Instances of payment fraud are on the rise. Ask most merchants, and they will tell you that they have seen an uptick in attempted online payment fraud against their businesses and customers.
Several factors are driving this trend.
- First, there has been an overall increase in online transaction volumes in the last few years. This increase has created more opportunities for malicious actors to launch fraudulent attacks against businesses, especially those that have yet to invest in adequate fraud prevention solutions.
- Then there is the current economic environment. Challenging economic conditions usually embolden fraudsters to pursue higher-value, higher-risk opportunities. It also encourages others to change their luck using chargebacks to commit friendly fraud.
- The most significant trend, however, is the recent surge in technological developments, not least the sudden availability of advanced AI tools. In the hands of fraudsters, these tools can wreak havoc, increasing the scale and sophistication of fraudulent attacks.
This blog will examine the various methods fraudsters use to target businesses and execute payment fraud, as well as the payment fraud prevention tools available to merchants.
Are you a merchant experiencing high levels of payment fraud? Primer can help you manage your fraud prevention strategies. Scroll down to learn more, or book a call with an expert.
What is payment fraud?
Payment fraud is a catch-all term for any fraudulent activity conducted by an individual or organization to make unauthorized transactions or obtain money, goods, or services through illegitimate means.
Payment fraud can happen in the physical world, such as when a person uses a stolen card to make purchases. Alternatively, it can occur in the digital world through various means, which we will explore in this blog.
Key payment fraud trends and statistics
- Merchants are projected to lose over $362 billion globally to online payment fraud between 2023 and 2028. Juniper Research
- In 2024, 79% of organizations experienced payment fraud attacks or attempts. 2025 AFP Payments Fraud and Control Survey
Account takeover fraud resulted in approximately $23 billion in losses for U.S. adults in 2023. Feedzai - 62% of merchants reported an increase in first-party misuse disputes in 2024, with an estimated cost of $35 to manage every $100 in such disputes. MRC 2025 Global Payments and Fraud Report
Common forms of online payment fraud
Fraud’s a moving target. Just when you think you’ve seen it all, fraudsters find new ways to steal sensitive data and exploit weak spots in your payment flow. That said, here are some of the most common types of payment fraud merchants are dealing with today.
Account Takeover
Account Takeover fraud (ATO) is one of the most common forms of fraud, with 29% of U.S. adults—approximately 77 million people—reporting that they have experienced ATO. The typical financial loss per victim is around $180, though some cases have resulted in losses as high as $85,000.
Sift reported a 24% year-over-year increase in ATO attack rates across their global network in Q2 2024, highlighting the growing prevalence of such attacks.
ATO occurs when a fraudster gains unauthorized access to a customer’s account, typically through phishing, credential stuffing, or brute force attacks. Once they’re in, they’ll usually change the login details and start making purchases, stealing data, or worse.
And it’s not just consumers who lose out. If a fraudster uses stored card details, merchants may be left with chargebacks and a damaged brand. Fair or not, people often blame the business, even when the breach isn’t your fault.
BIN attacks
Bank Identification Number (BIN) Fraud poses a significant risk. Fraudsters use the first six digits of a card—the BIN—to generate and test thousands of possible card number combinations. Once they find a working combination, they run small transactions to verify that the card is good to go. That’s card testing, and it’s often a warm-up for bigger fraud.
One way perpetrators execute these attacks is by gaining control over computers through malware, thereby forming a network of compromised devices known as a botnet. They then utilize the collective processing power to test numerous combinations within minutes.
Similar to the ATO Fraud we discussed earlier, individual consumers are the primary victims. However, merchants are left to pick up the pieces. Miss the signs of a BIN attack, and you could rack up chargebacks, damage your standing with payment providers, and lose customer trust. Many consumers end up blaming the business they see on their statement, rather than the fraudster who perpetrated the crime.
Chargeback Fraud (aka “friendly fraud”)
Chargeback fraud occurs when a customer makes a purchase, receives the ordered item, and then contacts their bank to reverse the charge. They might claim they never received the item, didn’t recognize the transaction, or say it was unauthorized.
Here's a typical example:
A teenager named Sarah borrows her mother's credit card to purchase a new video game online. Sarah's mom is initially unaware of this. A few days later, Sarah's mom receives her credit card statement and notices the charge for the video game. Not recognizing the charge or the name of the game company, she initiates a chargeback with her bank, believing it might be a fraudulent transaction. In this case, Sarah's mom is committing friendly fraud unintentionally.
Friendly fraud, however, is becoming even more friendly.
Recent research indicates that an increasing number of customers are deliberately exploiting the chargeback mechanism to mitigate the cost-of-living crisis. The data from Sift found that one in four consumers admitted to committing friendly fraud. Overall, merchants reported a 35% increase in chargebacks between Q1 and Q4 2022.
And it’s expensive—merchants spend $35 in chargeback fees for every $100 disputed due to friendly fraud, according to the MRC’s latest report.
