Posts Tagged :

research

‘One million attacks on global financial sector in 120 days’

BlackBerry’s latest Global Threat Intelligence Report has revealed threat actors focusing efforts on targeting high-value data held by the global financial sector, with one million attacks logged over the 120 day period.

This “death by a million cuts” is revealed to be using mainly commodity malware, which indicates a large number of independent actors targeting the industry in pursuit of financial gain. Critical infrastructure attacks, including those targeting government, financial, healthcare and communications industries, altogether accounted for 62 percent of industry-related attacks over the report period, September to December 2023. 

The BlackBerry Threat Research and Intelligence team registered a 27 percent uptick in novel malware to 3.7 new malicious samples per minute prevented by its AI-powered cybersecurity solutions, compared to 2.9 per minute in the previous reporting period. Overall, BlackBerry claims its cybersecurity solutions stopped 31 attacks every minute, a 19 percent increase on the last reporting period. 

“We’re consistently seeing increased volumes of attack in highly lucrative industries using novel malware,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. “Novel malware typically indicates specific motivations from threat actors towards particular attack targets with intent to evade defences, which are often based on static signatures. We’ve reached a pivotal point where traditional detection methods alone are not enough to combat this increasingly complex problem. AI is already being weaponised by malicious entities, so it must equally be the dominant tool for detection and defence.” 

Highlights from the latest BlackBerry Global Threat Intelligence Report include: 

  • 62 percent of industry-related attacks targeted critical industries: Digitization and the prospect of debilitating national infrastructure attracted notorious gangs and Malware-as-a-Service (MaaS) groups who attempt to exploit security misconfigurations and vulnerabilities for varying motives. 
  • Commercial enterprises also under attack: 33 percent of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), with the majority (53 percent) of those deploying information-stealing (Infostealer) malware with the aim of accessing highly sensitive data.  
  • Rapid weaponization of CVEs by Threat Actors: Ransomware gangs observed taking advantage of new Zero Day vulnerabilities and mass mobilizing against potentially vulnerable targets, with zero-day exploits motivating profiteer groups.  

Based on its data analysis, the BlackBerry Threat Intelligence and Research team predicts that 2024 will bring an increase in attacks targeting critical infrastructure and other profitable segments. VPN appliances will likely remain desirable targets for nation-state-level threat actors and it is anticipated that there will be a continued increase in supply chain cyberattacks targeting hardware and software vulnerabilities. Further, APAC will likely see an increase in attacks from China and North Korea, particularly financially-motivated attacks. 

Photo by Jeffrey Blum on Unsplash

JD Power survey highlights biggest fraud concerns for US merchants

Small business owners in the US are optimistic about the future, with 88% of those surveyed indicating the financial state of their individual businesses is about the same or better off than a year ago, which in turn the research asserts should bode well for the prospects of merchant service providers.

According to the J.D. Power 2024 U.S. Merchant Services Satisfaction Study, small business financial optimism is correlated with increased sales processed by merchant services providers. There are 94% of merchants that now accept debit or credit cards; 88% that accept digital wallet; and 54% that accept Buy Now, Pay Later (BNPL) payment methods.

However, when it comes to small business satisfaction with those services, scores are lowest among merchants for processing widely accepted payment types such as credit and debit card transactions and are highest for processing less widely accepted payment types like BNPL.

“We’re seeing an interesting disconnect in the merchant services marketplace whereby the most frequently processed forms of payment—credit and debit cards—generate the lowest levels of overall satisfaction among small business owners, while less common payment types such as BNPL, pay by bank and gift cards drive higher satisfaction,” said John Cabell, managing director of payments intelligence at J.D. Power. “Part of that is driven by demographics. Younger, newer business owners are more apt to accept a wide variety of payment types and have higher overall satisfaction with their merchant services providers. However, we’re also seeing some challenges across the board with debit and credit when it comes to delays in account funding, cost and fees and fraud management.”

