Uncategorised

MOBILE MONTH: Selecting mobile fraud prevention solutions

Mobile phones, as personal devices frequently used for financial transactions, communications, and data storage, have become a prominent target for fraudsters. In the UK, mobile phone-based fraud prevention is a growing concern for many businesses. As anti-fraud professionals look to tackle this challenge, selecting the right supplier and solution is pivotal. Here are the principal considerations to bear in mind, based on input from delegates and suppliers at the Merchant Fraud Summit…

  1. Understanding the Threat Landscape:
    • Diverse Threats: Ensure your chosen supplier has expertise in diverse mobile threats, from SIM swapping to malicious apps.
    • Continuous Monitoring: The solution should proactively monitor and predict threats, evolving in real-time as new mobile-based fraud methods emerge.
  2. Integration and Compatibility:
    • Cross-platform Support: The solution should be compatible across various mobile operating systems, notably Android and iOS.
    • Integration with Current Systems: It’s crucial that the chosen solution integrates smoothly with your existing IT infrastructure and security protocols.
  3. Real-time Protection:
    • Immediate Alerts: Given the personal and immediate nature of mobile phones, real-time alerts for suspicious activities are essential.
    • User Verification: Implement multi-factor authentication (MFA) that leverages mobile capabilities, like biometrics or SMS codes.
  4. User Experience:
    • Balancing Security with Usability: While fortifying security, the solution should not overburden legitimate users with cumbersome processes.
    • Adaptive Security: Consider solutions that adapt based on user behaviour, raising security measures for unfamiliar patterns but easing them for recognised behaviours.
  5. Comprehensive Reporting:
    • Insightful Dashboards: Solutions should provide detailed reports, highlighting vulnerabilities, attempted fraud incidents, and successful interventions.
    • Predictive Analysis: Leveraging AI and machine learning, the system should predict potential future threats.
  6. Regulatory Adherence:
    • Data Protection: Ensure the solution is compliant with UK and EU regulations, especially GDPR, ensuring user data’s privacy and security.
    • Industry Standards: For mobile payments or financial services, ensure compliance with relevant industry security standards.
  7. Supplier’s Reputation:
    • Proven Expertise: Prioritise suppliers with a strong track record in mobile security and fraud prevention.
    • Client Feedback: Reviews and testimonials can provide a genuine sense of the solution’s efficacy and reliability.
  8. Cost Considerations:
    • Value Proposition: Evaluate the potential financial losses from mobile fraud against the cost of the solution, ensuring a favourable return on investment.
    • Flexible Pricing Models: Some suppliers may offer tiered or scalable pricing, allowing you to choose based on your specific needs.
  9. Support and Training:
    • Initial Setup: Comprehensive onboarding will ensure your team maximises the solution’s potential from day one.
    • 24/7 Support: Given the always-on nature of mobile devices, round-the-clock support is crucial.
  10. Future Preparedness:
  • Ongoing Updates: With mobile technology rapidly evolving, the chosen solution should receive frequent updates to counter emerging threats.
  • Scalability: As your organisation grows and mobile usage patterns change, the solution should adapt accordingly.

In the dynamic landscape of mobile phone-based fraud, UK anti-fraud professionals must be diligent and forward-thinking in their choice of prevention solutions. A strategic approach, underpinned by these considerations, will pave the way for robust mobile security.

Are you looking for mobile anti-fraud solutions for your business? The Merchant Fraud Summit can help!

Image by Pexels from Pixabay

Meet with Ravelin, Kount, Checkout.com and more at the Merchant Fraud Summit

The Merchant Fraud Summit takes place on the 1st November,  at the Hilton, London Canary Wharf – and as an industry professional this is your chance to secure one of the few remaining delegate places.

Your complimentary pass includes:

🤝 A corporate itinerary of one-to-one meetings with solution providers
💭 A seat at our industry seminar sessions (included within your itinerary)
☕ Lunch and refreshments throughout 
👋 Networking breaks to make new connections within your field

Solution providers attending include Ravelin, Alphacomm, Telesign Corp, Nethone, Kount, Ekata Inc, Darwinium, Forter Solutions, NICE Actimize, Checkout.com, Justt, Sift, Riskified and more…

Places are extremely limited, so if you or a colleague are interested in attending, you can confirm your free place via our short booking form.

