Security · January 12, 2024

Omnichannel Payment Fraud Prevention

Omnichannel retail lets brick-and-mortar retailers expand their reach and meet customers where they prefer to shop—an approach that often leads to increased satisfaction and sales. However, new channels may also introduce new vulnerabilities, underscoring the importance of payment fraud prevention for omnichannel merchants.

According to TransUnion, an 80% increase in digital transactions from 2019 to 2022 resulted in 80% growth in suspected digital fraud attempts globally. Thankfully, there are steps you can take to leverage the upside of omnichannel retail while also mitigating risk.


Common types of e-commerce fraud

According to the US government's Cybersecurity & Infrastructure Security Agency, 47% of American adults have had personal data exposed by cybercriminals. Paired with increasingly sophisticated technology, this has led to a rise in online credit card fraud. As a result, Juniper Research predicts that merchant losses will exceed $362 billion globally between 2023 and 2028.

As with any type of payment fraud, e-commerce fraud is constantly evolving—underscoring the importance of preventing omnichannel fraud. This makes understanding the most common scams and how they work an essential first step.

Card testing attacks

Today, consumer credit card information is increasingly stolen through data breaches and sold to criminals on the dark web, often in the form of long lists. To determine which credit cards are still active, criminals will make a small purchase using each credit card number, typically with the help of bots. During these attacks, a merchant may get hit with hundreds if not thousands of fraudulent transactions, and the associated transaction fees can add up fast.

Card-not-present fraud

Sometimes referred to as CNP fraud, card-not-present fraud accounts for almost 75% of fraudulent transactions. As the name suggests, criminals use stolen credit card information to perpetrate payment fraud, and purchases are typically made online or over the phone.

CNP fraud can be very costly for merchants. In a 2022 report, LexisNexis Risk Solutions estimated that every $1 in CNP fraud costs a merchant $3.75. While requiring shoppers to verify their billing address and CVV number may stop a portion of CNP fraud, criminals who have obtained consumer credit card information through a data breach may already have access to this information.

In-store pickup scams

Sometimes known as buy online, pick up in-store, or BOPIS fraud, this scam targets retailers that offer in-store or curbside pickup. One common tactic involves cancelling an online order after it's fulfilled. The criminal will proceed to pick up the order, banking on the hope that the cancellation goes unnoticed.

In other cases, criminals will look for retailers that don't require customers to provide a billing address when inputting credit card information for in-store pickup. This makes it easier for criminals who have a credit card number but lack other information typically required to make a purchase.

Loyalty program fraud

Loyalty program fraud takes several forms. In some cases, criminals may hack into customers' accounts and use their rewards points to make purchases. In other cases, scammers may create bogus accounts and make numerous purchases using stolen credit card information to rack up loyalty points.

Return fraud

Also known as buy online, return in-store, or BORIS fraud, this involves a scammer using stolen card information to make a purchase online. Once they receive the item in the mail, they initiate a return in a store and ask to be refunded in cash or store credit.

Some brazen scammers will take it further. Instead of bringing in the item they received, they'll enter the store empty-handed, grab the same item off the shelf and use their receipt to ask for a return—effectively defrauding the merchant twice.

Payment fraud prevention

When it comes to payment fraud detection, the right technology can serve as your first line of defense. Be sure to take advantage of any identity verification technology available through your merchant services provider, as well as any additional safeguards like multifactor authentication.

Instead of using a payment app or money transfer platform to process online payments, consider an integrated point-of-sale, or POS, solution. This ensures that your online payment system includes the same level of protection and encryption as your standard POS terminal, while also providing customers with a unified experience across all touchpoints.

Also be sure to implement best practices and policies to reduce the risk of payment fraud. The following list is a helpful starting point.

  • Require customers to verify their CVV code and credit card billing address when making purchases online.
  • Implement strict policies for returns and refunds. This may include requiring customers to show an ID and only processing refunds to the original payment method.
  • If you offer in-store pickup, require customers to present the original payment method in person to help deter would-be fraudsters.
  • Keep a close eye on your e-commerce channels. Look for signs of online credit card fraud, such as higher-than-usual order volumes, small-value orders, unusual IP locations or repeated declined transactions.
  • Enable CAPTCHA tests or require customers to have an online account to complete a purchase to deter coordinated card testing attacks.
  • If you offer an online loyalty program, partner with a merchant services provider that uses multifactor authentication like texts or email codes to help protect customers.
  • Stay extra alert during peak shopping seasons.

The bottom line

Today's consumers increasingly expect retailers to provide them with an omnichannel retail experience. By taking steps to prevent online credit card fraud and partnering with an experienced merchant services provider, you can reduce the risk associated with omnichannel retail while leveraging its upside.

This material is for informational purposes only and is not intended to be an offer, specific investment strategy, recommendation or solicitation to purchase or sell any security or insurance product, and should not be construed as legal, tax or accounting advice. Please consult with your legal or tax advisor regarding the particular facts and circumstances of your situation prior to making any financial decision. While we believe that the information presented is from reliable sources, we do not represent, warrant or guarantee that it is accurate or complete.

Third parties mentioned are not affiliated with First-Citizens Bank & Trust Company.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

First Citizens Bank is a Member FDIC and an Equal Housing Lender icon: sys-ehl.

NMLSR ID 503941