Digital payments are evolving, but so are cyber criminals. According to the Data Breach Index, more than 5 million records are being stolen on a daily basis, a concerning statistic that shows that fraud is still very common both for Card-Present and Card-not-Present payments. In this post, we will talk about online payment fraud and some of the measures that your company can undertake in order to protect itself from fraudulent transactions.
Card-present vs. Card-not-present transactions
Before we deep dive into online payment fraud, it is important to keep in mind that fraudsters do not always use the same techniques and methods to initiate malicious activities with credit cards. Because Card-present and Card-not-present transactions display distinctive characteristics and vulnerabilities, hackers will use different ways to get to your customer’s data depending on the type of transactions.
Card-present transactions generally make reference to payments during which the card is present at the time of the purchase, such as in-store purchases. While many people associate fraud with digital payments, card-present transactions also display vulnerabilities that allow criminals to get use of their data.
Card-not-present transactions make reference to those transactions in which the cardholder does not present the card physically for a merchant’s visual examination at the time when the payment is effected. And although CNP payments can happen by Mail Order / Telephone Order or even fax, they are usually associated with payments made over the Internet.
Online Payment Fraud – what is it?
As we just mentioned, digital payments are classified as card-not-present transactions, and they are a huge target for cyber criminals because it is more difficult for merchants to verify that it is the actual cardholder who is making the purchase.
For this reason, online payment fraud has become one of the most common types of fraud in the USA and around the world – in fact, the European Central Bank estimates that more than 60% of the card fraud is associated with CNP transactions.
Here are some of the most common ways that fraudsters use to trick merchants and consumers:
This type of fraud, which is anything but friendly, happens when a customer makes a digital purchase with their own credit card, and then contacts their credit card issuer to dispute the charge.
In these situations, customers will contact the credit card issuer claiming that the item wasn’t delivered, the item was returned but they didn’t receive a refund, or they don’t remember making the purchase and their credit card has been compromised.
Of course, not all chargebacks are fraudulent – many times these claims might actually be true. However, Friendly Fraud has been a popular method for fraudulent activities in the last few years, and it not only causes direct loss to merchants, but also gets them penalized by card issuers.
The Triangulation fraud method implies that there are three participants in the purchase of an order: the unsuspecting customer, the fake online store, and the stolen data. In this case, once the customer has made a purchase (the items in this type of stores are usually high-priced goods at bargain prices), the fake merchant immediately steals his card details.
The main purpose of this fraudster is to gather data and cancel the payment once he has gotten his hands on the customer’s credit card details.
What makes clean fraud so difficult to detect and prevent is that the fraudsters actually use real data to commit cybercrimes. While Friendly Fraud hides behind fake identities or stolen data, hackers that go for clean fraud usually have a great deal of knowledge about the cardholders and their credit card details, and they use real customer data to fool the systems.
In this type of fraud, the criminal has been able to steal all the necessary real data, and uses it to make a purchase that looks legitimate.
Another type of online payment fraud that can be quite common is identity theft. In this type of fraud, the imposter obtains key details of personally identifiable information, and uses them for fraudulent purchases on the Internet (or elsewhere).
This type of fraud often happens when cybercriminals penetrate firewalls through old security systems, that’s why it’s really important that merchants keep their network security systems always updated.
How can merchants mitigate fraud?
Although it’s difficult to completely eliminate online payment fraud, there are various security measures that you can undertake as a merchant to reduce threats and breaches. Here are some of them:
- Constantly run security checks with antivirus software, and install the necessary firewalls to protect against network penetration;
- Partner with a verified Payment Gateway provider such as MYMOID which operates in a safe PCI-DSS compliant environment to ensure that payments are handled and processed on the highest level of security.
- Require strong passwords from your customers, and whenever possible, encourage them to purchase by logging in their customer account.
- And last but not least, do not forget to always maintain awareness of the latest fraud trends – as we already mentioned, cybercriminals are evolving and perfecting their techniques all the time!
Need more information?
MYMOID is a digital payment solutions provider specialized in ensuring secure and flexible payments for companies across all industries. If you need more information, do not hesitate to get in touch with one of our professionals.