Payment fraud is nothing new. In some ways, though, it’s a much bigger problem today than in the past. The rise of online shopping and banking has given criminals new, more effective ways to trick consumers and businesses alike.
Cybercrime has become so widespread that it’s almost impossible to avoid. You can minimize your risk and stop attacks before they cause much damage. It starts with learning what to look out for.
Table of Contents
ToggleCommon Online Payment Fraud Tactics
Online payment fraud comes in many forms, but some are more common than others. Here are a few popular tactics you should be aware of.
Phishing
Phishing is by far the most prominent type of online scam. It plays a role in over half of all criminal internet activity for two main reasons — it’s easy to do and remarkably effective. In these scams, cybercriminals pose as someone else to trick you into giving away information or clicking a malicious link.
They may pretend to be a store you’ve shopped at before sending you a “coupon” that installs a virus when you click it. Alternatively, they could claim to be friends and ask for personal details they’ll later use to bypass your security questions. Whatever the case, phishers take advantage of your trust.
Emails are the most common form of phishing, but it can also happen over text or phone. These attacks can be hard to spot today, as scammers use artificial intelligence (AI) to create more convincing messages.
Identity Theft
Identity theft is a similar type of fraud. This general term covers anything where someone pretends to be you after stealing your information. That information can be your name, social security number, social media profile, or anything else that allows them to open accounts in your name or spend your money.
While identity theft predates the Internet, it’s become easier with connectivity. Cybercriminals can easily find stolen information from past breaches and use it to enter your accounts—a technique called credential stuffing. You likely have some leaked credentials because some hacking databases store over 9.9 billion passwords.
Card Skimming
Another recent evolution of payment fraud is card skimming. These attacks usually happen at ATMs or gas stations, where physical devices on credit card readers steal card information. However, some criminals now use digital versions to do the same in online shops.
Thankfully, e-commerce card skimming is more challenging to pull off. That doesn’t mean it’s impossible, though. Hackers can get away with it if they insert a malicious script into the website’s code without anyone noticing. As a customer, you often can’t spot such attacks until too late, either.
Marketplace Fraud
Marketplace fraud is less sophisticated but works well enough for criminals to keep up with it. This is where people make money through shifty transactions on web marketplaces, including selling counterfeit goods or never shipping anything after making a sale.
Some online stores take responsibility for these scams and will refund you if you become a victim. However, that’s not always the case as other sites take a “buy at your own risk” approach.
As peer-to-peer e-commerce has become more common, this type of fraud has skyrocketed. Some researchers estimate as many as 34% of all Facebook Marketplace listings are scams.
Business Email Compromise
Business email compromise (BEC) is a little different. While most other online payment fraud tactics target your personal accounts, BEC aims at your work. Here, a cybercriminal will break into the official email of a higher-up and message you to authorize a transaction or send sensitive information outside the organization.
In many cases, BEC starts as phishing, but criminals can also hack their way into accounts. Regardless of how they get in, these attacks can be convincing because the requests—however unusual—come from a legitimate address. As a result, U.S. businesses lost over $13 billion between 2016 and 2022.
How to Protect Against Online Payment Fraud
Online payment fraud is a big problem. Thankfully, it’s also one you can prevent in many cases and reduce the damage when you can’t. Follow these seven steps to stay safe.
1. Learn the Telltale Signs of Fraud
The first step in fraud prevention is to learn what it looks like. You can avoid many scams when you know what red flags to look out for.
Common signs of phishing include unusual urgency and unexpected invoices, and many of these messages contain spelling errors or strange-looking addresses. Fraudulent seller accounts on online marketplaces often lack much history, have little to no reviews, and have vague product descriptions.
Remember — the government will never ask for money over anything other than the mail. Similarly, legitimate brands should have a customer service line on their website you can talk to if you’re unsure about a message claiming to be from them.
2. Implement Strong Authentication Measures
Next, it’s time to address your passwords. A good, strong password contains at least 12 characters, a mix of numbers and letters, and no ties to your real-world life or interests. You should also use a different one for every account to prevent credential stuffing.
As important as reliable passwords are, they’re still not enough. You should also use multi-factor authentication (MFA) wherever possible. Some sites and apps may call it two-factor authentication or two-step verification. Whatever name it goes by, this setting requires a one-time code to get in, so even a breached password won’t grant an identity thief access.
Biometrics — such as face recognition — are also better than passwords. However, MFA is still necessary when using this method, especially as generative AI makes it possible to spoof them.
3. Use Secure Payment Methods
You should also pay attention to the way you make purchases online. While you can’t control the systems various sites support, you can choose to buy from ones with safer options.
Only buy from sites where the URL begins with “https”—this means the URL is encrypted, making card skimming less of a threat. Apps like PayPal and Apple Pay are safer than giving someone your card info because they hide these details. Credit cards are more secure than debit when that’s not an option.
Legitimate sites often accept a more comprehensive range of payments, so be suspicious of stores with just one or two methods. Avoid anything that only accepts cryptocurrency, as it’s a favorite of cybercriminals.
4. Monitor for and Report Suspicious Activity
Sometimes, you won’t be able to spot fraud until after it happens. Consequently, it’s a good idea to look for suspicious activity across your accounts.
Check your bank statements, credit reports, and online profile activity regularly to spot anything that wasn’t you. If you see something, you can contact your bank or a credit bureau to freeze your credit or cards. Change your passwords for a hacked internet account and warn anyone the hacker might’ve messaged.
Remember to report this fraud to an appropriate agency. Go to the Federal Trade Commission’s website for identity theft and a website’s customer service for stolen accounts. Remember, though, that fraud investigations don’t always go how you’d hope. Several courts have dismissed False Claims Act accusations as simple as acting on someone else’s behalf.
5. Rethink What You Post Online
A few broader steps can also help prevent online payment fraud. One of the most important things to do is think before posting.
Identity thieves will even root around your trash to steal sensitive information from credit card bills and bank statements. They can use anything you put online the same way. Nothing is ever private on the internet, so a criminal can easily get your name, address, and information on your family members if you post them.
As a rule of thumb, avoid posting details you wouldn’t be comfortable sharing with a stranger. The less you share, the fewer criminals can impersonate you.
6. Trust Nothing and Verify Everything
Another good practice to adopt is the zero-trust philosophy. Because fraud is so rampant, you can never be too careful. In practical terms, that means you should verify everything before trusting it.
Imagine you get an email from a company telling you to follow a link to reset your password or pay a bill. Before you trust it, look at the sender’s email address. Does it match any legitimate messages you’ve gotten from them in the past? You can double-check the official site for contact info. Don’t respond if it doesn’t add up or if you can’t see a similar message after logging into your account from the official website.
Similarly, if you get an unusual email, you can text or call a co-worker or boss to make sure it’s really them. These steps may take time, but they’re worth it to avoid falling for a scam.
7. Stay Up to Date With Fraud Trends
Remember that online payment fraud is always evolving. Phishing attacks jumped by 1,265% since ChatGPT launched because it made it easier to create convincing messages. Scammers change their methods as new possibilities emerge, so you need to stay just as vigilant.
Keep up to date with security publications to see how fraud trends are shifting. By learning about newer attack methods earlier, you can stay secure.
Stay Safe From All Types of Fraud
Online payment fraud isn’t going anywhere. If anything, it’ll likely grow from here. Given that risk, it pays to learn how to spot and protect against these threats.
As intimidating as fraud can be, safety is not impossible. Once you know what to look out for and practice a few essential security tips, you can significantly reduce your risk of falling for a scam.
Featured Image Credit: Photo by Matilda Wormwood; Pexels