Posts Tagged :


Visa highlights AI threat in latest data

Visa’s latest Biannual Threats Report highlights a ‘significant’ rise of phishing schemes proliferated through generative AI tools, and a marked increase in enumeration and ransomware. While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January – June 2023), Visa shared that it helped to proactively block $30 billion in those time periods.

However, threat actors were successful in conducting targeted and sophisticated fraud schemes impacting specific institutions, technology, and processes.

Highlights of the report’s findings include:

  • Ransomware attacks continue to evolve and grow in prevalence. March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023 numbers and 62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36%) root cause of ransomware attacks, followed by compromised credentials (29%). Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information.
  • Enumeration attacks continue to impact merchants and consumers alike. The period covered in this study saw a 40% increase in enumeration attacks over the previous six months. Visa used its Visa Account Attack Intelligence to identify these attacks in real time to alert merchants and stop fraud in its tracks.
  • Card-Not-Present merchants emerge as bigger target. Online merchants were responsible for 58% of total fraud and breach investigations, while brick and mortar merchants made up 20%, and ransomware/fraud scheme made up 7%.

Retail-specific schemes saw a measurable uptick during the past six months, including:

  • False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers’ orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
  • The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
  • Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
  • Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.

“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, Chief Risk Officer at Visa. “The same way criminals take advantage of technology advances, so does Visa, and the $30 billion of fraud prevented in the last six months alone is a great testament to that.”

While the threat landscape is more complicated than ever, consumers can take solace in the ways Visa is working to protect them. Visa Payment Fraud Disruption’s efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies.

Visa says it also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. Its administrator, Denis Gennadievich Kulkov, faces 20 years in prison. A local enforcement action called Operation Urban Justice was launched in California targeting Electronic Benefit Transfer (EBT) fraud, which led to the arrest of 20 suspects believed to be part of an Eastern European crime syndicate. In April 2023, an international law enforcement coalition led the Genesis Market Takedown, arresting 119 people involved with the cybercrime platform.

Image by hartono subagio from Pixabay

Fraud risk trends to watch out for in 2023

Various types of fraud pose significant risks to UK businesses, including financial loss, reputational damage, legal consequences, regulatory non-compliance, and loss of customer trust. Fraudulent activities can also lead to direct monetary losses through theft, embezzlement, or fraudulent transactions. 

The reputation of a business can be severely affected, impacting customer perception and relationships with partners and stakeholders. 

Legal consequences and regulatory penalties may also arise from non-compliance with fraud prevention regulations. Additionally, fraud erodes customer trust, potentially leading to decreased sales and a damaged brand image.

Being informed allows businesses to proactively address vulnerabilities, demonstrate commitment to security, and mitigate the potential damage caused by fraudulent activities.

Here are seven of the top fraud risk trends to watch out for in 2023, couyrtesy of Yves Laffont, Sector Lead, Financial Crime at  FDM Group:-

  1. Cybersecurity breaches are on the rise

The Cyber Security Breaches Survey reveals that a total of 11% of businesses have experienced cyber crime in the last 10 months, which includes 26% of medium businesses and 37% of large businesses. It is estimated that there have been 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime within this time period. With each instance of cyber crime estimated to cost a business £15,300 per victim per year, the cost of cybersecurity breaches can be hefty. The rising frequency of cyberattacks means that tackling cyber threats should be a high priority for medium and large businesses in particular.

  1. Deepfake technology fuelled by AI advancements

Deepfake technology derives from the terms ‘deep learning’ and ‘fake’, referring to the use of AI to create realistic fake audio, video, or images. It can be used to impersonate people and aid malicious individuals in identity theft. Deepfake technology can even simulate speech, actions, and emotions, and can be quite convincing!

While deepfakes are becoming increasingly prevalent across social media apps, deepfake technology can also be used to defraud businesses by convincing an employee to compromise sensitive information, release funds, or engage in fraudulent transactions. 

