What is payment fraud?
Payment fraud is a type of fraud whereby a criminal intentionally uses stolen or false information to make a purchase. An example might be using someone’s credit card to make a purchase without their permission.
Some businesses are more susceptible to payment fraud than others. Retail businesses, especially those who deal online, are particularly vulnerable due to the large number of transactions they deal with each day. Financial institutions, healthcare companies, and hospitality businesses are also susceptible to payment fraud.
If a business doesn’t have effective payment fraud prevention processes in place, they may endure significant losses, fines or other legal liabilities, and a worsening reputation amongst customers. They may also suffer from operational disruption as they investigate the fraud.
Addressing payment fraud and money laundering in financial institutions often comes under the moniker ‘FRAML’, which combines fraud and anti-money laundering activities to address both holistically.
Payment fraud is seen by the EU as one of 22 predicate offences leading to money laundering and terrorist financing.
The 22 Predicate Offenses in the 6th Anti-Money Laundering Directive
The EU’s Sixth Anti-Money Laundering (AML) Directive lists 22 predicate offences that have the potential to generate illicit gains, which can subsequently be used in money laundering and terrorist financing. They are:
- Payment Fraud
- Environmental crimes
- Tax crimes (direct/indirect taxes)
- Counterfeiting currency
- Illicit trafficking in cultural goods (art, antiquities, etc.)
- Kidnapping and hostage taking
- Sexual exploitation of all ages
- Organized crime/racketeering
- Theft and robbery
- Insider trading and market manipulation
- Murder and grievous bodily harm (GBH)
- Terrorism
- Bribery
- Illicit trafficking in narcotics, psychotropic substances, hormonal substances and other growth promoters
- Drug trafficking
- Extortion
- Cybercrime
- Human trafficking and migrant smuggling
- Copyright infringement
- Arms trafficking
- Corruption
- Counterfeiting and piracy of products
The predicate offenses help financial institutions and authorities detect, prevent and investigate cases of money laundering more effectively. It’s important to note that the list is not exhaustive – EU Member States can identify other criminal activities as predicate offenses at their discretion.
Types of transaction
Payment fraud can be divided into many different categories (see the category below), but there are only two main types of payment that facilitate fraud: Card-present transactions and card-not-present transactions.
- Card-present transactions occur when the card information is presented as point-of-sale. This might involve putting a card in a machine, swiping a card, or tapping against a contactless terminal. Digital payments involving a phone, or a watch (such as Apple Pay) conducted in person are also considered card-present transactions. They key factor in card-present transactions is that information is provided via a magnetic stripe or chip.
- Card-not-present transactions occur when the magnetic stripe or chip is not provided during the transaction. Examples of payments like this – which don’t require a card reader – include rolling subscriptions, payments made over the phone, online shopping, in-app purchases, and utility bills.
Although card-present transactions and card-not-present transactions both serve their purpose, each can be exploited for payment fraud.
What types of payment fraud exist?
There are many types of payment fraud that stem from card-present and card-not-present transactions. These include but are not limited to:
- Debit card fraud – a bad actor may use a stolen debit card to withdraw cash from an ATM or make a purchase;
- Credit card fraud – a bad actor may use a fake or stolen credit card to make a purchase;
- Bank fraud – this refers to any form of fraud that involves a bank. This might include money laundering by illegally transferring funds from one account to another (bank transfer fraud) or using a stolen identity to open an account;
- Check fraud – a bad actor may use a stolen check book to make a purchase;
- Merchant fraud – a bad actor or organization pose as a legitimate company, thereby gaining access to payment information that is used for criminal purposes.
- Mobile payment fraud – a bad actor may use a stolen mobile phone to purchase products using a method like Google Pay or Apple Pay.
How does payment fraud occur?
Financial criminals have many methods to commit payment fraud and all involved gaining access to personally identifiable information (PII). Although this could be guessed, more common methods involve social engineering – psychological manipulation of people to obtain the information required.
Methods include but are not limited to:
- Skimming – debit or credit card information can be stolen by installing a device on top of a payment processor or ATM. The card details and PIN number are recorded, which then allows for counterfeit cards to be created and used without the owners’ knowledge.
- Phishing – a bad actor may obtain information from an individual or organization by asking for vital account information while posing as a trusted source (such as bank employee). Phishing is often done via text, social media, phone, and email, and often include links to fake log-in or payment pages.
- Chargeback fraud – this occurs when a person or organization asks for a chargeback from their credit card provider claiming that a product was defective or faulty despite this not being true. In this instance, is often the retailer that has to pay a refund despite not being at fault. This may also occur during private transactions online (e.g. someone claiming a second-hand laptop doesn’t work).
- Identity theft – a bad actor commits identity theft by using somebody’s else information for nefarious purposes such as acquiring a credit card or taking out a loan, which they have no intention of paying back. Such instances can negatively affect the innocent person’s credit rating through no fault of their own until the fraud is discovered.
- Hacking – this refers to putting a virus or trojan software onto somebody’s computer. This malware can detect and save account information and passwords, which a bad actor can use to commit payment fraud. Attacks on central systems (such as an advanced persistent threat attack) can also lead to data breaches, which in turn can lead to payment fraud.
How to protect against payment fraud?
Protecting against payment fraud is an ongoing process but thankfully there are many ways for enterprises to mitigate its impact.
These include having strong authentication measures (strong passwords, 2-factor authentication, etc.), using a secure payment processor, and using modern financial crime prevention software that includes payment fraud prevention.
Other measures include regular AML transaction monitoring, educating staff and customers on keeping their accounts secure, and by limiting access to important information to only those who need it.
Deploy a proven payment fraud solution with SymphonyAI
SymphonyAI’s Payment Fraud tools deploy a proven combination of predictive analytics and risk indicators with machine learning techniques to uncover suspicious behaviour, allowing the possibility of prohibiting in-flight payments and preventing fraud at the source by identifying and preventing bad actors in their tracks.
Drawing data from the retail and corporate payments ecosystems, it assesses both monetary and non-monetary information for each transaction based on customizable fraud prevention controls, allowing for institutions to only invoke processes like step-up authentication when necessary. This ensures a smooth, reliable customer experience that enables fast, safe movement of customer money.
Learn more about SymphonyAI Payment Fraud.
