Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
How much do you actually know about CNP fraud?
$5 Billion
$130 Billion
$250 Billion
$400 Billion
Please select one of the options above.
Payment fraud is already a billion dollar business, and it’s growing. According to Juniper Research (2018), online sellers will lose $130 Billion to fraud between 2018-2023. Did you know that online payment fraud also costs global businesses 1.8% of their entire revenue on average?
1 / 10
5%
20%
65%
90%
Our 2016 customer survey revealed that only 20% of consumers understand that the retailers are actually the ones who bear the costs of fraud. Often, customers incorrectly believe their bank or card provider will bear these costs. This is another example to show it’s not only about the financial cost - fraud also impacts brand and customer loyalty. Because general consumers aren’t aware of how fraud works, they often blame the online seller and are less likely to buy from their site again.
2 / 10
Friendly fraud
Clean fraud
Identity theft
Affiliate fraud
Card-not-Present fraud, also known as 'Identity Theft' is the most common form of e-commerce fraud, comprising a tremendous 71% of all attacks. Identity fraud is often one of the methods used by cybercriminals, either as the end goal or the precursor to another attack.
3 / 10
$25
$50
$75
$100
When a customer has been defrauded on an online seller’s website, they notify their bank and the seller will receive a chargeback. As well as refunding the cardholder, the seller also has to pay chargeback fees to their payment provider. Chargeback fees can be as high as $50 and are payable even if the chargeback is not upheld. On top of these fees, the card schemes put a limit on the amount of chargebacks an online seller receives before they get even heavier fines for breaking limits.
4 / 10
Malware
Phishing
Buy from dark web
Subscription network
Spying
Please select at least one of the options above.
There are a few different ways fraudsters can get into an account, with different levels of effort and time required. Malware or phishing are the most targeted and sophisticated methods. These both require a lot of effort, so they are more common in takeovers of bank accounts or corporate accounts with a much higher potential payoff. Fraudsters can buy credentials in bulk on the dark web for relatively low cost. Once they have a set of logins to try, they are more likely to use credential stuffing against multiple platforms to find out if any of these logins work on any site.
5 / 10
Chargebacks and other fees
Lost customer loyalty & retention
Strain on operations team
Brand reputation damage
These are all major risks of a significant account takeover attack. Unfortunately, when a customer's account on a merchant platform has been compromised, even though the source of the breach is often not from the merchant platform itself, the customer may often believes the merchant has poor security. This impacts customer loyalty and retention as well as brand reputation. Mass account takeovers create mass requests for refunds and chargebacks, putting strain on the operational team and causing customers to feel frustrated if they can't get through to customer service quickly.
6 / 10
Mass account email changes
Multiple accounts linked to one device
One account having multiple IP addresses
Increase in transactions using alternative payment methods
The same thing that makes account takeover so successful is also what makes it so hard to detect. A fraudster poses as a real customer with a trustworthy purchasing history and no indicators of fraud - making it more difficult for systems to spot abnormal behaviour and prevent the attack. However, an increase in transactions using alternative payment methods is unlikely to be a sign of account takeover - in fact methods such as ApplePay often have two-factor authentication, which makes account takeover less likely.
7 / 10
Spear phishing
Incentive abuse
Social engineering
Credential stuffing
Social engineering is the art of manipulating people so they give up confidential information. The criminals usually try to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software. Examples of social engineering attacks are: an email from a friend containing a link/download, an email from another trusted source, baiting scenarios (eg. an amazingly great deal on classified sites, auction sites etc) and responding to a question you never had (eg. an email about your computer’s operating system).
8 / 10
Arbitrage
Decolletage
Badinage
Pricenage
Arbitrage is the practice of taking advantage of a price difference between two or more markets, striking a deal that capitalize upon the imbalance. In this case, it could cost the the pizza restaurant $5 to make the pizza, but they collect $6.50 when they sell it through the app.
9 / 10
Voucher abuse
Account takeover
Collusion fraud
Referral abuse
This network shows multiple customer accounts all connected to the same device at the centre - a clear sign of an account takeover attack. Large networks with few shared devices can often alert investigators to an account takeover, but fraudsters are increasingly using sophisticated methods to disguise their device ID which can make it more difficult to detect.
10 / 10
You'll receive the full quiz and correct answers in your inbox shortly. In the meantime, check out our blog for the latest insights on fraud and payments.