Fraud Management—Controlling Security Risk in Online Payments

Fraud Management—Controlling Security Risk in Online Payments

fraud management

Fraud can happen anywhere in the online business world. Regardless of whether you run a small e-commerce store or are the owner of a retail chain. Fast-paced technological development and e-commerce market growth are incentives for fraudsters for finding new methods of hacking the market. So, how do you manage fraud?

It’s predicted that the global e-commerce market will grow to 6.54 trillion US dollars by 2022. Online and mobile shopping has already become part of our life and the scale of it is constantly growing.

From a consumer’s perspective, credit cards are one of the safest ways to pay for online purchases, as they enable them to easily dispute any  unauthorized charges. At the same time, card-not-present fraud is especially common, as fraudsters don’t even need a physical card to make a purchase. All they need are card details, which  can be stolen in several ways.

Card-not-present (CNP) transactions are a huge target for cybercriminals—the European Central Bank estimates that CNP transactions represent more than 60% of the card fraud. And, according to the European Fraud Report—Payments Industry Challenges card not present fraud in Europe represents almost 80% of the total volume of fraudulent card transactions.

In many cases, merchants need to put an enormous amount of effort into verifying whether the actual cardholder made a purchase, and the need for fraud management has never been greater.

Fraud isn’t only related to monetary loss, it can also severely harm your reputation and brand image. But, with the right strategy and smart  anti-fraud tools in place, you can minimize the risk of fraudulent activities.

So, what can your business do to prevent fraud?

What Is Payment Fraud?

Payment fraud occurs when online transactions are made illegally. The victim here is usually a consumer—fraudsters steal their sensitive information, credit card data, their identity, etc., and then use it to make purchases.

evolution of fraud
Evolution of the fraud landscape, Source: European Fraud Report—Payments Industry Challenges

The number of fraudulent practices is growing with the increased use of online credit cards. However, payment fraud can be characterized in various ways, and the most common ones are fraudulent or unauthorized transactions, lost or stolen merchandise, and false requests for a refund.

Different Types of Online Fraud

The increased popularity of online shopping resulted in a growing number of fraudulent activities. Most of the time, cybercriminals steal sensitive information, but they also penetrate network security systems to find glitches or to spot systems that haven’t been updated for some time.

Below are some of the most common types of payment fraud.

Merchant Identity Fraud

This type of fraud is committed by a cybercriminal who sets up a merchant account that is similar to that of a legitimate business. Then, they place charges on stolen credit cards and vanish as fast as possible before the cardholder realizes what happened.

Card Theft

This kind of theft occurs when fraudsters obtain credit card information which can be used to make a purchase—card number, expiration date, and CVV/CVC.

Customer Identity Theft

Identity theft is quite common and it happens when a cybercriminal obtains key details of personally identifiable information that are then used to make a purchase. If a fraudster gathers all of the information needed to make an online purchase, they can bypass fraud detection firewalls.

When a fraudster obtains genuine cardholder details, such as address verification credentials or 3D secure code, such an attempt is called clean fraud, as it’s almost impossible for merchants to recognize.

Card Testing

Typically, card testing fraud happens when fraudsters use stolen cards to make frequent low-value purchases. If your system doesn’t block such card testers, you need to prepare for a number of chargebacks from credit cards’ real owners.

Package Interception

Another technique used by fraudsters is using a stolen card to buy physical items and then intercepting or rerouting the package during delivery.


This method is related to emails or websites that require sensitive information such as a username, password, credit card details, etc. Luckily, most search engines and web tools effectively identify untrusted sources which  try to deceive customers and acquire sensitive information. Nonetheless, customers should stay vigilant.

Friendly Fraud or False Demand for a Refund

This type of fraud is anything but friendly. Friendly fraud happens when a cardholder files a chargeback instead of attempting to obtain a refund. This can sometimes be the result of a customer’s mistake or confusion. However, a chargeback can also be filed on purpose—in such a case, the customer wants to get their money back for a legitimate purchase.


This type of fraud mainly  affects e-commerce businesses. It’s when cybercriminals attack websites and redirect customers to untrusted pages.

