Your business must offer as many online payment methods as possible. Just don’t forget to keep an eye on the potential fraud risks.
Businesses have little choice in the matter these days: they must adapt to their customers’ needs on a global scale. They must localize their content, segment their marketing, and understand how products and services are consumed around the world.
But nothing represents this imperative more than offering the right online payment method to their customers.
In this post, we’ll see why enabling as many payment methods as possible looks good on paper, but that there are inherent fraud risks with every option.
Global Business, Local Payment Preferences
When we think of online payment, we tend to think of credit cards. But people around the world have different preferences. And it’s more cultural than you might think. Some regions, like Germany, favour push payments via bank transfers. APAC customers will need to see an option for Alipay, China UnionPay or WeChat Pay.
Conversion Vs Risk
The eternal balance act for online businesses: how do you accept as many payments as possible, without increasing fraud rates?
The current trend is to favour UX over security, even if it means losing a percentage of your sales to fraudsters. Amazon, for instance, doesn’t even force users to enter a credit card CVV, just so you can complete your checkout faster.
Of course, with the right fraud prevention in place, this becomes a false dichotomy. You don’t need to sacrifice friction for prevention, regardless of the kind of online payment option you offer. But before we go into the detection techniques, let’s first go over each payment method and their associated risks.
Credit and debit cards are the preferred method for online purchases, accounting for around 41% of all online payments. The cards are linked to the user’s bank account, and allow them to debit the account, or borrow the amount and repay it within a grace period (for credit cards).
While Visa and MasterCard are the two largest card networks in the world, your business could also need to process payments from American Express, Discover and Diners, China UnionPay, Cartes Bancaires, Interac or JCB.
To accept card payments in these CNP scenarios (card-not-present), you’ll need to integrate a payment gateway, such as Stripe, Braintree, or PayU, amongst others.
- The benefits: low friction, support recurring payments, immediate payment confirmation, support refunds. Works for all verticals such as SaaS, online stores, and professional services.
- The fraud risk: credit card numbers are easy to steal and buy online. If a fraudster purchases something without the cardholder’s authorization, a chargeback request is likely to be initiated. Credit card payments are also easy to dispute, which puts you at risk of friendly fraud. In fact, credit card payments have the highest dispute rate of all payment methods.
- The consequences: Chargebacks are extremely costly. Too many requests mean Visa or MasterCard will prevent you from accepting payments with their cards. This would be a death knell for many businesses.
What happens with high chargeback rates: The Visa chargeback monitoring program (VCMP)
Visa monitors your chargeback ratio
If you go above a 1% chargeback to sale ratio, you are placed on the high-risk list (VCMP)
You must work with your acquirer on a chargeback mitigation plan and present it to Visa
You have to pay extra chargeback fees, including a $25,000 review every 6 months
If you remain in the program for an extended period, you can lose your processing account
The Rising Danger of Friendly Fraud
Friendly fraud is the fastest growing trend in the fraud world. Put simply, it happens when a customer uses their card to make a legitimate purchase on your site, and later disputes it. It could be for three main reasons:
- Innocent friendly fraud: the buyer genuinely forgot they made the purchase. Or someone in their family did it without authorization (i.e. children buying in-app DLC…)
- Opportunistic friendly fraud: a dissatisfied customer uses the chargeback option to get a refund.
- Malicious friendly fraud: close to standard fraud, this happens when a customer is aware of the chargeback process and uses it to buy items or services and get a refund too.
Digital wallets allow users to store funds and make payments online, from a computer or mobile phone. They are also known as e-wallets, and include famous mobile payment systems such as Apple Pay, Google Pay, and AliPay.
The authentication system can vary (Face ID, PIN, etc…) but digital wallets are generally considered safer than credit card payments.
- The benefits: very low friction, requires authentication for increased security (biometrics, SMS, 2FA…). Supports recurring payments and refunds. Immediate payment confirmation.
- The fraud risk: friendly fraud is still an issue here. But another risk comes in the form of ATO attacks, or account takeover. This happens when a fraudster acquires the user’s login information, and it costs organizations millions of dollars per year.
- The consequences: ATO attacks, or credential stuffing, have a bad impact on customer trust and brand reputation. Account holders are likely to believe they’ve been hacked, and that your business did nothing to stop the fraudulent payment, thereby making you an accomplice in their mind.
The fintech giant is one of the most popular checkout options for users thanks to its low friction and ease of use.
For businesses, data encryption and built-in fraud prevention tools should also be a boon.
But unfortunately, PayPal is no stranger to chargeback requests. And historically, the company has tended to side with customers, leaving online retailers more susceptible to friendly fraud than with credit or debit cards.
The company may also freeze a PayPal business account for any length of time, which means your profits could potentially be unreachable until you sort out the issue.
- The benefits: convenience.
