Skip to main content
Learning Center
Fraud BasicsCommon Fraud Types Every Analyst Should Know

The most frequent fraud types you'll encounter as a fraud analyst - identity theft, payment fraud, account takeover, and business fraud

Common Fraud Types — See It, Name It, Stop It

Last updated: 2025-08-26 · Estimated time: 9–12 min

Learn the patterns you’ll see again and again. The trick is spotting the signal fast and picking the smallest control that works.

Payment Card Fraud

What happens: Stolen card data is used online or in‑store.
You’ll notice: lots of tiny authorizations, AVS/CVV failures, new device + new ship‑to, geo/BIN mismatches.
Controls that help: 3DS 2.x, velocity rules, device fingerprinting, BIN/geo checks, dynamic limits, post‑auth monitoring.

Account Takeover (ATO)

What happens: Someone breaks into a real customer’s account (stuffed creds, infostealer logs, SIM swaps, phishing).
You’ll notice: password reset + device change + payout edits, new ASN/geo + high‑value action.
Controls that help: risk‑based MFA, passkeys/WebAuthn, device binding, session protections, alerts with easy recovery.

Refund & Return Abuse

Patterns: “Item not received,” wardrobing, partial returns, promo gaming.
Signals: abnormal return velocity; repeat INR claims; address/device clusters.
Controls: tighter policies, serials/RFIDs, restocking windows, abuse scoring, allow/deny lists.

First‑Party (Friendly) Fraud

Patterns: “I didn’t authorize,” family‑use disputes, post‑benefit chargebacks.
Controls: clear descriptors, strong receipts/evidence, reminders, SCA where it fits, clean representments.

Money Mule Activity

What happens: funds move through recruited or compromised accounts.
Signals: rapid in→out, new device, new payees, crypto/ATM cash‑outs, linkage to known clusters.
Controls: stronger KYC/KYB, payout holds, network linkage, SARs, user education.

Social Engineering

Vectors: fake support, romance/investment plays, courier scams, pig‑butchering.
Controls: out‑of‑band checks, in‑product warnings, cooling‑off periods, blocked destinations when risk is high.

(Add sections for BNPL, gig apps, marketplaces, travel, gaming as needed.)

Previous ← /learning/fraud-101 · Next → /learning/criminal-infrastructure

Test Your Knowledge

Ready to test what you've learned? Take the quiz to reinforce your understanding.