  1. Synthetic identity theft is increasingly difficult to detect

Synthetic identity theft typically combines both legitimate components, such as real addresses, and fabricated information, which can make it extremely challenging to detect and prevent. Moreover, since the fraudulent identities have no prior credit history or suspicious activities associated with them, they can evade traditional fraud detection systems that rely on historical data patterns.

  1. Account takeover fraud has grown by 350% YOY

An account takeover (ATO) refers to when a criminal gains access to a real consumer account, such as a social media, email, or bank account, which will typically be done using stolen information. Account takeover fraud increased by 250% year-on-year in 2020, with financial services firms witnessing 72% of all these attacks. Similarly, in 2021, 20% of data breaches were attributed to account takeovers, totalling over $5.1 billion for consumers and businesses. This emphasises the importance for financial institutions to take proactive measures to protect their customers, and serves as a reminder to other industries that account takeovers are a serious threat they may encounter and must be wary of. 

  1. Businesses are more susceptible to card-not-present (CNP) fraud risk liability

Card-not-present fraud (CNP) occurs when consumers pay for goods and services online, by telephone or by mail, where a card is not presented to the merchant physically for verification. When a cardholder’s billing information is compromised or stolen, an unauthorised individual may use their card to make purchases. Unfortunately, with the rise of e-commerce and consumers still demanding quick ways to purchase products, fraudsters are provided with ample opportunities to exploit vulnerabilities in online payment systems, manipulate checkout processes, or use stolen card information to make fraudulent purchases.

  1. Insider threats pose a high fraud risk

While organisations must be vigilant of external threats, insider threats have also risen by 44% in the past few years. Insider threats can occur from the actions of either current employees, former employees, customers, or suppliers – either through malicious intent or negligence. Employees with privileged access typically pose the highest fraud risk for your business.

In many cases, insider threats are motivated by money, competitive advantages, and revenge. For example, 45% of employees download, save, or send work documents to their personal accounts after leaving a job in order to impress their new employers. The sharing of company contracts, spreadsheets, or customer information can pose a serious risk for all parties involved.

  1. Social engineering attacks in an age of remote working

Social engineering is not a direct cyber attack but, instead, involves using human psychology to persuade individuals to put their guard down and partake in unsafe activities, such as handing over sensitive information or clicking a malicious website link. Phishing is one of the most common forms of social engineering where fraudsters impersonate legitimate entities, such as banks, government agencies, or trusted organisations, to trick individuals into providing their personal information, such as passwords or credit card details.

Living in an age of remote working, social engineering attacks are increasing. A study shows that 9 out of 10 respondents state that the threat landscape has worsened, and 75% say remote working has contributed to this. Social engineering attackers have been capitalising on the frequent online communication with online messaging and emails being the primary form of organisational comms.

Image by Alexa from Pixabay

Demand for fraud detection solutions to drive market to $252bn

The fraud detection and prevention industry generated $29.5 billion in 2022, and is anticipated to hit 252.7 billion by 2032, equivalent to a CAGR of 24.3% over the forecast period.

Analysis by Allied Market Research cites the introduction of big data analytics and cloud computing service, plus an upsurge in mobile payments, to bolster the growth of the market.

However, it adds that the high cost of fraud detection and prevention solutions is likely to restrict the pace of growth in some markets.

Based on component, the solution segment held the highest market share in 2022, accounting for nearly two-thirds of the fraud detection and prevention market revenue and is estimated to maintain its leadership status throughout the forecast period.

The growing instances of security breaches and cyber-attacks drive the segment growth. However, the service segment is projected to manifest the highest CAGR of 28.0% from 2023 to 2032. This is because fraud detection and prevention services help reduce the time and costs associated with optimizing systems in the initial phase of deployment.

Based on deployment mode, the on-premises segment accounted for the largest share in 2022, contributing to more than three-fifths of global fraud detection and prevention market revenue. This is because on-premises applications offer many benefits in terms of security, flexibility, and customization.

However, the cloud segment is expected to portray the fastest CAGR of 28.0% from 2023 to 2032 and is projected to maintain its lead position during the forecast period. Growth in the adoption of cloud-based fraud detection and prevention solutions among large and medium-sized enterprises mainly drives the growth of the segment.

