Understanding payment fraud and effective prevention strategies

Payment fraud occurs when an individual, not the rightful owner of the payment instrument, initiates a payment with the intent to commit fraud.

The primary challenge for businesses lies in keeping pace with the evolving fraudulent techniques and promptly identifying them. It's important to understand the various fraud types and their potential impact on your business before building an effective fraud prevention strategy.

Credit card fraud

This form of identity theft involves fraudsters using stolen card details to conduct unauthorised transactions, aiming to make purchases or withdraw funds. Shockingly, in the first half of 2022, there were already 2.4 million cases of identity theft reported worldwide.

Strategies to detect and prevent credit card fraud:

• Conduct Address Verification Service (AVS) or Card Identification (CID) checks on transactions to validate the payment location and that the card is present.

• Leverage behavioural analytics technology to flag suspicious behaviour, such as repeated purchases, multiple transactions using the same email, or various orders delivered to the same address with different payment details.

Card testing fraud

Fraudsters ‘test’ stolen cards to see if they’re active. Active cards are then sold on the dark web at a higher price than those that go untested.

Strategies to detect and prevent card testing fraud:

• Utilise behavioural analytics technology to identify fraudulent checkout attempts.

• Familiarise yourself with customers' behaviour and implement velocity risk checks and other business rules to ensure you’re blocking the correct scenarios.

• Monitor the time frames of orders to spot bot-initiated multiple transactions within a short span. 

Account takeover fraud

This type of identity theft involves fraudsters gaining access to shoppers' accounts and altering the account details.

Strategies to detect and prevent account takeover fraud:

• Visualise the timeline to understand normal customer behaviour and spot variations after an account takeover has taken place.

• Implement verification protocols when account details, like a shipping address, are modified.

Friendly Fraud

Also known as First Party Fraud, this occurs when a shopper initiates a chargeback despite having received the purchased goods.

Strategies to detect and prevent friendly fraud:

• Design risk systems capable of recognising patterns indicative of repeated friendly fraud, such as customers initiating multiple disputes across various cards and identities.

• Use block lists to prevent the return of bad shoppers.

Refund Fraud

Professional fraudsters make money by requesting refunds from businesses, a trend that's increasingly common and challenging to identify. 

Strategies to detect and prevent refund fraud:

• Leverage Unified Commerce capabilities in your risk system so you’re able to fully understand the lifecycle of a shopper and view their past orders to identify refund fraud.

• Utilise a blend of unique attributes and custom risk rules to mitigate such scenarios and identify unique shoppers misusing those details.

Gift Card Fraud

Gift card fraud is a popular method for transactional fraud due to the difficulty in tracing these cards compared to regulated debit or credit cards.

Strategies to detect and prevent gift card fraud:

• Utilise contextual data to bolster defences against gift card fraud.

• Deploy custom risk checks and block lists designed to identify and prevent these types of transactions.

• Identify misuse of gift cards by using custom risk rules and specified indicators to mitigate such events.

We've discussed various fraud types, but how can businesses formulate an effective fraud prevention strategy to safeguard against payment fraud?

Many businesses prioritise security over customer experience, often leading to the blocking of legitimate transactions that deviate even slightly from normal behaviour. Distinguishing between fraudsters and genuine customers is challenging and can result in revenue loss and dissatisfied customers due to a bad buying experience.

 At Adyen, we understand the unique challenges businesses face, requiring tailored risk management strategies. Here are our tips on how to strike a sustainable balance between risk and revenue through detecting, preventing and responding to fraud.

• Detection: Identify genuine customers and recognise fraudsters across all sales channels.

• Prevention: Maintain full control and reduce operational workload by combining risk rules with machine learning.

• Response: Increase authorisation rates and reduce chargebacks by adjusting and optimising your risk setup. 

Detection 

Fraud detection technology

Fraud detection technology utilises historical and cross-platform data to spot behavioural abnormalities, differentiating between genuine customers and fraudsters. Businesses can configure these tools to focus on specific high-risk segments, such as particular industries or regions with higher fraud rates.

Prevention 

Supervised machine learning

Supervised machine learning integrates risk expertise with machine learning, allowing businesses to automate risk assessment based on established risk profiles.

Customisable risk rules

Customisable risk rules cater to distinct risks faced by different industries. Businesses can use these rules as a foundation for payment evaluations, deciding which transactions to accept or block.

Authentication 

Fraudsters often use identity theft to commit fraud. Authentication procedures, such as 3D Secure 2, help to verify if the customer is genuine or a fraudster.

Manually review

Manual review is recommended for high-risk transactions or those in vulnerable markets to add an extra layer of fraud protection before the payment is completed and avoid potential chargebacks.

Response

Testing and experimenting

Conduct tests and experiments to discover the most effective risk management approach for your business. Configure different risk settings and A/B test them to determine the most effective strategies.

With the increasing demand for online shopping, the threat of payment fraud escalates. To counter this, businesses must ensure a safer and superior customer experience.

While fraud techniques evolve, so do fraud prevention methods to combat them. By leveraging appropriate technology and crafting an efficient risk strategy, businesses can shield themselves and their customers against different types of fraud.

RevenueProtect, is our unique risk management product with a range of tools to detect, prevent, and respond to fraud. We leverage a global network of cross-industry data, to make accurate risk decisions, stay updated on the latest trends, and effectively combat fraud.

Fraud detection is the process of identifying fraudsters and fraudulent behavior. There are different tactics businesses can use to differentiate legitimate customers from fraudsters, such as using machine learning, pattern recognition, and data analysis. 

