Key takeaways:
Consumers lost more than $12.5 billion to fraud in 2024, a 25% increase compared to the previous year.1
With fraud on the rise, it's more important than ever for businesses to protect themselves and their customers. Online fraud is becoming more complex as new payment methods and technologies emerge and hackers become more sophisticated.
Fraudsters use many strategies to steal money, including cyber attacks and social engineering scams like phishing. Preparing for fraud, as well as educating employees and customers, can prevent financial losses and protect a business’s reputation.
Learn how to mitigate risk, identify common types of fraud, and implement fraud prevention techniques.
Table of contents
Payment fraud is the act of stealing money from businesses and customers through fraudulent purchases and unauthorized transactions. Fraudsters might use their accounts to commit fraud or steal other people’s accounts for financial gain.
Fraud can happen in person, but online transactions are uniquely vulnerable to payment fraud. Juniper Research predicts that global business losses from online payment fraud will exceed $362 billion between 2023 to 2028.2
A business must understand its risk level based on its industry, the data it works with, and the types of payments it processes. The more ways that users can interact with their accounts and make purchases, the more opportunities there are for fraudsters to subvert payment processes.
Payment fraud can occur in many different ways. Attackers use a variety of tactics, so businesses should prepare their teams to detect common high-risk fraud signals.
Communication is one of the keys to preventing fraud, so establish strong policies and escalations that employees and customers can use when they feel under threat.
Common types of payment fraud include:
Phishing is a type of social engineering where criminals attempt to trick or pressure people into giving up sensitive information like account credentials or payment details.
Attackers commonly use this method to commit direct payment fraud, but some may also sell the stolen information.
Phishing often involves malicious links sent via email or text message. Attackers might also pretend to be a friend, loved one, or authority figure to gain access to information. Some phishing attacks occur over the phone.
Tips to help prevent phishing:
Credit card fraud and debit card fraud involve acquiring cards, or their information, and using them to make payments without authorization.
This could involve direct theft or installing skimming devices on hardware like ATMs or point-of-sale terminals. Attackers might also acquire card details through phishing, direct cyber attacks, or by purchasing them from other cyber criminals.
Tips to help prevent credit and debit card fraud:
Wire transfer fraud is a type of social engineering-based fraud in which criminals attempt to convince people to send them money using a wire transfer.
Wire transfers are popular among scammers because it’s generally difficult for the victim to recover money once they send it.
Often, attackers try to impersonate someone known to the target, like:
For example, the CEO of a company attends a conference. An attacker sends text messages to employees pretending to be the CEO, saying they are experiencing an emergency and need access to money.
Tips to help prevent wire transfer fraud:
Check fraud involves creating fake checks to make payments or using checks to make payments from accounts with insufficient funds. Check fraud is very common and can involve sophisticated counterfeits.
Fraudsters might try and withdraw money from banks with counterfeit checks or trick other people into taking counterfeit checks, which they then can’t use.
Fake checks might be brand new, created with printers, or existing checks that fraudsters illegally modify. In other cases, the check might be real, but the account is closed.
Tips to help prevent check fraud:
Chargeback fraud, also called friendly fraud, occurs when someone makes a purchase with a credit card and then requests a refund for illegitimate reasons. They might request a refund from the business or initiate a chargeback with the credit card company.
These are types of payment reversal, and customers may initiate them for legitimate or illegitimate reasons. Chargeback fraud is particularly difficult to identify because of the mix of true situations, lies, and simple misunderstandings that can occur, especially when delivery is involved.
Tips to help prevent chargeback fraud:
Identity theft occurs when attackers get access to a victim’s personal information and use it for financial gain.
This impacts businesses because it can lead to chargebacks once victims realize a criminal has used their credit card to make a fraudulent purchase. While the fraud itself mostly targets customers, businesses have a responsibility to prevent customer data leaks.
Tips to help prevent identity theft:
Account takeover (ATO) fraud often happens after identity theft. Attackers acquire user information, then lock the real owner out of the account by changing passwords and contact information.
Once victims are locked out of their accounts, attackers either sell them or use them to make fraudulent purchases.
Tips to help prevent account takeover:
New account fraud (NAF) happens when stolen and synthetic identities are used to fraudulently open new lines of credit.
Attackers could open new accounts with a business using identities they’ve stolen or by relying on fraudulent payment methods acquired via other instances of NAF.
Tips to help prevent new account fraud:
Gift card fraud is a type of social engineering in which scammers try and convince people to purchase gift cards and give them the numbers.
Scammers love this technique because it’s difficult for victims to recover funds once they use the gift card.
