The current online fraud landscape
“Phishing” or stealing personal information from end-users through fraudulent contact such as SMSs was still present, accounting for 14% of all fraud in 2021. However, it took on some new forms over the past several months. Brand abuse, for example, is defined as impersonating a company on digital channels such as social media in order to trick users to leave behind some personal information. Another example is rogue mobile apps which imitate a legitimate company’s app and serve the same goal to gain log-in details, personal data and so on.
Looking forward, phishing is set to be made easier and more successful through new developments such as Deepfake technology. This uses AI, audio/text synthesis and analysis, enabling fraudsters to impersonate trusted figures. This is particularly troubling on a corporate level, as employees can be duped into providing information or money to so-called “superiors”. Mobile payments are also on the rise, and the use of QR codes due to the pandemic has meant easier and faster mobile payments are now possible. However, this also opens a new window for fraud through decoy codes, which lead to phishing sites or virus downloads.
As if this were not enough, we also have seen a distinct internationalization of online fraud in the last few years. Online services and e-commerce have enabled companies from all over the world to reach customers in different markets, but also means fraudsters have larger global opportunities as well. Top global phishing targets in 2021 included the US, Spain and South Africa, however there are plenty of other consumers in newer online e-commerce markets such as sub-Saharan Africa and Southeast Asia who remain vulnerable to attacks for personal and payment data.
Stay ahead of fraudsters
With so many angles of attack for fraud, one may ask how to even begin to start mounting a defence. Luckily, we have done the research for you and can advise you on a few points to jumpstart your defence strategy. It is important to have a unified approach covering all possible areas where fraud may arise.
For new fraud methods, colleagues and employees should engage in regular training so they can distinguish between legitimate authentication processes and phishing scams. Secondly, new fraud patterns call for new security measures and technologies. You can make it easier for employees and customers to authenticate themselves online using the latest developments, such as FIDO, which eliminates the need for passwords, or Click to Pay, a new payment method which tokenizes cards so that card data is no longer visible and does not need to be entered again for each new online payment.
Another important aspect when it comes to secure online payments is Risk Based Authentication which can be implemented by card issuers, acquirers and merchants and provides intelligent risk assessment of every transaction. The goal is to process as many payments as possible without additional authentication, ensuring a positive shopping experience, but requesting a “step-up” verification for uncertain, risky and potentially fraudulent transactions. The introduction of additional data points through 3D Secure updates allows for a holistic view of the customer and online transaction for a more accurate risk analysis. Using a risk-based authentication tool, the level of risk for e-commerce transactions can be assessed in milliseconds and the appropriate response is suggested.
Collaboration is key to ensuring end-to-end, holistic fraud prevention. Many factors flow into a strong fraud defence strategy, and it is important to have all players within the payment ecosystem on board. Any process is only as strong as its weakest link, and the same holds true for fraud prevention. It is essential to continually be on the lookout for gaps and vulnerabilities within the ever-evolving payment space. One thing is certain, fraudsters will find those gaps too! There are a variety of providers who can advise you on where your company can optimise its defence and provide you with easy solutions to cover all your bases in internet and digital payment security.