Fraud Types
On this page
No Prerequisites Needed
This is a good starting point. You don't need to understand detection tools or prevention strategies before learning what fraud looks like. After reading this section, move to Prevention and Detection.
TL;DR
- By actor: First-party (customer is fraudster), Third-party (stolen card), Fake identity (fabricated persona)
- First-party subtypes: Friendly fraud (chargeback abuse), Refund fraud (return exploitation), Promo abuse (discount abuse)
- By method: Account fraud (fake signups), ATO (account hijack), Card testing (validation), Fraud rings (organized attacks)
- Focus your resources on prevention. Chargebacks from true fraud are hard to win
A taxonomy of fraud patterns for merchants.
Which Fraud Type Is YOUR Problem?
| If you see... | Start here |
|---|---|
| Chargebacks on legitimate orders | Friendly Fraud |
| Many small transactions, then fraud | Card Testing |
| Good customer suddenly acting strange | Account Takeover |
| New account, immediate high spending | Third-Party Fraud or Account Fraud |
| Coordinated attack across accounts | Fraud Rings |
| Return/refund abuse | Refund Fraud |
| Promotion/coupon exploitation | Promo Abuse |
| ACH returns or unauthorized bank debits | ACH Fraud |
How to Find Out What Fraud Type You Have
Before buying tools or reading every page in this section, figure out what you're actually dealing with:
- Pull your last 30 chargebacks (or however many you have from the last 6 months)
- Tag each one into one of four buckets:
- Third-party fraud - Stolen card, customer says "I didn't do this" and they're telling the truth
- Friendly fraud - Customer made the purchase but disputes it anyway
- Billing confusion - Customer didn't recognize the charge on their statement
- Service issue - Customer had a real problem with the product or delivery
- Count. Your biggest bucket is your problem.
What Most SMBs Find
Most SMBs under $1M are over 70% friendly fraud and billing confusion. If that's you, your solution is operational (better descriptors, easier refunds, clearer communication) - not technical (fraud scoring, device fingerprinting). Start with Friendly Fraud and Descriptors and Comms before investing in any fraud tools.
Classification Framework
Fraud can be classified by who commits it:
| Type | Actor | Key Characteristic |
|---|---|---|
| First-Party | Your customer | Uses own identity to defraud you |
| Third-Party | External fraudster | Uses stolen card at your store |
| Fake Identity | Unknown | Fabricated persona, not a real person |
Quick Reference
By Method
| Fraud Type | Description | When You See It |
|---|---|---|
| Account Fraud | Fake account signups | Bot attacks, promo farming |
| Account Takeover | Hijacked customer accounts | Password breaches, phishing |
| ACH Fraud | Unauthorized bank debits, BEC | ACH returns, payment redirects |
| Card Testing | Validating stolen cards | Small transaction bursts |
| Fraud Rings | Organized multi-account attacks | Coordinated patterns |
| Triangulation | Three-party resale scheme | Marketplace fraud |
| BEC & Phishing | Attacks on your operations | Fake invoices, credential theft |
First-Party Fraud Subtypes
These are all forms of first-party fraud. The customer is the fraudster:
| Fraud Type | Description | Your Defense |
|---|---|---|
| Friendly Fraud | Dispute legitimate purchase | Evidence collection, CE 3.0 |
| Refund Fraud | Exploit return policies | Policy enforcement |
| Promo Abuse | Game promotions/discounts | Device linking, limits |
Comparison at a Glance
| Type | Who Loses | Detection Difficulty | Can You Fight Chargebacks? | Primary Defense |
|---|---|---|---|---|
| Third-Party | You (without 3DS) | Medium | Rarely (unless 3DS) | 3D Secure |
| First-Party | You | High | Yes (with evidence) | Policy enforcement, evidence collection |
| ↳ Friendly Fraud | You | High | Yes (CE 3.0) | Descriptors, evidence, easy refunds |
| ↳ Refund Fraud | You | Medium | N/A | Policy enforcement, pattern tracking |
| ↳ Promo Abuse | You | Medium | N/A | Device linking, limits |
| Fake Identity | You | High | Sometimes | Identity verification |
| ATO | Customer + You | Medium | Yes | MFA, behavioral analytics |
| Card Testing | You | Low | N/A | Velocity rules, CAPTCHA |
| Fraud Rings | You | High | Sometimes | Device fingerprinting |
Prevention Priority
For most merchants, focus resources in this order:
1. High Impact, Easier to Prevent
| Type | Action |
|---|---|
| Third-Party Fraud | Enable 3D Secure for liability shift |
| Card Testing | Add velocity rules and CAPTCHA |
| Account Fraud | Require email/phone verification |
2. High Impact, Harder to Prevent
| Type | Action |
|---|---|
| Friendly Fraud | Collect evidence, implement CE 3.0 |
| Refund Fraud | Tighten policies, track patterns |
| Account Takeover | Require MFA, monitor logins |
3. Specialized Threats
| Type | Action |
|---|---|
| Fraud Rings | Device fingerprinting, consortium data |
| Promo Abuse | Device linking, redemption limits |
| Triangulation | Shipping address analysis |
Popular in This Section
- Third-Party Fraud - Stolen cards used at your store
- Friendly Fraud - Legitimate purchases disputed dishonestly
- Account Takeover - Hijacked customer accounts
- Card Testing - Small transactions to validate stolen cards
- Refund Fraud - Return and refund exploitation
Related Topics
- 3D Secure - Liability shift for fraud
- AVS & CVV - Payment verification
- Device Fingerprinting - Tracking fraudsters
- Velocity Rules - Pattern detection
- Risk Scoring - Combining signals
- Compelling Evidence - Fighting chargebacks
- Chargeback Prevention - Stop disputes