Breadcrumb

How online payment fraud can be avoided

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedApr 20232 min read

Online payment fraud cost ecommerce businesses an estimated 41 billion USD in 2022, a figure expected to grow to 48 billion in 2023. This takes a toll not only on your business’s bottom line, but also on your reputation and client trust. While it may not be possible to prevent payment fraud risk entirely, there are many tools at your disposal to reduce it. This starts with understanding the most common frauds you’re likely to encounter – here’s what you need to know.

What is payment fraud?

Payment fraud refers to any type of illegal transaction conducted online. It could take the form of fraudulent transactions using a stolen credit card, for example. Another could be a false request for a refund. Here are just a few of the most common types of online fraud:

Phishing – An attempt to steal the customer’s personal or financial information by spoofing a trusted ecommerce store, credit card, or bank account login page.
Pagejacking – Online fraudsters reroute a website’s traffic, directing shoppers to their website instead. It can take the form of ACH payment fraud where authorization is given to pull money directly from a customer’s account.
Identity theft – ID theft occurs both online and off. In the case of online payment fraud, it takes the form of penetrating your website’s checkout pages to steal customer details.
Merchant identity fraud – Another common trick is to set up a fraudulent merchant account using a legitimate business’s details, charging stolen credit cards. By the time the cardholders have discovered these suspicious payments, the hackers are gone. Instead, the legit business is responsible for paying all refunds and chargeback fees.

How does payment fraud happen?

Payment fraud risk is often down to the variety of contactless and card-not-present transactions that take place today. Savvy criminals are experts at pretending to be legitimate. They’ll often have a few pieces of identifying details for their target, such as a person’s name, address, and email. With this in hand, they can pretend to be a business representative to gain more data. Hackers are always on the lookout for weaknesses in network security systems. They’ll find ways to get through a firewall that hasn’t been updated, gaining access to stored cardholder data.

How to detect online payment fraud

Online payment fraud detection is your first line of defense. There are several areas to look at using automated tools to identify any red flags before purchase. This starts with new users, including their sign-up and login data. Compare the data to your existing files to see if there are any matches. It’s also important to use factors like IP address and location to make sure that the customer signing up is the same one logging in. Most payment gateways and processors will have anti-fraud checks built into the system to identify any red flags or unusual purchasing behavior at checkout.

Online payment fraud prevention tips

Earning back customer trust after a data breach takes time and money. It’s better to be proactive with a comprehensive payment fraud prevention strategy. This starts with regular updates to your antivirus software and firewalls, securing your network. Change passwords regularly, and take care when giving employees access to secure systems.

Here are a few additional online payment fraud prevention tips:

Create a company-wide policy regarding confidential data
Regularly update tokens and login details
Use end-to-end encryption for confidential emails, messages, and transactions
Use a PCI-compliant payment processor
Use an address verification service (AVS)
Use a HTTPS protocol when transferring data between the customer’s browser and your site
Verify customer identity before a first purchase

So, what’s the best way to protect your business from fraud? A multi-layered approach to online payment security is always best. It’s worth looking into fraud solutions dedicated to this purpose, layering each feature through API integration. GoCardless offers an end-to-end fraud prevention feature called Protect+ . Built specifically for bank payments using machine learning and payments intelligence, it automatically works in the background to identify, prevent, and neutralize potential threats. The result? A safer online shopping experience.

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.

Over 85,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Get Started Learn More