What Counts as Transaction Fraud? How Does it Happen & How Can You Prevent It?
Protecting a business from credit card fraud can put merchants in a quandary.
It’s important to prevent fraudulent transactions, but that can easily lead to the decline of some legitimate orders by accident. Merchants want to sniff out fraud before it happens, but too much friction at the checkout can lead to cart abandonment. How are sellers supposed to strike a balance here?
In this post, we look at what everyone means when they say “transaction fraud,” and what red flags one should watch for to spot potential threats. We’ll also offer some helpful tips to keep merchants from becoming victims.
Recommended reading
- What is Contactless Payment Fraud?
- The Top 10 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- What is Synthetic Identity Theft? How Can Merchants Stop it?
- Increase in Fraud in APAC Highlights Need for Solutions
- What is SIM Swapping Fraud & How Does It Work?
What is Transaction Fraud?
- Transaction Fraud
Transaction fraud can be any type of purchase which was not authorized by a legitimate user. With credit cards, for instance, transaction fraud usually involves unauthorized use of a victim’s credit card to make purchases.
[noun]/tran • zak • SHən • frôd/The term “transaction fraud” is broad. It can really be applied to a wide variety of activities.
Essentially, any fraud scheme involving an exchange of money could be considered a type of transaction fraud. These days, however, the label is typically used as a synonym for payment card fraud, especially in card-not-present environments. In that context, merchants run a risk every time they process a credit card transaction.
Fraudsters steal cards, account information, or even entire identities, then leverage the data to make unauthorized purchases. The rise of the internet and eCommerce has made this easier. Validating credentials for online orders, when a merchant never meets the buyer face-to-face, is difficult.
For the merchant, the trouble starts when the actual cardholder notices something amiss with their monthly statement. They may contact the merchant, but are more likely to call their bank and initiate a chargeback. At this point, the merchant has little recourse; if they accepted the unauthorized purchase, then they’re liable for the resulting dispute.
How Does Transaction Fraud Work?
Again, the answer’s a little vague. Even if we narrow transaction fraud to just incidents involving credit cards, there are still several ways it can happen, involving dozens of fraud tactics.
That said, most scams follow a general pattern which requires the thief to illegally obtain account data. The most common sources for this information are phishing attacks and the dark web.
Phishing refers to any means of tricking a targeted individual into revealing personal information, such as passwords and credit card numbers. This can be accomplished through emails purporting to be from reputable sources, phony websites, etc.
In other cases, hackers gain access to stolen account information (through data breaches, for example), then sell cardholder profiles in bulk on the dark web. They may also sell the raw data files, enabling fraudsters to use various bits of information to create their own fake profiles.
For example, a scammer may buy 1,000 Social Security numbers obtained from a cyberattack. Many of these numbers will be invalid, but some will be real. The scammer can then use this information to impersonate a user, get lines of credit, and conduct transactions in the victim’s name.
Common Types of Transaction Fraud
As we mentioned, there are multiple methods for committing transaction fraud. Many involve identity theft, though as we’ll see, not all are based on stealing data.
Here are some of the most common tactics used to leverage stolen cardholder data:
Of course, these are just a couple of examples. There is no end to the ways transaction fraud can happen, and cybercriminals are constantly inventing new techniques.
Why is Transaction Fraud a Growing Threat?
All types of credit card fraud are on the rise, and much of the blame can be tied to the internet.
Online shopping is a boon to both merchants and cardholders. But of course, the elements that make it easy for consumers can also aid fraudsters. The speed, accessibility, and anonymity of the internet have made fraud easier than ever.
For starters, more people than ever are shopping online. The greater the volume of transactions, the easier it is to slip fraud through the cracks. There’s also the fact that customers demand a fast, frictionless experience. Merchants are understandably hesitant to implement fraud-prevention technology that may slow things down and lead to cart abandonment.
More consumers are also now storing personal information online. From bank apps and in-store loyalty programs to product registrations and smart appliance configurations, the internet is one big data smorgasbord as far as hackers are concerned.
There are some security protocols in place, of course. That said, online information simply cannot be made 100% safe from fraud.
For every data breach that makes the news, there are dozens of smaller ones that happen around the globe. And, once stolen, much of this personal data ends up on the dark web for fraudsters to access and use.
Finally, card-not-present shopping has given rise to a new transaction threat: first-person (or “friendly”) fraud. Whether it is the result of a misunderstanding or a deliberate attempt to “cyber-shoplift,” filing unwarranted chargebacks is still fraud.
How Much Transaction Fraud is Too Much?
No one wants to lose money to fraud (obviously). But, keeping one’s revenue safe is not that simple. If we’re talking about transaction fraud, we also have to talk about the disputes resulting from that fraud.
Transaction fraud often leads to chargebacks that rob the merchant of much more than just the cost of the order. Beyond a refund, chargebacks mean merchants lose the actual merchandise, and have to reimburse shipping costs, pay additional chargeback fees, and more.
