CARD FRAUD
When it comes to online shopping, customers aren’t the only ones who can fall victim to scams. Many scams target businesses and sellers instead, therefore anyone selling goods online must know how to avoid being impacted and what to do if their business is affected…
According to Business Wire, there was a 71% increase in payment fraud attempts on US businesses in 2023 – a statistic that highlights how important it is for online sellers to remain wary of practices that could undermine their services and cause financial damage.
With that in mind, Dennis Pederson, CEO of PayFasto, has compiled a list of five common payment scams that online sellers should be aware of and how to respond in the unlucky event of experiencing them.
Phishing scams
Phishing scams are where criminals try to trick people into sharing their sensitive information, such as credit card details and passwords. They typically do this by sending fake texts or emails which direct to a third-party website that resembles a legitimate business. After clicking on the link, users are encouraged to enter their personal information.
Phishing doesn’t just hurt customers; businesses are often targeted, which can compromise the privacy and security of consumers and stakeholders. They can cause financial and data losses and cause the public to lose trust in the company, leading to a damaged reputation and further monetary loss.
To spot phishing scams, it’s important that sellers educate themselves on phishing red flags and regularly train their employees to spot them. These can include unexpected requests for personal information, spelling and grammar errors, unknown or suspicious senders, and a sense of threat or urgency in the correspondence. Recipients should avoid clicking any unfamiliar websites and downloading attachments they don’t trust.
There are other measures that businesses and sellers can implement to reduce the risk of being hit by phishing scams, such as advanced email filtering tools and thorough assessment of third-party communication. It’s also a good idea to limit access to any sensitive data through multi-factor authentication and to always keep digital systems and software up to date.
Chargeback fraud
Chargeback fraud – also known as friendly fraud – is when a seemingly well-intended customer makes a purchase with their credit card and then disputes the legitimate charge with their bank. These people request a chargeback after receiving their order, typically claiming that they did not receive the item or that the payment was unauthorized in an attempt to receive a refund.
This is different to true fraud, where a third-party bad actor makes a transaction using stolen personal information and the genuine cardholder files a chargeback for an unauthorized purchase – those who commit friendly fraud seem otherwise trustworthy. These scams can be destructive to internet vendors, who must pay much of the losses when a bank accepts the dispute.
Good communication is key to preventing friendly fraud. It’s important that online businesses put merchant names and transaction details in banking apps to avoid customer confusion and that email confirmations are sent promptly after purchases are made.
Sellers should enable package tracking and delivery updates to ensure that consumers receive their goods. Internet vendors should enforce good customer service and inform recipients of delays. As well as this, it’s ideal to enact two-factor authentication for payments and verify any suspicious-looking purchases (e.g. large orders) before shipping.
Return fraud
Return fraud is similar to chargeback fraud and occurs when a customer attempts to get a refund by manipulating the seller’s returns process. This might involve returning a different item, claiming the product arrived defective or exploiting the terms of the returns policy. They ask for a refund despite not being legally entitled to one.
These scammers might use the items for a one-off event – for example, a high-end camera to take on holiday or an expensive dress to wear to a wedding. They might return these items claiming that they are unused, thereby flouting the terms and conditions of the returns policy by requesting a refund.
To lower the chance of experiencing return fraud, sellers should develop and share clear, non-negotiable return policies and always follow them while processing returns. For example, items not returned in their original condition, without attached labels or that appear to be used should not be refunded.
Strict checks should be implemented to ensure that customers receive and return the correct item in perfect condition, and measures such as delivery tracking should be introduced to confirm that orders are not lost. It’s also recommended to monitor transactions for unusual activity and suspicious customer patterns.
Merchant fraud
Merchant fraud is defined as scammers posing as real businesses to deceive their customers and make illegal profits. They might create fake online stores that let consumers unwittingly make purchases, often at temptingly low prices. They may then send a counterfeit or low-quality product, or no product at all. While this directly targets consumers, businesses are hurt as a result.
Merchant fraud can harm a company’s reputation and incur financial loss through chargebacks and other financial liabilities. They can be subject to legal consequences, such as lawsuits and fines if it’s determined that they neglected to maintain proper fraud prevention measures. If rates of merchant fraud in a particular industry are high, businesses can be impacted by higher payment processing fees due to the elevated risk.
A major way that businesses and sellers can combat this is by ensuring that the company name, logo and transaction details appear on bank statements to distinguish legitimate purchases from fraudulent transactions at fake stores, preventing chargebacks.
Implementing clear terms and conditions, secure payment methods and multi-factor authentication will also signal to consumers that the business remains trustworthy in the event of merchant fraud. On top of this, it’s good practice to stay aware of the best ways to prevent fraud and ensure that fraud prevention measures and software are being maintained.
Wire transfer fraud
Wire transfer fraud involves a fraudster deceiving someone into sending money through a bank transfer. They may impersonate trusted individuals and organizations, such as suppliers or the CEO of the business. They create fake invoices urging the victim to send money, often playing on their emotions and exploiting the pressure they may be under. These scenarios can be very realistic and convincing, and the victims often send the money over in a rush to remedy the situation.
