Payment Fraud Protection: Use Cases

Statista predicts that fraudulent transactions using payment cards will reach $38.5 billion by 2027. Meanwhile, according to Sumsub’s internal statistics, 70% of fraud occurs after initial verification. Therefore, it’s essential for companies to minimize payment fraud at all stages. 

We at Sumsub prepared this guide explaining how companies can use automated tools to spot and react to potential payment fraud, as well as other criminal activities. 

What is payment fraud?

Payment fraud occurs when a criminal steals payment information to make unauthorized transactions. 

“Card-present” fraud occurs when a criminal gets access to a physical card and uses it to withdraw money from an ATM or pay for items at a store. “Card-not-present” fraud takes place when a criminal gets access to card information, such as CVV number, billing address, etc—but not the physical card itself.

The most common types of payment fraud include: 

• Credit card fraud
• Card testing
• Triangular fraud
• Online gaming scam
• Chargeback fraud

If you want to learn more about each (and how to prevent them), read our in-depth guide on the topic here.

Payment fraud detection checklist

We’ve prepared this checklist with the most important steps for payment fraud protection:

• KYC protocols
• Secure data storage
• Strong authentication methods
• Regular training and awareness programs for employees 
• Transaction monitoring
• Vetting third-party vendors to ensure they follow strict security protocols 
• Updating security systems
• Implementing incident response plans
• Performing regular audits and review of security policies

How Sumsub can help

With Sumsub’s Payment Fraud Prevention solution, you’ll be able to scan every transaction in real-time while blocking all suspicious activity. Our company verifies the legitimacy of the provided payment methods, ensuring they belong to the rightful person. This helps companies avoid costly chargebacks while maintaining customer trust. Moreover, these checks can be implemented at various stages of the user lifecycle (withdrawal, payments, etc.), depending on the needs of the company. 

With Sumsub, you can choose the type of user actions that will be monitored, as well as steps that users will have to take when taking these actions. 

Below, we outline a payment fraud prevention scenario powered by Sumsub:

1. The applicant attempts verification on your service and passes all required checks
2. The applicant is asked to upload a photo of their bank card
3. The submitted image is checked for integrity and authenticity and assigned a digital trust score
4. The system extracts the necessary information from the card and processes all sensitive data 
5. The data extracted from the card is screened and matched against the applicant profile to estimate risk 

The risk estimation is based on the following checks: 

• Name Match — compares the name on the card with the name on the applicant ID using a fuzzy matching algorithm.
• Country Match — compares the country indicated on the applicant proof of identity with the bank card country of issue. Information about the country of issue (extracted from IBAN) is also compared.
• IP Country vs Applicant Country check — determines whether the applicant is using a proxy server or VPN to disguise their true location.
• IP Risk Score — evaluates risk based on IP address inputs. The score is displayed as a percentage, where any score above 65% is considered high risk and causes the card to be declined.
• Cross Check — matches bank card data against other data provided through identity verification.
• Payment method check — checks whether the payment method has been changed.
• Risk Score — estimates the risk associated with a transaction, based on a combination of machine learning algorithms and manual review of network-wide fraud patterns. The score is displayed as a percentage, where any score above 65% is considered high-risk and causes the bank card to be declined.

If everything matches, then the transaction can be approved. If the information provided doesn’t match, the transaction is declined and will require a manual check from the company.