- The fraud risk: high chargeback rates due to friendly fraud.
- The consequences: you may have to fork out for the chargeback dispute costs, and to add insult to injury, your business account may be frozen beyond your control.
Bank debits are known as “pull payments”. After entering their account information on your site, funds are pulled directly from the customer’s bank account. Here again, a third party integration is often used, such as Plaid for processing these kinds of payments.
While it may seem safer on paper, the danger here is that there is no chargeback protocol in place to protect customers who pay via bank debits. If the account details are stolen, any fraudulent transaction will be lost forever. Moreover, these kinds of payments are delayed, sometimes up to four working days.
- The benefits: lower dispute rate than with card payments.
- The fraud risk: bank account details are the most valuable data to fraudsters, because they can use them to pay without triggering chargeback requests. It’s not rare to see bank login details appear on darknet marketplaces, and criminals have every incentive to acquire them via phishing, social engineering, or advanced hacking methods.
- The consequences: processing an order that’s been paid for with a stolen bank account shouldn’t have legal repercussions for your business. But ethically, you’ll probably be in a challenging position, as the rightful account’s owner could still request a refund. Bank transfers ending up in the wrong account happen all the time, and banks tend not to get involved, so you’ll be left on your own to sort it out.
Authenticated Bank Debit Around The World
To improve security, you may also look at Authenticated Bank Debits, which add a layer of security for each bank debit. The payments are processed faster, and they are favoured for recurring, automated payments.
These methods are country-specific. For instance, in the UK, 14% of authenticated bank debit transfers are processed via Bacs Direct Debits, which includes an evergreen dispute policy. They take three working days to clear and can only be used for GBP payments.
ACH debits, or Automated Clearing house debits, is the US process which enables bank account to bank account transfers. It is one of the largest and most reliable payment systems, but can take up to five business days. ACH errors are also protected under federal law, as long as the customer reports an issue with their bank within 60 days.
For Belgian customers, you’ll probably encounter Bancontact, which combines direct debit with mobile QR codes and a PIN confirmation, allowing you to retrieve the bank account details for SEPA direct debit.
In Australia, BECS Direct Debit is the preferred method, which takes up to four business days to process payment.
Buy Now, Pay Later
A growing category of payment methods which offers customers immediate financing for online payments. Like with credit cards, the funds are repaid over time, and, usually in fixed instalments.
The most popular companies for Buy Now, Pay Later (or BNPL) payments include Afterpay and their new acquisition Pagantis, Klarna and even PayPal’s own solution. They make money from late fees and interest rates, but also by charging you a fee. The idea is that customers are more likely to spend money on your goods or services thanks to their offer, so they should get a cut of the profit – for instance, 4.17% in the case of Afterpay.
- The benefits: helps boost sales. The provider refunds both customer and merchant in case of a fraudulent payment (for now). The internal credit checks are stringent, which can deter fraudsters from creating accounts with them.
- The fraud risk: information to create a BNPL account is a lot easier to steal than a credit card number. So default or payment fraud risk is still an issue.
- The consequences: for the time being, it would seem that BNPL is the method which protects both consumers and merchants the most. You just have to pay extra to accept these kinds of payments.
Crypto payments are now easier than ever to accept on your site thanks to solutions like BitPay or Coinbase Commerce.
There are a number of benefits for businesses, such as the very low transaction fees, and the fact that there is no chargeback process in place. Crypto payments are therefore near instant, affordable, and a true one-way transaction.
Their pseudonymous or anonymous nature, however, makes crypto fraudsters and criminals’ favoured method of payment. This could attract them to your business, and even incentivize them to take over your user’s accounts.
- The benefits: near instant payments, and with the lowest transaction fees.
- The fraud risk: account takeover for your users, and unwillingly helping criminals for you. Be careful of AML or anti-money laundering fines.
- The consequences: AML fines are extremely damaging for businesses. You’re also incentivizing fraudsters to take over your customers’ accounts, especially if they can store crypto balances on your site.
Combining High Sales With Low Friction and Risk
It’s plain to see that no payment method is truly secure for your online business. However, you can certainly reduce the risk of chargebacks by accepting payments via bank debit, BNPL, or even digital wallets.
But even these methods can’t ensure you’ll be dealing with the right customers 100% of the time. Account takeover and creating accounts with fake identities becomes a strong incentive for fraudsters if they know your site accepts payments too easily.
And as friction becomes the new battleground where users are won and lost, organizations want to reduce the number of obstacles between customers and their purchases.
The key is to enable online payment methods with as many options and flexibility as possible, all while ensuring your users are who they say they are.
This is exactly where SEON can help. By understanding how risky each payment method is, you can easily create custom rules that adapt to calculate the right fraud score. Combined with powerful device fingerprinting and social media analysis, you’ll have all the tools to accept payments from a variety of sources with complete peace of mind.