The latest studies indicate that the Covid-pandemic has permanently changed the way consumers shop. More people are turning to online commerce in order to maintain physical distance and avoid close contact with many people. Merchants also introduced discounts on products offered when paying online. The growth of e-commerce has not gone unnoticed by Internet fraudsters. E-commerce payment fraud is widespread. The ability for customers to safely use and purchase certain goods without necessarily visiting the merchant has led to numerous hacking attacks and theft of consumer information.

Nature and types of Internet fraud

Internet fraud is any type of illegal online transaction carried out by a cybercriminal. The victim is usually an online user who loses money, sensitive information and personal data, as well as internet property as a result of the fraud committed. There are numerous methods of internet payment fraud:

Phishing: This is an attempt to collect personal information through fraudulent emails and websites, and is one of the oldest types of cyber attacks. Phishing is widespread and fraud techniques are becoming more sophisticated. The purpose of the hacker attack is to convince the user that the message is related to him personally – a request from the bank, insurance company, payment invoices and others in order to enter his personal data. Any emails or websites that ask for personal information such as credit card, bank account or login credentials are prone to phishing.

Identity theft: This is a crime in which someone unlawfully obtains and uses the personal information of another person in a way that involves fraud for economic gain. This type of fraud usually involves a cybercriminal breaking into an internet user’s firewalls through old security systems or by hijacking login credentials via public Wi-Fi. The hacker then uses the information obtained to make illegal online payment transactions. Since the cybercriminal has all the important details of the user, he can bypass firewalls and fraud detection restrictions. Identity theft exists outside of the online space as well.

Pagejacking: E-commerce business sites are sometimes attacked by cybercriminals who try to direct their customers to an untrustworthy website source. This unwanted site may contain malicious programs that breach the user’s security systems and siphon their personal data.

How does payment fraud happen?

Payment fraud can happen in the following ways:

• Lost or stolen goods already paid for
• Unauthorized online payment transactions
• False claims for refunds and refunds

What should the consumer do to prevent electronic payment fraud?

The surest way to prevent fraud is to recognize fake and fraudulent websites and emails. Entering personal information into an untrusted source is extremely dangerous. The user can be saved if he carefully monitors where and how he submits sensitive information.

In order to protect consumers in the European Union, the Payment Services Directive was adopted, including a set of regulatory provisions related to increasing the security of online payments. The directive introduces new rules aimed at strengthening the security and regulation of online payment services. The legislation affects payment service providers, banks, payment institutions, electronic money institutions and their customers. The main goal is to improve consumer protection and create a more secure payment environment while also reducing the costs of payment services. The new measures will also ensure that all online payments operating in the EU are subject to supervision and appropriate rules.

The main methods for protecting Internet users within the EU, introduced by the Directive, are:

• The online transaction authentication protocol -“3D-Secure”. To confirm the operation, the user should enter a one-time use code sent by message to his mobile phone;
• Introduction of a daily transaction limit of 150 euros;
• Limited liability of the user who is a victim of online fraud in the amount of 50 euros (the purpose of this method is to promote the reporting of theft or loss of payment instruments and to reduce unauthorized payment operations). The payer shall not be liable if he was not in a position to find out about the loss, theft or illegal appropriation of a payment instrument;
• Providing information about bank accounts and balances. The user should have unlimited access to the amount of money he owns;
• Two-way customer identification. This is an additional level of security used to better protect the user, which aims to ensure the security of the Internet profile;
• Reduction of merchants’ costs when accepting consumer debit and credit cards;
• Immediate refund of funds for an unauthorized payment transaction. The payment service provider shall reimburse the payer immediately and no later than the end of the next business day after noticing or being notified of the transaction, except where the payer’s payment service provider has reasonable grounds to suspect fraud and communicate these grounds in writing to the relevant national authority.

In recent years, the risks associated with the security of electronic payments have increased. The safety and security of payment services are a prerequisite for the good functioning of e-commerce. Consumers should be protected in the best possible ways, but this does not exclude their obligation to be more careful when making online payments.

VP solutions can prepare all necessary documents and appeals for you. Let’s work together!

Author: V.Zh.

*The article is subject to copyright. Its distribution without the knowledge and consent of the author is a crime