How to avoid small business payment scams in 2024
There’s an elephant in the room. Small businesses all over the world are getting scammed. It’s a Catch-22: people are too embarrassed to tell their stories, yet the only way to prevent others from becoming victims is to build awareness.
But here’s the thing: scams targeting small business owners are really common. The Federal Trade Commission reported that scam losses grew over 10% in 2023. Scams are happening on a wide scale, and they’re becoming more and more sophisticated.
The good news? We can stop being embarrassed about scams and start talking about them. We’re sharing two of the biggest scams affecting small business owners, and tips on how to prevent them.
Scam #1: Overpayment scam
One of the most common scams is what’s known as the “overpayment” scam.
This is where the fraudster contacts a business owner who’s offering a service—like an event planner or photographer—asking to add an additional cost onto the fee for the services and charge it to their credit card.
Overpayment scam example
Here’s an example. Joe, a photographer, gets an email through his website from a prospective client:
Hi Joe,
I’m looking for a photographer for my wedding in two weeks. It’s very last minute—our friend was supposed to do it, but now she can’t. I’d like to know if you’re available to work on August 15, and if you take credit card? Also, what do you charge for a wedding package?
— Freddie
Joe answers the email with a quote for a wedding package and an agreement. Freddie writes back:
Hi Joe,
That’s amazing—this works out great. There’s only one thing that I need to ask. We just got a last minute agreement this morning from the DJ that my fiance really wanted, but he can’t take credit card. Is there any way you could help me out by charging an extra $2,000 to my card in addition to the fee for photography, and then transfer it over to the DJ for me? He said he’s fine with that, I just need to confirm right away or we’ll lose him. And I’ll give you an extra $200 and pay for your services in advance if you can make it work today.
—Freddie
Joe feels bad for the guy—he probably doesn’t want his fiance to know he’s low on cash, especially if the DJ only accepts checks or cash.
Joe's an empathetic guy, so he agrees to transfer the money, but when he gets the credit card info, he notices it’s not Freddie’s name on the card.
Freddie explains that his brother-in-law offered to pay for the photographer as a wedding gift, so Joe goes ahead and processes the payment, transferring the $2,000 to the DJ.
A few days later, Joe follows up with Freddie to see if they can set up a date to talk through the different shots they want at the wedding, and other logistics. No response. He picks up the phone and tries calling—it’s out of service.
It slowly dawns on Joe that he’s just been the victim of a scam.
Sure enough, Joe gets a chargeback notification from the payment processor saying the cardholder claims the transaction wasn’t authorized.
He calls the provider, and the representative he talks to tells him the credit card was stolen and used by a scammer.
In Joe’s case, he had to return the funds that he transferred to the fake DJ—in addition to the money he received for his photography services—back to the real cardholder. He didn’t get the job, and now he is out thousands of dollars.
When a credit card is approved, it just means it’s active and funds are available. If the real cardholder didn’t authorize the transactions, they’ll issue a chargeback and you’ll be financially liable to return those funds.
Preventing the overpayment scam
A lot of businesses fall for the third party scam. It’s easy to see how it’s possible from Joe’s story.
He’s a good person who sees the best in other people. He wants the job, and he also wants to help Freddie out on his big day. Freddie plays on Joe’s emotions, getting Joe to agree to something he wouldn’t normally do—and it could happen to any of us.
That being said, there are some red flags you can look for to protect yourself.
1. Pay attention to the email address
Look at the email address and ask yourself if it looks legit. Does the name match the customer or cardholder’s name? Does it look automatically generated?
There are sites that generate fake emails people can use temporarily, and these often include random letters or numbers.
Another example would be if you saw an email like FreddieMartin2024@gmx.com. The “2024” makes it seem like a newly created email, yet it has the “gmx” domain, which is foreign.
2. Look deeper into the content of the email
Another thing to pay attention to is how the message is written. Ask yourself:
- Does the font look strange?
- Does it sound unprofessional or poorly written?
If there’s something fishy about the way the email comes across, try copying and pasting it into Google to see if it brings up search results for a common scam.
Often scammers will re-use emails over and over, so you might find someone has already encountered the scam.
3. Question the urgency of the transaction
Is the customer communicating a sense of urgency? Are they in a rush, trying to get you to process the payment fast?
In Joe’s case, Freddie seemed to be panicking because his photographer fell through, and his DJ confirmed last minute and needed the money now.
Compare this to your typical wedding, where services are booked far in advance.
Also, Freddie didn’t ask for any details about Joe’s experience or to see his portfolio. Most people would ask these types of questions of the person providing a key service on their big day.