Discover how to dispute chargebacks effectively
Coupon, discount, refund abuse
Coupon abuse: This occurs when individuals use coupons in ways they weren’t intended for, such as stacking multiple codes when only one is allowed, using expired or counterfeit coupons, or sharing one-time codes meant for individual use. What starts as a marketing incentive can quickly spiral into unexpected losses.
Discount abuse: This refers to taking advantage of promotional offers. That could mean manipulating carts to trigger larger savings, applying discounts to ineligible items, or combining promotions in ways not intended. It’s clever, but costly.
Refund abuse: This one stings. Some shoppers exploit lenient return policies—buying items, using them briefly, and then returning them. Others return damaged goods or claim refunds without a valid reason. For merchants, it’s a drain on time, money, and inventory.
In the long run, such abuses can lead to financial losses for businesses, which might result in stricter policies or higher prices for all customers to compensate for the losses.
Stolen card fraud
This is very much what it says on the tin. Fraudsters gain access to an individual's card, either digitally by purchasing their credentials on the dark web or by stealing a physical card. In cases of card-not-present fraud, the fraudster doesn’t even need the physical card, just the details.
The fraudster will then make purchases using the stolen payment card or information, which the merchant will accept and ship unknowingly. Once the legitimate cardholder becomes aware, they will raise a dispute, resulting in the business losing the payment amount and the cost of any goods or services already provided.
In the US, 62 million consumers experienced unauthorized charges on their credit or debit cards in the past year, totaling over $6.2 billion in fraudulent purchases.
Synthetic identity fraud
Synthetic identity fraud is a relatively new, advanced, and rapidly growing form of fraud. It’s a form of identity theft. In short, it involves fraudsters combining a mixture of genuine, sensitive personal information, usually stolen or purchased on the dark web, with fake details to create an entirely new, fictitious identity.
What makes this so dangerous is the long game. These fake identities don’t just hit and run. Fraudsters often take their time: opening accounts, building credit, and behaving like any other customer. Then, once they’ve built trust and access, they go all in: maxing out credit cards, securing loans, or making large purchases they never intend to pay back.
It’s incredibly hard to catch. Because synthetic identities contain just enough real data, traditional fraud systems often let them through. And by the time the damage is spotted, it’s usually too late.
For merchants, this can mean lost revenue, chargebacks, and a host of operational and reputational issues. And with synthetic fraud on the rise, it is no longer a fringe issue; it is a significant threat.
Triangulation schemes
Triangulation fraud is an incredibly complex form of online fraud. It sees hackers wedge themselves between a merchant and a legitimate customer. They pose as merchants, taking in orders. However, instead of managing their inventory, they exploit stolen cardholder information to buy products from a third party and send them to the buyer. When the cardholder eventually recognizes the fraudulent activity, they initiate a chargeback to reclaim their funds.
How to prevent online payment fraud
Define the business risk tolerance and build a fraud prevention strategy
Fighting fraud isn’t just about stopping bad actors; it’s about striking a balance between protection and conversion.
Too many checks can lead to turning away good customers. Too few, and you’re left open to fraud, chargebacks, and fines. The real challenge? Building a fraud strategy that reflects your business’s unique risk tolerance and evolves as you grow.
The best way to get there is to make it a team effort. Bring together fraud, payments, risk, finance, go-to-market, and leadership. Everyone needs a seat at the table, because fraud doesn’t just affect one part of the business—it hits revenue, trust, and long-term growth.
Together, define how much risk you’re willing to take on and what “good” looks like when it comes to fraud prevention. Then review it regularly—at least a few times a year—to make sure your strategy still lines up with your goals.
Read more: How to build a payment team: Essential roles and responsibilities
Adopt suitable fraud prevention solutions
The next step involves ensuring the company has the necessary tools to conduct fraud monitoring and implement its strategy to prevent payment fraud. There are plenty of options to choose from.
One approach is to build an in-house customized fraud prevention system. While this could yield a tailored set of tools aligned with the specific business requirements, the development and maintenance costs can be substantial. Alternatively, businesses can leverage the expertise of specialized fraud prevention tools available in the market. These tools generally come in two main categories:
1. Fraud prevention tools from Payment Service Providers (PSPs):
Many comprehensive PSPs offer advanced fraud prevention solutions. Notable examples include Checkout.com's Fraud Detection Pro, Adyen's RevenueProtect, and Stripe's Radar. These tools typically provide robust functionalities, utilizing the PSP's network data to identify and prevent fraud within the merchant's defined risk threshold. However, these are often considered "value-added services" and come with associated costs. Additionally, they are limited to preventing fraud only on transactions processed through that specific PSP.
2. Fraud prevention tools from Specialized Third-Party Providers:
Companies such as Forter, Riskified, Sift, and Signifyd also offer fraud prevention solutions. These providers offer a range of tools to combat payment fraud, incorporating AI and traditional rules-based fraud detection methods.
The advantage here is that these solutions are vendor-agnostic, allowing merchants to channel their entire transaction volume through the system, providing a more comprehensive level of protection. Moreover, these tools have expanded their offerings beyond payment-related fraud to encompass broader risk management solutions.
