Fraud is, has been, and will remain an inevitable and pervasive problem in the payments industry. So long as there is money to be made committing fraud, fraudsters will continually attempt to do so. In recent years, fraudsters have actually become more successful—a worrisome fact for merchants, the card networks, and any other player in the payments ecosystem.
Fraudsters have been especially successful when it comes to identity-based fraud. This type of fraud encompasses fraud vectors where criminals use stolen personal consumer data to create fake accounts or log in to existing ones in order to make fraudulent transactions or steal goods and services.
In an effort to help companies better understand the current state of fraud, GIACT, a leading fraud prevention company, published the white paper “The Changing Landscape of Identity Fraud: Fraudsters Strike Back.”
The white paper identifies five key fraud trends and highlights the areas where “financial institutions, companies, government agencies, and consumers should focus their attention to remain effective in the battle against identity fraud.”
The cost of identity fraud is enormous—and growing
As GIACT immediately pointed out in the white paper, the cost of identity fraud is enormous—and growing. In 2019, for example, the aggregate losses stemming from identify fraud increased 15% to an estimated $16.9 billion.
Part of what makes fraud so costly is the amount of money companies need to spend to resolve it. GIACT’s white paper, citing an external source, estimates that each dollar of fraud costs retailers $3.13 in fraud recovery efforts.
The uptick of fraud is not expected to abate any time soon. If anything, the threat of fraud might only intensify as e-commerce traffic continues to surge due to COVID-19. Another driver of rising fraud levels is the ease with which criminals can steal (or buy on the dark web) consumers’ personal identifiable information (PII). The Federal Trade Commission reported that between 2018 and 2019, identity theft claims skyrocketed by 46%. So long as PII continues to remain at risk online, fraud will continue to rise.
Fraud is moving away from cards
The first trend the white paper documented is that while traditional card-based fraud continues to pose a significant source of fraudulent activity, fraudsters are increasingly turning to account takeover (ATO) and new account fraud (NAF) attacks. This shift is in part due to a success story in the fight against fraud.
With more merchants embracing EMV—a global credit card payment standard that authenticates chip-card transactions—to safeguard card-present transactions, card-based fraud is harder to pull-off than ever before. More consumers are also receiving real-time alerts when their debit or credit cards are used, making it harder for fraudsters to utilize traditional card-based approaches.
Given this context, ATO attacks have risen sharply. In 2019, account takeovers rose by 72%, with criminals seizing control of the account more than half of the time. The white paper pointed out that consumer alerts are often ineffective at stopping this type of fraud.
With more commercial activity migrating to digital channels due to both technological advancement and COVID-19-induced store closures, expect ATOs to become even more common and costly.
The rise of P2P transactions creates increased risk for consumers
One of the most storied recent innovations in the payments industry is the rise of P2P transactions. Consumers are increasingly paying each other directly by using various payment apps. During the first quarter of 2020, Venmo’s payment volume reached $31 billion, representing a 48% year-over-year growth. Zelle witnessed similar growth, shooting up from $16 billion to $27 billion.
Accompanying the rise in P2P transaction volumes has been a truly striking rise in P2P fraud. Between 2016 and 2019, P2P fraud increased by 733%. There are a variety of tricks and schemes underpinning this increase. As GIACT explained, criminals are using “concert tickets, classified ads, secret shoppers – even puppies – to convince unwitting consumers to willingly send funds for goods or services that never materialize.”
Static passwords are common—and extremely easy to compromise
The third trend identified by GIACT involves consumer-generated passwords. Worryingly, many consumers use the same password for numerous accounts. The white paper cited one study that found 60% of surveyed U.S. consumers use the same password across multiple sites.
Using the same password can pose a substantial risk to consumers because for many accounts, the password is the only security tool protecting the account. Once armed with a person’s primary email address and password, a hacker can inflict an immense amount of damage. And acquiring this information is easier than one might hope. Criminals can buy this information off the dark web or rely on brute-strength attacks to crack someone’s password.
Consumer Lifecycle management is critical to securing the payments ecosystem
The trends identified by GIACT underscore the importance of addressing fraud. Such a serious problem requires a substantial solution. Luckily, there are effective solutions. GIACT pointed out that “managing the customer lifecycle using continuous identity proofing is a proven, effective defense against identity-based fraud attacks.”
This method relies on continual verification and re-verification of a consumer’s identity at every touch point. To be effective, the solution needs to utilize “multiple, diverse source of customer PII to identify potential fraud before a transaction is initiated or a payment sent.”For more information on fraud, including the additional two trends not covered in this article and a four-point guide to winning the war on identity fraud, you can access GIACT’s white paper here.