By the end of 2023, ecommerce businesses around the world will have lost almost $50 billion to payment fraud – and it’s growing. By 2024, card-not-present (CNP) fraud alone – which accounted for $8.75 billion in payment fraud losses in 2022 – is projected to hit $10.16 billion.
It begs the question…what can you do to protect your business against online payment fraud of all shapes and sizes? And safeguard you, and your customers, from the devastating financial, reputational, and operational losses fraud can cause?
Fraud detection and prevention are excellent places to start. In this guide, we’re discussing everything you, as a merchant, need to know about how to detect online fraud transactions.
In a payments context, fraud detection is the practice of identifying and flagging suspicious transactions or activities as they’re happening – and, sometimes, after they’ve occurred.
Fraud detection relies on a range of strategies – including machine learning, pattern recognition, and data analysis – to separate the legitimate transactions from the fraudulent ones. And, with the rise of AI (Artificial Intelligence), fraud detection systems are becoming even smarter and more scalable.
Payment fraud detection setups also rely on risk rules: sets of triggers and conditions that, when met by a transaction, suggest fraud. These ‘rules’ could involve:
Fraud prevention is the set of strategies involved in stopping fraudulent transactions – before they have a chance to negatively impact your business.
Fraud prevention is like the proactive yin to the reactive yang of fraud detection. While fraud detection is focused on flagging and stopping fraud as it’s happening, fraud prevention’s focus is on stopping fraud before it happens. It’s about putting the processes and practices into place to minimize your fraud risk – and provide a first line of defense against the fraudsters.
Let’s say, for example, that your business is a medieval castle, and the fraudsters are the roving bands of invaders looking to break in and pillage your gold. Fraud prevention is the big wall you build around your castle, and the giant crocodile-filled moat beyond. It’s a good way of making it hard for the enemy – but not of stopping them completely.
In addition to this, you line the top of that wall with lookouts and soldiers. When an invader does manage to swim through the moat and scale the wall, you’re waiting for them – in real time – to stop them in their tracks. This part is analogous to fraud detection – your way of staying alert to the incoming danger, and eliminating as it’s happening.
Some examples of fraud prevention include:
First and foremost, fraud detection and prevention are important because they safeguard your business from the revenue and reputational risks of fraud.
Take chargeback fraud (which we’ll explain below) as an example. When an illegitimate chargeback is raised against your business – and the subsequent credit card dispute is ruled in favor of the fraudster – you’ll have to refund them. Meaning you won’t only lose that revenue, but the cost of delivering the product or service (plus a chargeback fee for good measure).
If you aren’t working to prevent and detect chargebacks and other forms of fraud, your business will bleed money – and, without doing anything to stop them, you may find the same fraudsters targeting your business over and over again. Worse still, excessive chargebacks could result in you facing scrutiny from card schemes (such as Visa and Mastercard), receiving fines, and even having your payment service provider cut ties with you.
Of course, it’s not just your business that fraud detection and prevention are there to help. It’s your customers, too. By safeguarding their transactions with your business, you’re showing them you value their custom and privacy online; demonstrating your commitment to the security of their payment, rather than merely paying lip service to it.
Finally, fraud and detection are important because credit and debit payments rely, ultimately, on trust. Without that – without a safe, stable digital space for people to pay online, or with their phones – the whole system would crumble. (And so would the ability to accept many of the world’s most popular ways to pay!)
Payment fraud happens when cybercriminals get their hands on stolen credit and debit card details. They do this through a variety of means, including:
How payment fraud looks and happens depends on which details the fraudster has access to – and their commitment to the scam. Synthetic identity fraudsters, for instance (which you can read more about below) use stolen details to defraud banks and credit providers over a long timeframe – often years. While other fraudsters are content to steal what they can, while they can: acting quickly before the real cardholder reports their card as lost or stolen.
In the popular imagination, payment fraud has a very narrow scope. It happens when a thief steals someone’s wallet (perhaps in a mugging), then uses it to buy goods and services.
This stereotype says that it’s the legitimate cardholder who suffers most – but it’s another misconception. Because in many instances of payment fraud, it’s actually the businesses that bear the brunt of the worst consequences – so it’s wise to know what you’re up against.
With that in mind, here’s a whistle-stop tour of the diverse forms of payment fraud out there.
Friendly fraud is when a customer, after purchasing from your business, raises a chargeback – without realizing that their reason for doing so is incorrect.
Like friendly fraud, chargeback fraud involves a customer raising a dispute after making – and receiving – a legitimate purchase from your business. However, this customer is doing so with fraudulent intent, with the intent of claiming a refund – at your expense.
To explore the nuances of the differences between chargeback fraud and friendly fraud, our dedicated article will help.
BNPL fraud encompasses any fraudulent activity that exploits BNPL platforms to steal money or data. It can be as simple as a user refusing to pay their debt, or as complicated as a BNPL “trojan horse scam” – in which a fraudster uses fake credentials to create a BNPL account and place an order, before switching their payment method to a stolen card.
Account takeover fraud happens when a fraudster hijacks a legitimate person’s account – it could be a bank account, an email account, an online shopping account, or a social media profile – with identity theft or financial gain in mind.
Card-not-present fraud is when a fraudulent transaction takes place without the payment card being physically present.
CNP fraud is prevalent in ecommerce and mail order/telephone order (MOTO) payments.
Card testing fraud happens when fraudsters – having obtained batches of stolen credit and debit card details – test these cards out with low-value transactions (of, say, $1). If the card works, the fraudsters will quickly progress to high-value purchases, and go from there.
