffer less revenue losses as a result from it. So, without further ado, let's go:

What is payment fraud?

Put simply, payment fraud is any transaction that was done illegally on the internet, with the purpose of stealing one's funds and / or credit card information. As we explained in our previous article, some of the most common types of payment fraud include:

Credit card fraud

Being one of the most likely scenarios, credit card fraud refers to the theft of credit cards with the purpose of purchasing goods and services online by the fraudster. According to Intuit, credit card fraud resulted in $149 million in losses in 2020 in US only.

While the owner of the card can dispute the charge to get their money back, merchants lose everything in a fraudulent transaction - both the product and their revenue.

Merchant identity fraud

Merchant identity fraud can be really damaging for merchants. This happens when a fraudster sets up a merchant account presenting themselves as the real business, and then starts to process fraudulent transactions.

Phishing

Phishing attacks are also really frequent when it comes to payment fraud. In this scenario, the scammer will send a fraudulent message to a potential victim, most commonly email or SMS, tricking them into thinking that they are the legitimate business so they can give their payment information.

Some common types of phishing include email phishing, spear phishing, whaling, smishing and more.

Card testing fraud

Card testing fraud is a type of fraudulent activity in which the scammer will try to make frequent low-value purchases with stolen cards to determine if the information is valid so they can make purchases. Merchants can implement systems to block testers, otherwise they are in the risk of getting a lot of chargebacks.

Denials or fake returns

In another scenario, a fraudulent activity may come from the actual customer, aka the authentic owner of the credit card as opposed to a thief or a fraudster. The customer will claim that they requested a refund but the product got lost on the way back to the merchant.

They can also claim that they never received the purchased product, or denying that they even ordered it. While it's often hard to prove whether they are telling the truth or trying to scam the merchant, it is not impossible. In these cases, it is recommended to collect signatures upon delivery.

Synthetic identity fraud

Another type of payment fraud is synthetic identity. As opposed to regular identity theft, in which the criminal will try to steal credit card information, synthetic fraud involved the creation of a new, false identity.

The scam involves the careful mixing of different pieces of information, such as Social Security numbers, fake numbers, addresses and birthdays to put together a completely new identity.

Synthetic identity fraud. Source: gao.gov. How to detect payment fraud.

How to detect payment fraud: 9 Tips

Considering the different types of fraud that we just mentioned (and it's not even an exhaustive list), we can clearly see how challenging it could be to detect payment fraud.

Merchants will have to be very careful with the transactions and orders they receive, and implement a variety of best practices to ensure that they are doing the best they can to detect and prevent fraud before it happens. Let's take a look at some of them:

1. Keep up with the trends

Fraud comes in many shapes and forms, and unfortunately, hackers are constantly looking for new opportunities to take advantage of customers' personal details and sensitive credit card information.

According to Protocol, many executives aren't paying enough attention to the fraud that they can't see. In synthetic identity fraud, more than 95% is actually undetected by regular fraud models. The main reason why is because these criminals behave and look like actual customers, and they are looking for the personal information to steal.

Unfortunately, payment fraud is constantly evolving, so it's extremely important to be aware, conscious, and keep up with the new trends that scammers are continuously coming up with. Here are some of the most popular scams in 2021, according to Forbes:

• Authorized Push Payments (APP) - in this scenario, the customer is trying to forward money to a legitimate account (for example, in a house purchase), but the fraudster tricks them into forwarding the money to their account instead.

• Account takeover - a form of online identity theft in which the fraudsters will pose as the customer in order to gain access to one or more of their accounts. Then, they will use them to carry out fraudulent transactions.

• New account fraud - in a similar manner to account takeover, the scammers will use stolen credentials to open a new account in the name of the customer so they can bypass identity verification checks and open a new loan account.

• Transaction fraud - when this kind of fraud happens, the fraudster will use stolen payment information to make unauthorized purchases. This data is typically collected in phishing attacks, tricking users that they are giving it to a legitimate company.

While some of these scams are not new, their popularity among criminals constantly change, and new ones emerge as well. For this reason, as a merchant, it's extremely important that you are always aware of the new trends in order to detect payment fraud.

2. Use AVS (Address Verification Service)

The second strategy to detect payment fraud is by implementing AVS.

An Address Verification Service, also known as AVS, is an automated fraud prevention system created with the purpose of reducing the number of fraudulent transactions. It is designed to compare and match the billing address of the customer at checkout with the address that the customer has provided to the issuing bank.