Following are key findings of the 2024 study:

  • Credit and debit reign supreme on usage, but fail to deliver on satisfaction: Overall, 94% of small businesses accept debit or credit card payments. Most merchants have their credit card (81%) and debit card (80%) payments processed by their provider. Despite being the most processed forms of payment, overall merchant services satisfaction scores are lowest across all aspects of the customer experience among small businesses that have credit cards (692 on a 1,000-point scale) and debit cards (694) processed by their provider.
  • Satisfaction highest among businesses where BNPL is processed: Slightly more than half (54%) of small businesses accept BNPL and just 27% of merchants report processing BNPL with a profiled brand; satisfaction scores are highest (744) among small businesses that do have this payment type processed. Overall merchant services satisfaction rises as businesses process more payment options, reaching a high score of 793 among the 4% of businesses that cite six different payment types processed.
  • Gap emerges between small business innovators and traditionalists: Two distinct categories of small business owners have begun to emerge in the study dataset: innovators, who represent 47% of the study population and are younger, newer business owners who are more likely to accept a wide variety of payment types, and traditionalists, who represent 53% of the study population and are older and prefer cash, checks and in-person purchases. Overall merchant services provider satisfaction is significantly higher among innovators.
  • Cost, fraud risk and complexity emerge as top obstacles: Among small business owners who are unwilling to accept credit and debit cards, higher cost of acceptance and higher risk of fraud/theft are top reasons. Among those who are unwilling to accept BNPL, digital wallet or pay-by-bank payments, the primary reasons are difficulty of use/complicated process and too much effort versus other priorities.

Shopify ranks highest in merchant services satisfaction, with a score of 728. Paysafe (725) ranks second and Bank of America (713) ranks third.

The U.S. Merchant Services Satisfaction Study was redesigned in 2024. It is based on responses from 5,383 small business customers of merchant services providers and measures satisfaction across six factors (in alphabetical order): advice and guidance on running your business; cost of processing payments; data security and protection; managing my account; payment processing; and quality of technology. The study was fielded from September through November 2023.

Photo by Lucas Sankey on Unsplash

Open Finance and GenAI set to dominate FinTech and payments landscape in 2024

A Juniper Research whitepaper has revealed the 10 trends it believes are set to radically impact the fintech and payments landscape in 2024.

The whitepaper found that the fintech market is undergoing a rapid shift, with the rise of new technologies, such as Open Finance, generative AI and A2A (account-to-account) payments having a major impact on business models. This is combined with unprecedented competition to be ‘top of wallet’ for customers, making the market more competitive and uncertain than ever.

Top 10 Fintech & Payments Trends 2024

The trends are as follows:

1. A2A Payments to Challenge Cards in eCommerce and for Funding Wallets
2. CBDC Use Cases to Emerge in Practice
3. Generative AI in Banking to Transform Spending Insights
4. Digital Identity Adoption to Be Catalysed by Digital Wallet Integration
5. AML Tools to Increasingly Leverage AI as Alternative Payments Complicate Compliance
6. Sustainable Fintech Solutions to Emerge, as ESG Compliance Moves to Top of Agenda
7. FedNow to Fail to Match Instant Payments Success, but Value-added Services Will Flourish
8. Mobile Financial Services to Accelerate Transition to Banking Tech Services
9. Biometric In-store Payments to Surge, as Checkout Innovation Rises
10. B2B BNPL to Provide Critical Financing for SMEs

Juniper Research’s VP of Fintech Market Research, Nick Maynard, said: “The fintech and payments market is undergoing fundamental changes, with new payment methods and different business models threatening to completely uproot existing operations. Stakeholders must fundamentally reassess the viability of their offerings, and build ambitious roadmaps for future developments, or they will be left behind by more agile competitors.”

These trends were compiled by Juniper Research’s expert team of financial markets analysts; cross-referencing their detailed industry knowledge against the online data platform harvest, comprising over 2.1 million fintech market statistics.

