A look at some of the latest trends in payment fraud and what banks can do to protect themselves.
Fraud is never still. As the financial sector stands its ground and hardens its protection, fraudsters shift technical gears and move to another vulnerable area. Over the last few years, a pandemic has adjusted buying habits, digital transformation is delivering the cashless society, and new technologies, like generative AI, are providing novel ways to defraud. The result is ever-increasing losses due to payment fraud; a Juniper Research report estimates that payment fraud, driven by fraudster innovation, will exceed $343 billion by 2027.
This alignment of fraud planets requires intelligent solutions and approaches to stop fraudsters from winning the war of attrition. Eastnets looks at some of the trends in payment fraud and how banks can use intelligent technologies to stop fraud in its tracks.
Generative AI, identity fraud, and payments
Deep fakes and Generative AI are elevating fraud to new heights. Eastnets recently wrote about the risks of Generative AI on regulatory compliance in the banking sector. One of the areas we highlighted was using AI models to generate fake identity documents that were then used in banking KYC/CDD processes. Eastnets recognize that identity is an element that underpins financial transactions -- fraudsters also understand this link. Identity-related bank fraud will continue to be a serious threat to the banking sector as Generative AI becomes more powerful and helps to generate more verifiable and believable synthetic identities to carry out payment fraud. This is one to watch and prepare for as regulatory compliance comes into line with this new threat.
Stolen data continues to feed ATO
Account Takeover (ATO) fraud increased by 131% in the second half of 2022. Account takeover happens through various mechanisms, including credential stuffing bot attacks and brute force, fed by previous data breaches that provide usernames and even passwords. MFA authentication is no longer a way to stop ATO, with social engineering attacks circumventing even MFA. Once an account is controlled by a fraudster, it is much easier to initiate unauthorized transactions. The information within an account can also be used to perpetuate fraud, using the account as part of a wider money laundering process or selling personal information to other fraudsters; payment fraud is part of the cycle of ATO.
False positives cause mayhem
Accurate payment fraud detection should not be underestimated, as the impact on a business can be serious and debilitating. A false positive flag is a legitimate payment but identified as a possible fraud event. The result is that the payment is stopped, annoying the customer and resulting in lost revenue for the merchant. Banks that have high levels of false positives may even abandon fraud prevention tools as a way to cope with the tsunami of false positives and associated losses; a 2021 article from PYMNTS says that CNP transactions that are falsely flagged as fraudulent are causing annual losses of $118 billion. The article states that “false positives can cost merchants up to 75 times more than the fraud itself.” As payment volumes increase with process digitization, false positives will follow unless an intelligent and risk-based approach is implemented.
Fraudsters follow next-generation fraud routes
Fraudsters are already and will continue to capitalize on, new fraud routes. Environmental crime, for example, is providing cyber criminals with gains of over $281 billion per year. Where there is money, fraudsters will be close-by. Money laundering tactics and trade-based financial crime (TBFC) are driving trends in environmental crimes that will also weave in payments to execute fraudulent transactions. FinCEN urged banks to get involved in reducing environmental crimes and associated fraud practices, such as payment fraud.
Intelligent fixes for payment fraud
Payment fraud will continue to skyrocket unless the anti-fraud industry can supply banks with intelligent tools that can handle the level of sophistication of modern payment fraud. The Juniper Research report mentioned earlier concludes that innovative fraud practices need innovative fraud prevention solutions.
If we take ATO fraud as an example: ATO can be difficult to detect as the signals of ATO fraud are nuanced; after all, the account taken over is legitimate; it is just now under the control of a fraudster. However, indicators of fraud are possible to detect. Unusual or anomalous account activity is an area of focus in ATO fraud detection. Applying machine learning to detect unusual transactions or account usage is an area where banks can fight back against payment fraud initiated by account takeover.
However, prevention is the best action for account takeover fraud. During account creation, banks must perform robust KYC/CDD checks that are intelligent enough to query across many verification checks. Customer due diligence must follow a process of Identify- Verify-Review. Customer KYC/CDD should include verification of applicants against watchlists and dynamic risk scoring.
The false positive issue can also be fixed using next-generation intelligent anti-fraud technologies. False positives are an inherent problem because of the vast volumes of transactions; for example, Faster Payments broke the record of its transaction volumes with over 3.9 billion payments processed in 2022. Intelligent technologies have been proven to reduce false positives: Eastnets Lead Data Scientist Daoud Abdel Hadi, says this on the topic:
“The emergence of Artificial Intelligence (AI) has been seen as a potential light at the end of the tunnel, showing it can reduce false positives by upwards of 70%. Its power lies in its ability to mimic human decision-making when it comes to matching entities together.”
Payment fraud is part of a broader chain of financial crime. Trends in payment fraud point to these chains becoming ever more obfuscated and complex. Advanced and intelligent tools that use AI and machine learning are designed to provide deep, real-time, and ongoing monitoring of customers. These tools cover the fraud chain from synthetic identities to account takeover to payment transactions, even across borders. Solutions like SafeWatch AML and SafeWatch KYC use AI to monitor connections between transactions and relationships, a critical element in detecting unusual activity that signals sophisticated fraud.
