Online Payment Fraud

Payment Fraud

Virtually everyone buys goods and services and makes payments online these days. Online transactions and payments are the preferred option for those who like to go cashless or shop from the comfort of their homes. Therefore, it is not surprising that the transaction value of global digital payments in 2020 amounted to $5.2 trillion.

Also, Statista estimates the total transaction value of digital payments segments will reach $9.47 trillion in 2023. However, increasing online transactions heightens the incidence of online payment fraud.

This article delves into transaction fraud, the types, how frequently it happens, and the solutions. It also covers who is affected by online payment fraud and how Wallester can help with risk management.

What Is Online Payment Fraud and Why Is It So Common?

Online payment fraud is an illegal act in which someone steals another person’s payment information and makes an unauthorised payment for goods or services. After such fraudulent payment, the cardholder will have to contact their bank or issuer and complain about the debit or charge to their card or account. This, in turn, creates a dispute between the person and:

  • Their bank,
  • The owner of the business where the online fraud happened, and
  • The payment gateway/merchant account provider.

The business owner must solve the dispute and pay penalties for investigation and chargeback fees. Aside from cases involving stolen credit card details, there are instances where customers falsely claim they did not receive an already delivered item. This false claim then leads to a chargeback.

The more chargebacks your business has, the more likely your merchant account provider will deactivate your account. Banks do this to reduce the risk of fraud. However, payment card fraud is still widespread.

Online payment fraud is prevalent primarily because many people store their card information online. Fraudsters know this and are taking advantage of the availability of such details. Also, these fraudsters do not need a physical card to carry out their schemes.

They only need the details of the debit or credit card which customers store online. Therefore, not only is it easy for them to access such information, business owners cannot detect fraud by themselves as they can’t tell phoney transactions from real ones.

What Are the Types of Payments?

There are two main types of payments, namely:

💳 Card Present (CP)

A card present transaction is where a buyer’s electronic payment data is taken in person at the point and time of sale. Also, CP payments happen when customers swipe their cards with a card reader or digital wallet. This is common with businesses that use contactless-enabled terminals like point-of-sale (POS) systems.

💳 Card Not Present (CNP)

Unlike CP, card-not-present transactions happen when a card’s magnetic strip or chip data is not given. CNP payments include subscription billing, online shopping carts, and phone orders. This payment type also falls under transactions on apps or smartphones without a card reader.

Online Payment Fraud Statistics Around the Globe

Online transaction fraud is a global problem; the numbers show it is not going away anytime soon. Here are some global statistics on payment fraud:

  • Globally, e-commerce businesses lost an estimated $41 billion to online payment fraud in 2022, an increase from $20 billion in 2021. The number is expected to rise to $48 billion in 2023.
  • In 2021, three-quarters of online merchants reported more payment fraud attacks, an increase from 2020, before the COVID-19 pandemic.
  • In 2021, about 40% of online sellers globally suffered from friendly fraud attacks.
  • There was an 18% growth in global e-commerce fraud losses between 2020 and 2021
  • Mobile apps were the most targeted device for online banking fraud globally in the second quarter of 2021. The fraud committed through mobile devices was more than 50%.
  • Globally, online transaction fraud costs businesses 1.8% of their revenue
  • E-commerce merchants lose an additional $2.94 for every $1 lost to fraudulent chargebacks

Regional Statistics for Online Payment Fraud

Here are the stats for online payment fraud from different regions:

Types of Payment Fraud

To properly conduct fraud detection, knowing the different types of payment card fraud is crucial. They include the following:

Credit Card Fraud

This payment fraud type often results from identity theft. Fraudsters use information from stolen credit cards to buy items, which are charged to the cardholder. Alternatively, the fraudster could withdraw a sizable amount from the account and abandon the card.

Card Testing Fraud

Here, the person who stole the card tests it to see if it is active. If it is, they sell it on the dark web; tested cards are more expensive than untested cards. To check if a card works, the fraudster will use it to pay for a subscription-based service when signing up for a free trial.

The platform they are signing up on will perform a zero-amount transaction to confirm the details entered. If the transaction goes through, it means the card is active.

Account Takeover Fraud

As the name implies, account takeover fraud involves an account getting hacked. In such cases, the fraudsters access an account that is not theirs. If they break into a bank or credit card account, they pretend to be an actual cardholder and request a replacement card they can use physically.

Friendly Fraud

Equally referred to as First Party Fraud, friendly fraud happens when buyers fraudulently try to get a refund for a purchased item using chargebacks. In such cases, they contact the business owner or their bank directly and attempt to initiate the chargeback process.

Refund Fraud

This type of payment fraud is hard to detect despite becoming more common. It happens when a professional fraudster asks businesses for refunds for items they have not bought or received. Sometimes, the fraudster returns a thing they did not buy or a fake.

