Fraudulent activity comes in various forms, many of which are commonplace in today’s digital landscape. One of the most prevalent acts of online fraud includes payment fraud and its subtypes.

Payment fraud occurs when a malicious party obtains sensitive payment information from customers or businesses and uses it to steal money or property. While this usually occurs during data breaches, payment fraud can occur as an isolated event as well. Payment fraud is a significant issue, both for consumers and businesses According to annual reports, there were over 45 million cases of card-not-present fraud incidents in 2022 alone.

Usually, those committing payment fraud will obtain and use a consumer’s social security number, personal health data, bank account numbers, email passwords, or state identification information (e.g., driver’s licenses). These key pieces of information make it easier for malicious parties to access even more information, such as birth dates, which enables easier access to private financial data. 

Payment fraud doesn’t incorporate the same tactics each time, and the fact that there are so many subtypes of payment fraud make it challenging to detect and prevent it in many cases. Advanced machine learning fraud detection software has helped mitigate some of these instances through real-time monitoring and adaptive risk scoring to detect and prevent payment fraud of all sorts. However, human vigilance is still a must when it comes to minimizing successful fraud attempts.

Types of payment fraud

Several types of payment fraud exist in today’s digital environment, and unfortunately, the list of new scams and fraud techniques continues to evolve. Some of the most common ways of commiting payment fraud today include the following.

Card-not-present fraud

Card-not-present (CNP) is the broadest subtype of payment fraud, and the remaining subtypes mentioned below technically fall under the CNP category. This method utilizes stolen card information to make purchases, but it’s effective only in situations where the physical card isn’t required. For example, a malicious party may obtain stolen card information on the dark web, then attempt to make purchases over the phone so that they’re only required to read or key in the information needed. CNP incidents are common online via credential stuffing, data breaches, synthetic identity, and through P2P payment applications.


Phishing is one of the oldest types of online fraud, and remains a common method of attack. During a phishing scam, malicious parties send consumers an email that convincingly looks like a message from that individual’s bank, a business, or a reputable individual. These emails solicit the individual for personal information or login credentials to satisfy some official-sounding purpose. From there, once the individual keys in the desired information, a scammer steals the data they receive and uses it to access the individual’s bank account or credit card account. 

Business email compromise

Business email compromise (BEC) is a phishing subtype where a scammer sends fraudulent emails to employees at a certain company in an attempt to gather private information. These scammers usually impersonate the company’s CEO or another important figure within the company in order to extort confidential information out of the recipient. 


Skimming utilizes ATMs and point-of-sale terminals to capture cardholder data, including PINs. Criminals then use this data to steal money from the individual’s bank or credit card account or to conduct fraudulent transactions. 

Though any payment fraud is inconvenient and burdensome, identity theft is uniquely devastating due to how much damage it causes. Depending on the severity of the incident, identity theft can ruin an individual’s credit scores, drain their bank accounts, and leave them struggling to reclaim their financial resources.

Account takeovers

Account takeover fraud occurs when a malicious party gathers enough information about a consumer’s financial accounts to log in and change that individual’s verification information. This type of fraud can be committed in several ways, including data breaches, hacking attempts, and other scams used to pull a consumer’s personal information. Upon gaining access to the account, the fraudulent actor assumes ownership of said account and renders the original owner unable to access or utilize the funds within.


Pagejacking is the process of illegally copying a legitimate web page and tricking consumers into believing the fake page is the original source they were looking for. From there, scammers can collect any information keyed into these pages and use the data to steal from consumers. These attempts can be difficult to detect until the damage is already done, as they look incredibly similar to the original page, and the URL is usually at least moderately similar to the original page as well. 

Chargeback fraud

Chargeback fraud, also known as friendly fraud, occurs when a customer purchases a product or service, and despite receiving it, the consumer disputes the transaction with their financial institution under the pretense that the item was not received. In some situations, the individual will admit to receiving the item, but will claim it was received broken, damaged, or otherwise unlike what they expected when making the original purchase. 

Sift research has found that nearly 66% of consumers have filed transaction disputes and of them, 23% have admitted to committing chargeback fraud. Among the most common targets for these scams are clothing (21%), subscription services (19%) and electronics (18%).