Photo by Nathan Dumlao on Unsplash

Online payment fraud losses to hit $91bn by 2028

Merchant losses from online payment fraud will exceed $362 billion globally between 2023 to 2028, with losses of $91 billion alone in 2028 as new technologies such as AI begin to be felt in the market.

That’s according to a new report for ResearchAndMarkets, which analyses the repercussions of the surge in alternative payment methods, forthcoming challenges in the realm of Open Banking APIs, and an assortment of fraud types across sectors such as banking, remote digital and physical goods, and airlines.

The report says the upswing in eCommerce transactions, especially in emerging markets, is the driving force behind this burgeoning landscape. It details how merchants operating in these markets are grappling with novel threats, prominently the heightened utilisation of artificial intelligence (AI) for perpetrating fraudulent activities.

Online payment fraud encompasses a spectrum of deceptive or illicit online transactions orchestrated by cybercriminals employing diverse fraudulent techniques like phishing, business email compromise, or account takeover.

One of the report’s conclusions is that eCommerce payment providers should extend dashboards and data visualisation tools to cater to smaller SME customers. It asserts that SMEs currently lack access to robust customer analytics, and this data holds the potential to illuminate consumer purchasing patterns and furnish insights into payment method preferences and fraud trends.

Hence, by offering supplementary services to SMEs, eCommerce payment providers can distinguish their offerings in an increasingly cutthroat and commoditised marketplace.

Photo by Jefferson Santos on Unsplash

90% of online retailers losing money to policy abuse

Policy abuse–behaviours such as excessive returns, refund scams such as claiming an item was not received or returning empty boxes, abusing promotions like coupon codes or loyalty program rewards, or reselling limited-inventory items is soaring, with 90% of online merchants believing the issue is a significant problem for their bottom lines.

That’s according to Riskified’s Policy Abuse and Its Impact on Merchants: Global Benchmarks 2023, which found that two-thirds of retailers (67%) said they can recoup less than half of the total value of a returned item. A representative from a leading fitness apparel brand that Riskified interviewed even said that, depending on item cost, their company might be better off financially if the customer broke into their warehouse and stole an item, rather than purchase and then return it. 

Lenient return policies and promotion programs are driving lost profits, yet merchants feel they must maintain their approach: 93% of retailers said it is “somewhat important” or “very important” for their organizations to offer generous refund and return policies to win new customers and retain loyal ones. 90% of respondents said they are reliant on promotions to drive sales and remain competitive.

Other key findings from the Riskified’s policy abuse benchmark report include:

  • 9 out of 10 online retailers said they face significant costs due to policy abuse.
  • Policy abuse “peaks” at certain times of year. 70% of online merchants experienced a rise in all forms of policy abuse during the summer shopping season, and two-thirds (67%) saw more policy abuse during the post-holiday returns season.
  • Losses from policy abuse have increased year-over-year (YoY). 57% of merchants faced increased costs from INR (item-not-received) abuse between 2021 and 2022, compared to a 45% YoY increase for reseller abuse, a 38% YoY increase for promotional code and loyalty program abuse, and 37% YoY increase for returns abuse.

Amidst the challenging economic climate for ecommerce enterprises globally, the report identifies the key trends that are contributing to the rapid rise in policy abuse in 2023.

According to Riskified’s data, the motivation for committing policy abuse is due to a mix of economic factors (such as inflation or entering a holiday period during which consumers have stretched disposable income) and emotional factors (such as a bad customer experience with a retailer).

Policy abuse is a unique problem for merchants to tackle because, unlike traditional fraud, it can be committed by people who are otherwise good customers, and in most cases it requires no special skills or access to stolen credentials or accounts. An analysis of Riskified client data, for example, shows that on average 20% of all refund claims are abusive. Notably, policy abuse can cost some merchants even more than traditional fraud chargebacks, resulting in over $100 billion in losses for ecommerce merchants worldwide. 

Merchants are also burdened by the operational impacts of processing refunds and returns, most of which are handled manually. 62% of merchants said they do not currently have automated systems (including machine learning) to accurately identify and address policy abuse, and 65% of respondents use a manual review process for the majority of refund and return claims. It takes most retailers (68%) three to four days to process a refund or return.