Based on organization size, the large enterprises segment held the highest market share in 2022, accounting for nearly two-thirds of the fraud detection and prevention market revenue and is estimated to maintain its leadership status throughout the forecast period.

There is an increase in the adoption of fraud detection and prevention in large enterprises, owing to the rise in complexity, cyber risks, and threats in business processes, which leads to high competition across industries. However, the small and medium-sized enterprises segment is projected to manifest the highest CAGR of 28.6% from 2023 to 2032. The need to implement cost-effective security solutions such as encryption, risk & compliance, and incident management drives the adoption of fraud detection and prevention solutions in SME’s.

Based on region, North America held the highest market share in terms of revenue in 2022, accounting for more than one-third of the global fraud detection and prevention market revenue. However, the Asia-Pacific region is expected to witness the fastest CAGR of 28.8% from 2023 to 2032, and is likely to enhance the market growth during the forecast period. The surge in the usage of mobile data for various applications such as social media and mobile banking contributes to the adoption of fraud detection & prevention solutions in Asia-Pacific.

Image by Markus Spiske from Pixabay

BPFI data shows increase in payment fraud in ireland

Fraudsters stole nearly €85 million (€84.6m) through frauds and scams in Ireland during 2022, an increase of 8.8% on 2021, according to a detailed report published by FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI).

The FraudSMART Payment Fraud Report H2 2022 outlines how card fraud accounted for over 95% of fraudulent payment transactions by volume but only 40% of fraud losses at €33.4m.

Most of the increase was driven by online card fraud or ‘card not present’ fraud where a criminal uses the victim’s compromised card information to make an online purchase (up by 24% in value year-on-year to €27.1m in 2022).

The report also highlights the continued rise in value of unauthorised electronic transfers (primarily payments through mobile and online banking) which accounted for almost 39% of fraud losses at €32.8m, but less than 4% of transaction volumes. Meanwhile, there was a 19% decrease in authorised push payment (APP fraud) transactions in 2022 compared to 2021, and APP fraud losses dropped by 41% to €9.9m, the lowest value since the data became available in 2019.

The report comes as FraudSMART warns consumers to be on high alert as text message fraud, known as smishing, continues to become more prevalent. A recent survey by FraudSMART revealed that this type of fraud is now the dominant channel for fraud attempts, with 1 in 2 adults having received fraudulent text message in the previous 12 months. These text messages often include a link and sense of urgency requiring immediate action.

Niamh Davenport, Head of Financial Crime, BPFI said: “[The] figures show that card fraud continues to account for the vast majority of fraudulent payment transactions at 95% of the total volume although these transactions tend to represent lower levels of losses on average. On the other hand, other fraud types have relatively low volumes but would have higher average losses, particularly any fraud that leads to account takeover where the fraudster takes control of your main bank account by tricking you into handing over your bank log in details, which we have seen recently through text message scams.

“Conversely, we also see from today’s report that there was a 19% decrease in authorised push payment (APP fraud) transactions in 2022 compared to 2021. APP fraud can happen when a scammer tricks a consumer into sending money directly from their account to an account which the criminal controls. Examples of this include investment scams such as fake cryptocurrency schemes or romance, holiday or accommodation scams. The decrease in this type of fraud might be attributed to increased consumer awareness or a post-Covid shift, as we have gradually returned to meeting in-person with decreased dependency on online communication. However, figures across all types of financial fraud can fluctuate as fraudsters continually adapt their behaviours and methods.

Image by Picography from Pixabay

HOW TO: Implement anti-fraud measures for digital payments

In today’s digital era, businesses must be vigilant in protecting their payment systems against fraudulent activities. Establishing robust anti-fraud measures is vital to safeguard both your business and your customers. Here are key steps you can take to implement effective anti-fraud measures for digital payments…

The first step is to educate and train your staff. Employees should understand the risks of digital payment fraud and be aware of the latest fraud tactics. Regular training sessions can keep staff updated on best practices for identifying and reporting suspicious activities.