While these things alone don’t necessarily mean fraud (some people do plan things last minute and not everyone has great grammar), the final red flag here was Freddie asking Joe to transfer money to a third party.
Scam #2: “Too good to be true” rush order scam
Here’s what the “too-good-to-be-true” scam can look like:
The scammer pretends to be a business owner of a fake or compromised business and puts in a large rush order that’s too good to be true. You go to pick up or receive the product, only to find out everything was purchased on stolen credit cards.
This can happen with anything—from water filtration systems to concrete to playground systems.
“Too good to be true” rush order scam example
Here’s an example: Martha gets a request online from a customer, Jessica, who wants 2,000 pens branded with their company logo as part of a swag bag for attendees at an upcoming corporate event. It’s a normal request, the type of order that Martha gets all the time.
The email looks legit with a company domain (jessica@zenaconsulting.com), and when Martha calls the phone number, she’s able to reach her customer.
The order comes with image samples showing what Jessica wants the product to look like—it’s very professional.
Jessica even signed contracts for the sale and sent a photo ID to confirm her identity. Everything appears to be in order.
Martha finalizes the order and confirms everything with Jessica. She processes the payment and ships the product out.
And then it all goes wrong—Martha gets a chargeback notification from the credit card provider.
Preventing the “too good to be true” scam
This one is tough, because there weren’t any obvious red flags for Martha. She did so many things right—having a contract, requiring ID, and checking the email and phone number for her customer. How could she know that this was a scam?
Guess what? There were red flags here that Martha missed—and now you won’t repeat her mistake.
1. Question the simplicity of the order
The first red flag was that Jessica was a first-time customer, apparently from a corporation, looking to make a large order from Martha’s company.
Yet, she didn’t ask the normal questions that other customers usually ask Martha.
For example, she didn’t ask to see a catalog of different options, with customization options and prices. She simply told Martha what she wanted and trusted that Martha’s company would produce a quality result.
2. Identify the location
Secondly, Jessica’s business is located in a different city, far away from where Martha’s company is located. That’s suspicious, because services like Martha’s are available in any city.
Why would a company not take the opportunity to save on the shipping costs by ordering the products in their own city?
Because Jessica’s company is fake, and it would be easier for Martha to realize her company was fake if Jessica used an address in Martha’s city.
3. Take note of the branding
Another red flag to look for is if the company is ordering a large number of items without including their logo on the items, or if they’re asking for just a color or really simple, basic branding, like a single letter.
Most companies have a unique logo, and the whole point of ordering branded items in bulk to give away is to showcase that logo.
If they’re going logo-less, or with something really simple, they might be intending to resell or use the items for something other than what they’re saying. The transaction has a high risk of being processed on a stolen credit card.
Five tips to help prevent scams
Before we go, here are five more pieces of advice to protect yourself from scams:
- If it sounds too good to be true, it usually is.
- Don’t always believe sob stories, and anything urgent should be met with extreme skepticism.
- Just because you’ve been paid doesn’t mean you haven’t been scammed. No matter your documentation, if the payment was made on a stolen credit card, you will be liable for the chargeback amount.
- Always listen to your gut: We have an uncanny ability to ignore our instincts when a large sum of money is at stake. But if you feel your spidey sense tingling, pay attention.
- Don’t be afraid to dig for more information. If the customer really wants to buy your service, they’ll provide you with the information you need to validate their story. If you’re unsure or have suspicions, you can always reach out to your payments processor and consult the risk experts.
We know even thinking about scams can be frightening, but by doing your research (like reading this article!), you’re lowering your chances of getting scammed, and can go back to running your business with more peace of mind.
To learn more about online payment platform scams and arm yourself with more knowledge, read our latest blog.
(and create unique links with checkouts)
*While subscribed to Wave’s Pro Plan, get 2.9% + $0 (Visa, Mastercard, Discover) and 3.4% + $0 (Amex) per transaction for the first 10 transactions of each month of your subscription, then 2.9% + $0.60 (Visa, Mastercard, Discover) and 3.4% + $0.60 (Amex) per transaction. Discover processing is only available to US customers. See full terms and conditions for the US and Canada. See Wave’s Terms of Service for more information.
The information and tips shared on this blog are meant to be used as learning and personal development tools as you launch, run and grow your business. While a good place to start, these articles should not take the place of personalized advice from professionals. As our lawyers would say: “All content on Wave’s blog is intended for informational purposes only. It should not be considered legal or financial advice.” Additionally, Wave is the legal copyright holder of all materials on the blog, and others cannot re-use or publish it without our written consent.
Read next
