Should Online Merchants Use Payment Gateway Fraud Detection?

Should Online Merchants Use Payment Gateway Fraud Detection?

Author avatar

by Tamas Kadar

Payment gateways and acquirers now offer fraud detection. But there can also be a conflict of interest there…

In the early days of the Internet and eCommerce, payment gateways were essentially online payment terminals. But instead of competing with the big name processors, they decided to focus on merchant and consumer technologies instead.

It proved to be a smart move. These days, payment gateways are more essential than ever and give your online business plenty of security and experience-enhancing features.

One way this becomes evident is the rise of what some call the “one-stop-shop”, or the “all-in-one” e-till, which include fraud prevention and detection tools along with a whole host of other services.

Payment Processor Vs Payment Gateway

Before looking at payment fraud detection, let’s zoom out to clearly define a few important terms. First, it helps to understand the subtle differences between payment gateways and payment processors.

  • A payment processor: analyzes and sends the transaction data (card number, issuing bank info, etc..).
  • A payment gateway: does all the above, and also authorizes the transfer of funds. The authorization part is the key difference, specifically in the card-not-present world (online stores).

Payment gateways are therefore a good place to implement security checks, whether it’s SSL encryption or a check for fraudulent purchases.

More Channels = More Payments

Broadly speaking, one payment gateway = one more option to pay on your site. The more of them you have, the more you can meet your customer needs and provide a frictionless checkout experience. It’s no surprise that online merchants favour stacking payment gateway options.

Besides, certain names such as Stripe, Amazon Pay, Klarna and PayPal have become so synonymous with online payments that they also add a layer of trust for customers. Even displaying a payment gateway’s brand logo at checkout can help, even if your customers rarely pay through them.

How Built-In Fraud Tools Work With One-Stop-Shops

On paper, built-in fraud tools work a lot like those offered by third-party providers:

  1. They look at user card and transaction data
  2. Feed the data through rules
  3. Automatically approve, decline or send the transaction into manual review

The key advantage here is the amount of historical card data they possess. Stripe Radar, for instance, claims there’s an 89% chance that a card has been seen on their network before, even if it’s the first time someone uses it on your site. (However, the disadvantage here is quite similar to the downsides of shared blacklists. One false flag on one site could hurt all the others too).

Easiest Solution for SMEs

Another advantage here, this one from the perspective of the user: no integration needed, and no extra resources spent comparing fraud prevention tools. This is ideal for companies without a risk team or those who lack a technical understanding of how fraud works. 

You can usually deploy the built-in fraud prevention feature directly from your standard dashboard, whether it’s with Stripe Radar, Worldpay’s FraudSight, or even Shopify’s Fraud Filter app. 

Moreover, the pricing structure is usually based on the number of processed transactions, which makes sense for smaller operations and companies with fluctuating amounts of transactions, for instance, online stores whose traffic spikes during certain season sales.

Locked Into an Ecosystem

Now the first disadvantage should be evident to everyone: the built-in fraud prevention works with your payment gateway only. This creates a few challenges because:

  • Your custom rules can’t be moved to another payment gateway’s fraud tool.
  • You need to ensure all your payment gateway’s fraud tools offer the same level of sophistication, as they can’t be synchronized between different providers.
  • Relying too much on built-in tools makes it harder to change payment gateways to expand to new markets later, or to benefit from more advantageous transaction fees with competitors. 

In short, you are always looking at a compromise between ease of use versus business flexibility and agility

Often Limited Features

Moreover, you might find that built-in fraud tools aren’t as sophisticated as dedicated third-party solutions. 

This is particularly apparent for fraud teams and businesses who need to dig deeper into the custom rules:

  • Basic data enrichment: these tools usually work with data such as card number, transaction amount, currency and IP address, for instance. You won’t get the same level of investigation as with a full digital footprint analysis, which can include email address, social media profiling and device fingerprinting.
  • Rigid, general rules: The rules you will be given are based on transaction and cards more than user behaviour. You won’t get specific preset rules for your vertical, and programming new ones can be challenging
  • Blackbox machine learning: if you do get machine learning at all, it will be hard to control or understand how it works. Which means fewer insights into how fraud detection works in the long run.

An Inherent Conflict of Interest

One of our clients, a leading crypto exchange, came to us because their all-in-one payment company and fraud tool still facilitated too many chargebacks.  Click To Tweet

Last but not least, you’ll have to understand that payment gateways and acquirers will always err on the side of processing payments. Their entire business model is built on charging transaction fees, so declining them goes against their purpose. 

In fact, one of our clients, a leading crypto exchange, came to us because their all-in-one payment company and fraud tool still facilitated too many chargebacks. 

The incentive for these companies will always be weighed towards accepting the payment, and you’ll end up being the one having to pay for the consequences, namely in the form of dispute and chargeback fees.

Agnostic Fraud Prevention Vs Built-In

To recap, let’s compare three fraud prevention tools, including our own, to see when it makes sense to stick with the built-in gateway and acquirer solutions, or when you should use a fraud prevention API.

agnostic fraud prevention vs built-in

One-Stop-Shops: Good For Basic Fraud Needs, With Caveats

In conclusion, we can see that built-in fraud tools offered by payment gateways and acquirers have their use. They require little maintenance, no integration, and can help reduce the most evident cases of transaction fraud.

But for companies with more pressing fraud challenges, they might simply not be enough. A lack of customization options, data enrichment features, and the fact that you can’t transfer rules between different systems means you are locked into a basic service.

Worst of all, they’ll never let you adjust your risk threshold to operate with the safest settings, as it would eventually damage their bottom line.

Better Payment Gateway Fraud Detection

There are two good news if you are interested in SEON to reduce manual reviews and chargebacks: first, the solution can work on top of your existing all-in-one e-till, thanks to our powerful data enrichment plugin and modular approach to fraud prevention.

Secondly, a growing number of payment gateways are integrating our tools directly into their systems, proof that it does help reduce chargebacks at scale.

Now whether you use our full end-to-end solution or only select one of our modules as part of a multi-layered approach, we can’t wait to help you start reducing chargebacks and boosting transactions for legitimate users.

Share article

Learn more about our products


Author avatar
Tamas Kadar

Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.

Sign up to our newsletter