While an address mismatch may be legitimate because the customer has forgotten to update their information at the bank when they changed their address, it can also be a sign of possible payment fraud. In many occasions, the fraudster has limited access to the personal information of the cardholder, so they might not be able to provide an exact match.

In another situation, the fraudster may be providing a false address on purpose so that the purchased product can arrive directly to them instead of the customer's home.

3. Collect signatures upon delivery

As we mentioned previously, one way to detect payment fraud and reduce the amount of chargebacks is to collect signatures when delivering the item. This is especially important when dealing with denials and fake returns, because it is a way to prove that you have actually delivered the product.

So, as opposed to simply dropping the product at the door, or giving the product to the receiver without further confirmation, it is recommended that you (or your delivery company), ask the receiver to sign the document. You may also require additional verification such as confirmation of their ID number.

4. Partner with a verified, PCI-compliant payment gateway

One of the best ways to detect payment fraud, and prevent fraudulent transactions to the biggest extend possible, is to partner with a verified, PCI-compliant payment gateway.

Payment gateways, such as MYMOID, use a combination of tools and techniques to ensure security within the system, including encryption and tokenization, 24/7 leak monitoring, and address fraud through 3DS2 & PSD2.

MYMOID also complies with Level 1 PCI-DSS (Payment Card Industry Data Security Standard), a set of strict security standards established by some of the biggest card issuers to ensure payment security.

5. Double check unusual activity

As a merchant, another way in which you can detect payment fraud and stop it before it happens is to be suspicious of unusual activity, and double check with the customer if needed.

For example, if you see multiple failed purchase attempts in succession with different card numbers. Some other examples include:

• Orders that are larger than normal, especially if it's a high-demand product;

• Several orders from seemingly different customers have the same shipping address;

• The customer asks for a change in address after he has placed the order;

• There is an abnormal number of orders at an unusual time of the day;

In other words, as a merchant, one way in which you can detect payment fraud is to pay attention to unusual transactions or activity, and try to identify certain patterns. If you have identified a fraudster, make sure to blacklist their phone, email, billing address and IP address.

6. Monitor user location

User location is key for merchants that are looking to detect payment fraud. Apart from implementing an AVS (Address Verification Service) system, make sure to constantly monitor addresses and locations to detect possible fraudulent activity. Generally, the most secure transactions are the ones in which the billing address, the shipping address and the IP address match.

If they don't, and the distance between each of these addresses is big, proceed with caution.

In addition, pay attention to shipping addresses that are in high-risk location. There are some countries and regions that are well-known for fraud, so make sure to identify this list and implement additional safety measures to prevent unauthorized activity.

If an order has a shipping address that looks suspicious, this can be a sign for a possible scam as well. So, before shipping it, make sure to double-check, especially if it contains high-ticker products. In many occasions, the fraudster will try to ship the order to a freight forward, a P.O. box, a money mule, or a shipping company in order to remain anonymous.

7. Delay the shipping of high-risk orders

If you are not sure that an order is legitimate, and especially if it's international, try to hold off the shipment for at least 24 hours. If the order was placed with a stolen credit card, this will give enough time for the legitimate account owner to notice that a fraudulent transaction is being made with their card, and report it to their bank.

In order to avoid being caught, fraudsters will typically try to get the merchandise as fast as possible. So, avoid shipping overnight unless you are 100% sure that the order has been legitimate.

8\. Be careful with IP proxies

Another way to detect payment fraud is to pay close attention to the way IP proxies are used. In many occasions, fraudsters will mask their IP address with a VPN - this helps them hide the fact that the address on their payment method is not the same as the one on the IP address' geolocation.

This practice is called Proxy Piercing, and it cuts through that protective wall, creating additional risks for merchants if the right measures are not being taken.

Proxy Piercing: how to detect payment fraud. Source: fraud.net

9\. Require an account login

Merchants can also detect payment fraud easier if they require customers to log into their individual accounts before making a purchase. Many times, people prefer to make a purchase as a guest instead of creating an account, but encouraging them to create one can minimize risk because it will help merchants quickly identify frequent or legitimate customers.

It also creates an additional level of security as you request more personal data.

Conclusion

As we just saw, there are many types of payment fraud that merchants should be aware of if they don't want to lose their revenue and hurt their reputation. For this reason, it's important to make use of the right tools, techniques and strategies to detect payment fraud and avoid it as much as possible.

Not sure where to start? Partnering with a secure and reliable payment gateway should be your first step - get in touch with us to find out how.