While businesses can’t control what kinds of scams their customers fall victim to, they can provide information to help protect everyone.
Tips to help prevent gift card fraud:
Merchant identity theft occurs when attackers pose as businesses or merchants to defraud other businesses or customers.
Scammers will often use phishing to gain information from a business’s employees, then engineer data leaks or gain access to business accounts.
Alternatively, attackers may pose as partners or points of contact in order to convince employees to send money directly to them.
Tips to help prevent merchant identity theft:
Pagejacking occurs when attackers clone a webpage and attempt to redirect users to it. Once users are on the page, attackers can perform several malicious actions, including acquiring account information and stealing money through payment fraud. Often, attackers will send malicious emails or text messages to direct users to the new site to harvest login credentials.
Pagejacking can be difficult to detect because it doesn’t require attackers to change a website directly. Domain spoofing is similar, where attackers create a new identical website with a similar domain name.
Tips to help prevent pagejacking:
Mobile payment fraud occurs when bad actors use mobile apps to perform account takeovers, phishing, and other types of fraud that can involve mobile devices.
Mobile devices are additional points of weakness that attackers can exploit by installing malware, acquiring mobile app credentials, or intercepting 2FA.
For example, a scammer might call someone and pretend to be a business representative. They will say that there’s a security issue with the user’s account, and ask them to confirm a code sent via text. The code is a 2FA security code that the attacker has requested for the user’s account, and once the user gives them the code, the account is compromised.
Tips to help prevent mobile payment fraud:
Push payment fraud occurs when an attacker convinces a consumer to send them money via tactics such as phishing. Unlike with fraud involving unauthorized transactions, push payment fraudsters acquire the victim’s cooperation.
This might involve trickery, threats, blackmail, or a bait-and-switch tactic like check fraud or gift card fraud.
Tips to help prevent push payment fraud:
ACH payment fraud occurs when criminals get access to a victim’s bank account information and use it to make fraudulent transfers through the Automated Clearing House (ACH) network. For businesses, this can involve outsider attackers or malicious insiders.
Tips to help prevent ACH payment fraud:
The greatest fraud risk occurs in industries that take online payments, accept checks, and deal with sensitive information.
As online shopping grows, so does payment fraud, leaving customers and businesses vulnerable to cybersecurity threats.
E-commerce websites accept various payment methods, often from many locations. The easy-to-use features, such as peer-to-peer (P2P) payment integration and international purchasing, create additional points of fraud vulnerability.
The more accounts someone has connected to their bank information, the more likely they are to become a victim of an attack or data breach.
The more valuable a customer’s information, the higher the likelihood that bad actors will attempt to acquire that information for use in fraud.
Data breaches expose customer information that attackers can also use to compromise their accounts elsewhere.
While digital payment methods are becoming more common, many businesses still accept checks. If checks are becoming less common at a business, employees may not be as well-practiced in identifying counterfeits.
Check fraud remains one of the leading types of payment fraud, according to the Association for Financial Professionals.3
Businesses must have strong training and check verification procedures.
Many fraud prevention and detection tools are available to help businesses mitigate risk. A security risk assessment can help businesses determine risk factors and identify which solutions are highest priority.
Some other effective measures to mitigate risk include:
PayPal, for example, helps businesses fight fraud and improve risk decisions with advanced solutions and smart technology. PayPal’s Fraud Protection Advanced uses machine learning and analytics to help protect businesses from fraud and adapt to an ever-evolving payments landscape.
One of the best ways to mitigate risk is to stay up to date about fraud tactics and train employees to look out for the signs. Here are some of the most common signs that payment fraud might be taking place:
Common signs of payment fraud |
---|
Customer behavior:
|
Payments and transactions:
|
Technical activity:
|
Fraud prevention is the process of using tools and strategies to help detect and reduce incidents of fraud. Fraud prevention measures offer several benefits for businesses:
As they grow, businesses can become vulnerable to new types of fraud and increased fraud activity. Any time a business interfaces with customers or other organizations, fraud becomes a risk.
That's where machine learning (ML)-powered solutions can help. These tools are increasingly useful for mitigating risk and preventing many types of fraud. A comprehensive payment platform with built-in fraud and risk management can help businesses to secure sensitive information and keep operations running smoothly.
PayPal’s platform has remained at the forefront of the digital commerce revolution for over 25 years, now serving over 400 million active customer accounts globally.4
Given the amount of fraud businesses are seeing in recent years, it’s time for a smarter approach to enterprise fraud management. PayPal’s fraud protection system uses billions of data points for in-depth analysis and prevention.