Following the release of its first Payment Intelligence Report this year, Payment Expert spoke with Fraugster CEO, Christian Mangold, for a deep dive into some of the report’s findings.
Mangold discussed the varying prevalent fraud types and new threats that companies should be wary of next year. Mangold also addressed security within the BNPL sector and the future security of Web3.
Payment Expert: The recent Payment Intelligence Report brought up many key findings. What were some of the most notable findings you believe to be the most concerning?
Christian Mangold: It’s important to bring attention that over €80bn was lost to online fraud across physical and digital goods, and e-ticketing in 2021. Alongside, €18.3bn was lost to false positives. This points out the need for not only holistic fraud prevention strategies, but also employing advanced machine learning models for data enrichment to achieve more accurate risk decisioning.
Another stand out insight from our data was the decrease in issuer declined post 3DS authentication. This decline compensated for customer drop-offs due to added friction caused by 3DS, therefore, balancing the overall acceptance rate for merchants.
PE: There was a total of £2.1bn in total fines last year, can you tell us why you feel these AML compliance issues have been so prevalent?
CM: While illegal activity engaged in by certain individuals has racked up a part of the fines, the majority stem from ignorance of compliance laws and not investing in proper KYC procedures.
There is also a need to not just focus on AML’s poster children, including Pandora Papers or an eclectic mix of politicians, rockstars and dictators – but to realise that the big value loss is in the long tail of daily activities taking place across a range of financial services like banking, online payments and marketplaces.
Thus there is a need to invest in and leverage technology like transaction monitoring and sanctions and Politically Exposed Persons (PEP) lists to avoid any illegal business relationships. This becomes even more relevant with the onset of the sixth Anti-Money Laundering Directorate (6AMLD) which broadens the scope of money laundering offences to include those aiding and abetting, inciting and attempting an offence.
PE: Within Fraugster’s research, shipping fraud was an outlier amongst other fraud types, decreasing 49.2% last year. How has this occurred and have other fraud types (gift card fraud for example) become more advanced?
CM: Acquirers and Payment Service Providers (PSPs) today are adopting more intense KYC checks during onboarding of merchants, along with real time risk assessment to spot any anomalies that may signal towards the seller being fake or fraudulent.
This shift has contributed to a downslide in shipping fraud levels where a fraudulent seller would receive orders and payments but never really ship goods. These checks have become increasingly important for PSPs and acquirers to protect themselves from any financial or reputational damage.
With respect to other fraud types such as synthetic identity and gift card fraud, it is important to note that the number of data breaches in 2021 increased by 68% from 2020 levels, standing at a total of 1862 compromises. This massive increase has been exploited by fraudsters to gain access to sensitive user information such as card details and Personally Identifiable Information (PIIs).
In such cases it is common for the most diligent fraudsters to slip up. Increasingly this means using graph and linking analysis to list suspicious transactions engaged in by the fraudster using the same shipping address, IP or email address. Machine learning, assessing over hundreds of data points, can further aid in spotting mismatches.
PE: Are there any new fraud types/methods not mentioned within the report that could pose companies issues this year and into 2023?
CM: Attack vectors used by fraudsters are becoming increasingly sophisticated today. Popular techniques being adopted include Man in the Middle attacks, where a fraudster places themselves between a user and an application via home routers/public Wi-Fi networks, to gain illegitimate access to that user’s Personally Identifiable Information (PIIs).
Social engineering attacks, where users are tricked into giving away their personal information while the fraudster poses as an authority figure, have also become more advanced. The emergence and ease of access to privacy focused messaging apps such as Telegram has further proved to be a haven for criminals selling sensitive user data for a profit.
Fraudsters today are also employing millions of bots or advanced SQL injections to test these stolen credentials and takeover accounts of genuine users at scale.
PE: The BNPL sector was of interest in the report – with many BNPL firms such as Klarna reporting significant losses in valuation, how has bad debt played a role in the decline?
CM: While being faced with rising prices leading to a decline in consumer spending and overall e-commerce volumes, the bad debt problem stands as a major roadblock for the BNPL sector, which has continued to negatively hit their bottom line.
As competition for acquiring new customers and scaling operations grew in the past year, even established BNPL players reported a 4x increase in credit losses. This increase has exposed the weaknesses of BNPL providers depending solely on traditional credit checks, thus calling for the adoption of alternate data that would offer a more holistic approach to their overall risk management strategy.
The decline is further worsened by rising prices leading to a cut in the consumer’s disposable income and overall e-commerce spending. In such situations it is important for BNPL providers to adopt scalable solutions that allow them to approve more customers without increasing exposure to default.
PE: Fraugster has recently rolled out a new AI-powered fraud prevention solution tailored for BNPL providers. How will this new solution help BNPL providers from potential fraud attacks?
CM: Our new Alternative Credit Decisioning solution, leverages advanced AI to provide insights from a global network of ecommerce transactions. This allows BNPLs to match similar buyer profiles based on thousands of behavioural indicators.
Linking Analysis further connects single transactions into graph networks to accurately verify a customer’s identity and their probability to pay in real time. Transactions engaged in by an entity using the same shipping address, IP or email address can be seamlessly listed in real time to catch for even sophisticated fraud attempts like synthetic identity fraud, that static fraud systems would let slip by.
Our solution further distinguishes itself from traditional credit checks by focusing on data points that have a high analytical value for determining true credit risk. Some of these include positive transaction history, total debt incurred by customers, cumulated late fees and unpaid/outstanding balances.
Our mission here is simple: we want our customers to feel confident that they can trust the person they are approving to repay the amount they are borrowing. The positive results we are already seeing with trial customers makes me confident that we can help the e-commerce ecosystem approve more customers without increasing exposure to loan defaults and fraud risk.
PE: Within the future trends aspect of the report Fraugster highlighted the metaverse and cryptocurrencies as potential vehicles for fraudsters to take advantage of. Do you have any insight into how they will look to take advantage of these Web3 functions and what should operators look to have in place to prevent them?
CM: These environments pose the risk of becoming preferred locations for fraudsters, testing stolen financial instruments (to see if they are approved) before going on to make higher value purchases. This in turn would trigger high chargebacks for merchants, especially those belonging to the gaming categories.
We further predict Web3 to become a safe haven for fraudsters to exchange stolen financials freely due to its openness and lack of proper KYC and identity verification procedures. Further, maintaining privacy and confidentiality on public blockchains is still a huge issue.
In this light, it is important to address scaling and security issues for companies involved in this space. There is also a need to develop proper KYC procedures to verify users’ identity across different blockchains.