Payment fraud comes in many forms, but this article exposes the most common fraud schemes that wreak havoc on eCommerce businesses, including mobile commerce fraud tactics.
Payment fraud is a serious concern for most eCommerce business owners. According to a PYMNTS.com article, approximately "70% of all card-related fraud happens in a card-not-present (CNP) scenario." It makes sense considering that fraudsters take the path of least resistance, which is eCommerce.
Why is that? eCommerce and mobile commerce (mCommerce) are almost exclusively CNP transactions, where the fraudster can hide behind a computer or mobile screen and remain undetectable to most merchants.
This article will expose the most common types of fraud risk and arm you with solutions and actions for online payment fraud prevention.
Remember, as an eCommerce merchant, you have some tools and resources (like the Vesta blog!) at your disposal to identify payment fraud trends and warning signs that can help you stop bad actors from stealing money, products or services from you and your customers.
First, let's explore the definition of payment fraud. Then we'll look at a few types of fraud that can really hurt your online or mobile shop.
Payment fraud is the act of making a transaction with fraudulent details and depriving a victim of either money or property. The victim can be an individual, if the fraudster uses stolen credit card details, or a business, in the case of chargebacks.
However, even if the business isn't the direct victim of this fraud, they can still have their financial health damaged. Too many fraudulent payments will raise eyebrows with credit card networks, who may restrict your account or flag your business as "high risk". This can lead to increase transaction processing fees or in some cases the termination of your business account.
The Key Types of Payment Fraud
Now that we understand what payment fraud is, it's time to take a look at how it works. As with other common types of fraud, there are multiple ways that fraudsters attempt to carry it out, but these are the primary ways that we typically observe it happening.
Phishing is a fraud technique where a criminal will send a fraudulent message tricking the recipient into giving away their private information. Information that they ask for may include credit card details, bank account details, or a range of other personal information.
According to research published by the FBI, phishing is one of the most common forms of cybercrime. Phishing attacks nearly doubled from 114,702 incidents in 2019 to 241,324 incidents in 2020.
The three most common types of phishing scams are:
- Email phishing: The most common form of phishing attacks come through email messages. This type of attack typically involves a fraudster sending an email that informs the recipient that their account has been "compromised" and they need to reset their password. The goal of email phishing is to get the recipient to willingly disclose their private login credentials or any other sensitive information the fraudster might want.
- Vishing: Vishing follows the same concept as phishing attacks, but fraudsters use a voice call. A popular vishing attack is the "extended vehicle warranty" scam. Bad actors call a potential victim to inform them that their vehicle's extended warranty is expiring, and they need to disclose their banking credentials to ensure the new warranty is properly set up.
- Smishing: This is a type of phishing attack that uses SMS text to target unknowing victims. Smishing tactics are very similar to how an email phishing attack works. Fraudsters send a text informing victims that their account (online banking, PayPal, etc.) has been compromised and they need to share their current login information to gain access to the account. Once the fraudster has the login credentials, they can change the password and block the victim from accessing the account.
Identity theft can take many forms. It can come from an insider threat, where a disaffected employee steals personal information and payment details, it can come from a data breach, or it can come from a fraudster digging through someone's trash.
As the name suggests, account takeover (ATO) fraud occurs when an unauthorized user gains access to a customer account. Although this could easily occur by sharing your login information with another party, you'll find the most common culprit for ATO fraud is data breaches. Fraudsters can illegally obtain stolen login credentials and use this information to gain access to a person's private accounts.
Regardless of the cause, the consequences of this type of fraud are often quick and severe. In context, the unauthorized user aims to make as many fraudulent purchases as possible before the victim closes their account or freezes their payment method.
The most effective method of stopping ATO fraud is by investing in an account protection tool. With Vesta Account Protect, you can detect and prevent fraud at the account level, without waiting until the fraudster attempts a financial transaction.
Chargeback fraud is one of the most common types of fraudulent activity on eCommerce platforms. It's a malicious form of fraud where either:
1. A fraudster uses a stolen card to complete a transaction, but the true cardholder disputes the charge with their bank. The bank forces the merchant to repay the money while the fraudster keeps the product/service. The merchant loses out.
2. A cardholder (friendly fraud) intentionally defrauds a merchant by completing a transaction on the business's website but then asks their bank to reverse the transaction after the product/service has been delivered. The merchant loses out.
The seller is left to absorb the cost of lost product/services in the case of chargeback fraud. Merchants also have to deal with increased transaction processing fees and chargeback penalties if their chargeback rate exceeds a certain limit.
The best way for an eCommerce retailer to prevent chargebacks is to partner with a company like Vesta that offers a chargeback guarantee. Vesta Payment Guarantee is a proven, fully managed service that helps digital businesses eliminate payment fraud risks completely. With Payment Guarantee, all Vesta-approved transactions are backed by our zero-fraud-liability guarantee, so you don't have to worry about paying for chargeback fees.
Very similar to consumer identity fraud, merchant identity fraud involves criminals setting up a fraudulent merchant account after illegally obtaining a business's identification information. The fraudster will use this newly created "business" to place charges on customers' credit cards, then terminate the account and walk away with the money, leaving the legitimate business to deal with a slew of chargebacks, customer complaints, and fraud reports.
In contrast to other types of fraud, triangulation fraud is much more involved.
In fact, it requires three separate components to complete (like the three sides of a triangle). These include:
- The person committing the fraud.
- The eCommerce store/business.
- The online shopper.
First, the fraudster will create a spoof of an eCommerce business that sells legitimate products. When customers order from this store, they use stolen credit card information to purchase the same products from a different store.
Then, they ship the purchased items to the customers. On the surface, those ordering the goods may not notice anything is out of the ordinary. The primary victims are those who have had their financial information stolen.
