4 Types of Payment Fraud that eCommerce Merchants Need to Watch For

4 Types of Payment Fraud that eCommerce Merchants Need to Watch For

by July 16, 2021

From phishing to wire transfer scams, there are many clever types of payment fraud that eCommerce merchants need to be aware of. In this article, learn about the four most common types of payment fraud.

Payment fraud is a serious concern for most eCommerce business owners. Fraudulent transactions are costing companies more money every year. In 2020, card-not-present (CNP) fraud cost online merchants an estimated $35.54 billion globally. That number is only projected to increase as eCommerce becomes the primary channel for purchasing goods and services.

Knowing how to avoid payment fraud and how to counteract its nefarious techniques is essential to the success of any eCommerce business. In this article, we’ll take a closer look at four common types of payment fraud, how they work, and what you need to do to prevent them.

What Is Payment Fraud?

Payment fraud is, put simply, the act of making a transaction with fraudulent details and depriving a victim of either money or property. The victim can be an individual, if the fraudster uses stolen credit card details, or a business, in the case of chargebacks.

However, even if the business isn’t the direct victim of this fraud, they can still have their financial health damaged. Too many fraudulent payments will raise eyebrows with credit card networks, who may restrict your account or flag your business as “high risk”. This can lead to increase transaction processing fees or in some cases the termination of your business account.

The Key Types of Payment Fraud

Now that we understand what payment fraud is, it’s time to take a look at how it works. As with other common types of fraud, there are multiple ways that fraudsters attempt to carry it out, but these are the primary ways that we typically observe it happening.

1.  Phishing attacks

Phishing is a fraud technique where a criminal will send a fraudulent message tricking the recipient into giving away their private information. Information that they ask for may include credit card details, bank account details, or a range of other personal information.

According to research published by the FBI, phishing was the most common form of cybercrime that took place in 2020. Phishing attacks nearly doubled from 114,702 incidents in 2019 to 241,324 incidents in 2020.

The three most common types of phishing scams are:

Email phishing: The most common form of phishing attacks are conducted via email messages. This type of attack typically involves a fraudster sending an email that informs the recipient that their account has been “compromised” and they need to reset their password. The goal of email phishing is to get the recipient to willingly disclose their private login credentials or any other sensitive information the fraudster might want.

Vishing: Vishing follows the same concept as phishing attacks, but it’s conducted over a voice call. A popular vishing attack is the “extended vehicle warranty” scam. The recipient receives a call informing them that their vehicle’s extended warranty is expiring, and they need to disclose their banking credentials to ensure the new warranty is properly set up.

Smishing: This is a type of phishing attack that uses SMS text to target unknowing victims. The tactics used in smishing are very similar to how an email phishing attack would play out; the recipient receives a text informing them that their account (online banking, PayPal, etc) has been compromised and they need to share their current login information to gain access to the account. Once the fraudster has the login credentials, they can change the password and block the victim from accessing the account.

2. Identity Theft

Identity theft can take many forms. It can come from an insider threat, where a disaffected employee steals personal information and payment details, it can come from a data breach, or it can come from a fraudster digging through someone’s trash.

As with phishing, the criminal will attempt to make a purchase with the stolen details, and, should it go through, the victim will report the transaction as fraudulent resulting in a chargeback for your business. The Federal Trade Commission (FTC) reported the number of confirmed cases of identity theft has tripled since 2018. Cases reached 1,387,615 in 2020; 650,523 in 2019; and 444,344 in 2018.

3. Advanced Fee and Wire Transfer Scams

These kinds of scams are particularly common as part of spam emails. A criminal will target a business owner or an individual and ask for payment in return for a greater amount of money later. They may, for instance, ask for money to pay bank fees so that you can get millions later on.

4. Merchant Identity Fraud

Very similar to consumer identity fraud, merchant identity fraud involves criminals setting up a fraudulent merchant account after illegally obtaining a business’s identification information. The fraudster will use this newly created “business” to place charges on customers’ credit cards, then terminate the account and walk away with the money, leaving the legitimate business to deal with a slew of chargebacks, customer complaints, and fraud reports.


First appeared on Vesta’s Blog on eCommerce Fraud.