July 15, 2021

    4 Types of Payment Fraud that eCommerce Merchants Need to Watch For


    From phishing to wire transfer scams, there are many clever types of payment fraud that eCommerce merchants need to be aware of. In this article, learn about the four most common types of payment fraud.

    Payment fraud is a serious concern for most eCommerce business owners. Fraudulent transactions are costing companies more money every year. In 2020, card-not-present (CNP) fraud cost online merchants an estimated $35.54 billion globally. That number is only projected to increase as eCommerce becomes the primary channel for purchasing goods and services. 

    Knowing how to avoid payment fraud and how to counteract its nefarious techniques is essential to the success of any eCommerce business. In this article, we'll take a closer look at four common types of payment fraud, how they work, and what you need to do to prevent them. 

    What Is Payment Fraud?

    Payment fraud is, put simply, the act of making a transaction with fraudulent details and depriving a victim of either money or property. The victim can be an individual, if the fraudster uses stolen credit card details, or a business, in the case of chargebacks.

    However, even if the business isn't the direct victim of this fraud, they can still have their financial health damaged. Too many fraudulent payments will raise eyebrows with credit card networks, who may restrict your account or flag your business as "high risk". This can lead to increase transaction processing fees or in some cases the termination of your business account. 

    The Key Types of Payment Fraud

    Now that we understand what payment fraud is, it's time to take a look at how it works. As with other common types of fraud, there are multiple ways that fraudsters attempt to carry it out, but these are the primary ways that we typically observe it happening.

    1. Phishing attacks

    Phishing is a fraud technique where a criminal will send a fraudulent message tricking the recipient into giving away their private information. Information that they ask for may include credit card details, bank account details, or a range of other personal information. 

    According to research published by the FBI, phishing was the most common form of cybercrime that took place in 2020. Phishing attacks nearly doubled from 114,702 incidents in 2019 to 241,324 incidents in 2020.

    The three most common types of phishing scams are: 

    • Email phishing: The most common form of phishing attacks are conducted via email messages. This type of attack typically involves a fraudster sending an email that informs the recipient that their account has been "compromised" and they need to reset their password. The goal of email phishing is to get the recipient to willingly disclose their private login credentials or any other sensitive information the fraudster might want. 
    • Vishing: Vishing follows the same concept as phishing attacks, but it's conducted over a voice call. A popular vishing attack is the "extended vehicle warranty" scam. The recipient receives a call informing them that their vehicle's extended warranty is expiring, and they need to disclose their banking credentials to ensure the new warranty is properly set up. 
    • Smishing: This is a type of phishing attack that uses SMS text to target unknowing victims. The tactics used in smishing are very similar to how an email phishing attack would play out; the recipient receives a text informing them that their account (online banking, PayPal, etc) has been compromised and they need to share their current login information to gain access to the account. Once the fraudster has the login credentials, they can change the password and block the victim from accessing the account.

    2. Identity Theft

    Identity theft can take many forms. It can come from an insider threat, where a disaffected employee steals personal information and payment details, it can come from a data breach, or it can come from a fraudster digging through someone's trash.

    As with phishing, the criminal will attempt to make a purchase with the stolen details, and, should it go through, the victim will report the transaction as fraudulent resulting in a chargeback for your business. The Federal Trade Commission (FTC) reported the number of confirmed cases of identity theft has tripled since 2018. Cases reached 1,387,615 in 2020; 650,523 in 2019; and 444,344 in 2018. 

    3. Advanced Fee and Wire Transfer Scams

    These kinds of scams are particularly common as part of spam emails. A criminal will target a business owner or an individual and ask for payment in return for a greater amount of money later. They may, for instance, ask for money to pay bank fees so that you can get millions later on.

    4. Merchant Identity Fraud

    Very similar to consumer identity fraud, merchant identity fraud involves criminals setting up a fraudulent merchant account after illegally obtaining a business's identification information. The fraudster will use this newly created "business" to place charges on customers' credit cards, then terminate the account and walk away with the money, leaving the legitimate business to deal with a slew of chargebacks, customer complaints, and fraud reports.

    It's Time to Put an End to Payment Fraud

    Payment fraud is everywhere, but that doesn't mean that you can't avoid it. Vesta's end-to-end transaction guarantee platform protects against a variety of different types of card-not-present fraud, offering security across the entire customer journey of your website. Vesta provides an automated, accurate risk assessment in a split second to maximize digital transaction approvals while eliminating fraud.

    To learn more about our suite of fraud prevention solutions, request a demo today and we'll walk you through how we can better protect your business from the threat of fraud. 


    Other posts you might be interested in