How to prevent online payment fraud as an SMB
Prevent online payment fraud by overcoming challenges like phishing, fake accounts, and account takeovers (ATO) with enhanced security features from Payoneer.
As a small or medium-sized business that operates online, youโve probably heard that payment fraud is on the rise. According to Juniper Research, merchant losses from online payment fraud will exceed $362 billion worldwide by 2028 – with losses of $91 billion alone in 2028.
Whereas online payment fraud was once synonymous with stolen credit cards, today, businesses are facing new, more sophisticated threats. Generative AI in particular, is facilitating more advanced phishing and business email compromise (BEC) strategies.
Consequently, detecting fraudulent activity is harder than ever, and SMBs across any industry can be targeted.
At Payoneer, our audited payment platform is recognised by financial regulators all over the world, so we know a thing or two about the essentials of online payment security and fraud prevention.
Types of online payment fraud
To prevent payment fraud, we first need to know what it looks likeโฆ
Phishing – Where fraudulent actors send emails, text messages, or create websites to trick businesses into disclosing sensitive information.
Identity theft – Involves obtaining someoneโs personal information like their name and bank details to make unauthorised purchases, or to open accounts in their name.
Chargeback fraud – When someone makes a purchase and then claims that they didnโt receive the product that they paid for. They then receive a refund while keeping the product.
Business email compromise โ when an email tricks an employee into transferring money to fraudulent accounts.
Using customer authentication to prevent fake accounts
Fake merchant accounts rely on employees unknowingly giving away confidential information. For example, earlier this year, a finance worker at a multinational firm was tricked into paying out $25 million to a fake account using deepfake technology.
To prevent fraudsters from getting their hands on personal details, you should make sure that the payee and the recipient of an online transaction are authenticated.
Payment authentication uses features like account passwords, biometrics, and passcodes to verify that an online transaction is legitimate. It validates that the person making the transaction is who they say they are.
Since September 2019, Strong Customer Authentication (SCA) has been mandatory in Europe as part of the EUโs Payment Services Directive 2 (PSD2) legislation. However, according to research from Barclays, 28% of merchants still arenโt fully compliant, despite 73% of retailers in the UK reporting a drop in online payment fraud since adhering.
At Payoneer, we verify all our business applicants by collecting proof of identity, evidence of income, and line of business to prevent fraudsters from joining your merchant platform.
Blocking multi-accounting offenders
Multi-accounting is when fraudsters create multiple accounts with the same provider to game a system, exploiting loopholes and gaining unfair advantages.
Some strategies you can employ as an SMB to prevent multi-accounting include:
Advanced user verification โ A two-factor authentication (2FA) process that requires verification through a phone number, text message, or email.
IP and device fingerprinting โ Analysing a userโs network location, browser type, and operating system to identify multiple accounts from the same device or IP address.
Email analysis โ Checking the validity of an email address to ensure it isnโt temporary, or from an unknown domain.
AI-driven algorithms: Using machine learning and artificial intelligence to identify suspicious behaviour and patterns on user accounts.
According to Payoneerโs historical data, 67% of the fraud cases we reviewed in 2018 were part of a larger group incident. Indeed, if SMBs were to work more closely with a payment partner like Payoneer, an estimated 57% of fraud cases could be averted.
Whenever we close an account for fraud, our rules automatically prevent the opening of related fraudulent accounts.
Monitoring suspicious activity to avoid account takeovers
According to Sift, in 2023 alone, account takeover fraud (ATO) resulted in nearly $13 billion in losses – up from $11 billion in 2022.
ATO fraud is when a fraudster takes over someone elseโs bank, email, or social media account without permission. The victimโs login information is typically accessed through malware or a phishing attack.
Although identifying an ATO can be tricky, there are preventative measures you can take:
- Set login limits โ Restrict the number of login attempts allowed by username, device, and IP address.
- Enforce strong passwords – Only allow passwords that are unique, and use secure services like LastPass or Bitwarden.
- Use multifactor authentication โ At login, have codes sent to mobile devices in addition to passwords for an extra layer of security.
- Use CAPTCHA โ Prevent automated programmes from attempting to log in to existing accounts, and from registering fake accounts.
At Payoneer, we have extensive experience detecting and mitigating account takeovers. Our due diligence, proprietary rules, and detection models ensure that ATOs are lower than the industry average on our platform.
Expanding your security capabilities
As online payment fraud becomes more sophisticated, companies need to stay on top of the latest security features. Thatโs why many SMBs are partnering with a secure payment processor like Payoneer to handle security and ensure compliance. We can help you comply with anti-money laundering (AML) laws like the MLD4 (Fourth EU Anti-Money Laundering Directive).โฏ
A recent innovation in online payment security is delegated authentication, where a third-party handles the authentication process. This allows SMBs to provide more secure payment experiences without compromising on conversion rates.
Likewise, 3D Secure (3DS) provides an extra layer of verification when processing payments. The security measure (which is mandatory in some countries), redirects suspicious transactions to a 3DS page for additional verification. The payment provider then asks the card holder to enter a secure PIN before the purchase goes through.
Tokenization is also an emerging security feature that allows you to replace sensitive payment data with a random string of characters, known as a token. The token acts as a reference to the original data, but has no value or significance outside of the transaction. It helps prevent online fraud by protecting account information, reducing the number of false declines, and streamlining account management.