Payment fraud solutions can detect behavioral abnormalities and determine whether customers are genuine or fraudsters. Due to the different types of payment fraud, a 'one-size-fits-all' approach will not work. A better way to detect fraud is to invest in financial technology that takes a nuanced approach that balances risk and conversion decisions to reduce costs and maximize revenue.

Fraud prevention is the process of preventing fraudulent activities from impacting the business, customer, or financial institution. To do this effectively, businesses need to maintain full control and reduce operational workload. This is done by combining risk rules with machine learning and manual reviews.

Supervised machine learning Supervised machine learning involves a combination of risk knowledge and machine learning. Businesses can create risk profiles to help automate part of the risk assessment, saving time and reducing risk management efforts. The bigger the scale of the platform the machine learning model is learning from, the more your business will benefit. These models can learn from multiple channels, payment instruments and regions to build strong shopper understanding and ensure that automated decisioning does the heavy lifting.

Customizable risk rules Different industries and business models face different types of risks. Through customizable risk rules, businesses can create risk profiles tailored to their unique needs and use them to complement the payment evaluation process of machine learning models. This can help optimize underperforming risk profiles or rules, and monitor the impact of changes. .

Manual review Certain types of transactions are at a higher risk of being targeted by fraudsters, these include high-value transactions or transactions in high-risk markets. For an extra layer of fraud protection, businesses can choose to manually review these types of transactions before they’re completed to avoid negative bottom line impact.

The best way to optimize your risk setup is to test and experiment. It is hard to know which risk strategy will best evolve with your business and the market unless you test it. To find out what works for you, you can  backtest the impact before you activate a new rule, or change the settings of an existing rule. You can run the rule on historical data to give you more confidence in the effect of the rule before you turn it on. You can set up different configurations and A/B test them against each other to experiment which methods are the most effective for your business.

To know if your fraud strategy is working, you need to be able to measure success in a way that makes sense for your business - taking into account the latest trends, operational particularities, conversion goals and risk appetite. To do this, you need to:

1. Define success

2. Decide KPIs

3. Measure fraud

4. Benchmark

There are different tactics businesses can use as part of their risk strategy to reduce fraud and differentiate fraudsters from genuine customers.

Delegated authentication

Delegated authentication allows businesses to prevent fraud without compromising on conversion rates. It involves handing over the authentication process to a third party and optimizes authentication experiences, especially for returning shoppers. This allows businesses to offer safe and seamless experiences while increasing conversion rates.

3D Secure

3D Secure 2 (3DS) is a security measure for online payments that allows businesses to prevent payment fraud while providing customers with safe and effortless payment experiences. 

With 3DS, the acquirer, scheme, and issuer interact with each other to exchange information and authenticate transactions. This improves the payment experience for your customers and saves you the costs of fraudulent chargebacks.

3D Secure is mandatory for countries mandated under Payment Services Directive 2 (PSD2). However, businesses anywhere can also use it to protect themselves against fraud.  

Tokenization

Tokenization allows businesses to replace sensitive data with non-sensitive ones. This allows businesses to recognize their customers, enables one-click and zero-click payments, increases security and compliance with regulations, and reduces fraud and chargebacks.

Peak season

Fraud increases during peak season. And it’s important to be ready to protect your customers without losing sales. Here are a few things to consider for peak season:

• Fraud setup and rules

• Conversion optimization

• Monitoring and analysis

Risk threats change based on industry, which means that the solutions to support them will vary.

Hospitality

The hospitality industry is especially vulnerable to cyberattacks, with many hotels finding it challenging to keep up with evolving regulations. To address this, hotels need a financial technology partner to implement secure systems that adhere to regulations throughout the entire payment data lifecycle, across different geographies. 

Employing tokenization can also help safeguard guest information from start to finish, enhancing guest experiences while ensuring compliance.

Digital

Combating fraud with manual rules is a time-consuming and ineffective process for digital businesses within the mobility, gaming, or software industry, putting revenue and customer satisfaction at risk.

By using machine learning (ML), businesses can automate complex decisioning to save time and focus on improving customer experiences rather than maintaining static rules.

Online businesses can also use to protect customers from online payments fraud. Digital wallets like Apple Pay and Google Pay, and major card schemes use network tokens to create effortless and secure online payments experiences.

Discover how GetYourGuide is using fraud prevention technology to enhance the customer experience. 

Retail  

Many retailers have operations and channels across regions. Building risk strategies and collecting insights  in one place will create important synergies but it can be a big challenge. With a unified fraud solution, retailers can respond to fraud with customizable risk rules with speed and ease across all their brands and channels.

Discover how True Alliance reduced fraud from 3.5% to under 0.1%. 

The more people shop online, the more opportunities there are for fraudsters to commit payment fraud. To keep up, businesses must provide a better and safer customer experience while not losing sight of conversion.

Although the techniques for committing fraud are evolving, the options for tackling them are improving. By leveraging the right technology and building an effective risk strategy, businesses can protect themselves, their customers, and their bottom lines. 

RevenueProtect is our unique risk management product, which includes various tools to detect, prevent, and respond to fraud. Our solution assesses thousands of characteristics of an incoming transaction to determine the likelihood of fraud and either block it or direct it to additional risk checks. Our models are trained on a global, cross-industry data network to ensure you continually optimize for conversion and squeeze more revenue out of every transaction.

RevenueProtect video