Planet

How to prevent payment fraud

Business owners can prevent payment fraud by taking active steps to monitor all transactions, training their employees, improving their security, and pursuing fraudsters to the best of their ability.

Fraud has been around ever since the dawn of commerce. However, payment fraud experienced a massive increase once businesses went online. This is because there are far too many ways to commit fraud digitally, and tracing them can be a lot harder due the sheer volume of transactions.

Nowadays, preventing payment fraud is becoming extremely difficult due to multiple payment methods, numerous regulations that tend to favour the consumer, and new technologies that are in many ways, untested.

However, it is still possible to take active steps to reduce payment fraud. Business owners can also try to recoup funds in certain cases when they have been a victim of payment fraud. Here, we take a look at everything from preventative measures to detecting and defending against fraud.

What is payment fraud?

Payment fraud is a fairly broad term. There are two easy ways to define it. The first is that payment fraud occurs when someone uses another person’s payment information to initiate transactions without their consent. The second is when someone tries to actively and maliciously scam a business on their own.

In the first case, the problem is that the actual owner of the credit card or alternative payment method eventually catches on. It is at this point that they make a claim to be reimbursed for all the charges made against their card. Businesses may be legally required to reimburse them. They can dispute the claim, but it is also important to take measures to prevent this from happening.

In the second case, business owners may not even realise they are being scammed. In the case of chargebacks (discussed later), the claim may be completely unfounded, but the business may not have any way of proving this. These kinds of frauds can be reduced by implementing a thorough monitoring system.

In the long run, a merchant account can be deactivated if the bank behind the account detects a lot of fraudulent activity. This is true even when the merchant may not be to blame. As such, taking active steps to reduce payment fraud is important for any business.

Types of payment fraud

Before we delve into how businesses can prevent fraud, we must understand how various fraudulent schemes occur. Payment fraud can be quite versatile, so here are the major ways through which business owners become a victim:

Credit card fraud

This is by far the most common kind of payment fraud. This occurs mainly when a credit card is stolen and used to transact. Credit card fraud can sometimes occur physically at POS terminals but is usually committed online.

Nowadays, payment processors are implementing measures to curb credit card fraud. For example, most card brands now require users to input their ATM passcode at POS terminals and use a one-time password to authorise online transactions.

Despite that, credit card fraud is on the rise. According to security.org, the total number of credit card fraud victims has risen from 127 million to over 150 million.

Credit card fraud is especially problematic because there are two aggrieved parties here. Not only does the business have to suffer a loss to return the defrauded amount, but the card's original owner also has to go through a painstaking process to retrieve stolen funds.

Account takeover/identity theft

Identity theft is a more advanced version of a stolen credit card. Here, the perpetrator steals not only the victim's credit card but also other information such as ID, mobile phones, and bank accounts.

The major issue for business owners is that detecting fraud like this can be very difficult. If the perpetrator has access to two-factor authentication methods such as the victim’s email account, the business has no accurate way of knowing whether the account has been tampered with.

Email fraud

Email fraud can occur in several different ways. Usually, it is an attempt by an outside party to coax an employee out of company funds. This can be done by sending an official-looking invoice, by pretending to be someone in the company and asking for a wire transfer, and other similar methods.

First-party fraud

This is one of the types of payment fraud that does not involve theft. A person will purchase something through a legitimate method like a debit card. However, they will initiate a chargeback once they have received the product/service, citing various concerns and complaints.

First-party fraud is mostly used for online services. Disputing these charges can be extremely difficult as it is usually the customer’s word against the business. Nowadays, we are also seeing an increase in first-party fraud when it comes to deliveries. Customers order products and then claim they were never delivered when requesting a chargeback.

Gift card/refund fraud

Gift card fraud can be very dangerous, although it is relatively less common than other fraudulent schemes. This is because gift cards are very difficult to track. Usually, scammers use stolen payment details to either purchase gift cards directly or purchase items from certain stores and refund them for gift cards. The gift cards can then be used or sold to others for monetary gain.

Internal fraud

Before we move forward, let’s touch on internal fraud. Internal fraud occurs when an employee intentionally tries to defraud the company of cash. This can be done in several ways.

For example, a former employee may duplicate a chequebook and use it to make personal transactions. Or, current employees may be inflating expenses and pocketing the change.

There really are innumerable ways to commit internal fraud. However, internal fraud tends to be more common among certain businesses than others. For example, ecommerce businesses do not usually have this problem. On the other hand, real estate and construction contracts are often rife with fraudulent individuals.

*Further reading: Types of online fraud and how to prevent them

How can businesses prevent and reduce payment fraud?

