Wondering about payment fraud detection? In this article, we’ll explain how payment fraud detection works and explore ways you can implement detection systems in your business.
What Is Payment Fraud Detection?
Payment fraud detection is the process of identifying attempts to make fraudulent transactions and preventing them from occurring. Forms of payment fraud can include the following and more:
- Card-Not-Present (CNP) Fraud
- Chargeback Fraud
- Account Takeover (ATO)
- Account Enrollment Fraud
Over the past few years, more businesses have shifted to eCommerce in the wake of COVID-19 to remain competitive and accessible to customers.
After swelling to $4.2 trillion in 2020, research from Outseer and Aite-Novarica Group estimates that total digital channel payments could hit $5.9 trillion by 2023. And that figure may grow if consumer enthusiasm for card-not-present (CNP)-enabled online and mobile purchases and popular payment options like Scan-and-Go, “invisible” payments, and Buy Now, Pay Later (BNPL) continue to intensify.
As it stands now, nearly 60% of consumers will choose a business with these or other forms of payment over a competitor that lacks them.
Unfortunately, fraudsters have taken full advantage of this shift. As digital channel sales have reached new heights over the past 18 months, so has payment fraud. Within the next two years, CNP fraud alone could lead to $17.2 billion in lost revenue annually. Throw in as much as $25.3 billion in loss due to chargeback fraud, and the financial damage starts to add up fast.
These attacks can quickly chip away at profits for merchants, credit card companies, and other payment processors.Payment fraud detection aims to identify fraudulent activities before transactions are made, without slowing down legitimate customer payments.
What Types of Attacks Does Payment Fraud Detection Prevent?
To better understand payment fraud detection, let’s look at a few examples of payment fraud attacks and how payment fraud detection can stop them.
Card-Not-Present (CNP) Fraud
Card-not-present fraud is committed when fraudsters use stolen credit card details without physical possession of the card. CNP fraud is among the most common forms of payment fraud as there are numerous techniques fraudsters can use to steal card details.
Cybercriminals often rely on phishing schemes to trick victims into entering their card details into a cloned version of a branded website. Fraudsters then make fraudulent purchases with this stolen information.
Data breaches are another common source for stolen card details. Even when a cardholder protects their information, attackers can steal their payment details from unsecured websites where their card was used. Fraudsters purchase such compromised credentials in bulk from dark web marketplaces and then use automated bots to test card details on vulnerable websites.
In both examples, the victim’s CVV is compromised, meaning CVV checks alone are not enough.
Payment fraud detection that employs the EMV® 3-D Secure protocol have proven to be remarkably effective and detecting and preventing payment fraud.
Today’s most robust 3DS-based solutions, for instance, analyze more than 100 different risk indicators to silently authenticate customers before a transaction even occurs. This enables merchants, issuers, and banks to deliver a fast, friendly checkout experience to legitimate customers while blocking fraudsters at the door.
Chargeback fraud occurs when a customer initiates a chargeback through their bank for a product they already received. When this happens by accident, it is referred to as “friendly fraud.” Sometimes customers can forget they made a purchase or forgot autopay was enabled.
No matter the intent, both scenarios result in a chargeback that refunds the customer and issues the business a chargeback fee. When fraudsters identify a vulnerable business, they can repeatedly target that company causing a wave of chargebacks.
Chargeback fees can range anywhere from $20 to $100, depending on the merchant’s agreement with their payment provider. Between acquisition costs, marketing, and transaction fees, chargebacks can leave businesses in the red on each transaction.
In one recent survey, 44% of merchants report experiencing return abuse of some kind in the last 12 months, and 66% say it’s getting worse. But preventing this form of payment fraud before it happens can be tricky.
Proven fraud detection methods can prevent chargeback fraud before the transaction is completed thanks to advancements in artificial intelligence and machine learning. By analyzing the behavior of the transaction history of the customer, merchants can filter out risky transactions that match the behavior of chargeback fraud.
In account takeover (ATO) attacks, criminals use compromised login credentials to log into legitimate customer accounts and commit payment fraud using payment details on file or stolen credit card numbers. ATOs fueled by data breaches increased 850% between Q2 2020 and Q2 2021. As much as $16.9 billion is lost to this crime each year.
Cybercriminal organizations purchase entire databases of compromised login credentials and then use software to test and validate passwords that haven’t been changed. And in addition to email- and text-based phishing scams, the use of fraudulent branded apps designed to fool victims into revealing login credentials increased 49% just within the third quarter of 2021.
ATOs can be notoriously difficult to detect because transactions are coming from a legitimate cardholder or customer account. But it is possible. Bot detection solutions can recognize and block credentials stuffing attacks designed to infiltrate accounts. And modern fraud prevention solutions use data science and machine learning to distinguish normal account behavior from fraudulent activity—no matter who is signed into the account.
Account Enrollment Fraud
Fraudsters increasingly use a combination of stolen and fabricated data to create synthetic identities that can be used to open credit card, banking, BNPL, and other payment accounts, as well as apply for loans.
Synthetic identity fraud is a $6 billion problem that the FBI calls one of the fastest-growing forms of financial crime. In fact, the American Bankers Association reports the average synthetic identity profile is used to successfully steal between $81,000 and $97,000. The nature of this attack can leave merchants, creditors, and banks blindsided in a single transaction.
Payment fraud detection solutions that emphasize enrollment fraud prevention can identify and prevent synthetic identities from opening accounts from which they can defraud you or other companies.
By leveraging machine learning and data science combined with an ecosystem of identity verification partners, today’s most effective options bridge the gap between physical and digital identity to defeat fraud without negatively impacting the customer experience.
How Does Payment Fraud Detection Work?
Modern payment fraud detection leverages data science, machine learning, and statistical analysis to monitor transactions continuously and assess the relative risk associated with a transaction.
This can entail comparing dozens or even hundreds of pieces of transactional data to models of known fraud. The closer a transaction matches fraudulent behavior, the higher the risk score.
These risk scores are calculated before checkout or payment and only take a few fractions of a second. If there is enough information to authenticate the user, the transaction proceeds without delay. If the risk score suggests possible fraud, the customer is sent through a challenge flow to provide additional authentication.
Challenges typically include a one-time password sent via text, email, or biometric scan. This risk-based approach is designed to create as frictionless a flow as possible to avoid slowing down the transaction experience for legitimate customers while simultaneously preventing fraud.
Not Just Protecting the Bottom Line—Boosting It
Payment fraud detection is tough enough as it is, but there will never been a single, set-it-and-forget-it solution. The technologies businesses put in place must evolve as quickly as cybercriminal tactics do.
Take our own solutions, for example. Outseer 3-D Secure and Outseer Fraud Manager protect payments and payment accounts against every new form of fraud under the sun for card issuing banks, payment processors, and merchants worldwide.
By leveraging shared intelligence from 20 billion annual transactions across 6,000 institutions contributing to our global data network, our risk scoring engine prevents 95% of all fraudulent transactions, with customer intervention rates as low as 5%. That’s the best performance in the industry.
Through continuously-updated machine learning, our solutions help stop fraudsters before an account is created or a fraudulent transaction or chargeback ever occurs. To learn how you can protect your customers through unrivalled payment fraud detection, request a free demo today.