Blog / Business Insights /

Understanding fraud and regulation

Marc Docherty

Head of UK Acquiring / Large - Strategic Business at Ingenico, a Worldline brand

Fraud at a glance

There are hundreds of different fraud tactics out there, so here I focus on those that tend to be most prevalent.

1. Friendly fraud

This type of fraud occurs when a consumer makes an online shopping purchase with their own credit card, but then requests the money back from the issuing bank after receiving the purchased goods or services. This is commonly called a chargeback, and can often occur unknowingly. For example, should a child buys credits for a game using their parents’ linked credit card, without the parent realising. However, it is also often done with malicious intent.

2. Data breaches

If a company’s server lacks adequate security, this leaves its systems wide open to a data breach. This is when fraudsters gain unauthorised access to a whole host of information, including sensitive business information and personal customer data including bank details, passwords, addresses and more.

3. Phishing

Phishing is the process by which fraudsters obtain customers’ private details by masquerading as a legitimate company. For example, a fraudster sends an email out convincing the receiver that it’s from a retailer they frequently shop with. The consumer follows the directions to click a link and fill out the details ‘necessary to continue shopping with the retailer’ or similar. The fraudster then harvests these details to either commit identity fraud or simply take the money directly from the victim’s account.

The risks

The main risk businesses consider when they think ‘fraud’, is the financial one. If a company is out of line with regulations and suffers a data breach, for example, they can be fined up to £17.5 million. If merchants don’t keep a check on friendly fraud, they can lose out on money as well as stock.

Furthermore, fraud doesn’t just affect businesses financially. If companies are associated with data breaches or poor fraud prevention management, they risk damaging their reputation. Take British Airways’ 2019 data breach for example – not only did the company have to pay a record £183million fine, but consumers will have likely turned to competitors to book their next flight.

A note on regulation

Regulations can be daunting for businesses, but they are necessary for protecting our society as we increasingly move online. One of the most recent security measures, General Data Protection Regulation (GDPR), was enforced in May 2018 to tighten up the processing of personal data. As is often the case when new regulations are implemented, businesses were at first worried about how this may impact their operations, but over time and with the help of experts, these fears were alleviated. Thanks to GDPR, consumers now enjoy greater trust in merchants when they shop online, and we hope to see a decline in fraud as the years unfold following its implementation.

In terms of payments, some other important regulations to understand are the Second Payments Services Directive (PSD2) and Strong Customer Authentication (SCA). In a nutshell, PSD2 has improved customer rights, enhanced security through SCA, and provided a framework for new payment and account services by enabling third-party access to account information. Meanwhile SCA itself has increased security by enforcing extra authentication measures at checkout.

Although these regulations are implemented for positive effect, it can be difficult for merchants when certain measures increase friction in the buying experience. Fortunately, there are ways to ensure regulatory and fraud prevention processes are implemented with minimal effect on the customer experience.

How merchants can act

The best policies are learn, educate and act.

1. Learn

As a merchant, take time to understand the latest regulations and fraud practices as best as you can. You can do this by regularly taking a look at expert blogs, such as this one, and following industry-specific news publications.

2. Educate

It’s crucial to educate your customers. Warning them against current fraud practices like Phishing, for example, will reduce their risk of falling victim to scams of this nature. Similarly, letting them know any updates to expect in terms of fraud prevention or regulation can contribute to a seamless user experience. For example, SCA's Two Factor Authentication policy has been seen to flummox customers, leading them to abandon online shopping baskets. User experience issues such as this can be avoided by communicating with your clients.

3. Act

Make sure to implement measures earlier rather than later. The best way to combat fraud and related issues is to hand over to a professional who can advise on and implement the best course for your business. Although fraud is complicated, a secure payments system backed by a team of experts is an essential step to helping prevent fraud and optimising business operations.

This article was originally published on Since October 28, 2020, Ingenico has joined Worldline.