Payment Risk and Fraud: Part 2 — Understanding Different Transaction Risks

shorya sharma
6 min readNov 18, 2023

--

Welcome back to our journey into the intricate landscape of payment risks and fraud. In Part 1, we laid the foundation, understanding the fundamentals of payment systems and key players. Now, in Part 2, our focus sharpens as we explore the multifaceted risks associated with Paymemts. 🚀🛡️

Account Take Over (ATO)

Account Takeover (ATO) refers to a type of cyberattack where unauthorized individuals gain access to a user’s online account, such as email, social media, banking, or other online services. In an ATO attack, the attacker aims to gain control of the account and may use it for malicious purposes or unauthorized actions. Reach $16.9 Billion Loss in 2019.

Signs of an Account Takeover (ATO) Attack:

  1. Unusual Logins: Monitor for logins from unfamiliar locations or devices.
  2. Failed Login Attempts: High numbers of failed logins suggest potential brute force or credential stuffing attacks.
  3. Anomalous Behavior: Watch for unexpected changes in account settings or abnormal user actions.
  4. Abnormal Access Patterns: Identify irregular patterns, such as sudden access to sensitive areas.
  5. Email/Communication Changes: Flag alterations to recovery emails, unexpected password reset requests, or unfamiliar devices.
  6. Geographical Anomalies: Highlight logins from locations inconsistent with the user’s usual patterns.
  7. Multiple Failures, Single Success: Detect patterns of multiple failed attempts followed by sudden success.
  8. Compromised Credentials: Check if the user’s credentials have been exposed in previous data breaches.
  9. Rapid Changes: Monitor sudden alterations to account details, like password or email changes.
  10. Unexpected Financial Activity: Keep an eye on unauthorized financial transactions.

Stolen Financials and Non Sufficient Funds

Stolen Financials

The term refer to a type of financial fraud where an individual’s or organization’s financial information is unlawfully acquired and used for fraudulent purposes. This could include unauthorized access to banking information, credit card details, or other financial data. Reach $43 Billion in 2021.

Key features of SF fraud (CNP fraud) include:

  1. Unauthorized Use: The fraudster gains access to someone else’s credit card details or other financial information without the owner’s knowledge or consent.
  2. Online Purchases: The stolen financial information is often used for online transactions where physical presence or presentation of the card is not required.
  3. Phishing and Skimming: Stolen financial information can result from phishing scams (deceptive online tactics) or skimming (illegitimate capture of card details at physical points of sale).
  4. Identity Theft: In some cases, SF fraud may be a component of broader identity theft, where the perpetrator uses various personal details to conduct fraudulent transactions.
  5. Chargebacks and Disputes: The legitimate owner of the financial instrument may dispute the unauthorized transactions, leading to chargebacks and potential financial losses for the card issuer or merchant.

Non sufficient Funds

Non-Sufficient Funds (NSF) fraud” typically refers to a situation where an individual knowingly or unknowingly engages in fraudulent activities involving the use of a checking account with insufficient funds.

Here’s how NSF fraud generally occurs:

  1. Writing Bad Checks: The most common form of NSF fraud involves writing checks when there are not enough funds in the associated bank account to cover the amount. This is also known as “check kiting” or “float” fraud.
  2. Deceptive Intent: In cases of NSF fraud, the individual may intentionally write checks without sufficient funds, intending to deceive the recipient into accepting the check as a valid payment.
  3. Unauthorized Overdrafts: Individuals might also engage in NSF fraud by intentionally overdrawing their checking account, essentially spending more money than is available, with the knowledge that the overdrafts will not be covered.
  4. Online Transactions: With the rise of online banking and electronic transactions, NSF fraud can also occur in digital forms, such as making online payments or initiating electronic transfers without adequate funds.

ACH (Automated Clearing House) transactions can also be involved in Non-Sufficient Funds (NSF) fraud, typically referred to as “ACH NSF fraud.” Here’s how ACH NSF fraud may occur:

  1. Unauthorized ACH Transactions: In ACH NSF fraud, an individual initiates ACH transactions without having sufficient funds in their bank account to cover the transactions.
  2. Intentional Overdrafts: The individual may intentionally create a situation where the account balance is insufficient to cover the ACH transactions, with the knowledge that the funds are not available.
  3. Recurring Payments: ACH NSF fraud can occur with recurring payments, such as subscription fees or monthly bills, where the individual initiates automated transfers despite being aware of the insufficient funds.
  4. Multiple Transactions: Fraudsters might conduct multiple ACH transactions with inadequate funds, aiming to exploit the time delay between the initiation of the transfer and the actual clearing process.