Gift Card Fraud

It is a form of transactional fraud in which a fraudster uses stolen card details to buy an item. Afterwards, they will return it in exchange for a gift card or refund. Although this online payment fraud type is common, it is difficult to trace and is not as monitored as credit and debit cards.

Who Is Affected By Online Payment Fraud?

Two classes of people are affected by payments fraud and data breaches: customers and online merchants. For online shoppers, stolen credit card details mean they can only transact once they get a new card. This takes time and resources, making the experience unpleasant and frustrating.

Online business owners must deal with the costs of fraudulent payment and the goods already sent to the fraudster. Also, their merchant account provider will issue chargebacks, and if the fraud persists, the bank may close their account.

In regions like Europe, merchant account providers under the revised Payment Services Directive (PSD2) are legally liable for fraud committed across their online merchants’ portfolios. The continuous threat of payment fraud is why most banks offer some industries high-risk merchant accounts with more chargeback fees.

How Does Online Payment Fraud Happen?

When fraudsters commit online fraud, they steal the identity of their target. Most fraudulent transactions involve the following steps:


Step 1: The fraudster targets a person and steals their debit or credit card details. Alternatively, they could go through payment pages to get a person’s payment information or buy it on the dark web.

Step 2
: The criminal uses the stolen card information to buy goods or services online.

Step 3: The online merchant assumes the card details entered belong to the cardholder and validates the purchase. Then the seller sends the items bought to the fraudster.

Step 4: The cardholder receives a notification for the purchase of the items and reports it to their bank. The online merchant then gets issued a chargeback with additional fees.

Most online payment fraudsters prefer to buy card details on the dark web, especially if they need a lot of cards. According to a report, nearly 15 billion data records were compromised in the last six years, with 68 records stolen or lost per second.

With this high number of data breaches, one would assume that people will likely stop filling out their card details or buying online. However, this is not the case, as only a few online shoppers and business owners know and understand how fraudsters operate online.

How Fraudsters Operate Online

Online payment fraudsters are ever-evolving and looking for ways to rob people of their money. Since they operate in the dark web, it is challenging to track their methods as they leave little to no trace. However, their actions can be studied to understand how they operate online.

Here are some of the ways online fraudsters carry out their attacks:

Usage of Advanced Privacy Software

Fraudsters have developed software they can use to evade browser IDs, like Anti-Detect. With this tool, fraudsters can create numerous models of virtual machines for different browser windows. This makes it difficult to trace their location.

Location Spoofing

The dark web is filled with the personal payment information of people from all over the world. Once a fraudster purchase payment details, they will uncover where the card owner uses it. Then they will spoof their location to make it appear like they are in the same place.

Phone Number Spoofing and Calling Services

Another way online fraudsters commit payment fraud is by buying customer phone numbers and bank details. However, since they do not have the person’s phone, they will call the phone company and request that calls and messages be diverted to their number.

The common reason given by fraudsters when making such requests is that they want to be able to verify purchases. In other cases, a fraudster can engage calling service providers on the dark web. The call service agent will contact the victim’s bank or credit card company and ask to change their registered phone number.

Imitating Customer Behavior

It was easier to track fraudsters when they were careless and ordered bulk items at once. However, online payment fraud criminals have learned that it is better to start small and act like the typical customer. They play the long game by ordering a few things and cancelling orders before going big.

Enhanced Buyer Data

Here, fraudsters do not only buy cards and personal details. They purchase driving licenses and device IDs to appear legit or create new customer accounts. Enhanced buyer data is common in bank fraud.

Detecting, Preventing and Responding to Payment Fraud

With the amount of money lost each year to online payment fraudsters, fraud detection, prevention, and response are essential. The question, however, is: how can online merchants protect their businesses and customers from these criminals? This section discusses the three steps involved.

Detect: Fraud Detection Technology

The prevalence of online fraud has made business owners wary of unusual transactions. Once they notice an irregularity or a deviation from the standard buyer behaviour, they block their payment gateway. This has, to a large extent, affected the user/buyer experience and the business revenue.

Therefore, online merchants must be able to separate customers from fraudsters. One way to do this is by investing in fraud detection technology. The latter uses cross-platform and historical data from different businesses to identify abnormal customer behaviour.

It also uses the information to identify genuine customers and fraudsters. Since fraud risk in each industry and region differs, the fraud detection tool can be configured to match the threat level in such a sector or country.

Prevent: How to Prevent Payment Fraud

After detecting fraud, the next action is to prevent its recurrence. Fraud prevention involves the following:

Supervised Machine Learning

It involves combining machine learning and risk knowledge. Here, you can develop risk profiles to automate risk assessment. Supervised machine learning also saves time and requires little risk management effort.

Customisable Risk Rules

The fraud risk differs by industry; each business must implement strategies that meet its unique needs. This is where customisable risk rules come in. With it, online merchants can develop risk profiles that match their business and customers’ buying patterns. Consequently, business owners can identify the purchases to block and the ones to validate the payment.


