Fraud and chargebacks are escalating challenges for merchants, impacting businesses, payment providers, and consumers alike. In 2023, merchant losses due to payment fraud reached USD 38 billion globally, while forecasts suggest this could rise to USD 362 billion by 2028. At the same time, 75% of chargebacks are filed for illegitimate reasons, amounting to USD 65.2 billion in disputed transactions, highlighting how costly and disruptive these issues can be.
Industries with high transaction volumes, like iGaming, feel these pressures acutely. With a 13.2% CAGR, the global online gambling market is set to exceed USD 117 billion by 2025, and Europeās online gaming share is projected to rise from 24.8% to 33.6% of the continentās total gambling market.
Alongside rapid growth, threats like account takeovers, bonus abuse, and evolving fraud tactics have surged, causing billions in damages and underscoring the need for robust protection strategies. Between 2018 and 2019, bonus abuse surged by 72%, while account takeovers escalated by 90% from 2020 to 2021, resulting in an estimated USD 11.4 billion in damages.
At Paysecure, we see first-hand how merchants are addressing these challenges with a combination of orchestration, smart routing, User Trust Score, and actionable intelligence reporting. While no single solution eliminates all risk, blending technology with expert strategy significantly strengthens defenses and helps merchants maintain revenue, operational efficiency, and customer trust.
To explore these solutions further, weāve gathered insights from industry experts across regions and sectors. In the following guest contributions, they share practical strategies for fortifying payment operations, reducing fraud, and managing chargebacks effectively.
*Source: Alloy
Unveiling business insights: Monitoring, understanding, and implementing strategies
Neira Jones
Independent Advisor, International Speaker & MPE 2024 Ambassador
Firstly, I would say: understand the laws in the jurisdictions in which you operate (these may be different across geographies, especially in high-risk industry sectors), as well as the card scheme operating regulations (these can be complex, and may also differ across regions and geographies).
Secondly, automate, automate, automate. Rule-based prevention systems are so 1980s! Joke aside, as digitization and speed of payments increase, so do fraud and cybercrime, and businesses can no longer afford to be reactive and rely on static rules. The need for fast detection suggests the need for fast fraud prevention, and dare I say, prediction. Technologies, such as behavioral analytics, and AI in general, can help organizations become more dynamic.
Understand your processes, and monitor your transactions. There are still low hanging fruits. For example, merchants should deal with retrieval requests promptly and satisfactorily (and therefore understand the card scheme rules) to avoid them turning into customer disputes: everybody knows how painful the chargeback process is for merchants!
Elena Emelyanova
Senior Payments and Fraud Manager at Wargaming.net
When one talks about eCommerce fraud there is no defined list of measures or golden rules which may help businesses stop it for sure. Below are just few generic tips which might seem a bit defeatist at first glance, but they actually touch upon some important aspects of managing eCommerce fraud:
Accept and live with it. Acknowledging that eCommerce fraud is a reality can help businesses approach it with a pragmatic mindset. It’s about understanding that despite best efforts, some level of fraud may still occur.
Donāt fight but coexist, preventing escalation. This suggests a strategy of managing fraud rather than engaging in constant battles against it. By focusing on prevention and mitigation rather than eradication, businesses can reduce losses and minimize the impact of fraud on operations.
Be flexible. Flexibility in fraud prevention strategies is crucial because fraudsters are constantly evolving their tactics. Being adaptable allows businesses to stay ahead of emerging threats and adjust their approach as needed.
While these tips might not guarantee complete eradication of eCommerce fraud, they provide a practical framework for businesses to effectively manage and mitigate its impact.
Deciphering customer dynamics: Decoding behavior for informed decision-making
Angie Dobbs
VP, Customer Channels & Risk at Wave HQ
When it comes to safeguarding your business against fraud and chargebacks, implementing a comprehensive strategy is paramount, especially for industries susceptible to high-risk activities like iGaming and eCommerce sales.
Deploying a layered risk detection system coupled with robust customer profiling is essential. By analyzing critical risk events such as onboarding, transactions, and account changes throughout the customer journey and not just at checkout, you are better able to differentiate legitimate users from bad actors. Further, the more insights you gather about your customers’ behavior on your platform through a variety of data sources (consortium, physical, device, behavioral, etc.), the better equipped you’ll be to identify suspicious activities.
Itās no surprise that scams are on the rise, and they will continue to worsen as AI evolves. Detecting scams is different from how you would monitor traditional 3rd party fraud since often your legitimate customer is involved in authorizing the transaction. Thus, monitoring the unique behavior of scam payments is as crucial as educating your customers about potential scams. Fraudsters often manipulate customers into saying the right things to evade your controls, so by providing clear guidance on how to recognize and report suspicious behavior, you empower your customers to protect themselves and your platform from exploitation.
Lastly, service chargebacks can sometimes be more financially damaging than fraud and are difficult to predict in the world of āthe customer is always rightā. Setting clear expectations with your customer (and documenting them) is vital. For product-based businesses, accurate product descriptions, transparent refund policies, and meticulous record-keeping of shipping and delivery details can help mitigate chargeback disputes. Similarly, service-oriented businesses should focus on establishing detailed contracts that outline expectations, milestones, and deliverables.
Amit Hooja
CEO at Paysecure
When tackling fraud, focusing on identifying anomalies and meticulously scrutinizing user behavior to uncover discrepancies is no longer enough. Instead, shifting the perspective from identifying untrustworthy individuals to understanding and assessing trustworthy ones can bring enormously more value.
For Paysecure, this shift prompted the development of algorithms aimed at establishing our unique User Trust Score system. Weāve learned that by aggregating data from diverse sources and analyzing digital footprints, we can conduct thorough user analyses and delve into various factors including chargeback scores, reference checks, payment history, device fingerprint assessments, and card characteristics. This comprehensive approach allows merchants to confidently adjust transaction levels based on the perceived trustworthiness of their customers.