Fraud Management Solution—Tips for Merchants

There are some warning signs you can focus on and various security measures you should analyze to minimize the risk of being hacked. Here’s a list of what you can do to prevent and lower the risk of fraud.

1. Use the Address Verification Service (AVS) besides CVV/CVC to verify whether a purchaser is the card’s owner.

2. Track IP addresses, card numbers and other elements that can be associated with transactions that seem to be fraudulent.

Overall, check your business orders closely—monitor them before shipping and react quickly when you notice repeated order attempts made by the same card.

3. Look for a set of smart anti-fraud tools that score risk based on rules. Note that a system that can be adjusted to a certain industry is better than a generic static solution that can be applied to every business model. This is because solutions based on typical scoring may block legitimate transactions which were labeled as suspicious by the system.

4. Ask your payment provider for machine learning and AI systems to prevent payment fraud. Adopting machine learning and artificial intelligence technologies that perform millions of fraud checks within seconds is effective, but it’s better to use a combination of rules instead of static patterns.

Machine learning works on payments in real-time, using historical and updated data simultaneously, which generates results almost instantaneous.

5. Regularly run velocity checks (that help review repeated patterns in a short period) and use smart behavioral tracking. If this is well-conducted, the system will spot suspicious behavior, such as card testing automatically, in mere seconds.

6. In some cases, a manual review might help.

You can flag potentially risky purchases for manual review and verify the order by contacting a cardholder.

7. Require strong passwords from your customers.

Long and complex passwords usually require more effort and time for cybercriminals to guess.

8. Stay up-to-date with the latest fraud trends.

It’s important to know exactly what you are up against to stay one step ahead of fraudsters.

9. Work with a verified payment processor.

The payment processor you work with can help you with fraud detection. Just make sure that fraud prevention is a part of their  services and that they provide resources to effectively protect your business.

10. Constantly update your software and run security checks.

Don’t forget to update your network security systems in order to ensure that all the sensitive information is safe. You can also encrypt transactions and emails with important data for extra security.

Online businesses need to be aware of the extra costs of fraud such as chargeback fees, fraud investigation, merchandise distribution, etc. Not to mention the costs of losing customer loyalty and other non-financial costs that may harm the business in the long run. That’s why it’s no surprise that for 44% of financial professionals online payment fraud is the biggest concern.

As Visa and Mastercard lost $750 million to credit card fraud between 1988 and 1998, the companies decided to create monitoring programs for chargebacks and regularly update chargeback thresholds to minimize the risk of fraud.

Another good means of reducing card fraud losses in Europe was the implementation of EMV and 3D Secure, combined with Strong Customer Authentication.

Benefits of Fraud Management

As you can see, the whole process requires highly effective data mining techniques. If you care about your company’s credibility and your customers’ personal data security, fraud management is a must.

On top of that, there are plenty of other fraud prevention benefits:

Backing up your system with anti-fraud tools helps put your customers at ease, which is a great value in and of itself,
The number of unidentified transactions decreases, leading to lower credit recovery costs,
Detecting fraud in real-time minimizes losses, increasing revenue and improving  customer retention as a result,
It helps increase operational efficiency.

Fraud Management Is a Complex Thing

Take note that online fraud touches both consumers and businesses. If you reject a legitimate purchase, you risk account churn, but if you don’t prevent customers from becoming crime victims, you will have to face customer trust and loyalty loss. So, keeping pace with shifting industry norms and fraud trends, will give you a competitive edge.

As we have more choices and greater convenience, we’re shopping online more than ever, so you need to adopt a proactive approach towards fraud management. It’s impossible to block 100% of true fraud, so you should focus on implementing multi-factor authentication that will protect your business on various levels.

The following two tabs change content below.

Sandra Wróbel-Konior

A well-established Content Marketing Specialist with a tech-savvy personality, experience in writing, and a passion for reading. Staying up to date with the latest technology and social media trends, in love with GIFs and craft chocolate.

Latest posts by Sandra Wróbel-Konior (see all)

What Is an Issuing Bank?

Things That Prove Your Payment Processing Is Secure