4 Strategies to Manage Cyber Fraud

Aug 26 2020 | PayPal editorial staff

Today’s digital transformation allows us to keep in touch and shop anywhere. It also creates opportunities for cyber fraud. While there’s no way to stop it, security experts advise a four-step strategy to minimize negative impacts.
We’re fortunate to live during a time of digital transformation—in which growing digital technologies allow us to keep in touch with people all over the world, put instant knowledge at our fingertips, and shop or sell from the comfort of our homes. It also, however, creates opportunities for cybercrime.
The good news: ecommerce sales are projected to reach US$3.6 trillion in 2019.1 The bad news: ecommerce fraud is already, at least, a US$32 billion problem.2
While fraud isn’t the reason most people get into business in the first place, many businesses are finding they’re spending too much of their time managing it. And dealing with the aftermath of cybercrime is expensive. Beyond the annoyance and loss due to chargebacks, there are the hidden costs as well: declined or cancelled orders, loss of customer trust, lost shipping expenses, wasted labour, and more.   

It’s always better to be proactive than reactive.

While there’s no way to stop criminals from trying to target your online business, you can proactively take action. By setting up a fraud management strategy in advance, you can help avoid paying the heavier consequences that could occur in the face of fraud. When you compare the cost of protecting your business with the cost of losing your business, there’s no contest.
Cyber security experts advise a four-step strategy to minimize negative impacts on your business. And for best results, you must use all of them together—rather than pick one or two—for more comprehensive protection.
1. Educate your team about fraud attack methods. Build or upgrade your existing training program to educate employees involved with taking, approving, or shipping orders. Cybercrimes are most successful when no one even knows they’re happening. Find sources that can be pushed to them every day to help them identify the latest fraud techniques and trends.
2. Build a fraud financial model. There’s no way to protect your business from fraud 100% of the time without turning down a ton of orders. So, it’s a good idea to use analytics to help you determine where fraud is most likely (by product, by region, by device, etc.). Product margin analysis is important as well—the more profitable a product, the more risk you can tolerate—and vice versa. Think about it this way: If you produce and sell a product for $10,000 with a low profit margin—say $500 per item—then a loss to fraud would be keenly felt. In fact, you’d have to sell 20 more just to make up for the loss. Fraud vectors and loss analysis can help you determine which transactions are worth the risk and which ones aren’t.
3. Take advantage of fraud management tools. Even basic tools like AVS, CVV, and risk thresholds can help you minimize fraudulent transactions without losing sales—and 40% of businesses don’t even take advantage of simple services like postal address validation.3 Up your game even further by tapping into advanced fraud tools like custom rule sets and decision transactions with a tailored fraud review dashboard. This helps you to balance automation with good judgment.
4. Choose a robust payment partner. Your payments platform, like the solutions available through PayPal, should allow you to help protect financial data while still making it easy for customers to shop. With PayPal, not only are you qualified for PCI compliance, but you may see higher conversion rates by removing friction, while mitigating the risk of fraud.

Like PayPal, your partners should also provide programs that help protect you against common types of fraud as well as customizable offerings that give you more control and coverage.
Businesses are often pleasantly surprised by how simple it can be to put these strategies into action. Often times it starts with selecting the right technology platform that incorporates all of these strategies into one package. And when it’s a scalable solution, like PayPal, it can enable current and up-and-coming payment methods and security features with one simple integration.
If you’re working with a different platform, now’s the time to ask some important questions—to find out what types of protections are available for your business. What tools, processes, systems, analytics, and partnerships do you want to build? The cybercrime landscape is always changing, and it’s better to set strategies and policies in motion now to help protect your ecommerce business now and in the future.

Click here if you would like to speak to someone in Vietnamese.  
The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.


Frequently asked questions.

Our Business page contains information about the business solutions that we offer.

All US payment processors, including PayPal, are required to provide information to the US Internal Revenue Service (IRS) about customers who receive payments for the sale of goods and services above the reporting threshold in a calendar year.

Will I have to pay taxes when sending and receiving money on PayPal - what exactly is changing?

Beginning January 1, 2023, the Internal Revenue Service (IRS) implemented new reporting requirements for payments received for goods and services, which will lower the reporting threshold to $600 USD for the 2023 tax season, from 2022’s threshold of $20,000 USD and 200 transactions. Here’s some more detail:

1099-K Threshold Change:

  • This new Threshold Change is only for payments received for goods and services transactions, so this doesn’t include things like paying your family or friends back using PayPal for dinner, gifts, shared trips, etc.
  • This change was introduced in the American Rescue Plan Act of 2021, which amended some sections of the Internal Revenue Code to require Third-Party Settlement Organizations (TPSOs), like PayPal, to report goods and services transactions paid to customers with $600 USD or more in annual gross sales on 1099-K forms. Previously, a 1099-K is only required when a user receives more than $20,000 USD in goods and services transactions and more than 200 goods and services transactions in a calendar year.
  • PayPal is required to report payments that are identified by the sender as being for goods and services to the IRS, even if it was a mistake. This requirement applies once you receive $600 USD or more from this type of payment. Although this transaction is reportable by PayPal, it’s possible that the transaction is not taxable. It’s always best to speak with a tax professional for any specific concerns you may have.

Tax Year Year Form Available     Federal Reporting Threshold  



More than $20,000 USD in gross sales from goods or services AND more than 200 transactions in the calendar year.



