Fraud is the dark underbelly of the digital boom. As the world has moved online and business transactions of all types are now increasingly electronic, fraudsters have been quick to exploit new opportunities for crime.
Payments are an obvious target and remain vulnerable despite the many security checks and authentication processes that are now standard in online payments systems.
Cybercriminals are becoming ever more resourceful, and there is no shortage of media stories covering the latest digital heist. Payments fraud covers any illegal online activity that will deprive the victim of funds, property, or confidential and sensitive information. Typically, it involves fraudulent or unauthorised transactions, or false requests for refunds or returns.
The challenge is to stay ahead of the fraudsters, who are particularly adept at exploiting weaknesses in systems that are continually evolving. A secure payments infrastructure demands vigilance and collective responsibility from everyone in the payments cycle.
Fraudulent transactions will often have suspicious characteristics, such as repeated logins, unusual addresses or unusual payment amounts, and overuse of odd or free email addresses. A merchant can spot these anomalies by analysing their own order and transaction data. Acquirers can also help by notifying a merchant of suspicious chargeback and authentication activity.
The high cost of fraud to businesses is twofold: not only is revenue lost but the cost of shipping (for a physically delivered product) and the cost of the product itself are also lost. According to figures revealed in March 2017 by Financial Fraud Action UK, £2 million was stolen each day in 2016 by fraudsters.
Fraud has a serious impact on trust as well as well as finances. Customers who have experienced card fraud through an online transaction will be wary of making future payments in the same way, undermining businesses that rely on ecommerce for revenue. Bad news also spreads very quickly online and issues of trust and reputation are widely shared and discussed, compounding any damage to a brand.
Merchants are prime victims of fraud so it is important that they understand where the weaknesses are in their own ecommerce systems. They must create a secure payment process on their site, and be aware of potential weaknesses in third-party systems that handle the payment process further down the line.
Technologies such as 3D Secure, which provides an additional security layer for online credit and debit card transactions, greatly help in the fight against fraud. However, because risks vary depending on the type of ecommerce transaction, there is no single countermeasure that is sufficient in all situations.
Merchants can increase security by requesting MasterCard/Visa CVC2 and CVV2 verification numbers (ie, the numbers on the back of cards) as part of the online checkout process. MasterCard and Visa also provide merchants with fraud prevention software that analyses orders and can help to detect fraudulent activities.
Acquirers can help merchants by analysing transaction data to identify inconsistencies or patterns in transactions that may indicate fraud. For example, analysis of chargeback data can help to identify if there are any vulnerabilities in a payment process when the card issuer, acquirer and processor carry out a particular transaction.
Because prevention is always better than cure, merchants and acquirers should concentrate on minimising the opportunities for fraud rather than seeking to fix problems once a fraudulent activity has occurred. And consumers should always be alert to suspicious activities and question anything that looks irregular in a transaction.
Payments fraud is an ever-present threat and will remain a challenge as ecommerce continues to replace offline transactions. However, while cybercriminals are becoming more sophisticated, the technologies to combat crime are also becoming more effective.
Big data, predictive analytics, and a growing range of fintech security products are helping to create the layered approach that is needed to reduce payments fraud. Dedicated fraud teams and continuous awareness and education, at every stage of the payment cycle, should all be in your toolbox to frustrate fraudsters.