Seventy-one percent of organizations reported they were victims of payment fraud last year.1 Although the motive is always the same, methods of committing payment fraud against businesses are changing. Check writing is responsible for sixty-six percent of business fraud and wire fraud contributes 32%. However, their usage as payment methods is declining overall. Meanwhile, fraudulent ACH debit transactions, at 37% in 2021, are increasing.2 Corporate card (24%) and ACH credit fraud is also rising.3
Businesses must remain vigilant since fraudsters will continue to find ways to steal.
Among online retailers, 75% of respondents reported an increase in payment fraud since the beginning of the pandemic.4 Global losses from e-commerce payment fraud were estimated at $20 billion in 2021,5 and online payment fraud losses are expected to exceed $343 billion between 2023 and 2027.6 This isn’t a surprise given e-commerce’s ongoing popularity with shoppers.
Innovative payment schemes yield billions for fraudsters.
The damage payment fraud causes is significant and the cost is staggering. How does payment fraud happen? There are some common tactics fraudsters rely on.
Though it’s not a new type of fraud, identity theft is increasing online.7 Fraudsters find, steal, or buy a consumer’s personal information and use it to open bank or card accounts, get loans and buy goods or services, as well as stealing tax refunds or filing fake insurance claims.
A new twist is synthetic identity fraud. In this scenario, criminals create wholly fake identities using pieces of fraudulent personal information mixed with real information. For example, they might use a real social security number but fake name, address, or birthdate. They then open accounts using this fake identity and make purchases or apply for credit. Because there’s no human “victim,” synthetic identify fraud can be hard to detect.
Also known as chargeback fraud or first-party fraud, friendly fraud occurs when customers make a purchase and then falsely dispute the charges on their credit or debit card bill. They seek an undue refund for the charge, claiming that the product or service wasn’t received, or the order was incomplete.
Friendly fraud is hard to detect and combat because many chargebacks are legitimate, and the fraud often involves just part of an online order. However friendly fraud accounts for almost 30% of online fraud losses in the U.S., and nearly 40% of online merchants worldwide claim to have experienced this type of attack.8
This relatively new type of fraud involves stealing small amounts of money from thousands of individual accounts, which is harder to detect than a massive single bank fraud event. It is “silent” because it keeps fraudsters under the radar of many fraud detection tactics. It also targets individuals versus companies or banks.
This is a type of identity fraud in which criminals add their own information to a customer’s account. For example, a fraudster might change the address or email address, or add his or her name to the account as an authorized user. The fraudster then hijacks the account.
In this creative scheme, fraudsters steal credit card information from customers making purchases on sites such as Amazon, eBay, or auction sites. The fraudster sets up as a vendor and lists products for very discounted prices. A customer buys the product using a credit card. The fraudster then uses another stolen card to buy the same product from a legitimate vendor who ships it to the customer. The unaware customer gets the product, while the fraudster keeps the original credit card payment. The owner of the stolen card likely disputes the unauthorized charge, and the merchant is left with a chargeback.
This difficult-to-detect type of payment scheme involves transactions that pass a merchant’s fraud filters and appear to be legitimate but aren’t. This not only requires the fraudster to have the victim’s credit card number, but also all (or enough of) the person’s identifying information to make the transaction appear legitimate. This type of information is often stolen in a data breach, and the fraudsters move fast to use the card before the cardholder gets the bill. The cost of U.S. payment card information sold on the dark web is $1 - $12; Visa cards are most sold, then Mastercard and American Express, respectively.9
It’s astonishing to think of the time, effort, and mental effort it takes to create and carry out these terribly destructive payment fraud schemes. But the fraudster’s ingenuity speaks to two characteristics to keep in mind: they are tenacious, and their end-goal is always financial. Staying ahead of fraud prevention and avoiding detection is part of the game for them.
Early payment fraud detection and a strong fraud prevention posture are critical tools.
Most credit card issuers monitor transactions for anomalies that might indicate fraud. As a result, many consumers have had a card denied or received a call from a card issuer to verify a charge. This can be unsettling for some.
Merchants need a strategic solution that balances payment fraud risk tolerance with a positive customer experience and operational efficiency. For example, stopping identity theft requires vendors to invest a bit of time (via the credit card issuer and credit bureaus) to verify that customers are who they claim to be. Given the nearly instant speed at which this typically happens, customers often don’t notice a delay. But if this verification process is slow, customer experience suffers. For low-cost transactions, merchants and banks have a relatively high risk tolerance but, for more expensive purchases, they usually require a higher level of assurance that the payment is not fraudulent.
The latest payments industry protocol, 3D Secure 2.0 (3DS2), allows more frictionless transaction verification in real time. An EMVco payment consortium solution, 3DS2 reduces the need for customers to enter a password or code for verification. This is possible because merchants can send 150+ data elements to the cardholder’s issuing bank to better assess the transaction’s risk.
While 3DS2 isn’t mandatory, online merchants’ adoption will likely be nearly universal at some point soon. It’s already required to meet Strong Customer Authentication (SCA) payment services legislation in the U.K. and Europe.
While recent statistics are unnerving, the good news is that payment fraud research and technology is burgeoning. Deterring payment fraud requires vigilance and investment. Companies that make and accept payments, particularly online, must have effective strategies to prevent fraud. They can’t afford not to.
For more information on how Synovus can help your business mitigate payments fraud, contact Synovus Treasury & Payment Solutions or your Treasury Consultant. You can also stop by one of our local branches to learn more.
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
Association for Financial Professionals, “Payments Fraud and Control Report,” 2022
You are about to leave the Synovus web site for a third-party site
Third-party sites aren't under our control, and we are not responsible for any of the content or additional links they contain. We don't endorse to guarantee the goods or information provided by third-party sites, and we're not responsible for any failures or inaccuracies. Third-party sites may contain less security and may have different privacy policies from ours.