Join forces to combat payment fraud
Merchants should forge alliances with law enforcement, vendors, and industry bodies to exchange insights and promote cooperation. This joint endeavor is pivotal in building a secure digital economy that benefits all its participants.
Payment fraud prevention methods
There is no one-size-fits-all approach to preventing payment fraud. There are, however, several tools at a merchant's disposal.
These include:
- 3DS Secure (3DS): Using 3DS Secure adds an extra layer of protection to online credit and debit card transactions, requiring the cardholder to provide an additional authentication step, usually a password or code, to verify their identity.
- Address Verification System (AVS) checks: AVS checks compare the billing address provided during a card transaction with the address on file with the card issuer to help verify the transaction's authenticity.
- Card Verification Value (CVV) checks: CVV checks involve entering the three-digit code on the back of a credit or debit card during a transaction, adding an extra layer of security by confirming the cardholder's physical possession of the card.
- Blacklisting & Whitelisting: Blacklisting involves identifying and blocking known fraudulent entities or activities from accessing a system or making transactions while whitelisting permits only approved entities or actions, enhancing security and reducing risks.
- ID verification: ID verification is a process that confirms a person's identity by presenting official identification documents, such as a driver's licence or passport, to prevent unauthorized access or fraudulent activity. Tools to effectively identify customers are offered by providers such as Onfido.
- Network tokens: A network token is a substitute value used in place of sensitive card information during transactions, enhancing data security by reducing the exposure of actual card data.
Learn more about how to optimize payments using network tokenization.
- Robust policies and procedures: In the context of chargebacks, strong policies and procedures refer to well-established and thorough guidelines that organizations have in place to manage and address instances where customers dispute or reverse credit card transactions, ensuring a consistent and practical approach to handling such situations and minimizing financial losses.
- Specialist fraud prevention providers: Companies such as Riskified, Forter, Sift, and Signifyd specialize in offering advanced tools, technologies, and expertise to help businesses detect and prevent fraudulent activities in their operations.
- Transaction monitoring: This involves continuously observing and analyzing transaction data in real-time to identify unusual patterns, behaviors, or inconsistencies that could indicate fraud or other illicit activities.
- Two-factor authentication: Two-factor authentication (2FA) is a security measure for card-not-present transactions that requires users to provide two different authentication factors, typically something they know (such as a password) and something they possess (like a smartphone-generated code), thereby increasing the security of online accounts.
- Velocity Checks: Velocity checks monitor the frequency and volume of transactions originating from a specific source, helping to identify and prevent unusual spikes in suspicious activity that might indicate fraudulent behavior.
How Primer helps merchants prevent payment fraud
Effectively managing fraud prevention often requires considerable investment, including dedicated fraud teams, continuous monitoring, and complex integrations with multiple providers. Businesses frequently struggle with the substantial time and cost associated with building and maintaining a robust fraud prevention strategy.
Primer eliminates these barriers by providing a unified payments infrastructure that lets you connect, manage, and automate your entire payment stack.
By consolidating all of your payment systems into one integration, Primer drastically reduces the operational overhead and extensive development typically required for fraud protection.
Here’s how Primer simplifies fraud management:
Instant connection to top fraud providers
Merchants can instantly integrate with leading fraud prevention providers, such as Riskified, Forter, and Sift, through Primer’s unified infrastructure, eliminating the complexity of managing multiple technical integrations and ongoing maintenance.
Automated no-code payment routing and agnostic 3DS
Primer enables businesses to build customized, rule-based fraud workflows without manual intervention. For instance, you can automatically route high-risk transactions through specific fraud checks, such as 3DS authentication, applying it selectively based on transaction amount, fraud risk level, or customer location. Primer's agnostic 3DS capability means you can manage these rules seamlessly across multiple payment providers.
Real-time insights and alerts
Primer’s Observability platform provides comprehensive visibility into your payment performance across all PSPs, allowing you to monitor key metrics and trends. Complementing this, Primer Monitors delivers real-time notifications via Slack, email, or webhooks, alerting you to significant changes such as a sudden spike in transaction declines. This proactive approach enables your team to investigate and address potential fraud patterns swiftly.
Enhanced security with Network Tokenization
Primer leverages Network Tokenization to replace sensitive card information with secure network tokens, significantly reducing the risk of fraud, improving authorization rates, and simplifying PCI compliance.
Read more: What are network tokens, and why should you use them?
Remove the barriers to fraud management with Primer
By removing these resource-intensive barriers, Primer empowers businesses to deploy effective fraud prevention strategies without requiring large fraud teams, excessive costs, or complex development efforts.
For instance, Conforama, a leading European home furnishings retailer, faced complex, resource-intensive fraud challenges across its ecommerce channels.
After a significant fraud attack, Conforama integrated Primer’s Unified Payments Infrastructure to automate fraud prevention workflows without code, instantly connect to specialized fraud providers, and dynamically manage its 3DS strategy—boosting security while reducing checkout friction.
(Read the full case study here)
To find out more about how Primer can help your business, book a call with one of our payment experts.
.png)
.png)