“Between Amazon fast and free returns, and popular deep discount flash sales, it has been a race to the bottom for merchants who feel that they must offer increasingly lenient programs in order to remain competitive,” said Jeff Otto, CMO at Riskified.  “Although a wonderful experience for good consumers, a growing spectrum of hidden policy abusers have tipped the scales — deeply hurting merchant profitability. The key to solving this challenge is resolving the true identity of the consumer, extending trust and frictionless experiences to good customers, while curbing the abusers, and stopping the fraudsters.” 

Image by Pexels from Pixabay

Visa highlights AI threat in latest data

Visa’s latest Biannual Threats Report highlights a ‘significant’ rise of phishing schemes proliferated through generative AI tools, and a marked increase in enumeration and ransomware. While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January – June 2023), Visa shared that it helped to proactively block $30 billion in those time periods.

However, threat actors were successful in conducting targeted and sophisticated fraud schemes impacting specific institutions, technology, and processes.

Highlights of the report’s findings include:

  • Ransomware attacks continue to evolve and grow in prevalence. March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023 numbers and 62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36%) root cause of ransomware attacks, followed by compromised credentials (29%). Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information.
  • Enumeration attacks continue to impact merchants and consumers alike. The period covered in this study saw a 40% increase in enumeration attacks over the previous six months. Visa used its Visa Account Attack Intelligence to identify these attacks in real time to alert merchants and stop fraud in its tracks.
  • Card-Not-Present merchants emerge as bigger target. Online merchants were responsible for 58% of total fraud and breach investigations, while brick and mortar merchants made up 20%, and ransomware/fraud scheme made up 7%.

Retail-specific schemes saw a measurable uptick during the past six months, including:

  • False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers’ orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
  • The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
  • Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
  • Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.

“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, Chief Risk Officer at Visa. “The same way criminals take advantage of technology advances, so does Visa, and the $30 billion of fraud prevented in the last six months alone is a great testament to that.”

While the threat landscape is more complicated than ever, consumers can take solace in the ways Visa is working to protect them. Visa Payment Fraud Disruption’s efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies.

Visa says it also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. Its administrator, Denis Gennadievich Kulkov, faces 20 years in prison. A local enforcement action called Operation Urban Justice was launched in California targeting Electronic Benefit Transfer (EBT) fraud, which led to the arrest of 20 suspects believed to be part of an Eastern European crime syndicate. In April 2023, an international law enforcement coalition led the Genesis Market Takedown, arresting 119 people involved with the cybercrime platform.

Image by hartono subagio from Pixabay

Demand for fraud detection solutions to drive market to $252bn

The fraud detection and prevention industry generated $29.5 billion in 2022, and is anticipated to hit 252.7 billion by 2032, equivalent to a CAGR of 24.3% over the forecast period.

Analysis by Allied Market Research cites the introduction of big data analytics and cloud computing service, plus an upsurge in mobile payments, to bolster the growth of the market.

However, it adds that the high cost of fraud detection and prevention solutions is likely to restrict the pace of growth in some markets.

Based on component, the solution segment held the highest market share in 2022, accounting for nearly two-thirds of the fraud detection and prevention market revenue and is estimated to maintain its leadership status throughout the forecast period.

The growing instances of security breaches and cyber-attacks drive the segment growth. However, the service segment is projected to manifest the highest CAGR of 28.0% from 2023 to 2032. This is because fraud detection and prevention services help reduce the time and costs associated with optimizing systems in the initial phase of deployment.

Based on deployment mode, the on-premises segment accounted for the largest share in 2022, contributing to more than three-fifths of global fraud detection and prevention market revenue. This is because on-premises applications offer many benefits in terms of security, flexibility, and customization.

