What is payment fraud?
As online purchases become more common, ecommerce websites are increasingly the target of cybercriminals. Using false details, cybercriminals can steal funds and merchandise from online businesses. They may also hack a website to steal customer information. All this is referred to as payment fraud.
Digital payments — or card-not-present (COP) transactions — are more difficult for merchants to verify than card-present ones. They are unable to make a physical inspection of the credit card or identify suspicious behaviour. As a result, online payment fraud is now one of the most common forms of fraud in the US, with losses estimated to be as high as $48 billion by 2023.
How do criminals commit payment fraud?
Cybercriminals may use stolen credit card details to make fraudulent online transactions or manipulate the merchant’s website to target its customers.
Here are some of the most common ways cybercriminals commit payment fraud online.
This type of fraud isn’t limited to the online world, but the anonymity of the Internet makes identity theft easier to commit. Fraudsters may steal personally identifiable information by breaking into systems with old security systems or by hijacking public Wi-Fi networks.
They can use these details to make fraudulent purchases online. The merchant may be held liable for the unauthorized transaction and can also lose out on any merchandise they ship.
Cybercriminals don’t always use other people’s details to commit payment fraud. Friendly fraud is when a customer makes a digital transaction with their own credit card. They will then contact their credit card issuer to claim the item was lost or damaged, the transaction was unauthorized, or the merchant failed to issue a refund on the returned order.
Friendly fraud allows fraudsters to exploit credit card protection to receive a chargeback from the issuer. Not only does the merchant lose out on payment and merchandise, but they may be penalized by the issuer as well.
Clean fraud transactions can be very difficult to distinguish from legitimate purchases. Criminals will use stolen credit card details but have a lot of knowledge about the cardholder’s identity. They then use the victim’s real customer data to trick online fraud detection systems. Many fraudsters will make cheap purchases with the stolen credit card data to test that they can successfully deceive the fraud detection systems.
Hackers can exploit weaknesses in a website’s security to facilitate the theft of sensitive data. One way they do this is by hijacking a part of the site. Visitors are then unknowingly directed to a different URL.
From there, they can ask users to input sensitive data into legitimate-looking forms. They may also download malware onto the customer’s device. This malicious software can track browser activity and keystrokes to collect data or even encrypt files to demand a ransom.
How to reduce the risk of payment fraud
There are several steps businesses can take to protect themselves and their customers. Antivirus software and firewalls offer identity theft protection against cybercriminals. Ensure these are constantly up to date to keep your sensitive details secure.
You can also reduce the risk of fraudulent payments by partnering with a verified payment gateway, like Verified by Visa. These gateways provide an additional layer of security before the authorization of ecommerce transactions. They can also ensure merchants are not liable for fraudulent payments.
Protect customer data by requiring users to set strong passwords and regularly update their login details. It’s also a good idea to encourage customers to log into their account to complete a purchase. You should always encrypt emails and transactions that contain confidential customer details. You should also encourage users to use two-factor authentication, such as an authenticator app or SMS.
As cybercriminals are always adapting their methods, online business owners should maintain awareness of trends in payment fraud. Being knowledgeable about the latest risks allows you to stay one step ahead of fraudsters.
The Brex Mastercard® Corporate Credit Card is issued by Emigrant Bank, Member FDIC. Terms and conditions apply. See the Brex Platform Agreement for details.
Brex Inc. provides a corporate card. Brex Treasury LLC is an affiliated SEC-registered broker-dealer and member of FINRA and SIPC that provides Brex Cash, a program that allows customers to sweep uninvested cash balances into certain money market mutual funds. Investing in securities products involves risk, including possible loss of principal. Neither Brex Inc. nor any of its affiliates is a bank. Please see brex.com/cash for important legal disclosures.