The original store from which the goods were initially purchased also suffers, however. Triangulation fraud is a particularly difficult form of fraud to detect, and the best method for stopping it is to communicate with customers whom you suspect have been the victim of triangulation fraud. First, determine the fake website that they visited to purchase the products. Gather as much information about the seller as possible, this way you can make a strong case to get their site removed.
What Is Mobile Commerce Fraud?
By the year 2025, approximately 70% of all online transactions will take place from a mobile device. This means that it’s more important than ever before to prioritize minimizing mobile commerce, also known as mCommerce, fraud.
It all starts with understanding the most common types of mobile commerce fraud that you face as a business owner. Let’s explore them below.
That's right--ATO makes the list again for mCommerce fraud.
One popular method that criminals use during this scenario is the transfer of loyalty points. Since loyalty points are not recognized as a legitimate currency, activity regarding them is not as heavily enforced.
So, it’s entirely possible for someone to compromise a user’s account and transfer loyalty points to a dummy account before using the points for themselves.
As the name suggests, true fraud is the most conventional form of fraudulent activity. To elaborate, it involves a criminal making a purchase from a mobile device while using stolen financial information.
But, the criminal does need to input this information on their own device — using a stolen cell phone, iPad, etc. accomplishes the same task as long as the user’s financial info has been saved.
In the latter scenario, it can be exceedingly difficult for merchants to detect fraudulent activity. This is due to the fact that the criminal will make a purchase through a legitimate payment method from what the merchant perceives to be a familiar device.
Loyalty Card Fraud
Loyalty card fraud is another type of mobile fraud which involves fraudsters hacking into loyalty apps with the intention of stealing airline miles, gift card credit, or credit card credentials. Most often the goal of committing loyalty card fraud is somehow turn those stolen loyalty points (or gift card balances) into cash.
Fraudsters are taking advantage of the security gaps in these alternative payment methods to defraud companies. Loyalty apps often don't follow the same security measures that larger financial institutions use, so they've become an appealing target for fraudsters.
Implementing an end-to-end fraud protection solution can drastically help you manage these types of fraud. Vesta's transaction guarantee platform eliminates online fraud liability and chargeback fraud — significantly reducing the costs associated with bad transactions while increasing legitimate transactions (and revenue).
How to Stop Payment Fraud: 7 Tips for eCommerce Merchants
Payment fraud is everywhere, but that doesn't mean that you can't fight back. Vesta's end-to-end transaction guarantee platform protects against a variety of different types of card-not-present fraud, offering security across the entire customer journey of your website. Vesta provides an automated, accurate risk assessment in a split second to maximize digital transaction approvals while eliminating fraud.
In today's digital landscape, having robust fraud prevention measures is crucial. We're sharing seven valuable tips for preventing card-not-present (CNP) fraud to help boost your defense against online scammers.
1. Monitor Customer Behavior
Keep a close eye on repeat customers. If you notice any sudden deviations from their usual purchasing patterns, consider taking extra steps to verify the transaction. While making a phone call to the customer is one option, this can be impractical for high-volume orders. To streamline this process, implement a Mod 10 algorithm to validate card numbers before authorization. If a card fails the test, the customer receives a notification to recheck their card information.
2. Transaction Information Verification
Flag any orders that appear risky before shipping. Contact the phone number provided with the order to confirm transaction details. Criminals aim to exploit cards to the maximum before detection, and they often can't provide accurate information. Manual verification is time-consuming for high-volume transactions, so consider alternative methods. Partnering with Vesta enables you to lean on our graph database analysis, which means we analyze billions of data points and connections for each transaction.
3. Watch for Priority Shipping Choices
Criminals are willing to incur high shipping costs to receive goods quickly. If a customer opts for expensive fast-shipping over a free shipping offer, it may indicate potential fraud. Implement a system to flag costly shipping options for additional scrutiny. For example, FedEx's next-day service, albeit speedy, is more expensive than other options, with 3-day express and overnight shipping options costing significantly more.
4. Utilize Address Verification Service (AVS) and Security Codes
An Address Verification Service can be a powerful ally in preventing fraud. It automatically cross-references the customer's provided address with the one on record with their issuing bank. Any disparities can raise a red flag. Additionally, the three- or four-digit codes on the card can confirm cardholder possession, enhancing security.
5. Review Transaction Locations and Destinations
Pay attention to the proximity of billing addresses, shipping addresses, and IP addresses. When they are close, it's likely a legitimate transaction. However, if they are far apart, scrutinize the transaction more closely. Fraudsters often ship products to addresses different from the billing address. Be particularly cautious if the destination is a re-shipper or freight forwarding company.
6. Flag Multiple Failed Purchases
One telltale sign of fraud is multiple failed purchase attempts with different card numbers. Scammers may have a list of stolen cards they're trying to exploit. Once a fraudulent transaction succeeds, they will continue their attempts. Blacklist the perpetrator's IP address, phone number, email, and billing address to thwart further approvals.
7. Implement Comprehensive Security Solutions
With the rapid rise of CNP fraud, advanced fraud prevention solutions are no longer optional. The right solution can boost legitimate transaction approvals while curbing fraud, safeguarding your brand reputation and revenue.
Consider Vesta's fraud solutions, recognized as a two-time platinum winner and an established leader for fraud detection and prevention by Juniper Research. Our Payment Guarantee solution offers 100% chargeback protection, ensuring you don't incur costs for fraudulent transactions.
Your Robust Fraud Prevention Strategy
Ready to fortify your defenses against payment fraud? Vesta can help you establish a comprehensive fraud prevention platform for eCommerce transactions. Enjoy higher revenue, smoother checkout experiences, and CNP fraud elimination. We're so confident in our product that we assume 100% of the cost for any fraudulent online transactions we approve, reducing your fraud-related expenses to zero.