Guides and reports

Payment fraud detection: Challenges and steps to solve

In the first of our three-part fraud prevention blog series, we look at how the changing payments landscape has led to new fraud challenges and what you can do to detect the risks and defend your business better.

April 19th, 2023
 ·  6 minutes
Animated graphic split into two halves showing a man shopping online and another declining a call on mobile.

There’s a delicate balance between blocking fraudsters and allowing legitimate customers for digital payments.

As a business, you need to consider authentication, fraud management, and customer experience as complementary to each other - not individually, as they are often treated today.

Understanding the most pressing fraud challenges and where they lie is essential to helping you strengthen your line of defense.

To kick off our three-part fraud prevention series, we’ll explain how you can detect, investigate, and solve the most common fraudulent activity in payment transactions.

The challenges with payment innovation

The world of financial technology has thrust into digitalization. Payments are increasingly cashless, opening doors for new, faster payment types. The main challenge for businesses is to keep up with the different and frequently changing techniques used to commit fraud and identify them on time.

To do that, it’s important to understand what types of fraud exist and how they can affect your business before looking at how to build an effective risk strategy.

Card-not-present fraud

A Card-Not-Present (CNP) payment is when the buyer makes an online or telephone transaction. That is why they are hard to detect and prevent, unlike card-present fraud.

undefined

Fraudsters use card testing to determine the validity of card numbers. They do this by purchasing or stealing card details on the dark web or via phishing or spyware software.

Once they have these numbers, they attempt small purchases on an unsuspecting merchant’s site to see if the card was approved. Declined numbers are weeded out, and fraudsters move on to make larger purchases or resell the validated information on the dark web.

No single action can prevent fraud, and protection must be multi-layered. Fortunately, best practices and strong fraud management software can help prevent fraud attacks. Here are a few ways you can protect your business.

Be vigilant and look for anomalies

Always investigate if you notice a sudden spike in your average daily transactions. An increase in credit card declines indicates that fraud may be occurring.

Remember, data is power when it comes to effective fraud management. Ensure you are collecting the right information to distinguish your genuine shoppers from anomalies (for example, email, and IP address tracking).

Adequate controls at account validation

Account validation is often the easiest entry point for fraudsters to gain access to your ecosystem. Effective fraud gatekeeping at the point of entry will reduce the fraud mitigation cost downstream.

Triangulation fraud

Triangulation fraud occurs when a fraudster intervenes in the ecommerce buying process. They typically operate as a merchant, accept orders, and use stolen cardholder data to purchase goods from a third party and then ship them to the buyer.

This type of fraud is supposed to sound confusing because that’s what it is. It’s much harder to track down the source of fraud if no one is looking for it.

Leverage basket data insights

If you suspect triangulation fraud is occurring, review your analytics and look for items that fraudsters are repeatedly purchasing. Some fraudsters run a specialty operation, typically buying the exact item (or items). 

Triangulation fraud often targets higher-value, limited-edition items with higher resale value. Ensure that your fraud strategy considers these nuances. It would help to refine your fraud rules and set a stricter threshold for these goods.

First-party fraud

With digital ecommerce becoming increasingly popular over the last few years, we’ve seen the rise of first-party fraud, which consists of legitimate online purchases that are later disputed.

A typical scenario is when a parent’s card is saved on file with a child’s gaming system, and the parent refutes the charges as unauthorized.

Visa has put in place new compelling evidence rules effective in April 2023 to help merchants better fight first party fraud. It will expand the list of compelling evidence merchants can provide to help invalidate certain customer disputes. In turn, this will improve merchants’ chances of winning those disputes.

Keep transaction records

By keeping meticulous transaction records and saving copies of your communications with customers, you can submit compelling evidence to contest first-party misuse chargebacks. The card networks’ reason codes usually spell out the evidence needed for a successful representation.

Identify customers engaging in first-party misuse

It’s also important to identify customers who engage in first-party misuse and prevent them from becoming repeat offenders. When a fraudster realizes they can get away with stealing from a merchant through this process, they will do so repeatedly until the merchant blocks them.

A nuanced approach to balance risk and maximize revenue

With the myriad of ways cybercriminals can commit payments fraud, a rigid 'one-size-fits-all' approach simply won't work. Nor will a zero-tolerance approach where you prioritize fighting fraud but accept that legitimate customers will get blocked, or an approach to prioritize sales and hope that the higher sales volume counters the higher rates of fraud.

These approaches aren’t sustainable and will likely lead to lost revenue, increased chargeback rates, higher transaction costs, customer churn, and damage to your brand’s credibility.

Instead, a better way to counter fraud is a nuanced approach that balances risk and maximizes revenue. Hence, it's important to keep educating yourself and your employees to better distinguish between legitimate authentication processes and illegitimate ones.

Invest in the right financial technology

If you're a business that doesn't have a complete fraud task force in place, it's critical to invest in a fraud prevention tool that can provide you with a clear overview of your payment activity and help you detect blind spots.

To get to know your customers better and protect your business, you should have a tool to help you deep dive into payments data and optimize risk procedures by learning and adapting in real time.

Merchant Risk Council

Joining or working with a partner member of the Merchant Risk Council (MRC), a global community of payments and fraud prevention experts, means that there's a community to tap into as a resource to find solutions together. This benefits your business as knowledge can be passed down and implemented accordingly.

All members can access benchmarking reports, whitepapers, presentations, and webinars. The MRC also hosts annual in-person conferences, regional networking meetings, and virtual summits to build better business connections.

Educational webinars

You can join one of our monthly risk awareness webinars, which we run for fraud teams of all sizes and across industries. In these webinars, an Adyen expert offers advice, exchanges best practices, shares emerging trends, and answers questions.

Final thoughts

Fighting fraud should never be about solely prioritizing security. A holistic approach must consider the customer experience equally and protect legitimate transactions. Continuously building up knowledge as a business on risk assessment and the proper detection tools provides the best start to meet digital payment challenges head-on.

In part two of our fraud prevention blog series, I explore the importance of being proactive and collaborative to make the payment environment safer for everyone.

Part three explains the metrics to monitor to determine if your fraud strategies are effective. 

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.