Fact or fiction: answering your payment fraud questions
Last editedMar 20234 min read
Do fraudsters work online and offline? Which payment methods are the safest? Do the benefits of having anti-fraud tools outweigh the risks to conversion? Despite payment fraud being a top threat for over half of all businesses, there is still a lot of confusion about how fraudsters operate and the best ways to protect your business against them.
So, we’re helping you to be better prepared by answering common questions and challenging some of the misconceptions we’ve come across during a decade of processing bank payments.
It costs my business less to retroactively deal with fraud than to pay for a proactive anti-fraud solution
If you’re trying to minimise your company’s outgoings then handling fraudulent payments as and when they happen may, on the surface, seem like the more cost-effective choice compared to paying for an anti-fraud solution that protects you up-front. However, when fraud does strike, two-thirds of businesses end up spending more than 10% of the actual payment size¹ on attempting to recover it. Plus, there are the costs you may not think about - like the people you employ to monitor and manage fraud. We found that half of the commercial enterprises in the UK have up to five people dedicated to chasing fraudulent payers.
The total cost of fraud for your business can soon add up - and that’s assuming that you’re able to notice the fraud in time to resolve it, with one in three businesses taking an average of two-to-three days² to catch a failed payment.
Finally, imagine the damage to your business’ reputation if word gets out that your checkout isn’t secure and how vulnerable it will leave you against fraudsters.
¹ Forrester and GoCardless Study, September 2020
² GoCardless Market Survey, Feb 2021
All fraud is digital so I’m safer asking my customers to pay with cheques
Unfortunately, no payment method is 100% safe against fraud - including cheques. There are a lot of different forms of cheque fraud, for example:
Presenting lost, stolen or counterfeit cheques including from foreign banks
'Bounced' cheques because of insufficient funds in the account
Using unauthorised business cheques
Internal fraudsters using legitimate corporate cheques without approval
Overpayment scams are one of the more common ways that fraudsters can abuse cheques. It works by the fraudster providing you with a cheque that has a higher amount than the value of the goods or service, they will then ask you to refund the overpayment in hopes you’ll transfer the funds before noticing that their cheque has bounced or is from an invalid account.
Lots of digital payment methods have security measures in place as standard that makes them safer than offline methods, with the added ability to layer on further protective tools.
I can’t be impacted by fraud because my customers pay upfront before I dispatch their order
Some fraudsters specifically aim to get your goods or services provided to them for free. There are two key methods that they use to try and achieve this.
1. Identity fraud
A fraudulent payer completes your checkout using genuine details which are stolen from an unsuspecting person. You send out the items or provide the service and then shortly after you receive a fair chargeback from the genuine account owner who has seen the charge.
You can’t challenge these types of chargebacks, you can only try to prevent them from happening in the first place. One way to do this is by using a payment method or anti-fraud tool that requires account authentication, proving that the person paying has access to the money they’re using.
2. Unfair chargeback fraud
This form of fraud also involves chargebacks but it works slightly differently. The fraudulent payer uses their account details but intentionally submits a chargeback the moment they receive their order. It’s a big loss as you’ve already paid for the goods, delivery, covered the transaction fee, and now you’ve also lost the payment.
The good news is that you can dispute unfair chargebacks, but without the right payment provider, it can rely on you manually spotting the issues fast enough and then submitting your claim to the appropriate bank or card issuer.
Credit cards are safe to use as they have multi-factor authentication
EU regulations mean that some payment methods, such as credit cards, have to use multi-factor authentication for payments. This basically means that when making a purchase, a payer has to prove they have one of three things.
Knowledge - a pin, password or secret answer that was put in place when setting up their account.
Possession - access to the mobile number or email address listed on their account. Typically the card provider will send a code via SMS which then needs to be entered to complete the transaction.
Inherence - think of biometrics like facial recognition and fingerprints which many people now use on their smartphones.
This does help to improve security and reduce fraud for the most part. There are some extenuating circumstances, like if someone has their phone stolen. Not everyone manually updates their notification settings and a thief may be able to see a code without needing to unlock the phone.
However, the real issue with multi-factor authentication is that it forces your payer to leave the checkout, get the authentication details, return to the checkout and then manually enter a password to complete payment. It’s tedious and honestly, a bit annoying. The added friction creates a poor experience and turns genuine customers away. In fact, 69% of payers will abandon a purchase if the checkout is too complex and a further 45% abandon a purchase if they feel the process is too manual.
All anti-fraud solutions are the same
Historically anti-fraud solutions have been designed to cover all payment types. They haven’t taken the use case or customer type into account, resulting in up to an 8% drop in customer conversions. However, solutions are evolving. One such solution is GoCardless Protect+.
GoCardless Protect+ is a fraud prevention solution built for bank payments and it works by using machine learning from millions of payment data points to identify when someone exhibits high-risk behaviour. These people are then automatically directed during the checkout flow to their online banking app or account where they need to verify ownership of their bank account. With 90% of the UK using online banking, it’s a seamless process that genuine payers can complete in a couple of clicks, but if someone is using stolen or fraudulent details they can’t go any further in the checkout.
On the off-chance someone manages to get around the sophisticated system, it also has a challenge chargeback feature that will report chargebacks and let you select if you want GoCardless to dispute it on your behalf.
Find out more about GoCardless Protect+ - businesses’ not-so-secret weapon against fraud.