Payment fraud – the basics: How it works and how to protect your business

Radar
Radar

Fight fraud with the strength of the Stripe network.

Learn more 
  1. Introduction
  2. What is payment fraud?
  3. Types of payment fraud
    1. Credit card fraud
    2. Debit card fraud
    3. Bank fraud
    4. Bank transfer fraud
    5. Cheque fraud
    6. Mobile payment fraud
  4. How does payment fraud happen?
  5. What industries are most at risk of payment fraud?
  6. How does payment fraud affect businesses?
  7. How to protect your business against payment fraud

Payment fraud is a growing concern for businesses of all sizes and industries, with losses estimated at over US$42 billion worldwide in 2020 alone. For most businesses, particularly those that deal with a high volume of customer payments, payment fraud is an unfortunate yet unavoidable part of doing business. Managing the security of payments has become more complicated with the rise of digital commerce and new payment methods. As the tactics used by fraudulent actors become more sophisticated, so too must fraud detection and prevention measures. The impact of payment fraud on businesses can be significant, including financial losses and damage to reputation, as well as legal and regulatory consequences.

Even when a business does everything possible to prevent payment fraud, it can still happen. However, by learning about the different types of fraud and how they work, you can put yourself in the best position possible to block fraud. We'll cover what you need to know about fraud, how it happens and what you can do to protect your business and customers.

What's in this article?

  • What is payment fraud?
  • Types of payment fraud
  • How does payment fraud happen?
  • What industries are most at risk of payment fraud?
  • How does payment fraud affect businesses?
  • How to protect your business against payment fraud

What is payment fraud?

Payment fraud is a type of financial fraud that occurs when someone intentionally uses false or stolen payment information to make a purchase. For example, fraudulent actors might use stolen credit card information, create fake cheques or make unauthorised electronic fund transfers.

Retail businesses are particularly vulnerable to payment fraud, given that they deal with a large volume of transactions and may not have the resources to thoroughly vet each payment method. Payment fraud can result in significant financial losses for businesses, damage to their reputation and legal liabilities.

Types of payment fraud

There are several types of payment fraud:

Credit card fraud

Credit card fraud is the unauthorised use of a credit card to make purchases or obtain cash. For instance, this fraud can involve the use of stolen credit card information or the creation of counterfeit credit cards. In credit card fraud, the fraudster can use the stolen credit card to make purchases online or in person, or they may use the card to withdraw cash from an ATM.

Credit card fraud losses increased to US$4.2 billion in 2020, up from US$3.5 billion in 2019. Card-not-present fraud is expected to increase from 57% in 2019 to 74% by 2024.

Debit card fraud

Debit card fraud is similar to credit card fraud but involves the unauthorised use of a debit card. The fraudulent actor may use a stolen debit card or the card information to make purchases or withdraw cash from an ATM. Debit card fraud can also occur if someone obtains access to the PIN associated with the card.

Bank fraud

Bank fraud refers to any type of fraud that involves a bank or financial institution. This can include fraudulent loans, account takeover fraud and identity theft. Bank fraud can result in significant financial losses for individuals and institutions.

The 2022 ACFE Report to the Nations found that banking and financial services are the second-most targeted industry for fraud, with a median loss of US$100,000 per case.

Bank transfer fraud

Bank transfer fraud occurs when a fraudulent actor obtains access to someone's bank account or bank transfer information and then uses it to transfer money to their own account. The fraudulent actor may employ various tactics to obtain the victim's information, including phishing scams or hacking into the victim's computer or email account.

The FBI's Internet Crime Complaint Center (IC3) reported that bank transfer fraud was the most commonly reported type of business email compromise (BEC) and email account compromise (EAC) scam in 2020.

Cheque fraud

Cheque fraud involves the creation or alteration of a cheque to obtain funds fraudulently. This can include forging a signature or altering the amount of the cheque. Cheque fraud can occur when someone steals a cheque book or obtains access to a victim's current account information.

Cheques used to be the payment method that was most vulnerable to fraud, accounting for 66% of all payment fraud in 2020.

Mobile payment fraud

Mobile payment fraud is the unauthorised use of mobile payment services, such as Apple Pay or Google Wallet, to make purchases or transfer funds. This can occur if someone gains access to the victim's mobile device or payment information. Mobile payment fraud can also occur if a fraudulent actor creates a fake mobile payment account using someone else's information.

Out of all fraudulent transactions, 70% took place on mobile devices in 2022.

How does payment fraud happen?

Fraudulent actors use a range of tactics to obtain access to sensitive payment information or carry out unauthorised transactions:

  • Phishing
    Phishing is a technique used to obtain sensitive information such as credit card details, log-in credentials and other personal information. Phishing is often done through email or social media, where the fraudulent actor creates a fake log-in page or payment portal to trick the victim into entering their information.

  • Skimming
    Skimming is the process of stealing credit or debit card information by installing a device on a legitimate payment terminal. The device captures the card information and PIN number, which can be used to create counterfeit cards or withdraw cash from an ATM.

  • Identity theft
    Identity theft occurs when a fraudulent actor obtains someone's personal information, such as their name, address and Social Security number, to commit fraudulent transactions. This can include opening new credit cards, applying for loans or making unauthorised purchases.

  • Chargeback fraud
    Chargeback fraud occurs when a customer makes a purchase using a credit or debit card and then disputes the transaction with their bank, claiming that the purchase was unauthorised or defective. With chargeback fraud, the business is often obliged to reimburse the customer, even if the purchase was legitimate and made by the cardholder.

  • Business email compromise (BEC)
    BEC is a type of fraud that targets the employees of a business. The fraudulent actor will send a phishing email to an employee, usually a senior executive or business partner, requesting that the employee disclose sensitive information or transfer funds to the fraudulent actor.