However, the cloud segment is expected to portray the fastest CAGR of 28.0% from 2023 to 2032 and is projected to maintain its lead position during the forecast period. Growth in the adoption of cloud-based fraud detection and prevention solutions among large and medium-sized enterprises mainly drives the growth of the segment.

Based on organization size, the large enterprises segment held the highest market share in 2022, accounting for nearly two-thirds of the fraud detection and prevention market revenue and is estimated to maintain its leadership status throughout the forecast period.

There is an increase in the adoption of fraud detection and prevention in large enterprises, owing to the rise in complexity, cyber risks, and threats in business processes, which leads to high competition across industries. However, the small and medium-sized enterprises segment is projected to manifest the highest CAGR of 28.6% from 2023 to 2032. The need to implement cost-effective security solutions such as encryption, risk & compliance, and incident management drives the adoption of fraud detection and prevention solutions in SME’s.

Based on region, North America held the highest market share in terms of revenue in 2022, accounting for more than one-third of the global fraud detection and prevention market revenue. However, the Asia-Pacific region is expected to witness the fastest CAGR of 28.8% from 2023 to 2032, and is likely to enhance the market growth during the forecast period. The surge in the usage of mobile data for various applications such as social media and mobile banking contributes to the adoption of fraud detection & prevention solutions in Asia-Pacific.

Image by Markus Spiske from Pixabay

Top global payment companies generated $228bn in 2022

The global payments industry witnessed an exceptional 2022, despite the challenges posed by expansionary monetary policy, geopolitical uncertainties, pandemic-related supply chain disruptions, and a macroeconomic environment with heightened inflation and increased energy costs.

That’s according to GlobalData, which says the top 20 public payment companies experienced a 15.5% increase in their top-line performance, reaching a total of $228 billion.

The US payment companies dominated the list with the top four – American ExpressVisa, PayPal, and Mastercard – accounting for 58.5% of the aggregate revenue of the top 20. Driven by an increase in global payment volume, the big four grew by more than 10%.

Other companies in the top 20 list that recorded impressive top-line growth include Adyen, WAG Payment Solutions (Eurowag), WEX, and Fleetcor Technologies. Each grew by more than 20%. Eurowag and Nuvei are the new entrants replacing Lakala Payment and Evertec.

Murthy Grandhi, Company Profiles Analyst at GlobalData, said: “Adyen’s growth can be attributed to its remarkable progress of processed volumes that surpassed half a trillion, reaching EUR767.5 billion in 2022, reporting a year-on-year (YoY) growth rate of 49% and a CAGR of 48.2% over the past five years. Of these volumes, point-of-sale (POS) accounted for 15% translating to EUR115.1 billion. The company’s revenue expanded due to a greater increase in settlement and processing fees.”

Integrated payments and mobility platform player Eurowag’s 27.9% revenue growth was a result of higher energy prices and growing scale of payment solutions.

WEX reported robust revenue growth of 27% owing to 34.6% rise in payment processing revenue from Fleet solutions segment on the back of higher domestic fuel prices and volume growth in North American fleet and over-the-road businesses.

Fleetcor Technologies’ 20.9% growth in revenue was due to 14% rise in fleet revenue, driven by increase in transaction volumes and new sales growth and positive impact of the macroeconomic environment.

New entrant, Nuvei registered 16.4% rise in revenue primarily due to organic growth driven by higher e-commerce volume.

Samsung Card reported a dip in revenue triggered by a depreciation in currency value. Cielo’s 4.4% drop in revenue was due to the impact of the sale of MerchantE and M4U. Block (formerly Square) also reported a marginal drop in revenue owing to decline in the market price of bitcoin.

Grandhi concluded: “The recent disruptions in the economic, social, and technological landscape have created promising opportunities for businesses to explore and expand. These disruptions forced companies to explore new channels, enlarge customer reach, and seek new business prospects. In the near future, there can be spurt in niche areas such as social and live commerce, blockchain technology, real-time payments, open banking, adoption of digital currencies, biometric authentication for payment transactions, and the metaverse can emerge as a new commerce platform.”

Image by Republica from Pixabay