Back 
See how forward-thinking finance teams are future-proofing their organizations through AP automation.
Payment fraud impacts most businesses and organizations, as well as many consumers. Knowing the types of payment fraud and implementing systems and strategies to combat payment fraud is essential.
Learn about types of payment fraud and consult your accounting firm or attorney to determine adequate payment fraud detection and prevention strategies for your business or non-profit organization.
Understanding Payment Fraud: An Overview
Tipalti’s Financial Fraud Report indicates the most common types of financial fraud and where it most occurs. The payment fraud problem is widespread, with 80% of organizations experiencing payment fraud attacks or attempts in 2023, according to The 2024 AFP® Payments Fraud and Control Survey Report.
After paying or completing a sale to a fraudster, recovering lost funds and merchandise is difficult and, in many cases, impossible. In addition to losing money in payment fraud, businesses and financial institutions without adequate payments fraud prevention measures will experience customer loss, negative press, and social media pushback.
What Is Payment Fraud and How Does It Occur?
Payment fraud is when perpetrators steal or scam victims to get their payment information, paper checks, or credit cards to receive money, gift cards, cryptocurrency, or purchased goods.
Common Types of Payment Fraud
Common types of payment fraud are categorized as payment methods fraud and payment fraud schemes.
Common types of payment fraud include:
- Invoice fraud
- Check fraud
- Wire transfer fraud
- ACH fraud
- Credit card, debit card, and ATM card fraud
- Mobile payment fraud
- Gift card fraud
- Phishing schemes
- Personal data breach
- Non-delivery
- Identity theft
- Chargeback fraud
Discover ways to prevent business-related payment fraud
AP automation software helps detect fraudulent invoices and errors, reducing overpayments to save money and increase profitability.
Invoice Fraud
In invoice fraud schemes, fraudulent invoices are sent to companies for goods not shipped or services not performed to obtain payment for these invoices illegally. To avoid paying these invoices, businesses and other organizations must have adequate internal controls for supplier validation and fraudulent invoice detection for payment fraud prevention.
Check Fraud
Check fraud can be perpetrated in these ways:
- Paper checks can be stolen from the mail, washed, and altered for payee and amount.
- Forged cashier checks or regular checks can be created with stolen payment information that includes a financial institution, bank routing number, and account number.
To reduce check fraud to some extent, banks and payment services use the positive pay technique to match checking account and payee details and provide exception notifications to the payer before they make fraudulent payments.
Wire Transfer Fraud
Once a wire transfer is sent, the fraudulent payment may not be recoverable or reversible if the recipient has already received the funds in their bank account. In cases of unauthorized or wire fraud transactions, a receiving financial institution may be able to freeze the funds and attempt a reversal if it takes timely action. However, the receiving bank may not respond to requests for immediate reversal, making funds recovery to avoid financial losses unlikely.
Hackers can access a trusted email account containing their Realtor’s or other transaction parties’ messages in real estate transaction down payment scams, as an example of wire fraud. The buyer receives a new message that can be added to real, existing email threads with instructions containing the fraudster’s payment link for making the down payment to the scammer’s account via wire transfer. This payment link is used instead of a payment link to the real escrow company’s account, which should have been used for the real estate purchase transaction.
With this wire transfer fraud, sizable sums of money may be lost and unrecoverable. The payment fraud avoidance solution is for the potential buyer with the accepted offer to call the known escrow or title company directly, using their published phone number, before making payments in thousands of dollars with a wire transfer through an email link.
ACH Fraud
ACH payments (for bank-to-bank domestic U.S. transactions made by Nacha financial institution members) are generally a safer payment method than paper checks for preventing fraud. However, the Association for Financial Professionals (AFP) 2024 study indicates that ACH credits and ACH debits are widely used in addition to wire transfers to perpetrate business email compromise (BEC) fraud, a phishing scheme, or other fraud types.
Credit Card, Debit Card, and ATM Card Fraud
Credit card, debit card, and ATM card payment fraud can occur in these ways:
- Use of lost or stolen credit cards, debit cards, or ATM cards
- Skimming equipment to steal credit card or debit card information
- Roberries of victims taken to or found at an ATM kiosk upon threats of harm
Credit cards and debit cards can be stolen to make fraudulent purchases or cash withdrawals using either physical cards (when a wallet or purse is stolen, for example) or online payment information. At ATMs, gas stations, and retail stores, skimming equipment may be surreptitiously installed in the card reader to steal the ATM, credit card, or debit card details for later use by a criminal. Stolen credit card information includes name on card and financial institution, type of credit card, credit card number, expiration date, and the CVV number (verification security code).
Debit card and credit card fraud is accomplished by buying merchandise or services online (as card-not-present-fraud) with the card payment information or in brick-and-mortar stores with a payment card. ATM cards and linked debit cards may be used to illegally withdraw money from a bank account.
