Payment Fraud
Payment Fraud refers to the risk of reversal of a payment that is used to fund an online account. If provisional funds in the account are used to purchase digital assets or withdrawn by the time the reversal happens, the merchant often has to cover the resulting loss.
In the fintech and crypto context, funding risk usually entails use of stolen credit card or bank account credentials - or bank accounts with insufficient funds - to deposit funds into an online account and subsqequent withdrawal of those funds to another account or wallet under the fraudster’s control.
Funding transactions of this nature eventually may be either disputed by the victim or reversed automatically by the originating finanical institution, which results in a reversal of funds from the merchant back to the originating account.
These are called “chargebacks” in the world of credit and debit cards, “returns” in the ACH network (Automated Clearing House, the primary network that facilitates bank to bank transfers in the United States) or simply “disputes” in other contexts. The end result is the same to the merchant: financial loss of the original principal amount of the funding, plus, in most cases, extra penalties assessed.
Left unchecked, losses associated with funding risk can quickly balloon out of control and hurt the profitability of the business. Furthermore, most payment networks (Visa, Mastercard, ACH etc.) have upper limits on reversal rates a business is allowed to have in a certain period, and the business may lose its right to process payments through that network, effectively shutting it from being able to collect revenue.
While managing Funding Risk, it is paramount for online businesses to strike a balance between blocking as many potentially bad transactions as possible and allowing the good transactions to go through. Therefore, any risk solution tackling this problem should allow for granular adjustment of the filtering parameters to match the particular business needs and the risk appetite of the merchant.
Types of Payment Fraud
Card Fraud
Card funding refers to use of a credit or debit card to make an online purchase or load money into an online wallet.
The risk associated with online card payments is the risk of a chargeback, which refers to the eventual reversal of the funding payment. At a high level, chargebacks can be categorized into main to groups:
-
Friendly fraud chargebacks occur when a customer authorizes the funding of an account or an online, and then disputes the payment and files for a chargeback, essentially forcing an unwarranted refund. This is also known as first-party card fraud.
-
True fraud chargebacks occur when card information has been stolen and the fraudster funds an account or makes a purchase using the stolen card information. The account holder then files for a fraud chargeback indicating that they did not authorize the funding or purchase event. This is also known as third-party fraud.
Bank Fraud
Bank Funding refers to the use of an interbank transfer to make an online purchase or load money into an online wallet.
Bank accounts can be subject to unauthorized use. For example, if a fraudster gains access to stolen online banking credentials, they may attempt to move funds out of the account onto a platform account to be redistributed.
ACH Fraud
Automated Clearing House (“ACH”) is the most commonly used interbank funds transfer network in the United States. ACH Funding risks can generally be defined in two categories:
Non-Sufficient Funds (NSF):
When a bank account does not have a sufficient balance to cover an incoming funding request, this results in an Non-Sufficient Funds (“NSF”) retrun, with a return code “R01”.
The reason this occurs is that ACH transfers do not settle immediately. It takes around 2 business days for the initial funding request from the merchant to be recevied by the bank of the account holder. If the bank account does not have enough funds at that time, this will result in an NSF return.
Since the ACH network does not provide a real-time answer to whether there are enough funds in the account to cover the requested transfer amount at the time of initiation by the consumer, some 3rd party “open banking” solutions have stepped up to fill this void that provide a balance check.
However, since funds could be moved from the account in the 2 day period until the request is received, there is a risk that the account may still lack sufficient balance. This means that merchants who perform a balance check at the time of transaction can still run the risk of experiencing NSFs at the time of settlement.
Unauthorized Returns:
When an ACH transfer is initiated without the explicit authorization of the account holder, who then reports it to their bank, this results in an unauthorized ACH return. There are a few ACH return codes (R05, R07, R10, R11 and R29) that signify this activity, with the most common one being “R10”. The most common way this happens is when the account details have been stolen by a fraudster.
How can Sardine help?
Sardine has developed sophisticated machine learning models that digest data from end user’s devices and behavioral patterns on the merchant’s platform and combine it with the consortium data related to the bank accounts or card used in a particular transaction. These assessments are further passed through our proprietary no-code rule editor which can be configured to catch highly complex patterns in a granular manner.
To asses the reversal risk of a card, bank or ACH funding event, we leverage dozens of third-party data providers and partners to verify, for example, if the bank account is valid; if the ownership data matches the name provided by the user attempting to make the transfer or if the bank account will likely to have sufficient balance at the time of future settlement. These signals are used in conjuction with device and biometric signals to provide a highly accurate assesment of reversal risk.
Sardine also provides a highly hands-on support team to our clients with the full backing of our highly experienced data science team, who help with tuning the detection models to the particular fraud risk profile of the client.
Next Steps
Contact us to schedule a demo and get access to our Integration Guides and API docs.