How to prevent online payment fraud as an SMB

As a small or medium-sized business that operates online, you’ve probably heard that payment fraud is on the rise. According to Juniper Research, merchant losses from online payment fraud will exceed $362 billion worldwide by 2028 – with losses of $91 billion alone in 2028.

Whereas online payment fraud was once synonymous with stolen credit cards, today, businesses are facing new, more sophisticated threats. Generative AI in particular, is facilitating more advanced phishing and business email compromise (BEC) strategies.

Consequently, detecting fraudulent activity is harder than ever, and SMBs across any industry can be targeted.

At Payoneer, our audited payment platform is recognised by financial regulators all over the world, so we know a thing or two about the essentials of online payment security and fraud prevention.

Types of online payment fraud

To prevent payment fraud, we first need to know what it looks like…

Phishing – Where fraudulent actors send emails, text messages, or create websites to trick businesses into disclosing sensitive information.

Identity theft – Involves obtaining someone’s personal information like their name and bank details to make unauthorised purchases, or to open accounts in their name.

Chargeback fraud – When someone makes a purchase and then claims that they didn’t receive the product that they paid for. They then receive a refund while keeping the product.

Business email compromise – when an email tricks an employee into transferring money to fraudulent accounts.

Using customer authentication to prevent fake accounts

Fake merchant accounts rely on employees unknowingly giving away confidential information. For example, earlier this year, a finance worker at a multinational firm was tricked into paying out $25 million to a fake account using deepfake technology.

To prevent fraudsters from getting their hands on personal details, you should make sure that the payee and the recipient of an online transaction are authenticated.

Payment authentication uses features like account passwords, biometrics, and passcodes to verify that an online transaction is legitimate. It validates that the person making the transaction is who they say they are.

Since September 2019, Strong Customer Authentication (SCA) has been mandatory in Europe as part of the EU’s Payment Services Directive 2 (PSD2) legislation. However, according to research from Barclays, 28% of merchants still aren’t fully compliant, despite 73% of retailers in the UK reporting a drop in online payment fraud since adhering.

At Payoneer, we verify all our business applicants by collecting proof of identity, evidence of income, and line of business to prevent fraudsters from joining your merchant platform.

Blocking multi-accounting offenders

Multi-accounting is when fraudsters create multiple accounts with the same provider to game a system, exploiting loopholes and gaining unfair advantages.

Some strategies you can employ as an SMB to prevent multi-accounting include:

Advanced user verification – A two-factor authentication (2FA) process that requires verification through a phone number, text message, or email.

IP and device fingerprinting – Analysing a user’s network location, browser type, and operating system to identify multiple accounts from the same device or IP address.

Email analysis – Checking the validity of an email address to ensure it isn’t temporary, or from an unknown domain.

AI-driven algorithms: Using machine learning and artificial intelligence to identify suspicious behaviour and patterns on user accounts.

According to Payoneer’s historical data, 67% of the fraud cases we reviewed in 2018 were part of a larger group incident. Indeed, if SMBs were to work more closely with a payment partner like Payoneer, an estimated 57% of fraud cases could be averted.

Whenever we close an account for fraud, our rules automatically prevent the opening of related fraudulent accounts.

Monitoring suspicious activity to avoid account takeovers

According to Sift, in 2023 alone, account takeover fraud (ATO) resulted in nearly $13 billion in losses – up from $11 billion in 2022.

ATO fraud is when a fraudster takes over someone else’s bank, email, or social media account without permission. The victim’s login information is typically accessed through malware or a phishing attack.

Although identifying an ATO can be tricky, there are preventative measures you can take:

• Set login limits – Restrict the number of login attempts allowed by username, device, and IP address.
• Enforce strong passwords – Only allow passwords that are unique, and use secure services like LastPass or Bitwarden.
• Use multifactor authentication – At login, have codes sent to mobile devices in addition to passwords for an extra layer of security.
• Use CAPTCHA – Prevent automated programmes from attempting to log in to existing accounts, and from registering fake accounts.

At Payoneer, we have extensive experience detecting and mitigating account takeovers. Our due diligence, proprietary rules, and detection models ensure that ATOs are lower than the industry average on our platform.

Expanding your security capabilities

As online payment fraud becomes more sophisticated, companies need to stay on top of the latest security features. That’s why many SMBs are partnering with a secure payment processor like Payoneer to handle security and ensure compliance. We can help you comply with anti-money laundering (AML) laws like the MLD4 (Fourth EU Anti-Money Laundering Directive).  

A recent innovation in online payment security is delegated authentication, where a third-party handles the authentication process. This allows SMBs to provide more secure payment experiences without compromising on conversion rates.

Likewise, 3D Secure (3DS) provides an extra layer of verification when processing payments. The security measure (which is mandatory in some countries), redirects suspicious transactions to a 3DS page for additional verification. The payment provider then asks the card holder to enter a secure PIN before the purchase goes through.

Tokenization is also an emerging security feature that allows you to replace sensitive payment data with a random string of characters, known as a token. The token acts as a reference to the original data, but has no value or significance outside of the transaction. It helps prevent online fraud by protecting account information, reducing the number of false declines, and streamlining account management.

Reduce marketplace risk and fraud

At Payoneer, we protect your marketplace from risk and fraud with our world-class compliance platform. Our global experts offer full visibility into financial activities, helping to mitigate approximately 70% of marketplace fraud.

With Payoneer, you have fraud experts on hand. Our team are always looking out for your marketplace, and helping you reduce fraud costs – while ensuring you’re 100% compliant.

Open an account today