Next, consider implementing multi-factor authentication (MFA). MFA adds an extra layer of security by requiring users to provide at least two forms of verification before a transaction can be approved. This could be something they know (like a password), something they have (like a mobile device), or something they are (a biometric factor).

A key measure is investing in robust encryption technology. Encryption converts payment data into a code that can only be deciphered by those with the correct decryption key. This helps protect sensitive information from being intercepted during transactions.

Investing in fraud detection software that utilises Artificial Intelligence (AI) and Machine Learning (ML) is another crucial step. These technologies can analyze vast amounts of transaction data in real time, identifying patterns and anomalies that may signal fraudulent activity. They continuously adapt to new fraud tactics, improving their detection capabilities over time.

You should also consider implementing a secure customer authentication protocol. This could involve behavioral biometrics, which analyzses unique patterns in a user’s behavior, such as keystroke dynamics or mouse movement, to verify their identity.

Employing a firewall and maintaining up-to-date antivirus software is vital. These tools can protect your network and systems from malware or phishing attacks, common tactics used by cybercriminals to steal payment information.

Lastly, develop a robust incident response plan. Despite your best efforts, breaches can still occur. An incident response plan outlines the steps to take in the event of a breach, enabling you to react swiftly to mitigate damage and recover quickly.

Implementing anti-fraud measures for digital payments involves a combination of education, advanced technology, and vigilant practices. The goal is not only to prevent fraud but also to create an environment that fosters trust between your business and your customers.

In an increasingly digital world, safeguarding digital payments is not just a necessity but a responsibility that every business must bear.

Image by Photo Mix from Pixabay

Staying Ahead of the Game: What’s new in payment fraud detection tools and technology

In the fast-paced world of digital payments, fraud detection critical. Cybercriminals are constantly evolving their tactics, necessitating more sophisticated tools and technologies to counter these threats. As the sector continues to evolve, several key trends are emerging in payment fraud detection.

Firstly, the use of Artificial Intelligence (AI) and Machine Learning (ML) is transforming fraud detection. AI and ML algorithms can analyse vast amounts of data in real time, identifying patterns and anomalies that may indicate fraudulent activity. They continuously learn and adapt to new fraud tactics, improving their detection capabilities over time. These technologies also allow for predictive analytics, helping to identify potential fraud before it happens.

Secondly, the rise of biometric authentication represents a significant trend. Traditional methods of authentication like passwords and PINs can be stolen or hacked, but biometric data – such as fingerprints, facial patterns, and voice recognition – provide a more secure alternative. The use of biometric authentication in payment processes can greatly enhance fraud detection and prevention.

Another emerging trend is the application of blockchain technology. Blockchain’s decentralised, transparent, and immutable nature makes it a powerful tool for fraud detection. Transactions recorded on a blockchain cannot be altered or deleted, making fraudulent activity easier to trace and harder to execute.

The trend towards multi-factor authentication (MFA) is also gaining momentum. MFA requires users to provide two or more forms of identification before a transaction can be approved. This might include something they know (like a password), something they have (like a mobile device), and something they are (a biometric factor). This layering of security measures significantly reduces the risk of fraud.

Behavioral analytics is another key trend. This technology analyses how a user interacts with a system – their typing speed, mouse movements, device usage patterns, and more. Any deviations from normal behaviour can trigger an alert, helping to identify fraudulent activity.

Lastly, the increasing integration of fraud detection systems is noteworthy. Rather than operating in silos, different fraud detection tools and technologies are being combined into integrated systems. This holistic approach enhances the accuracy and speed of fraud detection, providing a more robust defense against cyber threats.

The trends shaping payment fraud detection reflect a broader shift towards advanced, integrated, and proactive solutions. As these trends continue to evolve, businesses must stay ahead of the curve to protect themselves and their customers from the ever-present threat of fraud.

The ultimate goal remains to build a secure, trustworthy digital payment ecosystem in an increasingly interconnected world.

If you’re on the hunt for fraud detection tools for your business, the Merchant Fraud Summit is here to help!

Image by Sebastian Ganso from Pixabay