Skip to main content
Payment Fraud refers to the risk of reversal of a payment that is used to fund an online account. If provisional funds in the account are used to purchase digital assets or withdrawn by the time the reversal happens, the business often has to cover the resulting loss. In the fintech and crypto context, funding risk usually entails use of stolen credit card or bank account credentials - or bank accounts with insufficient funds - to deposit funds into an online account and subsequent withdrawal of those funds to another account or wallet under the fraudster’s control. Funding transactions of this nature eventually may be either disputed by the victim or reversed automatically by the originating financial institution, which results in a reversal of funds from the business back to the originating account. These are called “chargebacks” in the world of credit and debit cards, “returns” in the ACH network (Automated Clearing House, the primary network that facilitates bank to bank transfers in the United States) or simply “disputes” in other contexts. The end result is the same to the business: financial loss of the original principal amount of the funding, plus, in most cases, extra penalties assessed. Left unchecked, losses associated with funding risk can quickly balloon out of control and hurt the profitability of the business. Furthermore, most payment networks (Visa, Mastercard, ACH etc.) have upper limits on reversal rates a business is allowed to have in a certain period, and the business may lose its right to process payments through that network, effectively shutting it from being able to collect revenue. While managing Funding Risk, it is paramount for online businesses to strike a balance between blocking as many potentially bad transactions as possible and allowing the good transactions to go through. Therefore, any risk solution tackling this problem should allow for granular adjustment of the filtering parameters to match the particular business needs and the risk appetite of the business.

Types of payment fraud

Card Fraud

Card funding refers to use of a credit or debit card to make an online purchase or load money into an online wallet. The risk associated with online card payments is the risk of a chargeback, which refers to the eventual reversal of the funding payment. At a high level, chargebacks can be categorized into mainly two groups:
  • Friendly fraud chargebacks occur when a customer authorizes the funding of an account or an online purchase, and then disputes the payment and files for a chargeback, essentially forcing an unwarranted refund. This is also known as first-party card fraud.
  • True fraud chargebacks occur when card information has been stolen and the fraudster funds an account or makes a purchase using the stolen card information. The account holder then files for a fraud chargeback indicating that they did not authorize the funding or purchase event. This is also known as third-party fraud.

Bank Fraud

Bank Funding refers to the use of an interbank transfer to make an online purchase or load money into an online wallet. Bank accounts can be subject to unauthorized use. For example, if a fraudster gains access to stolen online banking credentials, they may attempt to move funds out of the account onto a platform account to be redistributed.

ACH Fraud

Automated Clearing House (“ACH”) is the most commonly used interbank funds transfer network in the United States. ACH Funding risks can generally be defined in two categories:

Non-Sufficient funds (NSF)

When a bank account does not have a sufficient balance to cover an incoming funding request, this results in a Non-Sufficient Funds (“NSF”) return, with a return code “R01”. The reason this occurs is that ACH transfers do not settle immediately. It takes around 2 business days for the initial funding request from the business to be received by the bank of the account holder. If the bank account does not have enough funds at that time, this will result in an NSF return. Since the ACH network does not provide a real-time answer to whether there are enough funds in the account to cover the requested transfer amount at the time of initiation by the consumer, some 3rd party “open banking” solutions have stepped up to fill this void by providing a balance check. However, since funds could be moved from the account in the 2 day period until the request is received, there is a risk that the account may still lack sufficient balance. This means that businesses who perform a balance check at the time of transaction can still run the risk of experiencing NSFs at the time of settlement.

Unauthorized Returns

When an ACH transfer is initiated without the explicit authorization of the account holder, who then reports it to their bank, this results in an unauthorized ACH return. There are a few ACH return codes (R05, R07, R10, R11, and R29) that signify this activity, with the most common one being “R10”. The most common way this happens is when the account details have been stolen by a fraudster.

How can Sardine help?

Sardine has developed sophisticated machine learning models that digest data from end user’s devices and behavioral patterns on the business’s platform and combine it with the consortium data related to the bank accounts or card used in a particular transaction. These assessments are further passed through our proprietary no-code rule editor which can be configured to catch highly complex patterns in a granular manner.To assess the reversal risk of a card, bank, or ACH funding event, we leverage dozens of third-party data providers and partners to verify, for example, if the bank account is valid; if the ownership data matches the name provided by the user attempting to make the transfer or if the bank account will likely to have sufficient balance at the time of future settlement. These signals are used in conjunction with device and biometric signals to provide a highly accurate assessment of reversal risk.Sardine also provides a highly hands-on support team to our clients with the full backing of our highly experienced data science team, who help with tuning the detection models to the particular fraud risk profile of the client.

Next Steps

Contact us to schedule a demo and get access to our Integration Guides and API docs.