Every year, payment fraud costs businesses a lot of money. In fact, "Payment fraud is expected to continue increasing and is projected to cost $40.62 billion in 2027."
If you're a merchant who deals with many online transactions, these numbers might be concerning—that's perfectly reasonable. Payment fraud comes in different forms, from phishing scams and fraudulent chargebacks to card not present (CNP) fraud (using stolen credit card information) and account fraud, where an individual's bank accounts are hacked and used by someone illegally to make purchases online.
While eliminating payment fraud may be challenging, you can take measures to avoid dealing with them in your business activities, from solid authentication methods to regular monitoring of transactions. Learn the various ways you can protect your business against payment fraud.
1. Verify customer identity
The first step to avoiding payment fraud is ensuring that the individual making purchases on your e-commerce site is the customer, not someone else.
"Making sure that account owners are who they say they are—at all stages of the lifecycle—is critical," says Ramesh Menon, group director, product management of LSEG Digital Identity/Account Verification and Fraud Solutions.
If a customer is unverified, merchants may have to face fraudulent transactions and chargebacks, resulting in lost revenue and increased fees for the business. Additionally, the business' credibility may come into question, potentially affecting future revenue as consumers lose trust in the brand.
There are several methods you can use to verify your customers' identity:
Address verification: Merchants can verify a customer's address by comparing it to the address on file with the customer's bank or credit card company. Most merchants already require customers to enter their address and postal code when making purchases to verify the customer—this is the easiest and simplest step to prevent fraud, though it's not foolproof
Card verification value (CVV): While requesting the CVV code (three digits on the back of the card) can verify a customer's physical possession of a card, it's important to note that if the card is lost or stolen, it becomes a prime target for fraudulent activity. Criminals can easily impersonate the legitimate cardholder and use the card for unauthorized transactions—this is one of the most common forms of payment fraud
Two-factor authentication (2FA): Merchants can require customers to provide an additional authentication factor, such as a one-time code sent via text message, to verify their identity before completing a transaction. However, this method is only possible if a customer has already signed up for an account with a merchant with their email address or phone number. Additionally, if a criminal can access the customer's phone or email and the card, it's possible to make a false transaction
Identity verification services: Merchants can use third-party services specializing in verifying customer identities, such as ID verification tools or credit bureau services such as Experian or TransUnion. This method doesn't protect you or the individual against identity theft. Recently in the UK, several fraud victims lost thousands of pounds through ApplePay as fraudsters impersonated their banks
Social media verification: Some merchants may use social media to verify a customer's identity by asking them to connect their social media account to their online store account. However, customers may not want to do that due to privacy concerns
In recent years, open banking is gaining momentum in the US. Pay by bank is a new payment option where customers can create a link between their bank account and merchant (revocable at any time) to transfer payments directly from their bank through a third-party provider like Link Money. Since only the individual with access to the bank account can make the payment, open banking adds another layer of security to the payment process, reducing fraud risks.
"'Open banking, ultimately, makes life easier for consumers,'" says Menon. "'The different applications that FinTechs are developing are driving a lot of innovation — and consumers are getting access to better, more useful products. It also helps banks maintain positive relationships with their customers.'"
With so many identity verification methods out there, merchants need to weigh the pros and cons of each and choose the best way that suits their business.
2. Create an employee policy on payment fraud prevention
Fraud prevention starts at the top and trickles into all parts of a business. Educating employees about the importance of fraud prevention creates accountability. In addition, a defined process will protect customers and ensure the company complies with any regulations related to payment fraud transactions.
A Deloitte report states, "The tone from the top is a key part of any fraud prevention and detection strategy. Your people have to know that you take the threat of fraud seriously and that you as the CEO and/or Board of Directors will take the strongest possible action against staff and third parties who commit fraud."
Companies like Amazon have fraud prevention policies that include transaction monitoring and 2FA. If your business deals in daily online transactions, you should also consider implementing one.
Deloitte recommends certain vital elements to be included in a fraud prevention policy:
A clear definition of actions that are considered fraudulent
Assigned roles and responsibilities for managing fraud
A statement that the company will implement necessary measures to prevent fraud
Established formal procedures for employees to follow in case of suspicious transactions
Notification that all suspected fraud incidents will be investigated and reported to relevant authorities
An unambiguous statement that all fraud offenders will be prosecuted and the police will be supported in investigations
An explicit commitment to making every effort to recover wrongfully obtained assets from fraudsters
Encouragement for employees to report any suspicion of fraud
Description of the steps to be taken in the event of fraud, including:
Procedures for staff to follow
Assignment of responsibility for immediate response
Recovery of funds
Handling media inquiries
Preservation of evidence and reporting to the police
A clearly defined, well-drafted policy communicated across the organization can reduce the risk of your business being affected and instill confidence among your employees and customers.
3. Monitor transactions for unusual activity
When you monitor unusual activity, such as large or frequent payments or payments from different locations, you can prevent fraudulent activities before they occur. In some cases, it can also protect your business from financial losses.
For example, suppose a card or number is stolen, and a purchase is made in Paris while another is made in California, but the customer lives in New York. In that case, that is a definite alert that fraudulent activity is going on.
To identify unusual activities, consider some of these methods:
Use fraud-detection software that analyzes transaction history and consumer behavior to notice unusual patterns.
Monitor for failed login attempts because if there are numerous attempts to get into an account, that might indicate that the individual doesn't have the login information, to begin with.
Use geolocation technology because, as mentioned above, if the zip code doesn't match the billing address, that could indicate a fraudulent transaction.
Implement 2FA to add a layer to the authentication process by sending the customer an email or a one-time passcode before they can make a purchase.
Regularly monitoring unusual activity and proactively preventing fraudulent transactions can help you offer customers the best experience and earn their trust.
4. Use secure payment methods
Secure payment methods are the bread and butter of any business transaction. While your customers may all have different preferences, the onus is on you to offer them every secure payment option.
In 2023, retail e-commerce sales are estimated to exceed six trillion US dollars worldwide, indicating an undeniable need for secure payment methods.
In addition to protecting against fraud and other security risks, secure payment processing enables the safe online transfer of payments, customer data, and other sensitive financial data.
Some of the secure payment options consumers rely on include:
Payment gateways from third-party providers like PayPal or Stripe
Digital wallets such as Apple Pay, Google Pay, and Samsung Pay lets customers store payment information securely and make purchases with just a few steps
Mobile payments applications like Venmo that customers can use to make payments from their phones
Pay by bank allows customers to transfer funds directly from their bank account to the merchant's account through a third-party provider like Link Money. Pay by bank also reduces the risk of fraudulent chargebacks as customers knowingly spend the money they have in their accounts
A range of payment options can help you offer convenience and security according to customer preferences, making it likely for consumers to shop again at your store.
Payment fraud affects more than your bottom line
Payment fraud is not just about money—it can impact your business's reputation, customer trust, and overall success. By preventing such incidents through security measures and educating your employees and customers, you can protect your business and ensure your customers feel safe and confident when shopping online.