Identifying Stolen Financial (SF) Fraud:

  1. Unusual Transaction Locations: Monitor for transactions originating from unfamiliar locations, especially if they deviate from the typical geographic patterns associated with the account.
  2. Sudden Increase in Transactions: An abrupt surge in transaction activity, particularly high-value transactions, may indicate unauthorized use of financial instruments.
  3. Multiple Failed Authentication Attempts: Unusual patterns of failed login attempts or authentication failures may suggest someone attempting to gain unauthorized access to an account.
  4. Unexpected Password Changes: If users report unexpected password changes or receive notifications about password resets they didn’t initiate, it could indicate unauthorized access.
  5. Unexplained Email or Communication Activity: Changes to email addresses associated with an account or unusual communication patterns can be red flags.
  6. Swift Changes in Account Information: Rapid alterations to account details, such as email addresses, phone numbers, or other personal information, may signal unauthorized access.
  7. Monitoring for Rapid Changes in Financial Behavior: Unexplained shifts in spending patterns, such as sudden large purchases or transfers, may be indicative of SF fraud.

Identifying Non-Sufficient Funds (NSF) Incidents:

  1. Overdrawn Account Notifications: Regularly check for notifications from banks indicating an overdrawn account, suggesting insufficient funds for transactions.
  2. Frequent Overdraft Fees: Frequent charges for overdraft fees on an account statement may point to a pattern of transactions exceeding available funds.
  3. Multiple Bounced Payments: A series of bounced checks or declined electronic transactions may indicate insufficient funds in the account.
  4. Irregular Spending Patterns: Monitoring for irregular spending patterns or unusually high transaction amounts may help identify potential NSF situations.
  5. Transaction Reversals: Instances where transactions are initiated but later reversed due to insufficient funds can be a sign of NSF activity.
  6. Communication from Financial Institutions: Pay attention to any notifications or alerts from the bank regarding insufficient funds or potential overdraft situations.
  7. Regularly Review Bank Statements: Consistently reviewing bank statements can help spot irregularities or signs of financial distress.

Family Fraud

User makes purchase with its own card, but later asks for the money back. It could be either intentional or unintentional. Usually merchants’ top 1 loss category.

How to identify Family Fraud ?

  1. Transaction Details: Review detailed transaction information, including product or service descriptions, purchase amounts, and dates. Ensure that this information is easily accessible to customers through their online banking portal.
  2. Historical Transaction Analysis: Analyze the customer’s transaction history to identify patterns of behavior, especially if there are frequent chargebacks or a history of similar disputes.
  3. Communication Records: Check for any communication records between the bank and the customer. Look for evidence of prior complaints, refund requests, or disputes that may be related to the chargeback.
  4. IP Address Verification: Cross-check the customer’s IP address with the billing and shipping addresses provided during the transaction. Significant discrepancies may raise suspicion.
  5. Device Fingerprinting: Leverage device fingerprinting technology to recognize and link transactions to specific devices. Sudden changes in device patterns or multiple devices associated with chargebacks may indicate fraud.
  6. Geolocation Analysis: Analyze geolocation data to verify the location of the customer during the transaction. Unusual or inconsistent location information can be a red flag.
  7. Customer Behavior Analytics: Use analytics tools to assess customer behavior, such as purchasing frequency, transaction amounts, and any anomalies in spending patterns.
  8. Chargeback Ratios: Monitor chargeback ratios for specific merchants or industries. High chargeback ratios may suggest potential issues with merchant practices or customer disputes.
  9. Review Fraud Alerts: Utilize fraud detection systems to generate alerts for suspicious transactions or patterns consistent with friendly fraud. Automated systems can help identify anomalies more efficiently.
  10. Collaboration with Merchants: Establish communication channels with merchants to share information about chargebacks and potential friendly fraud cases. Collaboration can provide additional insights into customer behavior.

--

--

shorya sharma
shorya sharma

Written by shorya sharma

Assistant Manager at Bank Of America | Ex-Data Engineer at IBM | Ex - Software Engineer at Compunnel inc. | Python | Data Science

No responses yet