Reduce marketplace risk and fraud
At Payoneer, we protect your marketplace from risk and fraud with our world-class compliance platform. Our global experts offer full visibility into financial activities, helping to mitigate approximately 70% of marketplace fraud.
With Payoneer, you have fraud experts on hand. Our team are always looking out for your marketplace, and helping you reduce fraud costs – while ensuring youโre 100% compliant.
Disclaimer
The information in this document is intended to be of a general nature and does not constitute legal advice. While we have endeavored to ensure that the information is up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever incurred in connection with the information provided.
Nothing herein should be construed as if Payoneer Inc. or its affiliates are soliciting or inviting any person outside the jurisdiction where it operates/is licensed to engage in payment services provided by Payoneer Inc. or its affiliates, unless permitted by applicable laws. Any products/services availability are subject to customerโs eligibility. Not all products/services are available in all jurisdictions in the same manner.
Related resources
-
What does it mean to have money transmitter licenses?
State money transmitter licensing laws are a big deal in the US. They govern the safety and integrity of the payments system. In 48 states, payment companies need money transmitter licenses. However, it takes a lot to get approved for one. Find out more about the application process here.
-
How to keep your funds safe: Interview with Maxim Polyachencko, VP of Financial Crime Prevention
Maxim Polyachenko, Payoneerโs VP of Financial Crime Prevention โโ and one of the worldโs leading experts on protecting customer finances โโ looks at some of the practical ways SMBs can keep their funds safe.
-
Navigating phishing attacks: A guide to keeping your Payoneer account secure
Keeping your funds safe is our number one priority at Payoneer. While phishing attempts can happen, arming yourself with knowledge is key to keeping your data and money safe
-
Defend your funds against phishing: essential tips to identify fake emails and texts
Phishing as a cyber-attack method has a relatively high success rate; with scammers deceiving both individuals and organizations into giving up their private and valuable data. Here, we offer critical insights to help you recognize and combat these attacks, enhancing your protection against cyber threats.ย
-
Business and payment fraud detection: what it is and how to prevent it
What is payment fraud detection and what do you need to know to understand, detect, and prevent fraudulent activities. Discover the best practices, tools, and strategies to safeguard your business against payment fraud and protect your financial assets.
-
Tips for keeping your business and data safe from cyberattacksย
Cyberattacks are a top concern for eCommerce platforms. Data breaches cause financial losses and damage your reputation. Thatโs why you need a trusted provider to handle your payments. And they must keep your money and your data secure. Here are some tips for keeping your payments and data safe.
-
How to safeguard your marketplace against seller fraud
The global e-commerce market is rapidly growing. Borderless commerce promises a wider audience and larger profits. On the downside, seller fraud is becoming a major challenge. Knowledge of fraud types will arm you in the fight against it. So read on to find out how to identify and stop seller fraud.
-
Fight fraud, reduce risk, and take control of your marketplace
Seller fraud is increasing across various marketplaces. eCommerce is suffering the largest losses. Yet, there are ways to detect and prevent seller fraud. And weโre here to help our marketplace partners do this. Read on to find out how Payoneer protects against fraud.
-
Fighting payments fraud in online marketplaces
Thinking of expanding in the East? Consider Singapore and Hong Kong. Our comprehensive guide covers everything, from registration to benefits. Get ready to take your business to the next level!
-
Youโve Sent Your Payment โ Now Make Sure It Arrives to Its Destination
When it comes to paying your contractors, suppliers and remote employees, knowing that your funds reached their destination in full and on time is critical for maintaining a healthy relationship with your service providers. Effectively tracking payments, however, requires a robust and transparent solution that gives you a birds-eye-view as to where your funds are…
Latest articles
-
How SMEs Can Leverage Singaporeโs Free Trade Agreements (FTAs) to Minimize Tariff Costs and Expand Globally
Singaporeโs network of 27 Free Trade Agreements (FTAs) is one of the most powerfulโand underutilizedโgrowth tools available to SMEs.
-
3 ways youโre missing out by not invoicing in a foreign currency
As an SMB operating across borders, have you ever struggled with invoicing your overseas partners in their local currency? Itโs a common challenge that many businesses face when trying to manage their finances and cash flow. In this blog post, weโll explore the benefits of invoicing in foreign currencies and how it can help your…
-
What a CMS Can and Cannot Do for a Business in Different Countries
For modern agencies, scaling means going global, and that means mastering contractor management. A CMS brings order to the chaos of a distributed workforce, but it also has its limits. This article explores where these systems deliver real value and where they fall short.
-
CMS vs. EOR for Creative Roles: Balancing Speed, Cost, and Control
Creative agencies are no longer limited by geography. They are turning to global hiring solutions like CMS and EOR to access top talent. Each model offers unique benefits and challenges that impact cost, speed, and control. This article explores how to choose the right approach for building a world-class creative team.
-
How to use Payoneer for B2B payments and invoicing in the Philippines
Learn how to use Payoneer for B2B payments and invoicing in the Philippines. Discover international payment methods, invoicing features, and cross-border tools.
-
What does double conversion mean and how to avoid it?
Avoid double conversion and extra fees: practical and effective tips for Ukrainian businesses with Payoneer for international payments.
