Sales from ecommerce are still surging from the pandemic — but where there’s payments, there’s payment fraud.
New data from UK Finance found there is “an epidemic of fraud” in the UK and unauthorised fraud losses across payments, remote banking and cheques totalled more than £730m in 2021.
But there are solutions, from tighter security measures to identify that customers are who they say they are to open banking, a potential solution for several key types of payment fraud.
What are the types of payment fraud, and what can be done to prevent it?
1. Card-not-present fraud is the most common type of card fraud
Some payment fraud uses stolen bank details, e.g. card details. The most common type of card fraud in the UK is card-not-present fraud where fraudsters purchase products or services online by using stolen card details.
“By far the biggest problem in the UK with fraud is still unauthorised card transactions,” Jack Wilson, head of public policy at TrueLayer tells Sifted. “That’s the type of fraud that everyone will be familiar with when your details from your card get stolen or cloned or intercepted in some way and then those details are used to make payments online without your knowledge.”
Although card-not-present fraud targets the consumer initially, the charges are often passed on to the merchant when the customer realises what has happened and requests a refund. In 2021, remote purchase fraud was valued at £412.5m — and caused immeasurable stress for customers.
By far the biggest problem in the UK with fraud is still unauthorised card transactions
“Every time there’s an unauthorised transaction, the customer is being worried about that transaction and it’s causing them distress,” says Wilson. “Even if they can ultimately get a refund from their bank for an unauthorised transaction, it’s still something they have to deal with.”
As the cost of living bites, it couldn’t be more imperative that people are protected from their money being taken away. Regulators are looking at different ways that can be achieved.
“It’s a big problem and it’s being tackled with a big solution,” says Wilson. “Regulators have introduced something called strong customer authentication (SCA), which means now that when you’re paying by card, you will often be asked to step up the security, by doing something like adding a one time password into a customer journey or using a fingerprint.”
However, difficulties in the roll-out of these new rules have cost merchants £130m since they came into effect, according to one major card issuer. Retailers have also reported issues with UX and conversion.
In addition to SCA, the card industry is trying to tackle fraud on cards through a suite of other measures. Whilst £966.6m of fraud has been reported to be stopped by banks and card companies, losses on UK cards still totalled £524.5m in 2021.
2. One third of chargebacks are estimated to be fraudulent
Another type of fraud is confusingly called friendly fraud — or fake chargebacks — but it isn’t very friendly, it’s where fraudsters manipulate a system put in place for security.
“In card payments you have this extra protection when you use a card to buy something online, which is that you can complain to the merchant if you don’t like what you’ve got, if there’s something defective with your product or the service you’ve received,” says Wilson. “If the merchant doesn’t resolve that for you and you still think the merchant is in the wrong, then you can escalate that to your card issuing bank, which is what is called the chargeback.”
A study by YouGov and TrueLayer found chargebacks cost merchants (with an average transaction value of over £500) an average of £235k. It’s estimated for each £1 taken by someone committing fraud, merchants lose £1.70.
“The bottom line is the chargeback regime is really punitive for merchants, not just friendly fraud, where they’ve been charged when it’s not fair for them to be charged back,” says Wilson. “But a chargeback in itself comes with costs that the card issuer imposes on the merchant.”
3. Account takeover fraud is increasing
Another kind of fraud is when fraudsters take over your account by using phishing techniques or bots to trick you into giving over your username and password before they change the details and lock you out.
According to Experian, account takeover fraud has increased by more than a third over the past few years.
More trickery includes authorised push payment fraud where people are tricked into making a bank transfer, often by someone posing as an existing supplier.
People have transferred their whole life savings into accounts that they think are for safekeeping and have actually transferred all of that money to fraudsters
“There’s also a problem in the UK with bank transfers, the type of payment that you make when you go to your online banking and manually input the details,” says Wilson. “That type of payment is susceptible to something called authorised payment push scam, which is APP for short.”
UK Finance found UK banks and their customers lost £583.2m to APP fraud in 2021, which continues to rise from £479m lost in 2020.
“People have transferred their whole life savings into accounts that they think are for safekeeping and have actually transferred all of that money to fraudsters,” says Wilson. “The inherent weakness in bank transfer scams is the fact that the consumer is entering their details manually, the sort code and account number, and up until recently there has been no way to validate that account belongs to the person you intend to pay.”
4. More than 6m customers are now using open banking
But not all is lost, there are a few ways to combat ecommerce fraud surrounding your bank details. One is confirmation of payee, where a bank will check the name, sort code and account number corresponds to your intended beneficiary and will warn you if they think it’s a scam. Another is open banking.
A stronger safeguard is open banking
“A stronger safeguard is open banking because when you pay somebody with open banking it uses the rails of an instant bank transfer, so the same rails that manual bank transfers use, but instead of the consumer inputting the account holder name, the account details, it will be the open banking provider who’s entering those details.”
Not only does open banking pre-populate payment instructions, reducing the risk of human error and customers being tricked into sending the money to a fraudster, but open banking providers also onboard and carry out diligence with merchants.
The Open Banking Implementation Entity (OBIE) recently announced that the UK has reached 6m users and 5m monthly open banking payments. The increase in successful payments is attributed in part to open banking’s inherent safety.
“Open banking payments don’t involve sharing any kind of data that can be used to commit fraud,” says Wilson. “We’re on a mission to encourage as many businesses and merchants as possible to adopt open banking payments, one reason being the inherent safety of that type of payment.”