Payments fraud continues to evolve as bad actors become more sophisticated and nimble. Learn how banks and fintechs are responding to new threats and what lies on the horizon.
The financial services industry faces an onslaught of fraud threats, especially as payments technology evolves and improves. While that seems counterintuitive, the fact is that many of the same technologies that streamline payments are also serving criminals and bad actors looking to attack payments systems. In a heavily regulated industry, speed is paramount. Unfortunately, banks and financial service providers that rely on legacy systems and burdensome workflows face an uphill battle in fighting fraudsters who are extremely nimble.
While much has changed in payments, one thing has remained the same: fraud is a real, expensive threat that requires end-to-end systems and tools for detection, prevention, and analysis.
Fraud doesn’t just cost merchants; every dollar of fraud costs banks about $2.92 —up 9.3% from 2017. Last year, the financial sector saw over a 10% increase in data breaches targeting credit card companies, banks, and credit unions. Those breaches cost, on average, $3.86 Million. In short, fraud is not an inexpensive problem.
Account Takeover Fraud remains the most popular method for nefarious characters, increasing 177% year-over-year (YoY). Existing card and non-card fraud and card-not-present (CNP) fraud are also on the rise. Banks face many issues in combating these fraud types as well as competing priorities that must be balanced alongside the disruption that banks are facing in the new era of fintech.
Namely, reducing fraud impact and detecting fraudulent accounts remain banks’ top priorities, each commanding the top spot on the priority list with 41.7% of banks saying those are their most important fraud goals. Minimizing customer impact is also a main challenge, though far less (16.6%) reporting this as the number one fraud goal.
In looking at the types of fraud banks fear most, there are three that stand out: Check Fraud (ranked as one of the top 3 fraud matters by 58.3%), Synthetic Fraud (ranked as one of the top 3 fraud matters by 33.3%), and ATM Fraud (ranked as one of the top 3 fraud matters by 16.6%).
Account takeover fraud remains a key concern for financial institutions. The attention paid to this brand of fraud is merited; account takeovers increased by 300% in 2017. As bank account data becomes easier to access than credit card details, bad actors continue to focus their efforts in this realm. Stolen credentials can easily be sold on the dark web quickly and easily, lowering the barrier to entry for even novice hackers. The proliferation of stolen data on the dark web has facilitated large scale account takeovers as well.
Account Fraud is the number one concern for 66.7% of respondents to Rippleshot's Card Fraud Benchmark Report, second only to debit card fraud, which was the top concern for 75% of respondents. The problem is exacerbated by numerous vulnerabilities on the payments front that have yet to be addressed. New account fraud jumped 70% over the past year.
Many bankers have move towards or adopted real-time payment systems (RTP), such as Zelle. Bad actors are particularly attracted to new payment types, whose fraud prevention systems may have not yet adapted to emerging threats. In the case of RTP, there have been reports of “double-digit basis-point spikes in fraud”.
As payments systems evolve and new payments technologies emerge, banks and others in the financial services industry must ratchet up fraud prevention mechanisms. Fraud and risk management is a way of life in the payments space. Most organizations have a slew of tools and systems for preventing and detecting fraud, resolving fraud, and analyzing cases of fraud. The latter is just as essential as the others. As new bad actors emerg and new cyberthreats come about, banks and financial institutions must remain one step ahead. The key lies in looking at which fraud controls may need to be adjusted, which are not effective, and the tradeoff in costs and user experience when fraud controls need to be turned up.
In a world of RTP, real-time fraud engines are imperative. Account takeover fraud remains a top challenge as well, which often occurs via phishing or malware schemes. As a result, malware detection and strong authentication measures must be present.
Fraud is a real problem for financial institutions and fintechs. Payments fraud will only grow more sophisticated as FIs leverage emerging technologies within the payments value chain. In fact, as the payments ecosystem trends toward a more digitized experience, financial institutions will be forced to balance digital transformation initiatives with fraud prevention initiatives. The tradeoffs between security, customer experience, and growth in an era of disruption will have to be carefully measured. Data breaches also show no signs of slowing, which will force FI’s hands in better protecting PII information. RTP will also mean banks and fintechs will have to employ real-time fraud prevention and detection measures to stay one step ahead of agile, sophisticated bad actors.