The role of payments in reducing fraud for merchants
As online commerce continues to expand, merchants face an escalating battle against increasingly sophisticated fraud attempts. Beyond the immediate financial losses, fraud poses significant threats to brand reputation and customer trust.
In 2023, the UK retail sector lost £392 million to e-commerce fraud, with card-not-present (CNP) fraud - when stolen credit card information is used to complete a transaction - being the most common. In 2024 UK Finance reported CNP fraud accounted for a significant portion of UK card payment fraud losses, with losses due to remote purchase fraud increasing by 11% to £193.7 million in the first six months.
UK consumers have also been on the receiving end of a huge influx of online fraud, losing over £11bn ($13.8bn) in 2024, according to Cifas. UK Finance and Which? recently wrote to the government, outlining concerns about fraud, including calling for the technology and telecommunication sectors to do more to tackle it and keep people safe.
While internal measures are essential, collaborating with a payment service provider (PSP) can substantially mitigate risk exposure and enhance fraud prevention strategies.
Common types of payment fraud merchants face
Merchants navigating the e-commerce landscape commonly encounter several forms of payment fraud:
1. Card-not-present (CNP) fraud
CNP fraud transpires when stolen card details are used to make unauthorised purchases online, without the physical card being present. This type of fraud is prevalent in e-commerce due to the anonymity of online transactions. Fraudsters often obtain card information through data breaches, phishing scams, or purchasing details from the dark web.
2. Friendly fraud (chargeback fraud)
Friendly fraud occurs when a legitimate customer makes a purchase and then disputes the charge with their bank, claiming the transaction was unauthorised or that the product was not received. This leads to chargebacks, resulting in financial losses and potential penalties for merchants.
3. Account takeover
In an account takeover, cybercriminals gain unauthorised access to a customer's online account, often through phishing attacks or credential stuffing. Once access is obtained, they can make unauthorised purchases, change account details, or extract sensitive information.
4. Refund fraud
Refund fraud involves a customer falsely claiming that an ordered item was not received or returning a different, often less valuable, item to obtain a refund. This deceitful practice results in financial losses and inventory discrepancies for merchants.
These fraudulent activities not only result in direct financial losses but also damage reputations, increase chargeback ratios, and can lead to higher payment processing fees.
Staying informed about fraud trends through resources like Action Fraud UK and the National Cyber Security Centre (NCSC) is vital for merchants.
The role of the payment provider in fraud prevention
Modern PSPs have evolved beyond mere transaction processors to become integral components in fraud detection and prevention:
- Real-time transaction monitoring. PSPs employ automated rules and machine learning algorithms to scrutinise transactions as they occur, identifying anomalies such as unusual purchase locations or mismatched IP addresses. Utilising systems that analyse transaction patterns in real time can help detect and flag unusual activities indicative of fraud.
- Customisable fraud rules. Providers like Ecommpay enable merchants to create bespoke fraud filters, adjusting settings based on factors like risk level, region, industry, or product type. Merchants can be notified of any potentially fraudulent transactions; this ensures customers experience high approval rates and a low level of fraud.
- Machine learning and behavioural analytics. Ecommpay’s in-house fraud engine analyses patterns to detect suspicious behaviour, enhancing fraud prevention efforts. This advanced graph analysis tool detects ‘fraud rings’ which uncover a complex ecosystem of bad actors who are interconnected. Graph analysis provides the opportunity to visualise the connected payment credentials. This helps map the relationships between linked entities in a network, plus identify and stop multiple instances of fraudulent behaviour by spotting suspicious patterns before criminals can take action. Machine learning also anticipates and prevents new fraud attacks in future.
- 3D Secure 2 (3DS2) & Strong Customer Authentication (SCA). Mandated under PSD2, 3DS2 adds an extra verification layer, reducing unauthorised transactions while maintaining a smooth checkout experience. The Financial Conduct Authority (FCA) reported a significant drop in fraud rates in the UK following SCA enforcement in 2022.
- Tokenization and data security. By replacing sensitive cardholder data with secure tokens, PSPs protect information in the event of a data breach. As tokenization replaces the card details with unique tokens, the actual card information is not stored or transmitted during transactions, reducing the risk of data theft.
- Dynamic routing and cascading. Payment providers route transactions through the most secure or optimal paths, retrying via alternative methods if a flag is raised or a payment fails. Utilising smart payment routing in this way thereby minimises revenue loss while preventing fraud.
- Chargeback management and prevention. PSPs assist merchants in efficiently handling disputes by offering comprehensive chargeback management solutions. They provide proactive chargeback prevention, effective dispute resolution tools, and data-driven analyses to identify and mitigate recurring issues. Specialised teams manage the entire dispute process, from gathering evidence to communicating with banks and card schemes, thereby reducing the merchant's workload and minimising financial losses.
Compliance and regulation
Fraud prevention extends beyond technology to encompass compliance with evolving legal and regulatory standards:
- PSD2 and SCA compliance. The Second Payment Services Directive (PSD2) enforces Strong Customer Authentication (SCA), requiring multi-factor authentication for online payments. This regulation has significantly reduced CNP fraud while ensuring a seamless checkout experience for legitimate customers.
- PCI DSS (Payment Card Industry Data Security Standard). PCI DSS sets the security framework for handling card payments, enabling merchants and payment providers to protect sensitive customer data. PSPs help merchants achieve compliance by securely processing, storing, and transmitting cardholder information, reducing the risk of data breaches.
- AML and KYC checks. Anti-Money Laundering (AML) and Know Your Customer (KYC) procedures are essential for identifying and mitigating fraud risks. PSPs perform rigorous identity verification and transaction monitoring, ensuring merchants do not inadvertently process payments linked to illicit activities.
PSPs stay updated on legal changes and industry regulations, advising merchants on necessary adjustments to maintain compliance. This proactive approach allows businesses to meet evolving standards without having to track every regulatory shift themselves.
Best practices for merchants working with PSPs
To maximise the benefits of partnering with a PSP, merchants should:
- Collaborate regularly. Engage with account managers and risk teams to review and refine fraud rules.
- Monitor analytics. Utilise dashboards to detect suspicious trends and adjust risk filters accordingly.
- Test and iterate. Conduct A/B testing on fraud settings to balance security measures with conversion rates effectively.
- Educate your team. Train customer service and operations teams to recognise fraud indicators early and understand escalation procedures.
Helping merchants win the battle against fraud
Fraud presents a complex and evolving challenge, but merchants need not confront it alone. Collaborating with a provider like Ecommpay - which offers real-time detection, advanced analytics and compliance support - empowers merchants to protect their businesses confidently while fostering growth.
Let’s chat and explore how Ecommpay’s fraud prevention solutions can be tailored to meet your specific needs.