$600 USD or more in gross sales from goods or services in the calendar year.

What is a Goods and Services payment with PayPal?

Both PayPal and Venmo offer a way for customers to tag their peer-to-peer (P2P) transactions as either personal/friends and family or goods and services by choosing the appropriate category for each transaction. Users should select Goods and Services whenever they are sending money to another user to purchase an item, like a couch from a local ad listing or concert tickets, or paying for a service. These transactions are also eligible for coverage under PayPal and Venmo’s Purchase Protection Program. Goods and services payments are designed to provide both buyers and sellers peace of mind knowing that they may be covered if the transaction doesn’t go as expected.

You can find out more on PayPal Goods and Services transactions here, and Venmo Goods and Services transactions here. Terms and conditions apply.

Will the updated 1099-K threshold change apply if I sell personal property, like a couch or an item at a garage sale, for $600 USD or more if it was sold for less than its original value? Will I be issued a Form 1099-K?

Form 1099-K is an IRS informational tax form that is used to report goods and services payments received by a business or individual in the calendar year. While payment service providers, like PayPal and Venmo, are required by the IRS to send customers a Form-1099K if they meet the $600 USD threshold amount, there are certain amounts included on the form that may not be taxable. PayPal is required to report the total gross amount of payments received for goods and services which can include:

  • Amounts from selling personal items at a loss
  • Refunded amounts
  • Processing fees

However, certain amounts may not be considered taxable income to you.

We encourage customers to speak with a tax professional when reviewing their 1099-Ks to determine whether specific amounts are classified as taxable income.

What is Form 1099-K?

Form 1099-K is an IRS informational tax form used to report payments received by a business or individual for the sale of goods and services that were paid via a third-party network, often referred to as a TPSO or credit/debit card transaction. The IRS requires TPSOs, such as PayPal and Venmo, to issue a Form 1099-K, which shows the total amount of payments received from a TPSO in the calendar year. Taxpayers should consider this amount with their tax advisor when calculating gross receipts for their income tax return.  For more information, visit the IRS website here.

If you meet the IRS threshold in a given calendar year, PayPal will send you a Form 1099-K in January of the following year and file this form with the IRS by the required due date.

You can access your Form 1099-K from your PayPal account from January 31 and your Crypto gains and loss statement from February 15. Please go to the new PayPal Statements & Tax Center. Merchants, please go to your Tax Statement Page.

You can also view and download your Form 1099-K online by January 31st annually. You won’t receive a Form 1099-K if you didn’t meet the reporting requirement for the tax year.

What do I need to do when the 1099-K threshold change takes effect?

PayPal and Venmo will ask customers to provide tax information like an Employer Identification Number (EIN), Individual Tax ID Number (ITIN), or Social Security Number (SSN), if they haven’t already, as they approach the reporting threshold, so they may continue using their account to accept payments for the sale of goods and services without any issues.

If your TIN fails verification, you'll need to fill out an equivalent tax form W-9.

If there are any discrepancies between what is reported by the IRS for your TIN and name and what PayPal has on file and used for Form 1099-K, you may receive an IRS B-Notice.

How does this 1099-K threshold change impact how I use PayPal?

This change should not impact how you use PayPal and Venmo. You can continue to use the PayPal and Venmo platforms as you do right now, and the benefits that are offered by sending money via our goods and services P2P feature – including buyer and seller protections on eligible transactions for PayPal and Venmo.

If you're asked to provide your Tax Identification Number (TIN), such as a Social Security Number (SSN), Employer Identification Number (EIN), or Individual Taxpayer Identification Number (ITIN) to your existing account(s), we'll attempt to verify the information with the IRS. If your TIN fails verification, you'll need to fill out an equivalent tax Form W-9.   

If the discrepancy persists, you may receive an IRS B-Notice later in the year to help you correct the mismatch. 

Some common reasons why a TIN may fail verification include:

  • Invalid or incomplete Tax Identification Number (EIN, SSN, ITIN)
  • The name and/or TIN that appears on your PayPal account doesn't match what the IRS has on file.  
  • The business name on your PayPal account is different than the legal business name used with the IRS for tax purposes.

Tip: Minor typographical errors with the name (missing period or capitalization) in a business name wouldn't be the reason why there's an IRS mismatch.
How do I change the name on my PayPal account?

A person of the United States generally includes the following:

  • A U.S. citizen or resident alien, including U.S. citizens living outside the U.S. or U.S. citizens and residents operating a business outside the U.S. (This includes green card holders.)
  • A corporation or partnership organized in the U.S. or under the laws of the U.S. or any state thereof, including where the entity is operating a business outside the U.S.
  • An estate (other than a foreign estate)
  • A trust if (i) a court within the U.S. would have authority under applicable law to render orders or judgments concerning substantially all issues regarding the administration of the trust, and (ii) one or more U.S. persons have the authority to control all substantial decisions of the trust or an estate of a decedent that is a citizen or resident of the U.S.

For more information, see the IRS website.

You can upload your completed tax form through your PayPal account or email it to taxdocumentupload@paypal.com.  

The contents of this site are provided for informational purposes only. The information in this article does not constitute legal, financial, IT, business or investment advice of any kind and is not a substitute for any professional advice. You should always obtain independent, professional accounting, financial, IT and legal advice before making any business decision.