Synthetic identity fraud is when a fraudster steals aspects of a legitimate person’s identity – often their Social Security Number (SSN) – and combines them with falsified details to create a new, ‘synthetic’ identity.
Over time (often months and years) the fraudster builds up a credit history around these details, before eventually maxing out as many loans as possible and disappearing.
Implementing strong, sustainable fraud detection and prevention strategies has a raft of draw cards for your business and customer base.
We’ve already covered, above, the financial and reputational benefits fraud detection can offer your business. But a solid fraud prevention strategy also helps your business:
Now you know what fraud detection is, why it’s so important, and what types of fraud you’ll be up against. So how do you stop the array of dark, dynamic fraud types in 2023 – and implement an effective payment fraud prevention strategy for your business?
Fraud transaction monitoring is a fraud detection strategy that involves real-time analysis of your transactions as they happen.
It involves looking for suspicious statistical outliers in your payment data, and – by comparing them with data from transactions known to be fraudulent – evaluating whether they’re fraud. These ‘outliers’ could be a number of things – from one customer’s sudden increase in transaction volume to an abrupt change in where another is making payments from.
Head to our guide to fraud analytics for a closer look at the analytical tools and techniques involved in fraud transaction monitoring.
Remember card testing fraud? Where fraudsters make small-value purchases to ‘test’ whether stolen cards are still valid? Well, velocity checks are an excellent way of preventing it.
Velocity checks keep tabs on the rate at which someone is trying to make multiple purchases from your site. Two or three purchases in 15 minutes is probably nothing to worry about (the customer probably just loves your merchandise!), but 10 attempted purchases in the same time period is suspicious – and could indicate card testing fraud.
With velocity rules, you can automatically trigger actions (such as requesting more information from the cardholder, or blocking a payment outright) based on a specific transaction frequency threshold. (This could be daily, weekly, or monthly.)
Custom velocity rules, however – which are available through Checkout.com’s Fraud Detection Pro solution – let you take it one step further. Custom velocity rules enable you to combine different conditions to create specific triggers – and better hone in on fraud patterns.
Some examples of custom rules could include:
To learn more about custom velocity rules, head to our documentation on understanding fraud prevention.
To understand the threats your business faces, you first need to understand your business’s risk profile. This is a detailed assessment and description of the specific risks and vulnerabilities your payment processing activities face when it comes to fraud.
A risk profile lists out the potential fraud threats and weaknesses your business faces, as well as the measures you can – and will – take to mitigate them.
Your risk profile should also include an analysis of your business’s:
A solid fraud risk profile will lay the foundations for a tailored fraud prevention strategy that aligns with your specific risks and objectives. It’ll help you prioritize your fraud detection efforts, allocate resources to the right places, and protect you – and your customers – from payment fraud.
Machine learning in fraud detection analyzes reams of data about your historical transactions.
Its algorithms study the differences between actual fraud, assumed fraud, and genuine purchases to identify patterns, then use these to spot fraud going forward. They flag any suspicious-looking transactions for manual review, and a human analyst looks into them.
These algorithms do the work it would take hundreds, even thousands, of human analysts to do – and, unlike their flesh-and-blood counterparts, they don’t need to eat, sleep, or draw a salary. Through this lens, machine learning is an affordable, scalable, and speedy fraud detection solution – and can help you reduce instances of false positives and false negatives.
AML (Anti-Money Laundering) monitoring involves assessing transfers, withdrawals, and deposits for suspicious patterns – and for any red flags that could signal criminal activity.
AML is closely tied to KYC (Know Your Customer), a set of legal requirements which requires merchants (especially ones that operate in high-risk industries, such as gambling, cryptocurrency, or certain areas of ecommerce) to do due diligence on their customer.
Fraud detection tools and strategies – such as machine learning and risk-based rules – can help your business meet its AML monitoring requirements. By analyzing data from every deposit, transaction, or withdrawal – and by checking this activity for behavior atypical of the customer, or that could indicate financial crime – you can fulfill your AML obligations.
As a merchant accepting credit and debit card payments, part of your responsibility to your customers is helping teach them what fraud looks like, and how they can avoid falling prey to scammers. This could include providing them with guidance on how to:
Of course, you also need to provide comprehensive anti-fraud education for your employees – particularly if they’re responsible for handling cardholder data. That includes being able to spot fraudulent patterns, understand the different types of payment fraud, and know exactly which incident response processes to follow should fraud occur.
To get started, explore Checkout.com’s list of the top 10 fraud rules your business needs to know about in 2023 – and share it with your employees.
There’s no ‘one size fits all’ approach to detecting and preventing online payment fraud.
Fraud takes many forms – from relatively straightforward card-not-present and card testing fraud to the longer, more elaborate endeavors of synthetic identity fraudsters. Payment fraud can be opportunistic and random; it can be calculated and coordinated.
Which means your business can’t afford to rely on one fraud prevention strategy alone – but a comprehensive toolkit that adapts to the shifting sands of the payment fraud environment.
Here’s where Checkout.com can help. Our Fraud Detection Pro solution is fully customizable to your business’s risk profile – and malleable to the specific needs of your industry and payments strategy. From machine learning and flexible risk rules to powerful reporting and testing capabilities, we equip you with all the technology you need to safeguard your transactions.
So get in touch with our team today to find out more. Or head to our website to explore the ins and outs of Checkout.com’s Fraud Detection Pro – and how its robust suite of anti-fraud capabilities can mitigate fraud’s impact on your business.