Global losses from online payment fraud in e-commerce hit a staggering $38 billion USD in 2023. Projections indicate that total merchant losses could surpass $362 billion USD by 2028. In a world where technology continues to evolve at a rapid pace, so do the strategies of those looking to benefit from it.

Card payments are here to stay. But when it comes to higher value transactions, open banking payments (Pay by Bank) have set a new standard for security by greatly reducing chargebacks. Studies indicate a 61 percent reduction in fraud by 2024, thanks to advanced encryption and real-time authentication through open banking APIs. Open banking is backed by the EU Payment Services Directive and is designed to ensure safe transactions.

Open banking payments enable businesses to cut costly payment operations and card processing fees, as well as streamline their payment processes. In the UK, merchants receive payments within seconds, and in Ireland with SEPA, it’s either the same day or the following day. With the introduction of SEPA instant, Ireland will soon experience the efficiency of instantaneous payments.

For customers, they are empowered to selectively and securely share their financial information, without the fear of transaction typos or their sensitive data being misused. With open banking, they simply select their bank, log into their mobile banking app, and confirm the payment in a familiar setting.

The rise of sophisticated SMS and online scams have become an unfortunate reality in our digital age. By learning to identify the red flags and implementing practical fraud prevention tactics, individuals and businesses can fortify their online presence and reclaim their digital security.

1. Card-not-present Fraud

As e-commerce booms, card-not-present (CNP) fraud poses a huge financial threat to businesses. The projected global impact of CNP fraud is expected to reach $49 billion USD globally by 2030. Sensitive data is often obtained through data breaches or social engineering, like phishing.

To bolster defences against CNP fraud, businesses can adopt measures like 3D Secure, two-step authentication, and tokenization to protect card details. Tools such as address verification and IP geolocation identify suspicious activities. Maintaining clear transaction records and streamlining the playbook for tackling chargebacks is essential. Transparent communication of refund and return policies further strengthens overall security.

2. Phishing

Phishing is a social engineering attack designed to manipulate individuals into divulging sensitive information, including login credentials and card details. These attacks often imitate trustworthy entities such as banks or reputable online retailers, guiding victims to counterfeit websites in an attempt to pilfer personal information or introduce malware to devices.

Expanding beyond emails, phishing includes text messages (smishing) and social media (pharming). Vigilance is crucial — exercise caution with links from unknown sources, be wary of urgency, and regularly update your antivirus software. Stay informed and educate your team to effectively navigate the evolving landscape of phishing scams.

3. Digital Skimming

Digital skimming or e-skimming involves stealing personal data and payment information during online purchases. Criminals gain access to an online store’s source code or third-party tool through vulnerabilities, errors, or brute force.

They insert malware into the payment process, duplicating customer data. Data can be grabbed right away or stashed on the server for later use, flying under the radar.

Customers might not immediately realise that their card information has been stolen; from their perspective, their order is confirmed, and the item is on its way — no cause for suspicion.

In 2023 alone, over 119 million cards landed on the dark web, leading to an estimated $9.4 billion USD in preventable fraud losses for card issuers and $35 billion USD in potential chargeback fees for merchants and acquirers.

Safeguard your business with a malware monitor tailored for web skimming, enforce multi-factor authentication and robust password policies, and train staff to combat spear phishing attacks. Regularly audit vulnerabilities in your e-commerce platform, limit control panel access to specific IPs, and promptly apply security patches and updates.

4. Chargebacks

Chargebacks occur when customers dispute valid transactions, often citing unauthorised purchases or non-receipt of products.

To minimise risks, businesses should adopt strong verification processes, fraud-detection tools, and clear refund policies. Detailed transaction records are essential when dealing with disputes related to chargebacks and refund fraud.

Open banking is revolutionising how businesses and customers interact with financial data. It eliminates the complexities of sharing IBANs and manually adding payees, replacing them with a straightforward ‘pay by bank’ link or an embedded website button.

This reduces the risk of human error and fraud by making IBANs more ‘invisible’, and in turn more difficult for criminals to hack sensitive payment information.

Customers have more control over who has access to their personal data, and greater visibility on their transactions and account balance.

Businesses can enjoy safe, fast, hassle-free payments directly from their customers’ bank accounts with open banking. They can radically cut costs and protect margins, by significantly reducing high transaction fees, card fraud and chargebacks, and payment operation costs associated with time-consuming bank transfers, drafts, or cheques.

Payment orchestration tools enable businesses to set limits for card payments and collect bank payments beyond that threshold, thereby significantly eliminating fraud, chargebacks, and expensive card processing fees and payment operations costs for high-value payments. Advanced fintechs that seamlessly integrate card and open banking payments create a powerful synergy, elevating client profitability, security, and the overall payment experience.

Fintechs today should offer merchants the flexibility to present open banking, card, and other payment methods depending on variables like geographic location, customer, purchase type, and value of the transaction.

They can also be enabled to set automatic chase paths for failed transactions or where the shopping cart has been abandoned and present an alternative payment method to complete the transaction – bank or card. This approach optimises payment success rates.

According to a Prommt report, there’s been a significant increase in open banking adoption rates in just the past six months through payment orchestration, as clients benefit from increased fraud protection, substantial cost savings, and positive responses from their customers.

The report also found that while some sectors tend to have a high transaction value, the average transaction value (ATV) for an open banking payment (€4,679) is four times higher than the ATV for a card transaction (€1,147). This implies two things – card payments are not in any danger of disappearing, and open banking will continue to bring high-value transactions onto our platform. Automotive is shown as the top-performing industry for open banking transactions, with the highest single transaction value of €72,714.25, followed closely by Luxury Retail, Hospitality, and Hardware.

As the popularity of open banking payments grows with digitalisation and an open European payments system under SEPA, there is no doubt that fraudsters will follow. This has already started to happen in the form of Authorised Push Payment (APP) fraud.

APP fraud involves fraudsters using social engineering tactics to deceive customers into approving payments from their accounts. The first half of 2023 saw losses amounting to £239.3 million GBP as a result of these scams. APP fraud falls under two broad categories:

• ‘Malicious payee’, where individuals may be tricked into buying goods that either don’t exist or are never received.
• ‘Malicious redirection’ occurs when a fraudster, posing as bank staff, convinces the victim to transfer funds from their bank account to the fraudster’s account.

Advanced fintechs can successfully mitigate APP fraud through stringent onboarding and month-on-month merchant checks (including IBAN checks), as well as clear and effective merchant-branded communication with payers. Payments are managed in the form of a payment conversation, attaching a high degree of context to every transaction. It is crucial that payers fully understand all the steps involved in securely completing a payment, who they are about to pay and why.

Criminals prey on payer vulnerabilities. Fintechs, merchants, payers, and public sector agencies need to understand the dynamic and multidimensional nature of remote payments fraud and work together to effectively fight it.

Founded in 2017, Prommt is a payments platform that is revolutionising payments for enterprises and their clients. Its innovative solutions enable fast, frictionless card and open banking payments anytime, anywhere. Prommt is an enterprise-grade solution that is built for teams, supporting multiple locations, and provides powerful, reporting, and alerting capabilities. Headquartered in Dublin, Ireland, Prommt is used by businesses today across Europe and North America, and is the winner of the Best Open Banking Service Initiative awarded by Global Payments Innovation Awards 2023 as well as a finalist for the Best Open Banking Payments Project within the Open Banking Expo Awards 2023.

Curious to learn more about how Pay by Bank can help you? Get in touch – www.prommt.com