Data and app security to drive risk management spending growth

Global end-user spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023 when spending will reach $188.1 billion – with application security, data security and identity access management among the key drivers.

That’s according to Gartner, which says the continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending.

Shailendra Upadhyay, Senior Research Principal at Gartner, said: “At the same time, they are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organisation’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security.”

Spending on data privacy and cloud security are projected to record the highest growth rates in 2024, with each segment increasing more than 24% year-over-year (see Table 1). Privacy remains a top organizational priority as regulations that impact the processing of personal data continue to emerge, including those related to the use of AI. Gartner predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.

Table 1. Security and Risk Management End-User Spending for All Segments, Worldwide, 2022-2024 (Millions of U.S. Dollars)

Segment2022 Spending2022Growth (%)2023 Spending2023Growth (%)2024 Spending2024 Growth (%)
Application Security5,047.610.95,765.214.26,670.315.7
Cloud Security4,487.424.05,616.725.27,002.624.7
Data Privacy1,129.29.91,338.718.51,667.324.6
Data Security3,072.921.43,692.120.14,333.317.4
Identity Access Management13,944.113.616,169.116.018,556.514.8
Infrastructure Protection24,089.019.928,359.617.733,319.617.5
Integrated Risk Management5,157.39.65,687.110.36,277.710.4
Network Security Equipment18,932.511.921,383.612.924,360.113.9
Security Services73,394.73.980,835.710.189,996.711.3
Consumer Security Software7,443.42.97,901.76.28,406.76.4
Others8,029.850.111,365.441.514,362.826.4
Total 164,728.010.6188,114.814.2214,953.714.3

Source: Gartner (September 2023)

The continued growth in public cloud services will bolster spending on cloud security tools. In the cloud security segment, the combined spending on cloud access security brokers software (CASB) and cloud workload protection platforms (CWPP) is projected to total $7 billion in 2024, up 24.7% from 2023. Demand for cloud-based detection and response solutions — such as endpoint detection and response (EDR) and managed detection and response (MDR) — is also expected to increase in 2024.

Spending on security services – consulting, IT outsourcing, implementation and hardware support –is forecast to total $90 billion in 2024, an increase of 11% from 2023. Security services is expected to represent 42% of total security and risk management end-user spending in 2024, and to remain the largest area of security and risk management spending in 2024.

“In light of cyber risks increasing, cyberthreats proliferating and a changing operating environment, it is more critical than ever for organizations to build and optimize a cybersecurity program,” said Upadhyay. “It is the cornerstone of cybersecurity initiatives which help SRM leaders secure new environments, protect against the expanded attack surface, consume security capabilities in new ways and create better efficiencies through automation.”

Image by Emilian Robert Vicol from Pixabay

90% of online retailers losing money to policy abuse

Policy abuse–behaviours such as excessive returns, refund scams such as claiming an item was not received or returning empty boxes, abusing promotions like coupon codes or loyalty program rewards, or reselling limited-inventory items is soaring, with 90% of online merchants believing the issue is a significant problem for their bottom lines.

That’s according to Riskified’s Policy Abuse and Its Impact on Merchants: Global Benchmarks 2023, which found that two-thirds of retailers (67%) said they can recoup less than half of the total value of a returned item. A representative from a leading fitness apparel brand that Riskified interviewed even said that, depending on item cost, their company might be better off financially if the customer broke into their warehouse and stole an item, rather than purchase and then return it. 

Lenient return policies and promotion programs are driving lost profits, yet merchants feel they must maintain their approach: 93% of retailers said it is “somewhat important” or “very important” for their organizations to offer generous refund and return policies to win new customers and retain loyal ones. 90% of respondents said they are reliant on promotions to drive sales and remain competitive.

Other key findings from the Riskified’s policy abuse benchmark report include:

  • 9 out of 10 online retailers said they face significant costs due to policy abuse.
  • Policy abuse “peaks” at certain times of year. 70% of online merchants experienced a rise in all forms of policy abuse during the summer shopping season, and two-thirds (67%) saw more policy abuse during the post-holiday returns season.
  • Losses from policy abuse have increased year-over-year (YoY). 57% of merchants faced increased costs from INR (item-not-received) abuse between 2021 and 2022, compared to a 45% YoY increase for reseller abuse, a 38% YoY increase for promotional code and loyalty program abuse, and 37% YoY increase for returns abuse.