The detailed insights provided by the scoring system empower merchants to make informed decisions that strengthen the resilience of their payment processes. Having greater control over chargebacks and fraud, merchants can effectively fortify their payment ecosystems against malicious activity, thereby fostering a secure and dependable payment environment for all stakeholders.
Simon Marchand, CFE
VP, Fraud & Risk Strategy at GeoComply
When it comes to preventing fraud and chargebacks, itās first important to recognize that the phenomenon hits most organizations from 2 main angles: professional fraud, and opportunistic fraud (or friendly fraud). So as fraud teams and organizations build their defenses, they must keep in mind the very different behaviors of these two types of fraudsters.
Tracking the origin of transactions via device fingerprinting and advanced geolocation is one great way to tackle both fraud problems at once. These additional data points can make a huge difference in fraud operations, reducing false/positive, and providing more advanced fraud investigation capabilities.
- On one end, it helps organizations detect multiple transactions or accounts coming from a single device or from a specific location, thus preventing professional fraudsters. While fraudsters might cycle through burner phones, constantly changing location will be extremely costly and difficult. So, you can set up automatic decline rules in case of too many accounts transacting from the same place.
- Using consortium data will also allow you to detect first-time attackers. A previously flagged fraud location or device can inform you on potential high risk new customers or transactions.
Finally, knowing the habits of your legitimate customers and building behavioral profiles not only on the nature of purchases, but also on their geographical habits, will help you better fight fraudulent chargebacks.
- Knowing, for example, a disputed transaction was made from the same device, and the same location as all transactions in the past 90 days, can help you build a compelling evidence report that will be very difficult to fight on the issuer side, empowering you to better fight friendly fraud and abuse.
Digital identity and data analytics: Empowering fraud prevention and chargeback management
Jeremy H. Gottschalk
Founder & CEO at Marketplace Risk
When it comes to preventing fraud, identity verification is the number one thing any platform can do – be it gaming, marketplace, or eCommerce. Criminals donāt use their real identities or their own payment cards. So, if you can verify that the customerās identity matches the payment card information, youāre well on your way to preventing fraud.
To reduce chargebacks, I recommend requiring customers to agree to a āNo Refundā policy at checkout with a hyperlink to the details of the policy – make sure the policy is detailed and thorough. You should also require that customers populate an unpopulated check box or take some other action that demonstrates the customer affirmatively agreed to the āNo Refundā policy. And be sure to keep the metadata on the back end in case you have to connect the customer with that action.
Adam Cooper
Director at Idcrowd
There is a continuing effort to address the billions of individuals globally who are currently unbanked or underbanked. Digital financial services have the potential to reach these individuals and foster financial inclusion and economic development, but we need to be sure that there is a reliable and secure means of achieving this. Digital identity and Digital KYC are crucial elements of the financial inclusion landscape enabling financial institutions to reliably onboard the unbanked by providing a high level of trust that the applicants are who they claim to be based on government backed identity schemes as seen in India with Aadhaar with biometric verification of identity.
Recognizing the need for safe, and reliable Digital Identity and Digital KYC to support the wider adoption of financial services in the developing world has led the World Bank and others to champion Digital Public Infrastructure enabling governments to provide trusted infrastructure, such as digital identity that can be utilized by the financial sector.
Ryan McDonald
Founding Member at The House of Fraud & Director at Fraud Boxer
At the core of most online fraud and payment schemes lies a basic, but very curious, challenge: identity. Fraudsters continue to exploit vulnerabilities in verifying who is on the other side of the transaction, allowing them to successfully mimic or create fake identities altogether (e.g. synthetic identity fraud). This can lead to account takeover, unauthorized purchases, damage to your brand(s), and severe financial losses for both businesses and consumers.
To effectively fight back, businesses need a continuous, deep understanding of their specific operations and customer base (early KYC & continuous monitoring). This enables businesses to tailor identity verification processes that strike a balance between security and an ideal user experience.
Additionally, educating both internal employees and external consumers about online safety practices empowers everyone to identify and report suspicious activity which can lead to a long and healthy relationship with your customers. Finally, keeping informed about the ever-changing regulatory landscape helps ensure you comply with the latest identity verification standards, further strengthening your defenses against fraud.
Alexander Hall
Founder at Dispute Defense Consulting
The ongoing surge in data breaches has resulted in hundreds of millions of compromised datasets exposed (e.g. Personal Identifiable Information (PII), Login Credentials, Payment Information, and Documents) and made available on criminal marketplaces. Organizations are reporting a relative shift to identity-related methodologies employed by cyber criminals:
- Synthetic ID fraud – combines unrelated identity elements to satisfy requirements set to service those who have low credit worthiness or thin credit profiles.
- True identity theft – leverages a central identity to meet more demanding requirements, resulting in higher-value transactions.
Additionally, both of the methods above provide insulation to the fraudster, resulting in lowered detection rates. Fraudsters have proven themselves effective at compiling accurate information and manipulating accurate information to serve various purposes.
Many of the long-running determination processes currently in play leverage a network of data to provide insight regarding the historical performance of information provided during a user interaction. For as long as we tie our determination processes to information fraudsters can manipulate, we will remain steps behind.
Passive datasets include IP Address Intelligence, Geolocation, Device Intelligence, and overall behavioral analytics and serve to force fraudsters to operate in the dark while decreasing friction to passively-verified users. To be clear, no data is infallible, but determinations tied to passive data are more difficult for fraudsters to reverse-engineer. Stacking numerous technologies will increase the difficulty for fraudsters multiple times over.
For more information on how Paysecure is supporting merchants with fraud and chargeback challenges, get in touch with the team.