Card testing and card hopping

Card testing refers to the practice of making small purchases using stolen credit card information in order to determine whether the card is active. Upon verifying that the card works, many malicious parties move on to card hopping. Card hopping is the act of using stolen credit card information to open new retail accounts, or to make numerous fraudulent purchases. This process usually involves several credit cards, which the malicious party uses to “hop” from one financial resource to another. Subtypes of card hopping and card testing scams include promo abuse, currency conversion fraud, refund abuse, and gift card fraud.

Unauthorized purchases on the deep, dark, and open web

Unauthorized purchases on the deep, dark, and open web—or surface web—involve illicit transactions across different layers of the internet. On the open web, illegal online marketplaces facilitate the sale of counterfeit goods, stolen data, and prohibited items, often using cryptocurrencies for anonymity. In the deep web, hidden forums and encrypted platforms enable unauthorized exchanges of hacking tools, stolen financial information, and fraud-as-a-service. The dark web, accessed via a special browser, amplifies anonymity, facilitating a wide range of criminal activities, from drug and weapons trade to human trafficking and cybercrimes. Cryptocurrencies are often used for untraceable transactions.

How to detect and prevent payment fraud

Though payment fraud is a common practice, reported incidents have dropped globally by 24% since 2021 (from 60 million to 45 million cases). This is likely because several effective safeguards have been implemented to protect businesses and consumers from falling victim to these various schemes. 

For one, effective “Know-Your-Customer” measures have become a mandatory framework for banks and financial customers to help validate a consumer’s identity before allowing them to access bank or credit card accounts. Though these practices were already included in the 2001 Title III of the Patriot Act, additional safeguards have since been put in place to reinforce the efficacy of KYC measures. 

Using these enhanced safeguards, businesses can more effectively detect and prevent incidents of payment fraud:

  • Businesses can also prevent payment fraud attempts by remaining up-to-date on the latest fraud schemes making news headlines. Knowing what to expect makes it easier to identify and combat attempts when they arise.
  • Partnering with credible software vendors, working with verified payment processors, and using strong encryption technologies for transactions and email communication helps keep private data secure. 
  • Training employees regularly on the latest cybersecurity best practices, establishing concrete policies in regards to accessing confidential information, and consistently maintaining a security check schedule also prevents malicious parties from accessing data they’re not authorized to use. 
  • Finally, when it comes to the consumer’s part in payment fraud prevention, requiring scheduled password and login token changes is a must. Financial institutions must require strong passwords as well as frequent resets to protect consumers from potential attacks. Multi-factor authentication helps prevent password theft as well. 
KYC bypass tactics

Despite all of these measures, malicious parties are continuously striving to find new workarounds that enable them to bypass KYC policies. Some of these tactics include:

  • Fake driver’s license/selfie verification: Tactics that utilize fake IDs or sold selfie images that scammers use to trick cryptocurrency verification algorithms
  • Synthetic biometrics: Digital renderings of moving faces used to get around automated verification checkpoints
  • VPNs: Using Virtual Private Networks to change one’s IP address to a country with fewer KYC regulations in place
  • Fraud-as-a-service: Successful frauds offering to instruct other individuals in committing their own fraudulent activities


Sift Payment Protection

Sift’s Payment Protection is dedicated to stopping payment fraud, boosting business revenues, and managing risks in a single technological solution. Sift makes fraud management simple and straightforward by protecting every transaction and automating payment reviews. The advanced machine learning and fraud detection capabilities enable the technology to automatically detect and block suspicious transactions, eliminate fraudulent currency movement, and develop present and future safeguards against alternative payment abuse. 

Sift’s technology monitors financial processes in real time, assigns adaptive risk scoring, and aims to keep consumers safe via constant vigilance. Sift uses dynamic friction to block malicious party access while streamlining the user experience for trusted customers. Dynamic friction enables Sift technology to detect and prevent fraud without inconveniencing users, which keeps online interactions as normal as possible for consumers.

Global companies across a diverse range of industries are using Sift to protect their business and customers. ChowNow, for example, uses Sift to reduce chargeback rates by 99%, saving them over $1M in one year. 

Related topics

credit card fraud

payment abuse

payment fraud

sift payment fraud

Sift payment protection

what is payment fraud

You may also like