Amidst the challenging economic climate for ecommerce enterprises globally, the report identifies the key trends that are contributing to the rapid rise in policy abuse in 2023.

According to Riskified’s data, the motivation for committing policy abuse is due to a mix of economic factors (such as inflation or entering a holiday period during which consumers have stretched disposable income) and emotional factors (such as a bad customer experience with a retailer).

Policy abuse is a unique problem for merchants to tackle because, unlike traditional fraud, it can be committed by people who are otherwise good customers, and in most cases it requires no special skills or access to stolen credentials or accounts. An analysis of Riskified client data, for example, shows that on average 20% of all refund claims are abusive. Notably, policy abuse can cost some merchants even more than traditional fraud chargebacks, resulting in over $100 billion in losses for ecommerce merchants worldwide. 

Merchants are also burdened by the operational impacts of processing refunds and returns, most of which are handled manually. 62% of merchants said they do not currently have automated systems (including machine learning) to accurately identify and address policy abuse, and 65% of respondents use a manual review process for the majority of refund and return claims. It takes most retailers (68%) three to four days to process a refund or return.

“Between Amazon fast and free returns, and popular deep discount flash sales, it has been a race to the bottom for merchants who feel that they must offer increasingly lenient programs in order to remain competitive,” said Jeff Otto, CMO at Riskified.  “Although a wonderful experience for good consumers, a growing spectrum of hidden policy abusers have tipped the scales — deeply hurting merchant profitability. The key to solving this challenge is resolving the true identity of the consumer, extending trust and frictionless experiences to good customers, while curbing the abusers, and stopping the fraudsters.” 

Image by Pexels from Pixabay

These are the most in-demand merchant fraud solutions for 2023/24

Fraud Detection Tools, Anti-Fraud Software and Chargeback Protection are topping the list of technologies the UK’s anti merchant fraud professionals are sourcing for 2023/24, according to our exclusive research.

The findings have been revealed in the run up to the Merchant Fraud Summit, which takes place on November 1st in London and are based on delegate requirements.

Delegates registering to attend are asked which solutions they needed to invest in during 2023/24 and beyond.

Risk Prevention and AI technologies rounded out the Top 5.

Top 10 technologies being sourced by Marchant Fraud Summit delegates 2023/24:

Fraud Detection Tools

Anti-Fraud Software

Chargeback Protection

Risk Prevention

AI Technologies

Device Intelligence

Training

Digital Identity Verification

Dispute Management

APIs

Sarah Beall, Managing Director at Forum Events & Media, said: “The way we match buyers and suppliers at the Merchant Fraud Summit gives us a unique insight into the types of products and services the industry is looking for right now. Not only does it mean we can deliver a highly-targeted B2B event with proven outcomes for all attendees, but we can deliver valuable insights into how the market is developing at what is a hugely exciting time for all stakeholders.”

To find out more about the Merchant Fraud Summit, visit https://fpsummit.co.uk.

For more information about the buying trends data and the Marchant Fraud Summit, contact Jennie lane on 01992 374098 | j.lane@forumevents.co.uk.

Harnessing artificial intelligence to combat merchant fraud in retail

The retail sector has been both blessed and cursed for the fast pace of e-commerce growth and arrival of alternative payments. The boon of online shopping and digitisation has expanded horizons for retailers, but with it comes the bane of increased fraud. Fortunately, Artificial Intelligence (AI) emerges as a stalwart ally in detecting and thwarting merchant fraud. Here’s how AI is revolutionising the fight against fraudulent activities in retail…

