According to data from the Federal Trade Commission (FTC), payment fraud cost consumers an estimated $12.5 billion in 2024.
That sounds bad enough on its own. But, the problem is several times worse for merchants and governments. According to Mastercard and Juniper Research, eCommerce merchants lost about $48 billion to payment fraud in 2024. The Government Accountability Office, meanwhile, estimates that the US federal government “loses between $233 billion and $521 billion annually to fraud.”
Needless to say, payment fraud — a broad threat that encompasses dozens of different fraud tactics — should be top of mind for all merchants, regardless of your scale, product vertical, location, or any other factor. In this guide, we take a look at what payment fraud is, how it works, and how it impacts merchants. We’ll also share tips and best practices you can use to identify, detect, and prevent these tactics from harming your business.
Payment fraud is a catch-all term that refers to the use of deception to carry out unauthorized financial transactions. Payment fraud may involve stolen credentials, impersonation, or embezzlement, and transactions may be conducted through credit card, debit card, wire transfer, ACH, check, or cash.
Regardless of the channels and tactics used, the aim is the same. Payment fraudsters are seeking to illegally enrich themselves at the expense of the victims they harm.
Read MorePayment fraud can take dozens of different forms. Common avenues of attack include account takeovers, where fraudsters initiate transactions after gaining unauthorized access to online accounts, and synthetic identity theft, where scammers use a combination of real and fake personally identifying information (PII) to sign up for bank or credit card accounts.
More sophisticated payment fraud tactics include clean fraud, business email compromise (BEC) attacks, and bust-out fraud. In these approaches, fraudsters either target victims with large asset bases or attempt to appear legitimate for an extended period of time.
Read MorePayment fraud results in billions of dollars of fraud losses per year. According to data from the Association of Certified Fraud Examiners, payment fraud causes businesses to lose roughly 5% of their revenue per year.
On average, a single payment fraud attack can cost an organization $1.5 million, and total payment fraud losses in the eCommerce industry alone exceeded $48 billion in 2023. Given that the most common payment fraud tactics tend to target businesses rather than individuals, merchants will need to stay alert and vigilant if they want to avoid becoming victims.
Read MorePayment fraud isn’t constrained to a single industry or tactic. While fact patterns vary widely, all forms of payment fraud can deal crippling losses to the merchants and consumers affected.
From the more than 1 million creditors who were owed money following the collapse of cryptocurrency exchange FTX, to the thousands of patients and dozens of insurance companies that were defrauded as a result of Mathew James’ $600 million healthcare billing scheme, payment fraud is a grave and ever-present risk.
Read MoreAlthough payment fraud is a broad term, it doesn’t include all forms of fraud.
For example, threat vectors like friendly fraud and return fraud are not generally considered forms of payment fraud, since these types of fraud do not necessarily involve unauthorized payments.
Read MoreAlthough payment fraud poses enormous risks to merchants, businesses aren’t entirely helpless against this threat.
Implementing fraud detection and prevention tools at account creation and checkout, like liveness checks, 3-D Secure, fraud scoring, and AI-based fraud decisioning, can help merchants monitor transactions at scale. These best practices will also help detect anomalies indicative of fraud and block bad actors from doing harm.
Read More
Payment fraud refers to the use of intentional deception or illegal behavior when transacting via credit card, debit card, check, wire transfer, ACH transfer, or any other payment method. Bad actors commit payment fraud in order to illicitly acquire goods, services, or financial resources.
Yes. In some cases, a bank can refund a fraud payment, especially if the transaction is reported quickly and accurately. In general, fraud payments involving credit or debit cards are easier to reverse than fraudulent transactions involving wires or ACH transfers.
While the words “scammer” and “fraudster” are often used interchangeably, there is technically a difference. Scammers deceive victims into giving up their sensitive personal or financial information, while fraudsters use this stolen information to make unauthorized transactions or steal goods and services from merchants. One reason why these terms are so interchangeable is because scammers often go on to commit fraud themselves.
The presence or absence of documentary evidence, such as purchase orders, invoices, receipts, and emails between you and other parties, can help establish whether a purchase was fraudulent or not.
Common signs of fraud include unsolicited messages promising high wages or easy money, communications that appear to come from “official” sources, upfront requests for personally identifying information, and the use of urgency or pressure.
Payment fraud doesn’t have to be conducted online. However, fraudsters tend to operate primarily in the online space, since it’s easier to commit card-not-present fraud as compared to card-present fraud.
First, you need to familiarize yourself with common tactics used to carry out payment fraud. Next, you can deploy a variety of fraud prevention tools and tactics designed to target each of these threats. You should also stay up-to-date with fraud prevention developments in the card-not-present space.
This depends on the individual fraud tactic used. For example, address verification (AVS) can help stop clean fraud, but it may not work with account takeover if the cardholder’s billing and shipping information is already saved to the account. It’s critical for merchants to employ multiple different tools to get a more detailed impression of each purchase.
According to the New York Office of the State Comptroller, four factors must be present for a person to commit fraud: opportunity, low risk of getting caught, rationalization in the fraudsters mind, and justification that results from the rationalization.
Fraudsters can employ a number of different tactics to commit payment fraud in the card-not-present space. Identity theft, account takeover, synthetic fraud, clean fraud, wire transfer scams, and business email compromise are among the most common.
