The growth of online sales has been on an upward trend in recent years, especially influenced by the pandemic, which has come with payment fraud.
The volume of news articles and posts by specialists in the field related to payment fraud attempts, trends and scams are evidence of the constant battle faced by developers working on payment fraud detection technology. In fact, knowing how to prevent fraud has arguably become one of the most important aspects of managing an online business.
This year is predicted to see record losses across a variety of payment methods, following on from 2022, which also saw record highs. According to Statista, bank transfer payments were the primary source of fraudulent payments last year, with the total volume of losses in this category in the United States reaching almost $1.6 billion dollars. Cryptocurrency was also affected by massive losses, totaling over $1.4 billion.
Losses linked to wire transfer fraud were considerably lower at $311 million, with credit cards, gift or reload cards and cash or cash advance fraud losses all totaling well over $200 million each. Debit card fraud was also close, at a total of $196 million total losses, while check fraud losses totaled $178 million, and payment app fraud totaled $163 million.
These massive numbers point to an upward trend in global losses linked to payment fraud over the last three years. In 2020, the total worldwide losses the eCommerce sector incurred from payment fraud amounted to $17.5 billion, which rose to $20 billion in 2021. We then saw a massive jump to $40 billion total losses in 2022, with the global total of online payment fraud losses for 2023 projected to reach a staggering $48 billion.
So, what is the cause of this massive increase in online payment fraud? Let’s find out.
Socio-economic-tech context is fueling the increase in fraud
There are multiple factors contributing to the rise of online payment fraud. –
Access to AI (Artificial Intelligence) technology
First among the online fraud drivers are the innovations in AI technology which have provided fraudsters with automated tools to help them run more scams with less effort. The tools for these activities have also become significantly cheaper and more accessible, encouraging less sophisticated criminals to try their luck.
Recession and inflation
These are challenging times for a lot of people, and such economic conditions usually create or encourage opportunistic actors who are more willing to make fake payments due to their current struggles — desperate times call for desperate measures. This ties in with the technology to commit fraud being much cheaper and a lot more accessible than ever before.
Friendly fraud is the interesting name given to the act of a customer purchasing an item online using their own credit card and information, and then disputing the charge with their bank. When this is done without a legitimate reason, it is better described as cyber-shoplifting because the customer has received the item in satisfactory condition, but opens a chargeback anyway, to get their money back, as well as keeps the item.
Aside from the intentional chargeback fraud , there are other reasons for a cardholder to dispute a charge, hence why the term ‘friendly fraud’ has become popular as a catch-all term.
Such genuine reasons for friendly fraud include confusion, where a customer legitimately does not recognize the charge and thus disputes it. Another would be when a child steals their parent’s credit card and makes a purchase, and then the parent subsequently disputes the charge. There could also be scenarios where customers are genuinely dissatisfied with their purchase and immediately open a chargeback, although the proper course of action would be to contact the merchant and hash it out with them through a refund or exchange process.
Even in cases of genuine confusion, it is difficult for many merchants to challenge all the chargebacks they receive due to the complicated process involved. Many businesses simply write them off as an expected loss.
Types of payment fraud merchants and shoppers are exposed to
Both online sellers and their customers are at risk from fraud, so let’s quickly run through the types of payment fraud that are most common in 2023.
Account takeover (ATO) fraud
ATO fraud is when a fraudster logs into someone’s account to steal sensitive personal information or gain access to funds and/or payment cards registered in the respective account. The perpetrators can further impersonate the account owner, to gain more access or financial benefits, or defraud the people in the account holder’s contacts. Common ways scammers try to get access to your accounts with sensitive payment information -is achieved by gaining access to your credentials, typically through social engineering, data breaches and phishing attacks. Account takeover is a long-term scam, as the interest of the malevolent party is to conceal the fact that credentials and account information was accessed by them.
In the eCommerce space, ATO fraud is increasingly common on buy-now-pay-later (BNPL) platforms. Scammers look for data breaches and employ bots to try the leaked credentials-on users’ BNPL accounts, or brute-force their way into accounts.
Increase in friendly fraud
We covered the increasing amounts of friendly fraud in greater detail above. It comes down to the recession and rising inflation causing more shoppers to request chargebacks. Friendly fraud has been on the rise since last year, with 40% of e-merchants reporting they’re seeing this type of fraud having increased in incidence.
