Catch me if you can: How to stay one step ahead of fraudsters, RISK IDENT

With fintech advancements happening at a remarkable rate payments providers have another exciting year ahead. However, with technology improving, so are fraudsters and the operational challenges from the mobile and online payment fraud they bring.

We asked Felix Eckhardt, CTO at RISK IDENT, what he thought were the stand-out trends in retail and payment fraud in 2018, and what we need to look out for in 2019.

1. What new fraud tactics and trends have we seen this past year?

A significant development over the last 12 months has been the increase in account takeovers (ATOs) and mobile fraud. ATOs have grown tenfold in the last year, leading to a major rise in card not present (CNP) fraud across a number of eCommerce sites.

The key driver behind this spike in ATO has been the large number of high-profile data breaches in the EU and North America in 2018, such as the hacks of British Airways, Facebook and HSBC, which saw the personal details of millions of consumers stolen by criminals. Another factor has been ongoing lapses in personal security by consumers – a poor understanding of the importance of keeping their log-in details safe means that far too many members of the public remain vulnerable to exploitation by fraudsters.

In an interesting twist, the introduction of the EU General Data Protection Regulation (GDPR) has played a role in boosting ATO levels. In the weeks and months after the implementation of the new legislation, a significant number of fraudsters contacted companies and requested the deletion of personal data from accounts they have previously used fraudulently, in order to re-register using the same false identities.

2. How has the fraud industry already evolved to tackle these threats?

Companies that are required to comply with GDPR have had to adapt their internal processes in order to balance consumers’ legal right to delete their data without leaving the business vulnerable to ATOs.

Moreover, we have seen a growing number of retailers and similar companies approaching fraud prevention specialists for support not just to boost data security, but to prevent criminals making fraudulent purchases too. At RISK IDENT, we have seen an increase in the number of businesses approaching us asking for help in enhancing their fraud prevention processes.

3. So what about this year? Consumers are clamouring for an increasingly seamless payments process. What impact might this have on the retail industry if merchants can’t keep up with security demands alongside frictionless checkouts?

To thrive in 2019, and to ensure they continue to offer consumers an enjoyable online shopping experience, retailers need not just to focus on their product offering, they need to be able to offer faster payment processes as well.

This need has implications when it comes to security and fraud prevention, however. A truly seamless payment experience, with minimal identity verification processes, can be a boon for the fraudster. Too much verification can frustrate consumers, leading them to abandon their purchase.

With this in mind, it is clear that merchants need to strike the right balance between security and convenience. Implementing two-factor authentication in the purchase process may add some friction, but can go a long way towards protecting consumers from fraud.

Introducing technology designed to identify fraudulent activity in real time can also help to maximise security while keeping friction to a minimum. Systems that use self-learning and adaptive software, for instance, can automatically link transactions with previous purchases as they are taking place, to spot any links with fraudulent activity. Such systems have the potential to prevent fraud occurring in the first place, helping to protect both businesses and consumers.

4. What developments will we see in AI fraud prevention in 2019?

I think we will see more retailers coming to the realisation that Man and Machine working together is the perfect combination for fraud prevention.

AI technology is able to spot fraudsters, because it can quickly trawl reams of historical data and customer patterns to instantaneously decipher fraudulent activity. It doesn’t matter if the activity involves approaches already known to fraud prevention managers or if it is a new tactic.

But, intelligent as machine learning programs may be, they are even more effective when combined with human judgement and intuition. In a recent White House report on preparing for the future of AI, humans and technology were compared with each other in relation to diagnosing cancerous lymph nodes. The study found that the AI “doctor” had an error rate of 7.5 percent, while the human had an error rate of 3.5 percent. Together, their error rate fell to just 0.5 percent. This holds true for fraud prevention too.

As such combined approaches move into the mainstream, we should also see AI fraud prevention technology evolve to accommodate the human element. This will most likely come in the form of improvements to the system’s interface, to make it as easy as possible for team members to interpret the AI’s findings quickly and efficiently.

5. What areas will fraudsters be looking to exploit in 2019?

Fraudsters are quick and typically follow the path of least resistance and the greatest potential reward. This means we will see them continue to exploit the eCommerce environment, taking advantage of digital vulnerabilities to commit card not present (CNP) fraud. Classically vulnerable industries such as gambling and hardware will remain top targets, but other sectors should watch out too. The rising popularity of apps and other online platforms in the mobility sector will be a prime aim for fraudsters this year – these companies store an infinite amount of personal and sensitive information, which would highly compromise the user’s security if it fell into the wrong hands.

We’ll continue to see increases in ATOs for the simple reason that it is a straightforward way for fraudsters to make a tidy profit. Data breaches from the last year will fuel this growth, as will ongoing consumer ignorance about the strength of their passwords – fraudsters will always try the most common passwords when trying to access an account, so it’s important to remind consumers to look again at making their log-in details harder to crack.

6. Will fraudsters be targeting new payment technologies?

Given the growing popularity of mobile payments, as well as wearable or Internet of Things (IoT) technology, I think we’re going to see fraud activity migrating over to the newer payment methods. Fraudsters will hunt for new ways to tap payment data, using mobile software development kits (SDKs), for instance, to create bogus apps to lure consumers into handing over their information.   

A good way to tackle mobile payment fraud is through the implementation of biometric security measures, such as fingerprint scanning. Fingerprints cannot be recreated by fraudsters, preventing them from accessing all of a victim’s account. This makes biometric technology much more secure than other log-in processes. Integrating it into an app can go a long way towards stopping criminals in their tracks.

7. How can retailers improve their fraud prevention to reduce shopping cart abandonment?

It can be tricky balance to strike, but it is possible to optimize fraud prevention without increasing cart abandonment rates. Rather than simply cancelling orders you think are suspicious, for instance, you could implement measures to invite users to input alternative payment details. This gives innocent consumers the chance to prove their identity and complete the purchase.

Above all, it is important to speed up the verification process so that the customer is not forced to wait. Exploring new, streamlined ways of achieving two-factor authentication, as well as taking simple steps like minimising the refresh time for new windows in the payments channel can all help to minimise the likelihood of consumers abandoning their transaction.

8. And, finally, do you think any new fraud trends come to the fore?

I think, as banks deploy new technologies and make adjustments to the global eCommerce environment, we will begin to see changes in fraud patterns. Fraudsters will be thwarted at first by any new security measure.

However, they will eventually find ways to circumvent the new processes, meaning retailers must never stand still and ensure they stay one step ahead by constantly evolving their fraud prevention systems. By talking to their fraud experts, they can ensure they have the information they need to select and integrate the right security measures for the needs of their business.