Payment fraud presents a significant threat to financial institutions. Constant vigilance is critical if you want to protect your customers and your organization from this type of fraud, but what do you need to watch for to stop this type of fraud? In a lot of cases, you need to monitor the payment itself, but in others cases, you need to monitor events that lead up to the transaction.
Here is an overview of seven different types of payment fraud and an analysis of where the fraudster breaches security to commit the crime.
1. Credit Card Fraud
With credit card fraud, a thief either steals your customer’s credit card details or steals someone’s identity so that they can open a credit card in their name. This includes both card-present and card-not-present transactions. The latter is more prevalent because it’s easier to commit.
When a thief uses a stolen credit card to make a purchase, the merchant typically ends up bearing the loss of both the funds and the product that they sold to the thief. Financial institutions typically don’t have to deal with these losses.
However, when a thief opens a new account and uses a card attached to that account, the bank may end up bearing losses. This type of credit card fraud is 10 times more common than fraud committed with existing cards. According to data from the Federal Trade Commission, there were 363,092 cases of new account credit card fraud and only 32,204 reports of credit card fraud on existing accounts.
This emphasizes that financial institutions don’t only need to examine card transactions for signs of payment fraud. They also need to watch account openings for signs of fraudulent behavior.
2. Phishing or Social Engineering Fraud
Phishing allows thieves to complete a wide range of payment frauds. They call, text, email, or sometimes even send snail mail to victims to fish out information. They often prey on the victims’ fears and pretend to be a trusted party. For instance, they may contact someone pretending to be the IRS and say that they’re going to take collection action if the person doesn’t pay immediately. Or they may pretend to be the bank and request the victims’ PIN to complete a transaction.
Some phishing scams trick the victim into making a payment over the phone. This is getting increasingly complex for banks that use payment transfer services such as Zelle that don’t offer refunds. In other cases, scammers look for small bits of information to flesh out the details they already have about the victim. Then, they may commit payment fraud with the victim’s checks, cards, or other payment methods.
To spot payment fraud committed using stolen details, you need an anti-fraud solution that monitors all transactions for signs of fraud. If the thief is using a credit card, the merchant often can’t spot the fraud because there are no obvious issues. This is sometimes called clean fraud. That means you need to be able to spot the issue on your end.
However, in this case, even the best anti-fraud software isn’t the only solution. The thieves are penetrating your institution through your customers. So, your number one line of defense here is customer education. You also need to focus on employee education as phishers often try to trick bank employees.
3. Card Testing
A type of payment fraud that falls under the credit card fraud umbrella, card testing happens when fraudsters use stolen cards to make small purchases. They “test” the card to see how much they can get away with. Then, they either continue to make small purchases or slowly increase the value of their purchases until they’re finally cut off.
Small purchases can add up quickly. To protect themselves and their customers, banks need payment fraud tools that don’t just look at the value of the transaction. Instead, their tools need to look at customers’ patterns. They need to spot aberrations from the norm even when the payment is just for a few dollars.
4. Triangulation Fraud
This type of payment fraud has three elements. One, the fraudster creates a fake online store with enticing low prices. Two, victims attempt to buy items on the site, giving the thief access to their credit card numbers. Three, the thief uses the stolen card details to make purchases for themselves.
Pagejacking is a related type of payment fraud. Fraudsters reroute traffic from legitimate sites to their own sites. Then, when victims try to make purchases, the thief steals their card details.
Again, to detect this type of payment fraud, financial institutions need real-time payment fraud analysis that looks at all elements of the transaction. They should also invest in fraud detection tools that leverage cyber intelligence. Then, they will be able to gather more effective insights about fake sites and compromised card details.
5. Merchant Identity Theft
This is when someone opens a merchant account using fake details. They pretend to be a legitimate business that needs credit card processing. Then, once they have an account, they run stolen cards, and eventually, they take the money and run.
With this type of fraud, the thief infiltrates the bank at the point when they set up the merchant account. The bank needs new account processes that minimize the risks.
6. Buy Now Pay Later Fraud
Buy Now, Pay Later has proved to be irresistibly popular with consumers, but it’s also attracted the attention of fraudsters. Fraudsters commit BNPL fraud in two different ways.
In some cases, they use a fake identity and a stolen card to initiate a purchase. They get the product, but after the account holder disputes the first payment, the BNPL service can’t charge the card for the remaining installments.
In other cases, fraudsters take over an existing BNPL account and use it to make a wide range of purchases. The person whose account has been taken over often doesn’t notice the first transaction or the thief escapes notice by delaying the first payment to a later date. Fraud attacks on BNPL platforms have gone up by 54% compared to the last year.
To protect themselves from this type of fraud and emerging fraud threats, financial institutions need to work with anti-fraud partners that understand the constantly changing fraud landscape and adjust their approaches as needed. They can’t rely on static, rule-based tools to protect their institutions.
7. Check Fraud
Checks certainly aren’t as popular as they used to be, but they still represent a significant risk to banks. Recently, the media has placed a flurry of attention on check fraud as check-washing schemes have become increasingly popular. Thieves steal checks from mailboxes, wash them in chemicals to erase the ink, and rewrite them in new amounts to themselves.
Check fraud is particularly prevented with business account holders. These account holders tend to write more checks, and they have more signers authorized on their accounts. This can create a perfect storm for thieves to steal paper checks, but in some cases, thieves use social engineering to convince a business employee to write a check directly to the criminal.
Banks can no longer rely on tellers to spot the checks as the thieves typically use mobile deposits. By extension, financial institutions need tools that can scan the check for potential issues in real time when it’s deposited.
Payment fraud includes any type of fraud that allows a thief to make a fraudulent payment using stolen payment information or by opening a fake account. Financial institutions can face significant financial losses and reputational damage when their customers become the victims of payment fraud, but with so many different types of fraud, it can be hard to know what to do.
That’s where we come in — at SQN Banking Systems, we stay on top of fraud so that our clients can focus on their banks. To learn more about how to protect yourself against payment fraud, contact us today.