Identifying theft is often at the centre of most online payment frauds. Therefore, by introducing 3D Secure 2 authentication, businesses can verify when a genuine customer is paying and when they are being impersonated.

Manually Review

Fraudsters often target high-volume transactions or industries tagged by merchant account providers as high-risk. So to further prevent fraudsters from succeeding, manually review a translation before validating it. It goes a long way in avoiding chargebacks.

Respond: Testing and Experimenting

Response in fraud detection involves testing and experimenting. This is because it’s hard to determine the perfect risk management strategy without examining it. Create several risk settings and test them using the A/B method until you find what works for your business.

How to Choose a Payment Fraud Prevention Solution

Before investing in a payment fraud prevention tool, you must know what to watch for. Buying software blindly will only waste your resources and time and not give you the solution you want. To keep this from happening to you, factor in the following when buying a payment fraud prevention tool:

API Integration

Companies prefer to build their risk stack and connect it with their payment system. However, using an advanced tool with its own Application Programming Interface (API) is better.  But there’s a catch.

Most fraud detection software is cloud-based. The question, therefore, is how you can integrate these fraud detection SaaS tools with your business systems. The answer lies in using API calls.

API calls let an app request data or services from another application. When this happens, your business will enjoy real-time fraud protection. Also, during updates and fixes, there will be no downtime, and you can customise the system to meet your business needs.

Whitebox System

A white box system allows testers to check and confirm how the inner part of a software system performs. It covers codes, infrastructure, and integrations with external systems.

When a white box system combines with machine learning, businesses will have more information on their fraud protection software. This, in turn, will let them know when to accept, decline, or modify the suggestions made by the system for fraud detection and protection. Therefore, ensure your fraud prevention system has a white box.

Dynamic Friction

Excellent user experience is crucial to the success of a business and should be frictionless. For this to happen, you must use software that allows you to incorporate dynamic friction into your security system. Dynamic friction is about striking a balance between light and strict security checks.

Light checks happen if your fraud prevention system gives customers a low-risk score. A strict inspection is for those with a high-risk score. For the latter, the system will ask for additional authentication like two-factor verification, OTP, etc.

Note that if the inspection is very strict and cumbersome, buyers will leave your site and go to one with fewer obstacles. This is why dynamic friction is a double-edged sword. While it will protect your business and customers, it can also make you lose them.

Productivity Enhancements

A good payment fraud detection solution should have product enhancement. The latter involves integrating your fraud prevention system with other software. The integration should improve how information is presented and highlight the relevant data. Also, adapt your fraud prevention solution to your business productivity needs.

You can connect payment analysis with a workflow that reduces the risk of money laundering. Alternatively, you can create an alert system that notifies you of transactions above a certain amount or more than what a customer would otherwise transact. Banks use this method to check money laundering and fraudulent transactions.

Pricing Model

Finally, go for fraud detection software with a competitive pricing model. Also, note the incentives offered by the vendor. If they promise to pay your chargebacks, check reviews to see if they keep their word if a chargeback request goes through. However, it is better to go for a pricing model that gives you more control over risks and has better conversions.

Risk Management With Wallester

At Wallester, we are dedicated to fighting financial fraud, approaching the matter from the perspective of the payment card issuer. We help our clients to protect their cardholders with our automatic fraud monitoring system integrated into any card program launched with us. We are innovative industry leaders with cutting-edge built-in fraud detection and prevention systems. Our security tool will secure every payment within the card program and prevent online payment fraud attacks.

Contact us today to discuss a customised card solution for your business.


Does bank refund fraud money?

Not all banks refund fraudulent money. Whether or not money deducted from an account will get refunded depends on the bank’s policy, the type of fraud, and the laws of the country where the bank conducts business.

What is the most common type of attempted payment fraud?

Credit card fraud/identity theft. It typically involves a fraudster stealing a person’s payment information and conducting a transaction in their name.

How do I reduce the chances of fraud affecting my business?

To lessen the incidence of fraud and keep it from affecting your business, you must monitor transactions carefully. Also, limit access to privileged information, encrypt your emails, keep up with fraud trends, and use fraud detection and prevention technologies.

What is the difference between payment fraud and friendly fraud?

Payment fraud is a transaction made by a fraudster using a cardholder’s details. On the other hand, friendly fraud is committed by customers and involves them asking for chargebacks for an item they already received.

How do I stop online payment fraud?

Use fraud prevention technology and properly score risks. This will help avoid validating a fraudulent transaction.

How to stop churns from ID checks?

Confirm the identity of customers in the background and only demand identification from suspicious users. You can do this using dynamic friction.

Should I go for a chargeback guarantee?

It depends on your threat level and your risk management strategy. While chargeback guarantees to appeal to many businesses, remember that it will block many genuine transactions. This could cost you buyers and gives more work to your support team.

Please, improve your experience!

You’re using an unsupported web browser. As Wallester supports the latest versions, we highly recommend you use an up-to-date version of one of these browsers: