According to The 2022 AFP® Payments Fraud and Control Survey, 71% of organizations were victims of payment fraud attacks or attempts.1 This survey demonstrates the need for individuals working in AML compliance, risk, and fraud management to comprehend the motives and processes behind payment fraud.
What is Payment Fraud?
Payment fraud is the illegal act of using another entity’s payment information to make purchases. In order for payment fraud to occur, criminals must first gain access to an individual’s or an organization’s payment information. In most instances, this is accomplished in one of two ways, identity theft or data breaches.
Types of Payment
To understand the types of payment fraud it is important to first clarify the two types of payments. These are denoted as card-present (CP) payments and card-not-present (CNP) payments.
CP payments occur when payment details are captured in person. CNP payments occur when the transaction is not made in person, and/or electronic payment information is not provided (i.e. online shopping).
Types of Payment Fraud
Understanding the two types of payments allows one to more easily comprehend the different types of payment fraud, as they are designed to take advantage of either CP or CNP payments.
Card-Present Payment Fraud
CP payment fraud requires possession of an actual payment card, and at times even identification of the victim, as CP payments occur in person. Most CP fraud occurs in one of three ways:
- Use of stolen debit or credit cards
- Use of cloned credit or debit cards
- Use of debit or credit cards applied for by fraudster(s) impersonating their victim
Card-Not-Present Payment Fraud
The majority of payment fraud occurs through CNP fraud tatics. Common instances of CNP fraud include:
- Friendly fraud
- Fraudster makes a purchase (often with their own card) and requests a refund, claiming they never received the good or service
- Online or phone payments
- Fraudster has victim’s card information and uses it to make purchases online or over the phone
- Prepaid cards
- Fraudster uses victim’s card/payment information to purchase prepaid cards, which are then used for purchases
- Point-of-Sale fraud
- Fraudster makes excuse (i.e. lost card) and has cashier manually enter card information for purchase
- Bank Identification Number attack
- Fraudster(s) utilize an algorithm to test numerous potential card numbers until one is successful. In this case, fraudsters do not need to have previous access to an individual or organization’s information.
Additional Forms of Payment Fraud
Technological advancements and increased scrutiny have created new types of payment fraud in recent years. These forms of fraud oftentimes don’t involve payment cards and include:
- Authorized push payment fraud
- Victim is tricked into authorizing a transaction to a fraudster-controlled account.
- Fraudster hacks into account(s) of victim, gaining access to victim’s funds. In this instance, the fraudster can also apply for a new credit/debit card to use for further purchases.
- Point of sale (POS) cloning
- Fraudster clones a POS device of a legitimate business and uses the business’ credentials to complete returns to gift cards/prepaid cards, which are then cashed out.
- Wire and funds transfer fraud
- Fraudster(s) prompts the victim to make a funds transfer or wire transfer to their account, similar to authorized push payment fraud.
- Fraudsters set up a fake third-party marketplace selling account. When someone makes a purchase, the fraudster uses their card, or another stolen form of payment, to purchase the good or service through a legitimate business entering the purchaser’s address for shipment. The purchaser receives the product, but they have unknowingly provided their payment information to a fraudster.
The CP, CNP and additional forms of payment fraud tend to be the most common, however, it is important to note that there are other forms of payment fraud, as well as variations on the types of fraud outlined above.
Payment Fraud and AML Compliance
All forms of fraud, including payment fraud, are listed as predicate offenses to money laundering.
What Are Predicate Offenses?
Predicate offenses are offenses that contribute to a larger offense, or crime, usually money laundering or terrorist financing. Fraud is the offense that leads to illegal profits which launderers would then have to ‘wash.’
As a result, fraud is often considered a warning sign that a larger crime is taking place.
Identifying Payment Fraud
So what steps can a business take to detect and prevent payment fraud? Fortifying many of the existing processes of your anti-money laundering (AML) program is a great way to strengthen fraud prevention.
Components of an effective AML compliance program such as risk scoring, Customer Due Diligence (CDD), Know Your Customer (KYC), and transaction monitoring can identify red flags of payment fraud.
Enhancing and updating a business’ risk assessment is vital for fraud detection and prevention. This could include the addition of risk scoring solutions or ensuring that current risk assessments properly account for fraud and anti-money laundering and counter-terrorist financing (AML/CFT).
Payment Fraud Red Flags
The implementation of effective risk assessment allows for fraud, risk and AML compliance professionals to more easily assess red flags for their business. Common red flags to be aware of include:
- Larger than expected transactions
- Orders that are significantly larger than average orders
- Large orders of the same good, or small variations of the same order
- Purchases made with different cards, shipped to the same address
- Discrepancy between shipping address and IP address
- Frequent processing of returns or refunds
- Purchases that exceed card or account limits
- Inconsistencies with personal identifiable information
- The use of multiple payment methods for one order
Customer Due Diligence and KYC
Effective CDD and identity verification and KYC processes provide a business with a better understanding of their customers, shedding a light on legitimate customers and potential fraudsters.
Effective transaction monitoring and screening can detect suspicious transactions in real-time. Flagging suspicious transactions in real-time can stop fraudsters in their tracks.
There are a variety of additional methods that can also help reduce the risk of payment fraud, including:
- Implementing multiple-factor authentication procedures
- Adding or improving a cybersecurity team, and training employees on how to recognize and report phishing attacks
- Encrypt transactions and emails
It is also important to note that fraud is constantly evolving and changing, and staying up to date on new trends is vital in combatting fraud. The additional benefits of AML compliance and fraud management solutions are their ability to be updated to meet changing needs.
How Alessa Can Help
Alessa provides both fraud and AML compliance platforms to various industries, including the payments industry. Our AML compliance platform includes:
- Transaction monitoring
- Watchlist & sanction screening
- Identity verification & KYC
- Risk scoring
- Regulatory reporting
- Case management
While designed for AML compliance, as a predicate offense for money laundering, many of these software solutions can work to detect and prevent payment fraud.
Our fraud management platform includes both continuous controls monitoring (CCM) and procurement monitoring.
In addition to being able to provide real-time monitoring and greater accuracy through the use of rules-based analytics, software solutions additionally can be changed and updated to meet the changing regulatory needs of a business, and also improved and modernized to keep up with and anticipate modern fraud tactics.
For further information on how Alessa can help with payment fraud prevention contact us today to speak with a fraud and AML compliance expert.