  1. Real-time Fraud Detection:
    • Function: AI algorithms can continuously monitor transactions, identifying anomalies and suspicious patterns in real-time, often before a human could even notice them.
    • Benefit: Immediate detection ensures that potentially fraudulent transactions are flagged and investigated swiftly, minimising financial losses and ensuring consumer trust remains intact.
  2. Predictive Analysis:
    • Function: By examining vast sets of historical data, AI can predict potential future fraudulent activities based on past patterns and behaviours.
    • Benefit: Proactively identifying possible fraud before it even occurs puts retailers one step ahead of fraudsters, thereby acting as a deterrent.
  3. Multi-layered Verification:
    • Function: AI can integrate and analyse data from various sources – such as transactional data, customer behaviour, and device ID – to validate the authenticity of a transaction.
    • Benefit: A comprehensive, multi-faceted verification process reduces the likelihood of false positives, ensuring legitimate transactions are not inadvertently blocked.
  4. Natural Language Processing (NLP):
    • Function: AI-driven NLP tools can scan customer communication, feedback, and reviews to identify possible instances or allegations of fraud that might go unnoticed in vast datasets.
    • Benefit: By pinpointing these potential red flags, retailers can proactively investigate and address concerns, bolstering their reputation and trustworthiness.
  5. Deep Learning for Identity Verification:
    • Function: Deep learning, a subset of AI, can be utilised for facial recognition, voice recognition, and other biometric verifications to ensure that a transaction is being made by the legitimate cardholder.
    • Benefit: This level of identity verification significantly reduces instances of identity theft and card-not-present fraud.
  6. Behavioural Analytics:
    • Function: AI can track and analyse the behavioural patterns of users, including browsing habits, purchase history, and even mouse movements, to detect anomalies that might indicate fraud.
    • Benefit: Recognising deviations from a user’s typical behaviour allows for more nuanced fraud detection, reducing both false negatives and positives.
  7. Adaptive Systems:
    • Function: AI systems can learn and adapt. As they encounter new types of fraud or refine their understanding of existing schemes, they can evolve to detect and prevent these new threats more effectively.
    • Benefit: An adaptive system ensures that fraud detection strategies are always up-to-date and equipped to combat the latest tactics employed by fraudsters.

The marriage of retail and AI in the realm of fraud detection and prevention offers a robust shield against malicious activities. While no system can guarantee complete immunity, the capabilities of AI certainly place retailers in a far stronger position to safeguard their assets, reputation, and most importantly, their customers.

You can learn more about the benefits of AI and the anti-fraud benefits it offers at the Merchant Fraud Summit.

Image by Pexels from Pixabay

Do you specialise in Mobile Fraud Prevention or AI for Fraud Prevention Solutions? We want to hear from you!

Each month on Merchant Fraud Briefing we’re shining the spotlight on a different part of the market – and in October we’ll be focussing on Mobile Fraud Prevention & AI for Fraud Prevention.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in Mobile Fraud Prevention or AI for Fraud Prevention Solutions and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Here’s our 2023 Features List in full:-

October – Mobile Fraud Prevention & AI for Fraud Prevention

November – Biometrics for Fraud Detection & IP Intelligence/Proxy Detection

December – POS Verification & Chargebacks

For more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Visa highlights AI threat in latest data

Visa’s latest Biannual Threats Report highlights a ‘significant’ rise of phishing schemes proliferated through generative AI tools, and a marked increase in enumeration and ransomware. While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January – June 2023), Visa shared that it helped to proactively block $30 billion in those time periods.

However, threat actors were successful in conducting targeted and sophisticated fraud schemes impacting specific institutions, technology, and processes.

Highlights of the report’s findings include:

  • Ransomware attacks continue to evolve and grow in prevalence. March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023 numbers and 62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36%) root cause of ransomware attacks, followed by compromised credentials (29%). Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information.
  • Enumeration attacks continue to impact merchants and consumers alike. The period covered in this study saw a 40% increase in enumeration attacks over the previous six months. Visa used its Visa Account Attack Intelligence to identify these attacks in real time to alert merchants and stop fraud in its tracks.
  • Card-Not-Present merchants emerge as bigger target. Online merchants were responsible for 58% of total fraud and breach investigations, while brick and mortar merchants made up 20%, and ransomware/fraud scheme made up 7%.

Retail-specific schemes saw a measurable uptick during the past six months, including:

  • False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers’ orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
  • The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
  • Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
  • Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.

“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, Chief Risk Officer at Visa. “The same way criminals take advantage of technology advances, so does Visa, and the $30 billion of fraud prevented in the last six months alone is a great testament to that.”

While the threat landscape is more complicated than ever, consumers can take solace in the ways Visa is working to protect them. Visa Payment Fraud Disruption’s efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies.

Visa says it also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. Its administrator, Denis Gennadievich Kulkov, faces 20 years in prison. A local enforcement action called Operation Urban Justice was launched in California targeting Electronic Benefit Transfer (EBT) fraud, which led to the arrest of 20 suspects believed to be part of an Eastern European crime syndicate. In April 2023, an international law enforcement coalition led the Genesis Market Takedown, arresting 119 people involved with the cybercrime platform.