There are two ways businesses can tackle the problem of payment fraud. The first is by individually taking steps to increase the detection of various frauds. The second is by actively promoting practices that would lead to fewer frauds.

Here is how businesses can prevent and/or reduce specific payment frauds:

Always keep transaction records

You must keep a record of every transaction that occurs. This can be used to trace a lot of frauds, but it will be most useful when it comes to preventing first-party fraud.

Transaction records are extremely important when it comes to fighting chargeback claims. If you are delivering items, ask your delivery provider to take a photo of the delivered package.

Lastly, make sure to ban any first-party fraudsters from your store to prevent them from doing something similar again.

Do not accept paper cheques

With most financial activities having moved online, paper cheques are quickly becoming a thing of the past. However, fraudsters still employ them to leverage the delay in cashing a cheque.

As such, it is prudent to avoid accepting paper cheques as payment. Even if the cashier thinks they are quite adept at verifying its authenticity, technology makes it easier to produce counterfeit cheques that look completely authentic.

On a similar note, paper invoices can easily be stolen. It is best to record the most sensitive information digitally.

Ensure top-notch cybersecurity

Speaking of storing information digitally, business owners must implement all necessary measures to safeguard both their own data and that of their customers.

When it comes to internal security, here are some measures that businesses should take:

  • Make sure to have strong passwords for all accounts that hold sensitive data
  • Have multi-factor authentication on all company and employee accounts
  • Make sure all employees have company email addresses. This can be used to detect fraudulent emails (where someone pretends to be an employee of the company) as perpetrators will not have the same domain name for their email as actual employees.

Of course, it is equally important to protect customer data. Here are a few recommendations for business owners in that regard:

  • Require customers to sign up using strong passwords (and have multi-factor authentication enabled)
  • Encrypt all customer data so it cannot be accessed even if hacked
  • Sensitive information such as credit card numbers should be handled through a respectable vendor and stored securely (e.g., through tokenization).

Monitor accounts

Make sure that any suspicious activity across any customer account is detected as early as possible. Many times, frauds are detected months after they occur. At that point, there is nothing a business owner can do.

Another great preventive measure is to require authentication whenever a customer makes a major change to their account. For example, multi-factor authentication could be mandatory when a change to the shipping address is made. Unless the hacker also has access to the victim’s phone, this simple tactic will prevent fraud from occurring.

Best practices to reduce payment fraud

Here are a few ways through which businesses can consistently reduce the amount of payment fraud they face:

Take the middle approach

Most businesses consider payment fraud a cost of doing business. However, this cost can eat into the bottom line significantly. That said, stringent fraud controls may lead to a lot of false positives and make life inconvenient for customers.

The best way to tackle this problem is to try and find a sweet spot where the customers are not unnecessarily inconvenienced, but a significant amount of fraud is also detected. Finding this spot may require trial and error, but it can lead to huge benefits in the long run.

Train employees in detecting and preventing payment fraud

A lot of the time, business owners themselves are well-versed in all the latest fraud trends. However, their employees are clueless, and that leads to a lot of fraudulent activity.

It is important to train employees in everything known by the business owner and management about fraud. Also, remember that training is a continuous activity as fraud trends constantly change.

Monitor fraud trends

Similarly, business owners must know about the methods currently preferred by fraud perpetrators. Payment fraud is constantly evolving, and businesses must keep up.

Use a suitable merchant account provider

For businesses that accept a lot of online payments, having a trustworthy and reputable merchant account provider is a must. This is because they will already be integrating a lot of best practices for detecting fraud on their end. This, in turn, would mean less responsibility for the business.

Keep a watchful eye on employees

In some cases, it is the employee who is committing payment fraud. As such, it is important to monitor employees as well. However, business owners should be careful not to put measures in place that may be considered too invasive.

Background checks are a great way to determine if an employee has a history of committing fraud. 

On top of that, dual controls should also be set in place. Dual control involves important decisions requiring approval from upper management. For example, a business owner can set up a dual control where the owner must approve any transaction above a certain amount (or all transactions).

Collaborate externally

Business owners need to help others in the industry prevent payment fraud. Taking part in industry-wide initiatives is always a good idea, and businesses should adopt all the industry's best practices when they become apparent.

Lastly, businesses must maintain an open line of communication with their payment processor. In case fraud is detected, the payment processor should be informed as soon as possible so that they can take steps to mitigate the damage. 

Even suspicious activity should be reported. This is because the payment processor will have more experience than a business in this regard and may be able to see patterns that the business can’t.

 

You might also be interested in...

10 tips to enhance your online payment experience
Leave no cart abandoned: payment plugins for e-commerce
What is penetration testing?