Fraud + Disputes Operations

Fraud (payments): Definition

Unauthorised or deceptive activity resulting in financial loss or operational harm across cardholders, merchants, and payment providers.

Why fraud matters in payments

Fraud directly impacts losses, approval rates, customer trust, reserves/holds, and long-term partner relationships.

Fraud vs disputes

Fraud is the bad activity; disputes/chargebacks are the formal recovery mechanism (often triggered by fraud or dissatisfaction).

Key fraud stakeholders

Merchant risk team, issuer fraud team, PSP/acquirer risk, networks, processors, customer support, compliance/AML teams.

Fraud lifecycle: High-level

Attempt → authorisation decision → fulfilment/usage → detection signals → refund/dispute → losses + recovery + rule tuning.

Fraud categories: Card-present (CP)

In-person fraud (lost/stolen, counterfeit); reduced by EMV but still present.

Fraud categories: Card-not-present (CNP)

Online fraud using stolen credentials; typically higher risk than in-person payments.

Fraud categories: Account takeover (ATO)

Fraudster takes over customer account (merchant or issuer) to make purchases or change payout details.

Fraud categories: Identity fraud / synthetic ID

Fake or blended identities used to open accounts, obtain credit, or bypass onboarding checks.

Fraud categories: Friendly fraud

Customer disputes a legitimate purchase (intentional or confusion); major driver of disputes.

Fraud categories: Merchant fraud

Merchant is the scammer (non-delivery, misrepresentation); can trigger mass chargebacks and scheme action.

Fraud categories: Refund fraud

Abusing refund processes (fake returns, empty box, “item not received” scams).

Fraud categories: Triangulation fraud

Fraudster sells goods cheaply, uses stolen cards to fulfill orders to real customers; merchant sees disputes later.

Fraud categories: Card testing / bot attacks

Bots test stolen cards with small transactions; creates auth costs and can degrade approval performance.

Fraud signals: Velocity

Unusual speed/frequency of attempts; strong indicator of bots or rapid fraud runs.

Fraud signals: Device signals

New device, emulator, mismatched browser fingerprints, suspicious IP reputation.

Fraud signals: Geo anomalies

Location mismatches, VPN/proxy use, unusual country patterns.

Fraud signals: Behavioural anomalies

Unusual browsing/checkout behaviour (fast checkout, copy/paste, odd navigation).

Fraud signals: Data quality mismatches

Billing/shipping mismatch, odd email/phone patterns, repeated card attempts.

Fraud signals: Merchant category patterns

Certain products/verticals attract more fraud; risk controls should reflect category.

Fraud signals: Past history

Account history, prior disputes, chargeback behaviour, failed auth history.

Fraud controls: Layered defence

Onboarding → authentication → transaction screening → fulfilment controls → post-transaction monitoring → disputes handling.

Fraud controls: Rules engine

Manual “if/then” rules (block, review, challenge) based on signals; easy to tune quickly.

Fraud controls: Machine learning scoring

Model assigns risk score; best paired with rules and monitoring.

Fraud controls: Device fingerprinting

Identifies repeat fraud devices; helps stop bots and account takeovers.

Fraud controls: Blocklists/allowlists

Block known bad actors;