Image by hartono subagio from Pixabay

Evolving payment methods to push remote physical goods fraud up by 400%

A study from Juniper Research predicts that the greatest merchant losses to fraud will be via remote physical goods purchases, with losses reaching $5.1 billion across emerging markets in 2028, up from $1 billion in 2023.

Juniper anticipates fraud losses in Africa & Middle East to reach $1.1 billion in 2028; growing 643% from $150 million this year. This is largely due to limited adoption of effective fraud prevention tools in the region. Such tools are needed to keep pace with the rapidly increasing number of transactions, evolving payment methods and growing threats.

The research recommended merchants in the region adopt fraud detection and prevention systems as a priority, or rapid eCommerce growth will translate into massive fraud growth; damaging merchant profitability.

The research urges players to implement AI for analysing trends in fraudster behaviour. This is important in emerging regions, as smartphone adoption causes mCommerce to grow at a rapid rate. Therefore, fraud detection and prevention vendors must utilise data collected throughout the whole eCommerce process to further train and develop their AI fraud detection and prevention models.

Research author Cara Malone said: “With the growing use of AI, it is increasingly important for fraud detection and prevention providers to educate their clients, as AI utilises a variety of data to examine patterns within fraud. AI is extremely advantageous in a space where fraudsters attack at scale, rather than attacking a specific customer.”

Image by THAM YUAN YUAN from Pixabay

Understanding the Payment Card Industry Data Security Standard (PCI DSS) and how it works

In today’s digital age, the seamless and secure processing of payments is paramount for retail businesses. As such, understanding and adhering to the Payment Card Industry Data Security Standard (PCI DSS) is not just a requirement – it’s essential for maintaining customer trust. Here are the vital considerations for retailers navigating PCI DSS compliance, based on input for delegates and suppliers attending the Merchant Fraud Summit…

  1. Understanding the Basics:
    • PCI DSS is a set of security standards designed to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment. It was created by major credit card companies as a guideline to protect sensitive payment card information against theft.
  2. Scope Determination:
    • One of the first steps for a retailer is to accurately determine the scope of their Cardholder Data Environment (CDE). This encompasses all processes, systems, and personnel involved in cardholder data storage, processing, or transmission.
  3. Storage of Sensitive Data:
    • PCI DSS requires that no sensitive authentication data, including full magnetic stripe data, card validation codes, and PINs, be stored post-authorisation. Retailers must use tokenisation or other means to reduce the risk associated with data storage.
  4. Encryption:
    • It’s crucial to encrypt sensitive cardholder data both in transit (while being sent over networks) and at rest (while stored). Using strong cryptography and encryption techniques is paramount to ensure that data, even if intercepted, is unreadable and useless to potential fraudsters.
  5. Regular Vulnerability Assessments and Penetration Testing:
    • Retail businesses must periodically evaluate their systems for vulnerabilities. This includes scanning for weaknesses and conducting penetration tests to determine how resilient systems are against cyber-attacks.
  6. Restricted Access:
    • Ensure that only personnel who need access to cardholder data to perform their job duties have access. Employ robust authentication measures and consider multi-factor authentication for added security.
  7. Vendor Management:
    • Many retailers use third-party vendors for payment processing or other parts of their CDE. It’s vital to ensure that these vendors also comply with PCI DSS standards. Remember, a chain is only as strong as its weakest link.
  8. Regularly Update and Patch:
    • As cyber threats evolve, so too must defenses. Regularly update and patch systems to protect against known vulnerabilities.
  9. Educate and Train:
    • Human error can be a significant vulnerability. Regularly train staff on the importance of PCI DSS, the retailer’s specific processes, and the dangers of phishing or other scams.
  10. Consider Alternative Payments:
    • With the rise of digital wallets, contactless payments, and other alternative payment methods, retailers have more options than ever. However, each comes with its own security considerations. Ensure that all methods adhere to PCI DSS or their respective standards.

PCI DSS compliance is not just about avoiding penalties; it’s about building and maintaining trust with customers in a digital age where data breaches can severely tarnish a retailer’s reputation. By understanding the scope, employing best practices, and continuously adapting to the changing digital landscape, retailers can provide both a seamless and secure payment experience.

Are you looking for PCI DSS solutions for your retail business? The Merchant Fraud Summit can help!

Image by Ahmad Ardity from Pixabay