Payment Fraud: Mitigating a Fast-Evolving Mode of Cybercrime


Fraud is not a new form of crime. Indeed, archeologists have unearthed anti-fraud devices devised by the ancient Sumerians to transport livestock without losses nearly 10,000 years ago! In their case, they put clay tokens, each representing an animal, inside a clay ball known as a “bulla.” The bulla would travel with the flock as it moved from seller to buyer. Even then, business owners were concerned that not everyone they were dealing with was on the up and up. A lot has changed in 10,000 years, but the need to be innovative in preventing fraud remains with us. Today, the issue of online payment fraud is of paramount importance. With the Internet, fraudsters have become increasingly adept at outsmarting anti-fraud controls. New solutions are turning the tide, however.

What is Payment Fraud?

Payment fraud comprises any type of illegal transaction wherein a cybercriminal deprives the victim of something of value, typically money. This might mean using a stolen credit card to order merchandise online or taking over a bank account and illegally transferring funds out of it. There are many variations, but they all have the same outcome: a crook uses a stolen identity or payment information to steal from a consumer, a bank or a merchant.

How Do Fraudsters [Try to] Get Away with Payment Fraud?

Payment fraud is simple in concept, but it can be fantastically complex in its present-day execution.
In fact, the Internet has been witness to a veritable arms race between fraudsters and defenders in recent years.

Security teams have adopted a variety of countermeasures and controls that defeat the easy, lazy approaches to payment fraud. However, the attacks are becoming increasingly sophisticated. For example, bots can now harvest stolen credit card numbers and PINs from fake websites and phishing attacks.

Then, in fully automated mode, they can mimic human behaviour on e-commerce sites, clicking on buttons and adding items to shopping carts—to the point where many, if not most anti-fraud controls cannot tell that a bot is trying to steal merchandise. Rather, it looks as if a human user is simply shopping. The bot can log into a real customer’s account using stolen log in credentials. Further obscuring the fraud is the bot’s ability to spoof IP addresses and make it look as if the “shopper” is somewhere different from the attacker, who might be in a foreign country.

Prevent Payment Fraud with hCaptcha Enterprise

What can be done about today’s advanced, unceasing payment fraud activities? Employing multiple layers of controls is usually a wise approach. However, the best countermeasures are ones that can trap the bot and reveal that it’s fake, despite the best efforts of its creators to replicate human behavior.

There are still some things that software cannot do, no matter how good the AI is behind it. Modern CAPTCHA technology offers a proven method of blocking bots attempting to perpetuate payment fraud. While old approaches to CAPTCHA, like the simple slanted numbers in a box, are now mostly deficient in mitigating advanced bots, an automated testing-response device like hCaptcha Enterprise can easily stump a fraudster bot at moment of account login or shopping cart checkout. Even if the bot has real credentials, if will not be able to get through the CAPTCHA.

Please contact us if you'd like to learn more about hCaptcha Enterprise.