Know about the most common types of payment fraud, and what are some of the measures that your company can take in order to protect itself and your customers from fraudulent transactions.
Digital payments are evolving, but so are cyber criminals. According to an IBM report, the cost of a data breach hit records high during the global coronavirus pandemic, hitting $4.24 million per incident on average.
In this article, we will take a look at the most common types of payment fraud, and what are some of the measures that your company can take in order to protect itself and your customers from fraudulent transactions.
Card-present vs. card-not-present-transactions
Before we deep dive into online payment fraud, it is important to keep in mind that fraudsters do not always use the same techniques and methods to initiate malicious activities with credit cards.
Because Card-present and Card-not-present transactions display distinctive characteristics and vulnerabilities, hackers will use different ways to get to your customer's data depending on the type of transactions that you are making.
Card-present transactions generally make reference to payments during which the card is present at the time of the purchase, such as in-store purchases.
While many people associate fraud with digital payments, card-present transactions also display vulnerabilities that allow criminals to get use of their data.
Card-not-present transactions make reference to those transactions in which the cardholder does not present the card physically for a merchant's visual examination at the time when the payment is effected.
And although CNP payments can happen by Mail Order / Telephone Order or even fax, they are usually associated with payments made over the Internet.
What is payment fraud?
Payment fraud is a type of fraud in which someone steals the payment information of another person, and uses it to make transactions or purchases that haven’t been authorized by the cardholder. According to European Payment Fraud Statistics, more than 79% of the cases happen in Card-not-present payments.
According to MerchantSavvy, payment fraud has tripled from $9.84 Billion in 2011 to $32.39 in 2020, with projections to reach $40.62 billion in 2027 - 25% higher than in 2020.
As we just mentioned, digital payments are classified as card-not-present transactions, and they are a huge target for cyber criminals because it is more difficult for merchants to verify that it is the actual cardholder who is making the purchase.
Types of payment fraud: European Payment Fraud Statistics chart.
Having said all this, let’s take a look at some of the most common types of payment fraud that companies are facing, and what you can do as a merchant in order to mitigate it or reduce it effectively:
Types of payment fraud
1. Friendly fraud
First on our list of types of payment fraud is the so-called Friendly Fraud, which is ironically anything but friendly. It happens when a customer makes an online purchase with their own credit card, but then contacts the credit card issuer and initiates a chargeback.
In these situations, customers will contact the credit card issuer claiming that the item wasn’t delivered or it was returned but they didn’t receive a refund. In some cases, they might even claim that they don’t remember making a purchase, and their credit card has in fact been compromised.
Of course, not all chargebacks are fraudulent - many times these claims might actually be true. However, Friendly Fraud has been a popular method for fraudulent activities in the last few years, and it not only causes direct loss to merchants, but may also get them penalized by card issuers.
So, what can you do to mitigate this risk?
As a merchant, one way in which you can prevent or mitigate the risk of Friendly Fraud is to make the customer sign a proof of delivery when receiving the product. By doing this, you can solve a couple of potential issues:
• Undelivered item - with this document, you will have proof that the product was actually delivered to the customer as he received it personally.
Don’t remember the purchase - if the customer truly didn’t want the purchase or don’t remember making it, the shipping company will simply not deliver it and will return it back to the merchant. This will avoid a possible fraudulent chargeback and you will simply have to refund the product.
One of the most common types of payment fraud is called Triangulation. The name of this method implies that there are three participants in the transaction: the unsuspecting customer, the online store, and the stolen data.
The Triangulation fraud typically happens in the following way:
• The legitimate customer purchases a product on a third-party marketplace seller, which also happens to be the fraudster.
• Then, the fraudster places the order on a genuine retailer (for example, Amazon or eBay) for the same product that the customer actually ordered.
• However, in order to complete the payment, the illegitimate third-party seller (the fraudster) pays for the transaction with stolen payment information. It is usually a credit card that was purchased on the dark web.
• The genuine seller processes the order and sends the product to the customer’s shipping address that he provided during checkout.
• The customer receives the item that they ordered, but the merchant (the authentic retailer) processed a fraudulent transaction
Among all types of payment frauds, this one is particularly dangerous because the customer may never realise that something isn’t going the way it should. Since they actually received the product that they ordered, nothing seems out of the ordinary, and they might even leave a positive review for the fraudster, boosting his rankings.
How can merchants and online sellers deal with the possible negative outcomes of Triangulation fraud? The best solution is to use a PCI-DSS compliant Payment Gateway to avoid different types of payment fraud.
3. Clean fraud
Speaking about types of payment fraud, the next one on our list is the so-called Clean fraud. It refers to fraudulent transactions that appear to be legitimate, and it can be a huge problem for merchants since the transaction is not always blocked or flagged up.
What’s distinctive about this type of payment fraud is that thieves actually use real data to commit their cybercrimes, impersonating the original cardholder.
While Friendly Fraud hides behind fake identities or stolen data, hackers that go for Clean Fraud usually have a great deal of knowledge about the cardholders and their credit card details.
So, they use real customer data to fool the systems into thinking that the hacker is the actual cardholder.
Image source: Pinterest.com. Types of payment fraud and how to mitigate it.