  • Malware
    Malware refers to any type of malicious software designed to gain access to sensitive information or control a victim's computer or device. Fraudulent actors use malware to steal credit card information, log-in credentials and other personal information.

What industries are most at risk of payment fraud?

Payment fraud can occur in any industry, but some are more at risk than others:

  • Retail
    Retail businesses are often targeted by fraudulent actors due to the high volume of credit card transactions and how easy it is to access credit card information. Online retailers are particularly vulnerable to payment fraud, as fraudulent actors can use stolen credit card information to make fraudulent purchases from anywhere in the world.

  • Banking and finance
    Banks and other financial institutions are frequent targets of payment fraud due to the sensitive nature of the information that they hold. Fraudulent actors may attempt to steal customer information or use social-engineering techniques such as phishing to gain access to accounts.

  • Healthcare
    Healthcare providers are often targeted by fraudulent actors due to the large amount of sensitive patient information that they hold. Fraudulent actors may attempt to steal patient information or use fraudulent billing schemes to obtain payments.

  • Hospitality
    The hospitality industry is at risk of payment fraud due to its high volume of credit card transactions, particularly at hotels and restaurants. Fraudulent actors may attempt to steal credit card information or use stolen credit cards to make fraudulent purchases.

  • E-commerce
    E-commerce businesses are vulnerable to payment fraud due to the ease of access to credit card information, the frequency of card-not-present transactions and the anonymity of online purchases. Fraudulent actors may use stolen credit card information to make fraudulent purchases or set up fake online shops to obtain payments.

How does payment fraud affect businesses?

Payment fraud can affect businesses in serious ways, including:

  • Financial loss
    Payment fraud can result in significant financial losses for businesses. If a fraudulent actor is able to steal funds or goods from a business, the business may have to absorb the cost or pass it on to customers, which can harm their bottom line. Fraud can also have an adverse effect on customer retention and decrease customer lifetime value (LTV).

  • Chargeback fees
    If a customer disputes a charge on their credit card bill, the business may be required to pay a chargeback fee. Additionally, many payment processing providers charge additional fees to businesses that have a higher chargeback ratio.

  • Damage to reputation
    As well as having an adverse effect on the LTV of individual customers, fraud can tarnish a business's reputation, making customers believe that it is untrustworthy or not secure. This can lead to a long-term loss of customers and revenue.

  • Legal and regulatory consequences
    While even the tightest of safeguards might fail to prevent some fraud, businesses have an obligation to be diligent about fraud prevention, as failing to do so may result in legal and regulatory consequences. Payment fraud can also put businesses at risk of non-compliance with industry regulations and standards, such as the Payment Card Industry Data Security Standards (PCI DSS). Failure to comply with these standards can result in fines, legal action and reputational damage.

  • Operational disruption
    Payment fraud can cause operational disruption for businesses if they need to investigate and resolve fraudulent transactions, update security measures or implement new policies and procedures to prevent future instances of fraud. This can divert resources away from other critical business functions and affect productivity and efficiency. Fraud prevention doesn't focus solely on mitigating the losses associated with fraud. It also helps to preserve the company's ability to focus on more constructive tasks.

How to protect your business against payment fraud

Businesses must take a strategic and multi-faceted approach to payment fraud prevention. This includes implementing strong security measures, such as using encryption, requiring strong passwords and regularly monitoring accounts for suspicious activity. Businesses should also educate employees and customers about the risks of payment fraud and how to protect themselves.

Here are some strategies that businesses can use to combat payment fraud:

  • Use secure payment methods
    Whenever possible, businesses should use secure payment methods, such as EMV chip cards, mobile payments, NFC contactless payments and encrypted online payment systems. These payment methods offer more built-in fraud prevention measures than cash, cheques or credit and debit cards that use a magnetic stripe.

  • Implement strong authentication measures
    Businesses can implement strong authentication measures, such as two-step authentication or biometric authentication, to ensure that only authorised users can access sensitive information. As best practices surrounding payment authentication change with the advancement of technology, it's helpful to work with a payments provider (such as Stripe) that continuously evolves solutions to reflect the most up-to-date security standards. Businesses can benefit from best-in-class authentication and payment security measures without needing to invest their own resources into developing, maintaining and updating them.

  • Monitor accounts regularly
    Businesses should monitor their accounts regularly for suspicious activity, such as unusual transactions or changes in payment patterns. Even with a range of strong fraud detection measures in place, having a human being look through your payment records for anomalies on a regular basis is invaluable.

  • Educate employees and customers
    The more you and your team understand about fraud risk, the more prepared you'll be to protect your business and your customers. Train employees to identify and report suspicious activity, and teach customers to spot phishing emails and other fraudulent scams.

  • Use fraud detection software
    Businesses can use fraud detection software to monitor transactions for signs of fraud, such as unusual spending patterns or transactions. For businesses that use Stripe payment solutions or hardware, a powerful suite of fraud protection tools is already built in, with no additional steps required to integrate them.

  • Limit access to sensitive information
    Businesses should be careful about who in the company has access to sensitive information, such as customers' credit card numbers or bank account information. It's important to restrict access to this type of information to only those employees who need it.

  • Stay up to date with security measures
    Businesses should stay up to date with the latest security measures and software updates to ensure that they are using the most effective fraud prevention tools. This is where working with a provider such as Stripe proves invaluable, as it allows businesses to outsource the important work of monitoring payment fraud and implementing the right payment systems updates.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.
Radar

Radar

Fight fraud with the strength of the Stripe network.

Radar docs

Use Stripe Radar to protect your business against fraud.