REPAY Blog

Forms of Payment Fraud and How to Address Them

Written by Megan Carswell | Feb 8, 2023 8:02:00 PM

Payment fraud has been rising for years as fraud schemes become easier to execute. The increased reliance on digital platforms, processes and payments has given fraudsters more ways to commit crimes. Studies show that in 2023, businesses' cost of fraud could rise by $7 billion, bringing the total to $48 billion. With such staggering predictions, taking the necessary precautions to mitigate these attempts is essential. 

Let's look at payment fraud, its different forms and how to combat these risks. 

What is payment fraud?

Payment fraud occurs when a fraudster steals someone's payment information or tricks them into sharing it to use it to conduct illegal or false transactions. In 2021, 71 percent of organizations fell victim to payment fraud attacks or attempts. As payment trends change, so do fraudsters and their financial schemes. As a result, anyone who utilizes payments and payment services becomes a potential target.  

Types of payment fraud

From the theft of personally identifiable information (PII) to guessing or forging information, payment fraud criminals rely on various methods to engage in these acts. 

Payment types fall into two categories: card-not-present (CNP) and card-present (CP). CNP transactions occur when the card's chip or magnetic strip data isn't provided. This applies to transactions done over the phone, via apps or smartphones, mail and online. CP transactions are face-to-face, and the card or digital wallet is presented at the time of payment. The card or phone is tapped, inserted or swiped at a POS system or contactless card reader. Both payment types are vulnerable to various kinds of payment fraud.

Friendly fraud

Friendly fraud occurs when a customer makes an online purchase and later files a chargeback on a legitimate transaction. For example, they'll falsely claim that the order wasn't delivered, was canceled, wasn't what they ordered, or their card was fraudulently charged. 

Phishing

Phishing is when scammers use seemingly legitimate emails or texts to obtain personal and financial information. It's one of the most common and versatile fraud types. All it takes is for a victim to visit the wrong website or click the wrong link to have their financial information accessed and stolen.

Clean fraud

Clean fraud is a significant issue for merchants. With this form of payment fraud, fraudulent transactions appear legitimate and use actual data; however, thieves are impersonating the original cardholder. 

Account takeover

Account takeover is a form of identity theft where scammers steal customers' passwords and usernames to gain access to their accounts and make fraudulent purchases using a card on file. This tactic can be done via phishing scams or purchasing account information on the dark web.

Triangulation

Triangulation fraud is a new, fast-growing fraud scheme that involves a customer placing an actual order on a third-party marketplace (e.g., Amazon, eBay). However, the seller fraudulently acts as the middleman, using stolen cardholder information to purchase the item from another merchant. They then file a chargeback with that merchant after receiving and shipping the item to the customer. Unfortunately, because the customer receives their purchase, they will likely never know it was a scam. 

Merchant identity fraud

This type of payment fraud impacts merchants the most. It's when scammers set up a merchant account posing as a legitimate business and charge stolen debit and credit cards. There are three forms of merchant identity fraud: 

  • Identity swap refers to merchants using stolen or fake identities to establish a merchant account. It is typically a result of a fraudulent individual being banned from opening their own account. 
  • Bust-out fraud is when a merchant opens a merchant account with no intention of running a legitimate business. Instead, the account is used for processing fraudulent transactions. 
  • Transaction laundering occurs when an approved merchant is unaware that an unknown company is using their account to process payments.

How to address payment fraud

While it's impossible to eliminate the threat of payment fraud entirely, businesses can be proactive by implementing the best fraud-prevention tools and tactics. For example, payment processors offer some security to combat card fraud. However, when it comes to merchants such as eBay or PayPal, there needs to be more protection regarding the sale of goods and services.

Use payment processors that are PCI compliant

Payment Card Industry (PCI) compliance is a set of requirements created by major card brands to ensure that any business that processes, stores and transmits card information does so in the most secure way possible. 

PCI compliance is required for businesses to accept payments and should be a priority when shopping for a payment processor. If a company fails to adhere to these requirements, it may face risk fees and penalties. 

Partner with verified payment processors

Some payment processors only offer bare-minimum security measures to combat card fraud. More can be done to keep you and your customers safe, though. 

That's where quality payment gateways come in — providing businesses that accept online payments with a sense of security. A secure payment gateway can minimize fraud risks in several ways.

  • Card Verification Value (CVV): The 3 or 4-digit code that's found on every credit and debit card. Legitimate sites shouldn't store this information since it's a security measure for CNP transactions. By requiring the code, merchants can check that the customer is the actual owner of the card and that it's in their possession. If the code is incorrect, the gateway will deny the purchase. This also helps in cases of chargebacks by helping to prove that a transaction was authorized. 
  • Address Verification Service (AVS): Also used for CNP transactions, AVS ensures that the billing address used in a transaction matches the one on file for the cardholder. If it does not match, the decision to accept or cancel the order is up to the merchant.
  • Device Identification: Outside of verifying customers via their bank or card information, payment gateways can also use the IP address associated with the customer's computer or device. Systems can recognize the device's internet connection, operating system and more, then use that information to either flag, approve or deny a transaction.

Ensure secure payments with REPAY

When searching for a payment processing solution, selecting a company that focuses on compliance and security is vital. REPAY offers a PCI-compliant integrated payment processing platform equipped with a payment gateway that ensures operational efficiency and secure payments. 

Contact us or request a demo to learn how REPAY can simplify the payment experience and offer you peace of mind with secure payment processes.