Fraudsters stealing someone’s identity to make fraudulent payments is one of the oldest online crimes around, and it continues to be a significant issue in 2023. The real change is how the criminals gain the information they want.
Social engineering attacks involve a fraudster impersonating an authority figure or trusted entity to trick people into willingly offering up their personal information. Such attacks are on the rise especially thanks to easily accessible software for building deep fake profiles.
Alternative payment methods (APM) fraud
This year is also experiencing an increase in fraudsters using social engineering to contact individuals to get them to make instant, irrevocable payments via APM technology and peer-to-peer (P2P) scams. This is in part due to the increasing security on credit cards — more on those below — and the growing demand for such alternative payment systems among consumers. Digital wallets, for example, were reported as the payment method for 49% of eCommerce transactions in 2021, and their increased adoption, leading to an uptick in fraudulent attempts. Digital wallet fraud may even be more “efficient” for fraudsters than credit card fraud given that all the hackers need is the digital copy of card information, without needing the physical card itself, or to simply gain access to the account credentials.
Counterfeit card fraud and card ID theft
Also a form of identity theft, counterfeit credit card fraud involves the unauthorized use of another person’s credit card information to either charge purchases to the account or straight-up remove funds from it.
Triangular fraud involves an innocent customer making a genuine purchase via what they believe to be a legitimate third-party marketplace. But then the third-party fraudulently buys the product from a different retailer’s website and sends it to the customer. Triangular, also known as triangulation fraud, involves multiple parties and is the type of process where the merchant suffers while the customer placing a good-faith order is oblivious to the scam going on in the backend.
Business email compromise (BEC) scams
A BEC scam is when fraudsters impersonate a legitimate merchant and request wire transfers from their business customers. It is a form of phishing attack targeting B2Bs, where the scammers trick a senior employee or executive with budget control into revealing sensitive information or directly transferring funds.
Increase in false positives from anti-fraud tools
While not an act of fraud in itself, false positives are a major challenge that merchants have to overcome. When anti-fraud tools wrongly flag a legitimate payment as potential fraud, this leads to losses by stopping the payment and even freezing the account of the customer.
Tools to reinforce your security in the face of fraud
The solution for businesses to combat payment fraud is multi-pronged. You can implement identity behavior analysis, which will, in most cases, involve automation and machine learning — even though it can, at least in theory, be done manually. An optimal approach would be to use both complex algorithms and a human layer, to cover all scenarios. Algorithms are capable of spotting patterns that humans would miss, and behavioral analysis can spot anomalies both on an individual level and across an organization. Aside from being used to detect fraudulent activity from cybercriminals, behavioral analysis can also be used to detect fraud and unusual behavior by staff teams.
Among the currently most widely employed fraud detection tools, those revolving around card verification services and identity validation services were the most widespread in 2022.
To offer a bit more insight into the top 3 most commonly used solutions, under Credi card verification services, the two options preferred by merchants to both deter and detect fraud are CVV (Card Verification Value — a 3 or 4 digit code printed on each branded credit/debit card) and AVS (Address Verification Service — the card company/issuing bank checks the billing address provided during the shopping process against the billing address provided in its records and reports back to the merchant/processor, who gets to decide whether or not to process the transaction).
The second most utilized fraud detection method involves KYC (Know Your Customer) and revolves around identifying (gather and log user data), verifying (confirming the validity of the data) and authenticating the customer against the logged data (ensure the verified data is consistent every time the user reappears).
Two-Factor authentication, 3D secure authentication, Biometric authentication can all be bundled under having an extra layer of security to verify your identity, by having access to a passcode, a device or even a fingerprint, to gain access to services or payment tools. Having this type of authentication in place can significantly lower your fraud ratio and can help avoid friendly fraud completely.
While speedy transactions are convenient for customers, it is always wise to have some sensible friction within your payment flows. You can then ensure the journey is smooth enough for shoppers while authenticating the identity of the payer before the transaction is fully authorized.
Finally, you can significantly reduce the risk of fraud by implementing CAPTCHAs , along with customer authentication processes. It can also be worthwhile to make efforts to educate customers about the risk posed to them by the relevant scams described above.
The numbers involved in the recent rise of fraud may be somewhat alarming, but merchants and business owners need not panic. A good education on the current risks posed will inform you as to what dangers your own business faces, plus there are plenty of protections for both you and your customers.
There will also be help from expert payment providers who should have anti-fraud tools included as part of their services, and merchants can leverage these tools for their own businesses.