Also, each of the major card networks sets predetermined limits for how many chargebacks a merchant can receive as a share of their total transactions. This chargeback rate, or “ratio,” is used by banks and card networks to gauge the risk they feel the business represents. If the ratio gets too high, the merchant may be subject to additional oversight or increased processing costs. In worst-case scenarios, the retailer may lose the ability to accept credit cards at all.
A merchant’s chargeback rate is the key indicator that determines how much transaction fraud is “too much.”
Historically, the rule has been that merchants were fine if their chargeback rate was 1% or below. Nowadays, card networks may take action at any point they believe the merchant poses a threat. And rather than risk the network getting involved, the merchant’s bank may simply cancel the account at the first sign of trouble.
Learn more about chargeback ratesHow Does Transaction Fraud Detection Work?
The best way to avoid the pain of transaction fraud is to not let it happen in the first place. The best fraud detection methods use AI data analysis and machine learning to monitor and assess transactions, complemented by informed human decisioning.
Fraud scoring tools can calculate hundreds of data points in seconds, comparing them to established risk thresholds in real-time. This is all done without causing undue friction during the customer checkout process.
“Safe” scores mean the purchase proceeds. Transactions with higher scores, however, imply potential fraud. In these cases, the transaction may need additional validation (fingerprint, code sent via SMS, etc.) on the part of the cardholder.
What about borderline cases, though? Here, the merchant may be alerted to the transaction and make a manual transaction review to decide whether to accept or deny the order.
Of course, fraud scoring doesn’t work on its own. You need a full, multilayer suite of fraud detection tools to give you the most accurate, reliable data regarding fraud threats and indicators.
Learn more about fraud detection toolsTop 4 Transaction Fraud Prevention Best Practices
While banks and cardholders have some responsibility, it’s really merchants that are on the front lines of transaction fraud prevention. And because fraud isn’t a singular, self-contained threat, it’s crucial to deploy the right practices to prevent fraud and protect themselves against the resulting losses.
What should merchants do to ensure they’re protected? Here are the top four most fundamental fraud prevention best practices to adopt:
Keep Software Up to Date
Outdated fraud prevention solutions may fail to intercept new threats, and may even be exploited by fraudsters. Keep up with all software updates and patches and implement them as soon as possible.
Conduct Regular Audits
Regular audits of all internal operations help ensure they’re running at peak performance. This might include staying up-to-date on tech changes and ensuring employees abide by fraud prevention protocols.
Learn to Recognize Fraud “Red Flags”
Fraudsters are too smart to leave any smoking guns that would indicate a problem. That’s why merchants should give extra oversight to any transaction that is larger than normal, comes from an unfamiliar customer, ships to an address that can’t be verified using AVS, or raises other fraud red flags.
Authenticate Buyers Based on Risk
Some orders may need more in-depth screening or even a manual review to verify the buyer’s identity. Merchants need to use tools to segment lower-risk transactions from riskier ones, thus introducing friction only when it’s necessary.
A Last Word on Transaction Fraud
That's a solid starting point. However, it's going to take a lot more effort for merchants to be sure that they’re doing everything they should to mitigate risk.
Preventing credit card transaction fraud isn’t a simple matter of using one or two basic tools. Neither is it a “one-and-done” proposition. Prevention is an ongoing, evolving, and multilayer practice that requires constant attention.
That’s why most merchants find a much greater ROI outsourcing chargeback management to a third-party provider like Chargebacks911.
Using proprietary tools and processes, we help merchants identify fraud sources and reduce occurrences, enabling long-term chargeback reduction. Contact us today to learn more.
FAQs
What is transaction fraud?
Transaction fraud can be any type of purchase which was not authorized by a legitimate user. With credit cards, for instance, transaction fraud usually involves unauthorized use of a victim’s credit card to make purchases. This would include purchases on lost or stolen cards, or on cards that were illegally obtained. It also covers account takeover, identity theft, and other situations in which card use is deemed “fraudulent” by the issuer or card network.
What makes a transaction fraudulent?
Simply put: if a transaction was not explicitly authorized by the cardholder or another authorized user, it is considered fraud.
How do you identify transaction fraud?
Typical indicators of transaction fraud include unverifiable or inconsistent personal information, awkward use of language, or unusually large orders. You should also double-check purchases with the same card but different shipping addresses, or different cards using the same shipping address. Large orders where the payment is divided across different cards can be a red flag, especially if they don’t share the same verified billing address information.
How should merchants handle fraudulent transactions?
The best way to handle fraud transactions is to prevent them. If you suspect a purchase is fraudulent, you might first reach out to the customer. If that doesn’t work, hold off on shipping the order until you can talk to the buyer and confirm. If the situation can’t be resolved to your satisfaction, decline the sale. It’s better to decline a valid sale than approve a fraudulent transaction.