In this type of fraud, the criminal has been able to steal all the necessary real data, and uses it to make a purchase that looks legitimate.
4. Phishing attacks
Next on our list of types of payment frauds are phishing attacks. A phishing attack is commonly referred to as the practice of sending fraudulent communications to potential victims.
Their purpose is to trick the recipients into thinking that the message is coming from a reputable source, and lure them into giving away their private information. Most commonly, fraudsters will ask for the user’s credit card and/or bank account details, as well as other personal data such as name or address.
[According to research](https://www.tessian.com/blog/phishing-statistics-2020/#:~:text=Symantec research suggests that throughout,as the primary infection vector.), one in every 4,200 emails is a phishing email.
Some of the most common phishing scams include:
4.1 Email phishing
Statistics show that more than 96% of phishing attacks happen via email. This method typically involves the practice of “spray and pray” in which fraudsters will impersonate a legitimate organisation or identity, and then send mass emails to as many addresses as possible.
Phishing emails often entail a threat or a sense of urgency, informing the recipient that they need to make an urgent payment or their account has been compromised. The purpose is to encourage them to take action as soon as possible.
Once the victim clicks on the malicious link and fills out the data requested from them, it has fallen directly into the hands of the fraudster.
4.2 Spear phishing
As opposed to email phishing, this one of the types of payment fraud uses the “spray and pray” method to send mass emails to thousands of recipients, spear phishing takes on a more personalised approach. This means that hackers will send malicious emails to specific individuals within a company.
These emails are built in a more personalised way to convince the victim that they are a legitimate individual or organisation.
Image source: reliancebank.como.au. Types of payment fraud: phishing.
This method is very similar to phishing. However, instead of targeting regular employees within an organisation, hackers go directly for high-level executives such as CEO, CTO or CFO, or individuals in senior positions. In other words, what we would consider “the big fish” in slang - hence the term whaling.
Again, these emails tend to transmit urgency so that individuals feel compelled to take an immediate action.
Among the popular types of payment fraud is smishing, which is practically a phishing attack that uses text message instead of email communication
However, it works on the same principle, sending mass text messages that appear to be sent from a reliable source or a trusted organisation. Instead, they contain malicious links designed to steal people’s personal and payment data.
Another alternative to phishing is vishing, which uses phone calls to execute the fraud. This method is usually disguised as an automated voice message from a legitimate organisation claiming that you have a debt that you need to pay right away.
For example, they may say that your insurance has expired, or that there is a suspicious activity on your bank account that needs to be handled immediately. The ultimate goal is to obtain the payment information of the victim.
5. Wire transfer scams
Our list of types of payment fraud continue with wire transfer scams, which have been increasingly growing in popularity over the last few years.
A wire transfer scam, also known as wire fraud, is when a fraudster poses as a trusted source (a vendor, family member or company), and requests an immediate wire transfer of funds to their account. Scammers will usually try to create a sense of urgency or manipulate victims.
According to TexasAttorneyGeneral, here are some of the red flags to look out for when evaluating a possible wire transfer scam:
• You are unexpectedly asked to wire money out of the blue;
• You are sent a (fake) check, and you are expected to cash it out;
• The person who is contacting you is asking for a confirmation code;
You received a message asking you to wire money to another country.
6. Merchant identity fraud
One of the types of payment frauds that affect merchants the most is merchant identity fraud. It involves scammers setting up a merchant account presenting themselves as a legitimate business, and then charging stolen credit or debit cards.
There are three types of merchant identity fraud:
• Bust out fraud - in this scheme, a merchant sets up a merchant account without the intention of operating as a legitimate business. This account is then used to process fraudulent transactions.
• Identity swap - identity swap refers to the cases in which a merchant uses a fake or stolen identity in order to secure a merchant account. This often happens when the fraudster is prohibited from opening an account on their own.
Transaction laundering - this happens when an unknown company uses the payment credentials of an approved merchant to process payments that the acquirer is not aware of.
How can merchants mitigate payment fraud?
Although it's difficult to completely eliminate payment fraud, there are various security measures that you can undertake as a merchant to reduce threats and breaches. Here are some of them:
• Constantly run security checks with antivirus software, and install the necessary firewalls to protect against network penetration;
• Partner with a verified Payment Gateway provider such as MYMOID which operates in a safe PCI-DSS compliant environment to ensure that payments are handled and processed on the highest level of security.
• Require strong passwords from your customers, and whenever possible, encourage them to purchase by logging in their customer account.
• And last but not least, do not forget to always maintain awareness of the latest fraud trends - as we already mentioned, cybercriminals are evolving and perfecting their techniques all the time!
Need more information?
MYMOID is a digital payment solutions provider specialized in ensuring secure and flexible payments for companies across all industries. If you need more information, do not hesitate to get in touch with one of our professionals.
Stay updated with the latest news, tricks and tips for MYMOID
What are the benefits of IVR Payment Processing for your call center, and why do you need a PCI compliant IVR solution for your business?
5 reasons to explore the online world, and enable digital payments for your customers.
Know about the different status orders as defined by MYMOID for our Payment Gateway users.
Pioonering digital payments since 2012. Trusted by +5.000 companies, startups and retail stores.