Skip to main content

Combating fraud at every point of the payments journey


For ecommerce merchants that view payment optimization as the potential for competitive advantage, protecting against fraud while simultaneously ensuring a frictionless customer experience is key. Get other parts of your payment strategy right, but ignore the impact of fraud, and any wins will be diluted. Likewise, ignore the customer experience and you will find yourself losing legitimate customers alongside the criminals.

The implications of not creating a thorough and data based fraud strategy are many and varied: refunds will hit the bottom line; customers who find their genuine payments rejected will shop elsewhere; while others will find it easier to pass off legitimate transactions as fraudulent, adding yet more burden to the retailer’s ability to dispute claims.

What’s more, payment fraud is on the rise. So, there is no surprise then that, in a recent survey fighting payment fraud has become the number one priority for merchants.

So, how can businesses keep fraud at bay in a way that will allow legitimate customers through and keep fraudulent customers out? The key is to understand that fraud happens at multiple points of a payments journey and by combating the right kind of fraud at the right time, you can achieve the right balance.

Here we look at the payment journey and all the different points in the transaction that fraud can occur and what you should do to protect against it.

Beginning of transaction

Regulation of the crypto industry was a big topic at the conference and a key point of debate. And while some still believe regulation conflicts with crypto's ideals, most that spoke at the event said regulation is inevitable and necessary to guide crypto on its journey towards mainstream adoption.

Merchants have a range of tools they can use to fight back against fraud. They will need them all, because fraud is not just multi-faceted, but also inter-dependent. In other words, merchants face a range of attack vectors concurrently, with different types of fraud feeding off each other. So they need a holistic approach involving a broad suite of solutions. 

Before the transaction has been authorized, here are the ways you can protect against fraud:


  • VerificationThe latest 3D Secure protocol (3DS2) makes it even harder for fraudsters to claim they are someone they are not. It requires shoppers to authenticate themselves using two out of three elements, which includes biometric data such as a fingerprint, iris scan, or facial or voice recognition. 3DS2 also shifts the liability for fraud from the merchant to the card issuer, that is better resourced and more experienced (and now motivated) to perform payer verification. Other verification measures include Address Verification Service (AVS), where a card user has to supply their full billing address; Card Verification Value (CVV), which requires the payer to be in possession of the card; and device verification, which diagnoses if the device being used to make the payment is the same as previously used.

During transaction

While protocols like 3DS have been used to combat fraud before the payment has been authorized, fraudsters tend to adapt their tactics to remain in business. This means that it is best not to rely solely on one solution. Even if a solution like 3DS2.0 is applied fastidiously by a merchant, it should be layered with an additional risk analysis engine. 

Here are some ways to protect against fraud during the transaction:

  • Anti-fraud engines  — The best way to combat fraud is to stop it at source. Software that employs AI and Machine Learning techniques can spot suspicious activity and block a transaction it deems as potentially fraudulent. Data is key; the more of it there is, and that is specific to the merchant and their customers, the more your fraud engine can learn and adapt effectively. 
  • Fraud rules — Creating rules for payments to either let certain payments through or block other payments is an effective fraud tool to have as part of a fraud fighting arsenal. Additionally, mixing these fraud rules helps to alleviate fraud. Fraud rules used in addition to AI tools allows for businesses to adapt their strategy in real-time and target exactly the right behavior. Rules can also be combined into risk profiles and then assign negative or positive weighting. These profiles can then be tested so that each transaction segments can be fine tuned.
  • Network tokens — Upping the verification game further are network tokens. These are unique digital identifiers in the form of a tokenized value instead of an account number. These tokens replace sensitive card data used for payment, without exposing the actual account details. Network tokens are generated automatically by the card schemes as customers use their cards. A token offers end-to-end security and reduces the risk of malware and phishing attacks because a stolen token cannot be used elsewhere.


Even with the layers of fraud protection applied to a transaction, after a transaction has been authorized, fraud can still occur. While the best way to deal with this fraud is to improve protection earlier on in the transaction, businesses can still fight fraud after a transaction has been authorized and even after goods or services have been received by the fraudster.

Fraud can be fought after authorization of the transaction with:

  • Disputes management — Some merchants consider friendly fraud and the associated chargebacks as a necessary cost of doing business. However, correctly handling a dispute will ensure they are won. Using a portal to respond to disputes gives merchants an advantage in knowing why a dispute was raised and what evidence they should give in response. Good dispute management will also give indications of when a business should settle a dispute rather than fight it.

Unique solutions for unique business

Every merchant is unique in the risks posed to their business by fraud, the types of fraud, and wherein the payment journey this fraud is occurring. Data and testing are key to balancing these dynamics. The more granular the data, the better. Knowing your customers — not only their identity and payment methods but also their shopping behaviors — makes it easier to spot fraud as it happens. Granular data also provides insights into where a business is most at risk from fraud, so merchants can deploy the most appropriate solutions to the right places. 

Of course, applying all these solutions can be tricky. And, importantly, applying fraud measures can cause customer friction which can be a conversion killer. However, using throughout the transaction journey will create a seamless and frictionless consumer experience which means fewer abandoned carts, higher customer conversion and, ultimately, more revenue.