Online fraud is fundamentally different to fraud that occurs at brick-and-mortar businesses as it’s harder to be certain that the person you’re selling to is who they say they are. Some fraudsters adopt more sophisticated methods than just trying to make purchases on a stolen card.
When accepting payments online, it’s important to be aware of the different kinds of fraud and what your liability is so that you can minimize your risk and protect yourself and your company from any liability that could arise from accepting a fraudulent payment.
These are the most common types of online fraud:
This type of fraud makes use of stolen credit or card details to make a purchase online. The fraudster may be in possession of a physical card, but it’s more likely that the cardholder’s details were stolen electronically. A business ships goods or provides service to the fraudster, with the assumption that the payment is legitimate.
If a cardholder has not yet realized that their card is lost or stolen (and so has not notified the card issuer), payments can still be processed successfully. Even if a payment is not declined, this does not mean that it was authorized.
Once the cardholder discovers the fraudulent use of their card, the payment is disputed with the card issuer. Once the dispute is found in favor of the cardholder, the business suffers a loss equal to the amount of the payment, the cost of any goods or services already provided, as well as an additional dispute fee.
Overpayment fraud (also known as a payout scam, which is a common and widely known scam in the wedding industry) is a variant of stolen card fraud. The fraudster presents themselves as requiring the services of a third-party service in connection with the purchase. The fraudster then offers to pay the seller the cost of the goods, an extra sum for the fraudulent third-party, and often an additional convenience (tip) for accommodating the request. The fraud being committed here is that the third-party service doesn’t exist—the fraudster has taken the additional funds while the seller is left with a dispute.
For example, an wedding planning business may be approached by a fraudster claiming to live overseas or planning their wedding from far and away. They request that the business use their preferred wedding vendor, who they ask the business to make payment or a deposit to for services to be provided on their wedding day. Using stolen card information, the fraudster pays the business for the future service, and includes a gratuity for the seller as an incentive.
The business complies and pays the fee to this fake wedding vendor but no wedding ever occurs because there is no legitimate client or wedding vendor. The actual cardholder discovers the unauthorized payment and disputes it with their card issuer. The payment is automatically refunded and a dispute fee deducted, even though they’ve already paid out funds separately to a fraudulent third-party.
In this form of fraud, the fraudster deliberately pays more than was required, then contacts the business and claims they accidentally entered the wrong amount. The fraudster requests a partial refund to rectify this, but claims they have closed the card that was used and would like a refund sent using an alternative method that is outside of the card network (e.g., check or wire transfer).
For example, a fraudster donates $500 to a charity and contacts them shortly after to say that it should have been a $50 donation. The fraudster asks for the return of $450 using a different method, so no refund is made back to the original card. When the legitimate cardholder disputes the fraudulent payment, the charity is not only responsible for disputed amount, they have also lost the amount sent using the alternative method.
Never refund payments using a different method than the one originally used. If a card has legitimately been closed, you can still perform a refund. The customer should then contact that card issuer to arrange the funds to be retrieved.
Friendly fraud occurs when a legitimate cardholder makes a purchase, but then disputes it at a later date. This can either be accidental, because they didn’t recognize the transaction on their statement, or deliberate (e.g., due to buyer’s remorse or as an attempt to fraudulently obtain merchandise without paying).
It can be difficult to know whether friendly fraud has occurred, especially in digital sales. For those selling physical goods, shipping to a verified billing address and requiring signature on delivery can help combat this. In addition, having clear return policies prominently displayed at checkout to which the customer must agree prior to making a purchase can also help.