Payment Fraud
What is Payment Fraud?
Payment FraudAny deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
Payment fraud is the umbrella term for monetary theft executed through legitimate payment rails: card networks (Visa, Mastercard), domestic ACH/SEPA, real-time payments (FedNow, UK Faster Payments, Pix, UPI), wire transfers (Fedwire, SWIFT, TARGET2) and digital wallets (PayPal, Apple Pay, Cash App). Common typologies include business email compromise wire diversion, authorised push-payment scams that trick victims into sending Faster Payments to a mule, card-not-present chargebacks, account-takeover transfers, mass merchant testing of stolen cards, and supply-chain attacks against payment processors. The 2016 Bangladesh Bank heist (USD 81 million stolen via SWIFT and the Dridex-related Lazarus group) is a landmark case. Defences include transaction monitoring, ML scoring, sender confirmation (UK Confirmation of Payee), 3-D Secure 2, SWIFT CSP and out-of-band approval for high-value payments.
● Examples
- 01
An attacker uses BEC to redirect a vendor wire of USD 1.2 million to a mule account.
- 02
Authorised-push-payment scam tricks a UK victim into sending Faster Payments to a fake property solicitor.
● Frequently asked questions
What is Payment Fraud?
Any deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse. It belongs to the Attacks & Threats category of cybersecurity.
What does Payment Fraud mean?
Any deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
How does Payment Fraud work?
Payment fraud is the umbrella term for monetary theft executed through legitimate payment rails: card networks (Visa, Mastercard), domestic ACH/SEPA, real-time payments (FedNow, UK Faster Payments, Pix, UPI), wire transfers (Fedwire, SWIFT, TARGET2) and digital wallets (PayPal, Apple Pay, Cash App). Common typologies include business email compromise wire diversion, authorised push-payment scams that trick victims into sending Faster Payments to a mule, card-not-present chargebacks, account-takeover transfers, mass merchant testing of stolen cards, and supply-chain attacks against payment processors. The 2016 Bangladesh Bank heist (USD 81 million stolen via SWIFT and the Dridex-related Lazarus group) is a landmark case. Defences include transaction monitoring, ML scoring, sender confirmation (UK Confirmation of Payee), 3-D Secure 2, SWIFT CSP and out-of-band approval for high-value payments.
How do you defend against Payment Fraud?
Defences for Payment Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Payment Fraud?
Common alternative names include: Payments fraud, Financial fraud.
● Related terms
- attacks№ 234
Credit Card Fraud
Unauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
- attacks№ 164
Chargeback Fraud
Often called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund.
- attacks№ 068
ATM Jackpotting
An attack in which the cash dispenser of an ATM is forced to spit out all its cash, either via physical access to the top box or via a network compromise.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
● See also
- № 443Gift Card Fraud