Research from the 2019 AFP® Payments Fraud and Control Survey Report by J.P. Morgan shows that payment fraud across all industries is a serious issue. According to the report, payment fraud has increased 20 percent since 2014, and 82 percent of businesses were targeted in 2018.
It should be no surprise that payment fraud is on the rise. For one, it remains a profitable venture for many criminals. After all, if they weren’t making money doing it, they would have moved on to some other type of scam by now. Additionally, there are several types of payment fraud that criminals leverage, including:
- Business email compromise (BEC) fraud: Also known as CEO fraud, this type of email phishing attack relies on social engineering to trick employees into conducting wire transfers on behalf of whom they believe to be the CEO of their company.
- Triangulation fraud: This is a complex type of e-commerce fraud that involves a fraudster posing as a retailer and tricking a customer into ordering goods with their credit card. The criminal then places an order with a legitimate retailer using stolen payment information.
- Charge-back/friendly fraud: This type of fraud occurs when a seemingly normal transaction takes place but the customer claims that they never received the item or it wasn’t as described, resulting in a canceled order and a charge-back to the merchant.
- Affiliate/click fraud: This type of fraud occurs when a criminal uses human click farms or automated botnets to click on affiliate links, click online ads, make fraudulent purchases, or even fill out forms in order to collect money for the different actions.
The amount of money criminals stand to make, combined with the various forms of payment fraud, makes this a problem that is difficult to fight back against.
Payment Fraud Costs Your Organization Money
When we talk about the costs associated with payment fraud, we almost immediately think of the money that is stolen as a result of your organization falling victim. The U.S. Federal Bureau of Investigation reports that more than $26 billion was lost to BEC fraud between June 2016 and July 2019, with an average loss of nearly $157,510 per incident.
Despite being shocking statistics, these losses are not the only ones that a business incurs when it is targeted by payment fraud schemes.
Charge-backs have the potential to cost a business up to $200 in fees when you add up everything that is involved in dealing with a fraudulent charge, not to mention the loss of the item that was sent or given. In many cases of payment fraud, both the cardholder and the merchant are right. This leads many businesses to feel the need to fight back. But because the cardholder is also a victim, the potential to lose in arbitration is quite high even when the business has documentation to support its claims.
Companies also have to consider legal fees and fines that may pile up when they are taken advantage of by payment fraud. When triangulation fraud and other types of e-commerce fraud take place, the credit card companies may investigate.
Other costs are less tangible, but in the end, they have the same effect, with money being lost as a result. Many of these costs stem from issues related to perception.
For a company that is caught up in any type of payment fraud involving credit cards, there is not only the cost of legal fees, fines, and charge-backs. There is also most certainly going to be a large amount of damage to that business’s reputation.
Making news headlines may be reserved for large companies that are hit by massive data breaches. However, even the smallest incidents regarding payment card fraud require a level of reporting to customers or anyone who’s data was exposed due to the breach. Data breaches may also require law enforcement to be notified as well. The loyalty and reputation that companies work so hard to achieve are often wiped out after even a single incident.
Payment fraud can even affect a company’s website performance. When fraudulent traffic in the form of human click farms, botnets, and malware pummels a website, it burns up bandwidth and other resources.
When the traffic is on a scale large enough to make the criminals money, there is often a noticeable performance drop on the targeted website, which creates further issues. For one, the site’s search engine optimization may suffer. Because Google and other search engines value page speed, anything that slows this metric down may cause a slip in their rankings. Dropping too far down will result in lost business.
Beyond the search engine rankings, customers do not appreciate slow load times, either, and often steer away from websites that take too long to load. In fact, research from Akamai shows that even a 100-millisecond delay lowers conversion rates by 7 percent, and a delay of two seconds causes a 103 percent increase in bounce rates.
What Can Your Company Do About Payment Fraud?
In the world of cybersecurity, there are generally two approaches that people take. One is called security by obscurity. The aim of this strategy is to lie low and hope that the attackers pass by without paying their business much mind. This is more commonly seen with smaller companies that think cybercriminals and malicious hackers have no interest in them because they are not a valuable enough target.
However, this passive approach is a poor option when it comes to fighting against payment fraud or any other type of cybercrime. Even the smallest of businesses are prime targets for the bad guys.
The more effective option is to take a proactive approach toward fighting payment fraud and other types of cybercrime. This strategy involves implementing security technologies to protect your company’s assets, from servers to mobile devices and everything in between—including the ads and other marketing campaigns you run.
The proactive approach also includes incorporating training and awareness programs into your company culture, providing everyone with information on how to spot different types of threats and how to go about reporting potential fraud to the right people.
The reason so many companies, especially smaller ones, opt for the first choice is due to costs. Security hardware and software both cost money. Training costs money. All of the planning, management, and maintenance costs money.
However, a proactive investment in security will pay off in the long run. After all, once a business falls victim to fraud, a hard reality usually sets in, and those that implement security after the fact often find out that it would have been far less costly if they had taken the proactive approach in the first place.
Unfortunately, even the proactive approach is not a panacea. You need to employ fraud prevention technology that works, technology that is built for the type of fraud you are trying to prevent and tailored for your business’s needs.
If you want to find out more about ad fraud and how you can put the right technology in place to help stop it from damaging your business, contact us or download our Ad Fraud 101 guide, which takes a deeper dive into the threats your company faces and how you can fight back against fraud.