Contact our Team


Confirm your details, and one of our friendly local team will get in contact to discuss your requirements.

A Guide to Online Payment Fraud for SMBs


23 December 2019

Victoria Galloway

6 minute read

Fraud affects all businesses of all shapes and sizes. Often, fraudsters will target smaller businesses in the assumption that they may not be employing all the necessary payment security tools and systems. It's important to know what types of payment fraud are out there so you can protect your eCommerce business and customers.

Unfortunately, where's there's payments, there's fraud. As a small business, its important to know what types of fraud are out there and the steps you can take to protect your business - and your customers.

Online payment fraud is a real threat to Australian businesses of all sizes; it is any type of false or illegal transaction completed by a cybercriminal. Latest figures released by the Australian Payments Network, the payment industry self-regulatory body, shows the rate of online fraud increased in value by 2.4% in 2018 compared to the previous year. At $488 million, online fraud accounted for 84.9% of all card fraud in 2018.

Let's dive into the activities that drive payment fraud and the different ways you can start securing your business.


It's important at this point to distinguish the difference between card-present and card-not-present transactions. Card-present makes general reference to payments during which the card is present, like instore. Card-not-present makes reference to transactions where the cardholder does not physically present their card for a merchant to take payment. Although this can also relate to MOTO (mail order and telephone order) payments, this is what is commonly associated with online payments.

There are a few reasons why online fraud in Australia (and globally) is growing:

  • Face-to-face fraud prevention has got stronger, with chip technology leading the way, so fraudsters are moving online more and more
  • There are now more large scale data breaches where fraudsters use the data they capture to perform more than transactions
  • While the rate of online fraud presents multiple opportunities for cybercriminals because it is difficult for merchants to identify and verify who is making the purchase. Here are some very common types of online fraud:

Friendly fraud (also known as chargeback fraud)

Friendly fraud occurs when a customer files a chargeback instead of trying to first obtain a refund from the merchant. Authorised cardholders dispute legitimate charges to their credit cards, pushing the bank to force a refund under the pretence that the merchant made an error.

Of course, sometimes these claims are true. Well-intentioned consumers may accidentally commit friendly fraud because they don't understand the differences between a traditional return and bank-issued refund.

Identity theft

This is when an imposter obtains key details of personally identifiable information that uses them to make purchases online. Cybercriminals gain access to this valuable information by penetrating security systems like firewalls and anti-virus software.


Like the shape, triangulation involves three parties in a transaction: the customer, their card data and a fake online store. When the customer makes a purchase the fake merchant steals the card details.

Clean fraud

This is one of the most difficult types of online fraud to detect as cybercriminals use real data to commit their crimes. It's different from friendly fraud where stolen or fake data is used. To commit clean fraud it takes real data to get around fraud tools and fraudsters who manage to do this have prior knowledge of the cardholder's spending and purchasing habits. Purchases look legitimate and are harder to spot.


Protecting your business against fraud can seem like a daunting task but there are tools and systems you can put in place to help safeguard your operations.

1. Become PCI compliant

Payment Card Industry standards exist to protect the whole payments ecosystem. It defines how card data is stored, processed and transmitted. As a business, even if you accept just one payment, you have to be PCI compliant. PCI protects card data becoming compromised and minimises data breaches. Becoming PCI compliant can be a lengthy process for merchants, so it's helpful to leverage PCI services from a payment processor like Bambora, who are Level 1 PCI compliant - the very highest standard.

2. Use tokenisation

Tokenisation replace sensitive cardholder information with a string of of meaningless digits (a token). If the fraudster manages to get hold of your tokens, they can't do anything with them. Payment processors like Bambora offer tokenisation services to help merchants store and process customer card details in a secure environment. Payment tokens add an additional level of security to eCommerce operations and have many benefits that help fight payment fraud without compromising your checkout.

3. Use customer-focused payment fraud tools and checks

Merchants are encouraged to use as many tools and security systems as possible. Strong customer verification tools should be used for every transaction to help identify risk and authorise the cardholder.

  • 3D Secure: started by Visa and now backed by both Mastercard and AMEX, 3D Secure adds an extra layer of security to taking card payments. It's an extra authentication step your customer goes through before making a purchase online, ensuring they are the cardholder. For your customers, 3D Secure provides peace of mind when it comes to shopping online. With the fraud prevention security in place.
  • CVV Verification: card verification value is the three digit number on Visa, Mastercard and Discover branded credit and debit cards. Confirming this number with your customer adds an extra layer of security to your checkout.
  • Velocity Checks: these monitor the number of times customer data occurs within a specified interval. This could be: IP address, email address, phone number and billing/shipping address.

When you partner with Bambora you receive industry leading fraud and security tools as standard.

4. Introduce biometric authentication

In the world of payment technology, biometric authentication relates to the parts of the body which can be used for identification - fingerprints, retinas, your voice and your face.

Biometrics are increasingly used for transaction authorisation, both instore and via remote channels. Deloitte found that Australians make an estimated 100 million imprints a day using smartphone fingerprint scanners. Many mobile wallets offer biometric support such as thumbprint or facial recognition, which improves both convenience and security. As online shopping booms, employing biometric authentication can help to reduce fraud.


Every business operating in the payments industry has a duty to help protect businesses and consumers against fraud. Here at Bambora we take combating fraud very seriously. Reducing the space for online fraudsters to operate is our priority as we help Australian eCommerce grow.

If you're interested in hearing more about fraud prevention, fraud prevention services or looking for advice, please reach out to one of our friendly local team.

About the author

Victoria Galloway has been writing and producing in the payments and eCommerce space for a number of years, both in the UK and Australia.