Secure your business from login to chargeback
Stop fraud, break down data silos, and lower friction with Sift.
- Achieve up to 285% ROI
- Increase user acceptance rates up to 99%
- Drop time spent on manual review up to 80%
By Arwen Heredia /
Fraudulent activity comes in various forms, many of which are commonplace in today’s digital landscape. One of the most prevalent acts of online fraud includes payment fraud and its subtypes.
Payment fraud occurs when a malicious party obtains sensitive payment information from customers or businesses and uses it to steal money or property. While this usually occurs during data breaches, payment fraud can occur as an isolated event as well. Payment fraud is a significant issue, both for consumers and businesses According to annual reports, there were over 45 million cases of card-not-present fraud incidents in 2022 alone.
Usually, those committing payment fraud will obtain and use a consumer’s social security number, personal health data, bank account numbers, email passwords, or state identification information (e.g., driver’s licenses). These key pieces of information make it easier for malicious parties to access even more information, such as birth dates, which enables easier access to private financial data.
Payment fraud doesn’t incorporate the same tactics each time, and the fact that there are so many subtypes of payment fraud make it challenging to detect and prevent it in many cases. Advanced machine learning fraud detection software has helped mitigate some of these instances through real-time monitoring and adaptive risk scoring to detect and prevent payment fraud of all sorts. However, human vigilance is still a must when it comes to minimizing successful fraud attempts.
Several types of payment fraud exist in today’s digital environment, and unfortunately, the list of new scams and fraud techniques continues to evolve. Some of the most common ways of commiting payment fraud today include the following.
Card-not-present (CNP) is the broadest subtype of payment fraud, and the remaining subtypes mentioned below technically fall under the CNP category. This method utilizes stolen card information to make purchases, but it’s effective only in situations where the physical card isn’t required. For example, a malicious party may obtain stolen card information on the dark web, then attempt to make purchases over the phone so that they’re only required to read or key in the information needed. CNP incidents are common online via credential stuffing, data breaches, synthetic identity, and through P2P payment applications.
Phishing is one of the oldest types of online fraud, and remains a common method of attack. During a phishing scam, malicious parties send consumers an email that convincingly looks like a message from that individual’s bank, a business, or a reputable individual. These emails solicit the individual for personal information or login credentials to satisfy some official-sounding purpose. From there, once the individual keys in the desired information, a scammer steals the data they receive and uses it to access the individual’s bank account or credit card account.
Business email compromise (BEC) is a phishing subtype where a scammer sends fraudulent emails to employees at a certain company in an attempt to gather private information. These scammers usually impersonate the company’s CEO or another important figure within the company in order to extort confidential information out of the recipient.
Skimming utilizes ATMs and point-of-sale terminals to capture cardholder data, including PINs. Criminals then use this data to steal money from the individual’s bank or credit card account or to conduct fraudulent transactions.
Though any payment fraud is inconvenient and burdensome, identity theft is uniquely devastating due to how much damage it causes. Depending on the severity of the incident, identity theft can ruin an individual’s credit scores, drain their bank accounts, and leave them struggling to reclaim their financial resources.
Account takeover fraud occurs when a malicious party gathers enough information about a consumer’s financial accounts to log in and change that individual’s verification information. This type of fraud can be committed in several ways, including data breaches, hacking attempts, and other scams used to pull a consumer’s personal information. Upon gaining access to the account, the fraudulent actor assumes ownership of said account and renders the original owner unable to access or utilize the funds within.
Pagejacking is the process of illegally copying a legitimate web page and tricking consumers into believing the fake page is the original source they were looking for. From there, scammers can collect any information keyed into these pages and use the data to steal from consumers. These attempts can be difficult to detect until the damage is already done, as they look incredibly similar to the original page, and the URL is usually at least moderately similar to the original page as well.
Chargeback fraud, also known as friendly fraud, occurs when a customer purchases a product or service, and despite receiving it, the consumer disputes the transaction with their financial institution under the pretense that the item was not received. In some situations, the individual will admit to receiving the item, but will claim it was received broken, damaged, or otherwise unlike what they expected when making the original purchase.
Sift research has found that nearly 66% of consumers have filed transaction disputes and of them, 23% have admitted to committing chargeback fraud. Among the most common targets for these scams are clothing (21%), subscription services (19%) and electronics (18%).
Card testing refers to the practice of making small purchases using stolen credit card information in order to determine whether the card is active. Upon verifying that the card works, many malicious parties move on to card hopping. Card hopping is the act of using stolen credit card information to open new retail accounts, or to make numerous fraudulent purchases. This process usually involves several credit cards, which the malicious party uses to “hop” from one financial resource to another. Subtypes of card hopping and card testing scams include promo abuse, currency conversion fraud, refund abuse, and gift card fraud.
Unauthorized purchases on the deep, dark, and open web—or surface web—involve illicit transactions across different layers of the internet. On the open web, illegal online marketplaces facilitate the sale of counterfeit goods, stolen data, and prohibited items, often using cryptocurrencies for anonymity. In the deep web, hidden forums and encrypted platforms enable unauthorized exchanges of hacking tools, stolen financial information, and fraud-as-a-service. The dark web, accessed via a special browser, amplifies anonymity, facilitating a wide range of criminal activities, from drug and weapons trade to human trafficking and cybercrimes. Cryptocurrencies are often used for untraceable transactions.
Though payment fraud is a common practice, reported incidents have dropped globally by 24% since 2021 (from 60 million to 45 million cases). This is likely because several effective safeguards have been implemented to protect businesses and consumers from falling victim to these various schemes.
For one, effective “Know-Your-Customer” measures have become a mandatory framework for banks and financial customers to help validate a consumer’s identity before allowing them to access bank or credit card accounts. Though these practices were already included in the 2001 Title III of the Patriot Act, additional safeguards have since been put in place to reinforce the efficacy of KYC measures.
Using these enhanced safeguards, businesses can more effectively detect and prevent incidents of payment fraud:
Despite all of these measures, malicious parties are continuously striving to find new workarounds that enable them to bypass KYC policies. Some of these tactics include:
Sift’s Payment Protection is dedicated to stopping payment fraud, boosting business revenues, and managing risks in a single technological solution. Sift makes fraud management simple and straightforward by protecting every transaction and automating payment reviews. The advanced machine learning and fraud detection capabilities enable the technology to automatically detect and block suspicious transactions, eliminate fraudulent currency movement, and develop present and future safeguards against alternative payment abuse.
Sift’s technology monitors financial processes in real time, assigns adaptive risk scoring, and aims to keep consumers safe via constant vigilance. Sift uses dynamic friction to block malicious party access while streamlining the user experience for trusted customers. Dynamic friction enables Sift technology to detect and prevent fraud without inconveniencing users, which keeps online interactions as normal as possible for consumers.
Global companies across a diverse range of industries are using Sift to protect their business and customers. ChowNow, for example, uses Sift to reduce chargeback rates by 99%, saving them over $1M in one year.
Arwen Heredia is Sift's Principal Content Marketing Manager. She's a life-long writer and storyteller, dedicated to using the power of language to transform brilliant-but-messy ideas into real-world results that make a valuable impact.
Stop fraud, break down data silos, and lower friction with Sift.