If a consumer as a cardholder reports stolen cards or unauthorized transaction fraud from stolen credit, ATM, or debit cards to their bank that issued the card promptly, losses may be limited, depending on the reporting timeframe and type of card. These cardholders should monitor their accounts for suspicious activity.
According to the Federal Trade Commission, which gives consumer advice and timelines for limiting some losses, after quickly calling the financial institution, follow up in writing with the bank to document the details of the lost or stolen cards.
ATM payment fraud also occurs during a robbery when thieves threaten ATM cardholders to withdraw money from their bank accounts at an ATM kiosk.
Mobile Payment Fraud
Mobile payment fraud consists of these types:
- Using a mobile device to make payments of any type
- Digital wallet app fraud
In its broadest sense, mobile devices like mobile phones and tablets can be used to make many types of fraudulent payments. Digital wallet fraud applies to mobile payments that transfer money between digital accounts through a payment app.
The fraudster may gain access to passwords and other needed payment information through hacking, business compromise email (BEC), or personal compromise email phishing attacks or scamming the digital payment account holder into making fraudulent payments through a ruse.
Gift Card Fraud
Gift card fraud works by thieves scratching off gift card number and PIN information in a store without buying the gift card, hacking emails to see gift card identifying information, or scamming unsophisticated victims into paying with gift cards after a threatening scam conversation demanding immediate payment. An example of gift card fraud is a fraudster falsely communicating a planned utility service shut-off to a potential victim, requiring immediate payment via gift cards.
Besides categorizing payment fraud by type of payment method, it can also be categorized by the type of scam used. Scamming methods are described next.
Phishing Schemes
Fraudsters use phishing schemes, a type of social engineering, to deceive victims into downloading malware, making fraudulent payments, or providing sensitive financial information. Phishing includes impersonating websites or a sender, using a different URL than the official site to pay for goods or services (without later providing the items), using text messages or emails with fraudulent links to download malware on computers or mobile devices to steal account information or serve as a conduit for making payments.
One type of widely used phishing scheme is business email compromise (BEC). The false and fraudulent email appears to be from a trusted individual in the company, such as the CEO or CFO, requesting that an employee make a payment to a supplier, which is actually to the fraudster’s account.
Before AI use, and to a large extent today, shrewd email recipients could identify phishing emails by incorrect spellings (from foreign senders), poor wording, lack of personalization in BEC emails, and an incorrect URL link.
Recently, AI bots have begun scanning social media posts to use them to personalize messages and improve style, tone, and language when impersonating the CEO or other trusted employees in a business compromise email. Payment fraud detection becomes more problematic when artificial intelligence bots are used in BEC targeting attacks and messages.
Personal Data Breach
In a personal data breach, fraudsters obtain confidential and sensitive data through hacking databases or other techniques. They use hack-acquired sensitive information to commit payment fraud.
Non-delivery
In non-delivery payment fraud, fraudsters don’t provide purchased items or contracted services after accepting payments.
To conduct this non-delivery scam, they may impersonate websites using a similar but different URL than the official site to get their scam targets to pay for goods or services they will not receive. Or they may instruct victims to pay for home rentals, used vehicles, pets, or merchandise through a digital wallet payment service or other payment method, then not deliver the items or services purchased or an officially transferred vehicle title.
Identity Theft
After stealing sensitive login or financial and account information from a victim, in identity theft schemes, the fraudster may pose as the victim to buy goods or services, get a fraudulent loan from a financial institution, or obtain money. Online identity theft may be referred to as account takeover fraud.
In consumer identity theft fraud, perpetrators may use a romance scheme, false relative kidnapping communication, utilities cutoff threat, investment scheme, or another ruse, including hog butchering, to receive money, gift cards, or cryptocurrency payments from their targets.
Chargeback Fraud
Chargeback fraud, also known as friendly fraud, applies to credit card purchases where the cardholder erroneously or intentionally claims a credit card charge is fraudulent, files a dispute, and requests a credit to reverse the charge through their credit card issuer. In a credit card transaction dispute, merchants issue refunds to the cardholder and pay chargeback fees from the payment processor.
Two causes of friendly fraud are 1st party fraud and transaction confusion. In 1st party fraud, another member of the cardholder’s household (or an employee in the business) uses their credit card number to make a transaction without letting the cardholder know about it. In transaction confusion, the cardholder disputes a credit card charge when they don’t recognize the transaction as one they have made.
Industries Most Vulnerable to Payment Fraud
Industries most vulnerable to payment fraud are eCommerce businesses and retailers, financial institutions (including banks and credit unions), health care providers, real estate, and other industries with a large volume of online transactions.
