Payment Fraud

Holiday shopping is in full force, which means online payments are at an all-time high for the year. According to Salesforce, U.S. consumers spent $270 billion online during the 2022 holiday season. Which means if you’re an e-commerce business, it’s time to be even more vigilant about payment fraud detection and prevention. The most common type of payment fraud happens because of credit card identity theft. Other payment methods such as virtual checks, direct debits, or phone payments can be fraudulent as well.

An amateur criminal may be easily caught by an anti-fraud system, but an experienced attacker will work to make all transaction data (i.e., IP address, browser language, etc.) appear legitimate. E-commerce businesses must rely on sophisticated software tools for payment fraud detection. Detection software should include a complete analysis of both the customer and the payment data. During a transaction attempt, all entered information should be checked against information previously gathered. A payment fraud prevention software may rely on the following methods to gather information:

  • Social media lookup – Do the cardholder’s details match online social profiles?
  • IP and device analysis – Is the customer using a VPN, proxy, or emulator?
  • Email analysis – Was the customer’s email address created from a suspicious domain? Has it appeared in any data breeches?
  • Phone analysis – Is the carrier location close to the shipping address? Is it a disposable phone?
  • BIN (Bank Identification Number) lookup – Is the bank data and contact information for the credit card suspicious?

With all this data, established risk rules can then prompt your system to either block high-risk payments or flag medium risk payments for manual review.

Choosing a Payment Fraud Software

When it comes to choosing a specific payment fraud solution, it’s important to remember that you may not find ONE solution that meets all your needs. It is not uncommon to combine different tools to create a customized risk stack.

Today, most if not all detection software is cloud-based and relies on API calls. Benefits to using the cloud and APIs include:

  • Real-time protection
  • Updates/fixes deployed without downtime
  • Scalability
  • With good API documentation, in-house developers may have all the resources they need to support the software themselves

Another option in this area of software is machine learning or AI. Instead of manually writing and customizing risk rules, you could choose to rely on the software itself to suggest/follow rules for you. For payment fraud detection purposes, it is best to go with a white box machine learning approach, where the software will give you a result, but will also show how it reached that result. Overall, this is more insightful and provides the user with better discernment on how/if to make manual adjustments.

Aside from the technical ins and outs of a particular software, it’s also important to consider and balance:

  • How information is presented to the user (is it clear and concise?)
  • The customer experience (does the customer process become more cumbersome?)
  • Price (what can you afford and how is the pricing model structured?)

According to the Association for Financial Professionals, over 65 percent of organizations were victims of payment fraud in 2022. Cyber criminals are becoming more sophisticated, but so are prevention and detection methods. Take the steps necessary to be in the minority and keep your business safe!