This money is sent over instantly and it’s very hard for businesses to recover it. Sellers impacted will want to contact their bank as soon as possible to stop the transaction from completing. Naturally, it’s best to prevent this from happening altogether. As a rule, sellers should never send money in an unplanned, unexpected manner, and transactions should always be approved by multiple people.
Businesses and employees should avoid sharing any private company information with third parties. Improving cybersecurity protocols, in general, is a good way to prevent wire transfer fraud; use strong passwords, guard company or seller banking details, and enforce multi-factor authentication when logging into the company’s network.
Ultimately sellers and employees must constantly remind themselves to ignore any unexpected invoices for money – if in doubt, always get another opinion and confirm the validity of the request before fulfilling it.
Website spoofing
Website spoofing, also known as phishing, is a form of cyber-attack where a malicious actor creates a fake website that closely resembles a legitimate one. The goal is to trick users into thinking they are on a trusted site, leading them to enter confidential information such as usernames, passwords, credit card numbers, or other personal details. Spoofed websites can look identical to the real ones, with similar layouts, logos, and even URLs that are only slightly different from the authentic site. Website spoofing typically involves the following steps:
Creating a Fake Website: Attackers create a clone of a legitimate website. This involves copying the design, layout, and sometimes even the content.
Deceptive URLs: The URL of the spoofed website is made to look almost identical to the real one. Attackers may use techniques like substituting characters (e.g., using ‘rn’ instead of ‘m’), adding extra characters, or using subdomains that seem legitimate (e.g., ‘paypal-login.com’).
Luring Victims: Users are typically directed to these fake sites through phishing emails, malicious ads, social media posts, or other deceptive tactics. These communications often contain urgent messages prompting immediate action, such as verifying account details or resetting passwords.
Harvesting Information: Once on the spoofed site, users unknowingly enter their sensitive information, which is then captured by the attackers for fraudulent use.
How consumers can protect themselves from online fraud
In today’s digital economy, online transactions have become the norm. While the convenience of shopping and banking online is undeniable, it has also given rise to a significant threat: online card fraud. Cybercriminals continually develop new methods to steal credit and debit card information, leading to financial losses and compromised personal data. Understanding how online card fraud occurs and adopting preventative measures can help protect you from becoming a victim.
1. Use Secure Connections
Avoid Public Wi-Fi: Use a secure and private internet connection. Public Wi-Fi networks can be risky because they are often not secure.
Look for HTTPS: Ensure the website uses HTTPS, which indicates that the site encrypts your data. Look for a padlock icon in the address bar.
2. Use Strong and Unique Passwords
Strong Passwords: Use a combination of letters, numbers, and special characters. Avoid easily guessable passwords like “password123”.
Unique Passwords: Use different passwords for different sites. Consider using a password manager to keep track of them.
3. Enable Two-Factor Authentication (2FA)
Additional Security: If the retailer offers two-factor authentication, enable it. This adds an extra layer of security by requiring a second form of verification.
4. Use Trusted Websites
Reputable Retailers: Shop from well-known and reputable websites. If a deal looks too good to be true, it probably is.
Research New Sites: If you’re considering purchasing from a new site, research it first. Look for reviews and check if there are any complaints.
5. Protect Your Personal Information
Minimal Information: Provide only the necessary information required to complete your purchase. Avoid sharing sensitive information like your Social Security number.
Read Privacy Policies: Understand how your data will be used by reading the website’s privacy policy.
6. Monitor Your Accounts
Check Statements: Regularly check your bank and credit card statements for unauthorized transactions.
Set Up Alerts: Many banks offer transaction alerts via SMS or email. Set these up to stay informed of any activity on your accounts.
7. Use Credit Cards or Secure Payment Methods
Credit Over Debit: Use a credit card instead of a debit card. Credit cards offer better protection against fraud.
Secure Payment Services: Consider using payment services like PayPal, Apple Pay, or Google Pay, which add a layer of security.
8. Be Wary of Phishing Scams
Suspicious Emails: Be cautious of emails that ask for personal information or prompt you to click on links. Verify the sender’s email address and look for signs of phishing.
Don’t Click on Links: Instead of clicking on links in emails, go directly to the website by typing the URL in your browser.
9. Keep Your Devices Secure
Update Software: Keep your operating system, browser, and antivirus software updated to protect against vulnerabilities.
Use Antivirus Software: Install and maintain reputable antivirus software to detect and prevent malware.
10. Understand Your Rights and Policies
Return and Refund Policies: Familiarize yourself with the retailer’s return and refund policies.
Know Your Rights: Understand your rights regarding consumer protection laws in your country.
By understanding how online scams work and taking proactive measures, you can significantly reduce your risk of falling victim to these attacks. In an increasingly digital world, staying vigilant and informed is essential for safeguarding your personal information and maintaining online security