Member Article

The Most Common Forms of Online Payment Fraud and How Merchants Can Combat Them

By Pavels Smirnovs, Head of ECOMMPAY’s Fraud Risk Division

Online shopping has grown dramatically in popularity and scope over the last decade, with the events of 2020 forcing ever-greater numbers of consumers online and changing the retail habits of shoppers forever. Unfortunately, along with a rise in eCommerce, there has been a surge in the number of online scams being reported.

In the UK, consumer magazine Which found that online fraud soared between April 2020 and March 2021, with over 400,000 reports made to the UK’s cybercrime reporting centre — a 33% rise from the previous year. Meanwhile, in the Netherlands, nearly 2.5 million people were successfully targeted by scammers in 2021. 

The figures from these two sample countries are undoubtedly problematic. Still, they represent a drop in the ocean of the total volume of online fraud happening worldwide, which according to estimates, has reached 20 billion US dollars globally.

So how can merchants protect their customers from online fraud while ensuring they don’t fall prey to scammers? Let’s look at cybercriminals’ most common fraud techniques and how to prevent them from happening.

Identity theft

Identity theft is as old as the internet itself. This type of fraud takes many forms, but from an eCommerce perspective, the practice usually involves a criminal either opening a credit card in a person’s name without their knowledge or stealing the details of an existing card and using it to make online purchases.

How to Avoid It

For consumers, identity theft is often instigated using phishing scams. Fraudsters will go to great lengths to misdirect shoppers to convincing fake versions of official checkout pages, where victims will mistakenly enter their card details and subsequently have them stolen.

Merchants can help combat this type of fraud by reminding customers to check for trust seals and suspicious URLs and using modern payment methods with more sophisticated authentication in place. For example, 3D Secure (3DS) requires shoppers to take an additional verification step at checkout to prove they are the rightful owner of the payment method they use — typically a password associated with the account or a code sent via text to their phone.

Another way to make checkouts more secure is to use an Open Banking solution to accept payments, which authenticates payments via the user’s banking app. Open Banking payments require less friction during the authentication process, as they are often approved using fingerprint or Face-ID sensors, making it possible to add security without ruining conversion.

Payment Interception

Payment interception is more commonly known as “man in the middle fraud”. Payment interception can take many forms, including impersonating a company representative and sending customers to fake payment pages, or more sophisticated forms of hacking that literally intercept cardholder data as it’s transmitted during the checkout process.

How to Avoid It

Payment data interception is covered by a standard known as PCI DSS, which stands for Payment Card Industry Data Security Standard. PCI DSS is a set of requirements merchants need to meet to prove they are storing and securing customer payment data safely.

The standards cover the processing and transmission stage of the checkout process, and call for all data to be encrypted during transit. The easiest way for merchants to meet the standards is to pair with a reputable payment provider that will host their checkout pages securely and deal with the technical aspects of the regulations.

Refund Frauds

Refund fraud is also known as a ‘chargeback’ or even ‘friendly fraud’. This type of scam involves purchasing goods or services online, claiming that they were unaware of the purchase having been made, and subsequently starting a false dispute process to claim back the money (while keeping the goods or using the service they have purchased).

This type of scam is a major concern for card issuers and merchants, as it’s widespread, with merchants having to absorb the costs of losing the goods that have had their sales refunded.

How to Avoid It

Transparent refund policies and accurate product and shipping descriptions can all help to mitigate genuine chargebacks. However, merchants could again consider implementing Open Banking at checkout to combat scammers.

As previously mentioned, Open Banking uses account-to-account transfers to pay for goods and services. Not only are transactions fast and secure, but they also don’t involve card network intermediaries. Hence, no chargeback process is available — though legitimate customers still enjoy the usual consumer rights and protection.

A Final Word on Anti-Fraud Systems

Eliminating fraud shouldn’t purely rely on strengthening security at checkout. The best payment gateways and their platforms feature sophisticated fraud mitigation systems that aim to assess risk and repel the bulk of attacks from scammers without merchants or legitimate shoppers ever being aware of their operation.

AI and machine learning are employed to analyse transaction data in real-time, allowing fraud systems to spot patterns and identify scammers. Fraud filters can be configured individually for each merchant depending on their industry or geographical location, with transactions scored and flagged if they look suspicious. When implemented correctly, risk control and anti-fraud systems shouldn’t impact checkout conversion at all.

Digital Payment is the Future

Despite all the accounts of fraud, phishing, and chargebacks, eCommerce and digital payments are undoubtedly the future of retail. Fraudsters will always be present, whether in the online or offline world, so abandoning virtual transactions isn’t a viable solution. 

The most effective tool to combat fraudsters in 2022 and beyond is to educate yourself about common attack methods. In addition, choose a reputable payment provider that offers the latest payment methods, such as Open Banking, whilst complying with the protocols set by the Payment Card Industry Data Security Standard.

This was posted in Bdaily's Members' News section by ECOMMPAY LIMITED .