The most common forms of online payment fraud and how merchants can combat them
By Pavels Smirnovs
Online shopping has grown dramatically in popularity and reach over the past decade, with the events of 2020 forcing ever more consumers online and changing shoppers’ retail habits forever. Unfortunately, along with the rise of e-commerce, the number of reported online scams has increased.
In the UK, consumer magazine Who found that online fraud soared between April 2020 and March 2021, with more than 400,000 reports to the UK Cybercrime Reporting Centre, a 33% increase from compared to the previous year. Meanwhile, in the Netherlands, nearly 2.5 million people were successfully targeted by scammers in 2021.
The figures for these two countries in the sample are undoubtedly problematic. Yet they represent a drop in the ocean of the total volume of online fraud occurring globally, which is estimated to have reached US$20 billion worldwide.
So how can merchants protect their customers from online fraud while ensuring they don’t fall prey to scammers? Let’s look at the most common fraud techniques used by cybercriminals and how to prevent them from happening.
Identity theft is as old as the internet itself. This type of fraud takes many forms, but from an e-commerce perspective the practice typically involves a criminal opening a credit card in someone’s name without their knowledge or stealing details of an existing card and uses it to make online purchases.
How to avoid it
For consumers, identity theft is often initiated using phishing scams. Fraudsters will do their utmost to redirect buyers to convincing fake versions of official payment pages, where victims will mistakenly enter their card details and then have them stolen.
Merchants can help combat this type of fraud by reminding customers to check for trust seals and suspicious URLs and by using modern payment methods with more sophisticated authentication in place. For example, 3D Secure (3DS) requires buyers to perform an additional verification step during checkout to prove that they are the rightful owner of the payment method they are using – typically an account password or code texted to their phone.
Another way to secure payments is to use an Open Banking solution to accept payments, which authenticates payments through the user’s banking app. Open Banking payments require less friction during the authentication process, as they are often approved using fingerprint or Face-ID sensors, adding security without ruining the conversion.
Payment interception is more commonly referred to as “man in the middle fraud”. Payment interception can take many forms, including impersonating a company representative and sending customers to fake payment pages, or more sophisticated forms of hacking that literally intercept cardholder data when transmitted during the payment process.
How to avoid it
The interception of payment data is covered by a standard known as PCI DSS, which stands for Payment Card Industry Data Security Standard. PCI DSS is a set of requirements that merchants must meet to prove that they store and secure customer payment data securely.
The standards cover the processing and transmission stage of the payment process and require that all data be encrypted while in transit. The easiest way for merchants to meet the standards is to partner with a reputable payment provider who will host their payment pages securely and handle the technical aspects of the regulations.
Refund fraud is also known as “chargeback” or even “friendly fraud”. This type of scam involves buying goods or services online, pretending they were unaware of the purchase, and then starting a fake dispute process to get the money back (while retaining the goods or using the service they have purchased).
This type of scam is a major concern for card issuers and merchants because it is widespread, with merchants having to absorb the costs of losing goods whose sales have been refunded.
How to avoid it
Transparent refund policies and accurate product and shipping descriptions can all help mitigate true chargebacks. However, merchants might again consider implementing Open Banking at checkout to combat scammers.
As mentioned earlier, Open Banking uses account-to-account transfers to pay for goods and services. Not only are the transactions fast and secure, but they also do not involve card network intermediaries. Therefore, no chargeback process is available, although legitimate customers still enjoy the usual consumer rights and protections.
A final word on anti-fraud systems
Eliminating fraud shouldn’t rely solely on strengthening checkout security. The best payment gateways and their platforms have sophisticated fraud mitigation systems that aim to assess risk and ward off the bulk of attacks from scammers without merchants or legitimate buyers ever being aware of. their operation.
AI and machine learning are used to analyze transaction data in real time, allowing fraud systems to spot patterns and identify scammers. Fraud filters can be configured individually for each merchant based on their industry or geographic location, with transactions noted and flagged if they appear suspicious. When properly implemented, risk control and anti-fraud systems should not impact checkout conversion.
Digital payment is the future
Despite all the accounts of fraud, phishing, and chargebacks, e-commerce and digital payments are undoubtedly the future of retail. Fraudsters will always be present, whether in the online or offline world, so abandoning virtual transactions is not a viable solution.
The most effective tool to fight fraudsters in 2022 and beyond is to educate yourself on common attack methods. Additionally, choose a reputable payment provider that offers the latest payment methods, such as Open Banking, while adhering to the protocols defined by the Payment Card Industry Data Security Standard.
About the Author
Pavels Smirnovs is the head of the fraud risk division of ECOMPAY. As an expert in payment solutions and technologies, Pavels is in charge of detecting, investigating and preventing various acts of consumer fraud. His passion is security, IT and data.