Payments fraud: 21st Century Scourge

Payment card fraud is a painful topic for many merchants with global losses from payment fraud reaching $32.4 billion in 2020.

Some 59% of merchants worldwide reported higher rates of e-commerce fraud in 2020 and are struggling to cope with rising payments fraud, according to a June 15 report from payments processor FIS.  In North America, it was even worse, with two in three merchants reporting more card-not-present fraud in 2020.  Perhaps most shockingly, some 38% of merchants around the globe lost at least 6% of their revenue to payments fraud last year.

Chargeback fraud grows in 2020

For the type of fraud Justt fights, chargeback fraud, the survey found that 61% of North American merchants experienced more chargeback fraud than in 2019. Chargeback fraud, AKA friendly fraud, describes illegitimate chargebacks by customers. This includes unintentional friendly fraud when a customer doesn’t recognize a purchase they made and intentional cases where the customer knowingly makes false claims to receive a good and keep their money.

While chargeback fraud is certainly not going away, the problem of payments fraud gets the most attention because it is typically perpetrated by organized crime networks. But organized doesn’t mean some local Soprano types. Most often it’s people connected solely through the world wide web.

Carding sites and the criminals that use them

Websites are used by hackers to sell card dumps (digital copies of stolen credit cards) to fraudsters willing to use the info to purchase goods from merchants. Sites from the early 2000s included the likes of Shadowcrew and CardersMarket, while more recent venues include CrdClub, Maza, Verified and Club2Crd to name a few.

Novice and not-so-novice fraudsters are recruited and trade tips across social media such as Telegram groups with names like Scam or Die, DarkHorn Market and Learn Hacking and Cracking. Just the top 15 Telegram fraud groups have over 200,000 members. Often these organized crime groups are transnational in nature with American, Russian and Ukrainian hackers working with fraud orchestrators in places like West Africa and mules based in Western countries to make purchases with stolen credit card data.

The hackers steal the credit information that is then sold onward to people who will actually use the credit card to commit eCommerce fraud and hire mules who will receive the stolen merchandise and reship it to the thieves orchestrating the crime. The goods are then resold to cash out.

Triangulation fraud and how it works

Another fraud method is called triangulation fraud and can be conducted by fraudsters from anywhere. 

In this scenario, the fraudster sells goods at below market prices on an online marketplace. They then use stolen credit card details purchased online to buy the goods from the legitimate merchant at regular price and they enter the shipping address of their customer. This way, the crooks cash out with real money and the end customer gets their product at a discount, but the merchant is hit with the chargeback when the cardholder realizes there is an unauthorized charge on their account.

How to address payments fraud

One of the main problems with payments fraud is that merchants can’t rely on local law enforcement to catch the crooks. The sums involved rarely reach the level that would warrant the resources of a police investigation. The transnational nature of the organized crime groups also means that key links in the chain that leads to the crime are out of the jurisdiction of the law enforcement agencies where the merchant incurs the loss.

Instead, merchants rely on anti-fraud software solutions that can filter out fraudulent transactions before they are completed. The number of such solutions easily run into the dozens and we’ve covered some of them on this blog before. The latest technological trend is to use artificial intelligence (specifically, machine learning) algorithms to teach anti-fraud software how to best detect fraud while minimizing false positives. However, in the never-ending arms race between master criminals and the tech companies protecting merchants it would not be surprising to find criminal organizations that are experimenting with artificial intelligence for use in defrauding businesses. For all we know, such software may already be in use somewhere.

As card-not-present payments grow with the boom in eCommerce and mCommerce, payments fraud and the fraud rings that perpetrate it can be expected to grow too. This topic will never get old.

For more information on payments related topics, visit our blog page or contact us.