Last updated: June 2026
Criminals target payment platforms, merchants, and consumers. This page explains common schemes and practical defences. It does not replace advice from your bank, lawyer, or law enforcement. For prohibited conduct, see our Terms and Conditions.
Payment fraud damages trust, causes losses, and can expose you to regulatory scrutiny. Many attacks exploit urgency, authority, or familiarity rather than technical flaws in the platform itself.
CheckoutPay operates within Nigeria's regulated payments environment. Safeguarding and settlement integrity may involve arrangements with MetroOven Innovations under applicable CBN and NDIC frameworks as relevant to its licence. That does not remove your duty to verify people, invoices, and instructions independently.
Attackers send emails, SMS, WhatsApp messages, or ads imitating CheckoutPay, your bank, or WooCommerce asking you to click a link and enter passwords or OTPs.
Always type our official website address or use saved bookmarks. Check the browser padlock and domain carefully. Report suspicious messages to support.
A message claims to be your director, founder, or key supplier demanding an urgent transfer or change of bank details.
Verify by calling a known phone number—not the number in the message—before changing settlement accounts or approving payouts.
A payer sends more than the invoice amount and asks you to refund the difference quickly, often to a different account or outside normal channels.
Treat unexpected overpayments as high risk until confirmed through ordinary reconciliation processes.
Weak or reused passwords, malware, or stolen session cookies can let criminals access your business dashboard, change API keys, or redirect webhooks.
Use unique passwords, limit admin users, and review access logs where available.
Fraudsters persuade mobile operators to port your number so they receive OTPs meant for you.
Protect SIM accounts with operator PINs; be alert if your phone loses service unexpectedly.
Someone contacts you claiming to be CheckoutPay support and asks for PINs, passwords, remote desktop access, or 'verification' payments.
We communicate through official channels published on this website. Support does not request your wallet PIN or full API secrets over chat.
Consumers may be tricked into sending money to impersonators, fake investment schemes, or romance fraudsters using payment links.
Wallet users should confirm recipient identity and never share PIN or confirmation links.
Merchants should implement dual control for changing bank details, train finance staff, reconcile daily, and document who integrated payment plugins.
Contact us immediately through the official support page. Preserve screenshots, email headers, transaction references, and chat logs.
Time matters: prompt reporting may help limit further loss.
Report criminal conduct to the Nigeria Police Force and notify your bank. You may also use complaint channels offered by relevant financial authorities for certain issues.
We may cooperate with lawful investigations but cannot recover funds sent voluntarily to criminals in all cases.
We may publish alerts when new patterns emerge. Review this page and our Security page periodically.
We update this page when we make substantive changes. The date at the top reflects the latest revision.