Cybersecurity breaches and phishing scams such as business email compromise (BEC) that obtain sensitive business or personal identification numbers, medical insurance policy numbers, financial institutions, and payment information fuel payment fraud. Fraudulent invoices are another tool for conducting payment fraud that widely affects businesses in various industries.
The Impact of Payment Fraud on Businesses
The impacts of payment fraud on businesses include unplanned cash losses, lower profitability, time-consuming staff follow-up to investigate the fraud, reputational damage, and potential lawsuits from not adequately securing customer data.
Strategies for Detecting and Preventing Payment Fraud
Strategies for detecting and preventing payment fraud include improving each company’s internal controls and software systems to detect fraudulent payments, identity theft, and cybersecurity threats. Employees and consumers should receive training or read articles about types of fraudulent payment schemes and how to avoid them.
Developing a Tailored Payment Fraud Prevention Plan for Your Business
Your business must develop a tailored payment fraud prevention plan that includes the following:
- Conducting payment fraud risk assessment and creating risk management strategies
- Implementing payment risk prevention systems and fraud protection technologies
- Educating employees and customers about payment fraud prevention
- Detecting real-time fraudulent transactions, with exception notifications to avoid making fraudulent payments
Payment Fraud Risk Assessment and Risk Management Strategies
In this planning stage, familiarize your risk management team with types of payment fraud, the latest fraud trends, regulatory compliance requirements/features in payment systems, and where your business has vulnerabilities. Create a strategic risk management plan.
Payment Fraud Prevention Sytems and Technologies
To begin implementing your payment fraud management strategy, substitute electronic funds transfers (EFTs) for paper checks when making payments. To avoid making fraudulent payments, select payment processors and supplier payment systems incorporating technology and features for real-time fraud detection in online payments and supplier invoice processing.
Use payment methods less susceptible to losing money because fraudulent transactions can’t be reversed.
Your business must require security measures, including cybersecurity software, two-factor authentication with codes to confirm identity. Authentication app codes are better than codes sent via text messages or email because those messages can be hacked without proper encryption. Use tokenization and encryption to prevent the loss of sensitive information.
Follow regulatory compliance regulations by using systems that use proper security standards when making payments.
Payment Fraud Avoidance Training
Your employees and customers must know what payment fraud schemes are and how they are perpetrated. They need fraud avoidance systems training and account security training. Education and awareness will help your company reduce payment fraud, including phishing schemes, identity theft, and chargeback fraud.
Real-time payment fraud detection with payment fraud analytics
Identify and implement systems with real-time online payment fraud detection features to flag potentially fraudulent payments that should be rejected before making an erroneous payment. These real-time systems or their features to detect fraudulent activities may be called payment fraud analytics software.
Techniques applied in online payment fraud detection include machine learning models with algorithmic rules, data anomaly detection, and analyzing location, device, and other identifying information related to the user’s online behavior or identity.
Where to Report Payment Fraud
To report payment fraud, ensure that you are using the official U.S. government website, not a fake site.
Businesses and consumers should report payment fraud to the Federal Trade Commission at ReportFraud.ftc.gov. The FTC shares reports with law enforcement partners to help conduct fraud investigations.
And report payment fraud and many other types of cybercrimes via the Internet, including business email comprise (BEC fraud), hacking, and identity theft, to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.
Payment fraud victims can also report these crimes to their state’s designated agency. Businesses and consumers should also timely report lost or stolen credit cards, debit cards, or ATM cards and fraudulent transactions to the financial institutions that issued their payment cards, with the possibility of limiting their losses.
How Automation Helps Prevent Fraud
Automation software with payment fraud prevention features includes Tipalti AP automation software, which integrates with your ERP or accounting software to perform onboarding, invoice data capture, and digital supplier invoice processing through global payment and real-time reconciliation.
Tipalti’s cloud accounts payable automation software helps your company reduce potential invoice payment fraud. The AP automation features include supplier validation with TIN matching upon onboarding and its real-time payment fraud detection functionality, Tipalti Detect®.
Tipalti Detect® automatically tracks contact details, account numbers, emails, and payments of payees to prevent vendor fraud and notifies payers of suspicious payees, opening a case with notes and audit trails for follow-up and payee analysis. Tipalti Detect® fraud prevention measures let payers suspend or block suspicious payees from receiving payments. It has fraud risk controls to identify any attempts by these payees to use multiple accounts with the same payment method and identifying information details like EIN, SSN, or email.
Tipalti also offers mass payments software with a risk management module to help your business avoid affiliate fraud, ad network fraud, and other types of payout fraud from affiliate marketing scams.
Read our white paper about how to use financial controls in AP automation software to avoid payments fraud, increase efficiency, and reduce cash leaks and business costs.
