March 15, 2019
Online Payment Fraud Trends: 8 Predictions for 2019
Posted February 20, 2019
Twenty-nineteen is shaping up to be a banner year for payments providers, both in terms of booming opportunities, and also the operational challenges from the mobile and online payment fraud that go with them.
According to a recent survey from TD Bank, the risk of payment fraud is the number one concern for 44% of financial industry professionals this year. That’s a 14% increase in just 12 months. Not surprisingly, the ability to process faster payments ranks as the second-biggest concern, at 37% of survey participants. And this is a concern that those countries that have already implemented faster payments can well appreciate.
Speed vs. Security. Friction vs. Fraud. These competing forces will continue their never-ending battle this year. Challenged for primacy only by that other force of nature: consumer expectations and customer convenience vs. fraudster opportunity
According to Juniper Research, online and mobile payment fraud is being fueled by identity and payment information stolen through the ongoing epidemic in data breaches. The firm estimates losses from online payment fraud will top $22 billion this year—and could go as high as $48 billion by 2023.
Here are a few things to expect in the months ahead:
1. More mobile devices means more mobile fraud
By the end of the year, mobile attack rates will surpass desktop rates for the first time as consumers, and therefore fraudsters, increasingly pivot to the mobile channel for a growing array of daily activities. Already, 48% of all phishing attacks target mobile users, and 4,000 new mobile phishing sites are created each day. But the associated fake or hijacked apps and malware infiltrations that these, and other, malicious activities may unleash won’t all come via smartphones anymore. The mass adoption of web-connected watches, other wearables, and other devices mean the mobile attack surface is growing fast.
2. Self-learning “imposter bots” hijack the AI revolution
Cyberattacks on payments will intensify in 2019 as a growing number of retailers, banks, insurers and other industries begin to deploy advanced, AI-driven chatbots for online customer onboarding, payments assistance, and 24/7 customer support. Look for at least one high-profile attack involving self-learning chatbots that target a major brand’s website, and then draws out payment details and other sensitive information from the online customers who engage with them.
3. Cross-border payments become mission critical
Today, 64% of US-based online merchants only sell to US consumers. But with Amazon accounting for 49.1% of all domestic eCommerce in 2018, look for a higher percentage of retailers embracing cross-border payments in the months ahead. In fact, they might not have a choice. According to Forbes, nearly half of all eCommerce transactions already cross national boundaries, and it’s the fastest-growing sector in retail. So failure to go international could be a make-it-or-break-it proposition. But it comes with challenges. Thanks to the growth of online merchant activity and risk from stolen identities and payment credentials, cross-border payments are up to 69% more likely to be rejected as fraudulent than domestic transactions. To open transactions up to new geographies securely, look for providers and merchants gravitating toward modern, digital identity-based user verification and assessment solutions, enabling them to get an accurate read on the risk associated with the people they transact with, anywhere in the world. The most compelling payments firms comply with ever-changing regulatory mandates across regions, too.
4. We’re in for a PSD2 Christmas
Enforcement of the EU’s sweeping Revised Payment Services Directive (PSD2) comes into effect this September. With just seven months left to implement the principles behind Strong Customer Authentication (SCA), some fear the requirements could end up being “a ticking time bomb” if it’s not done right. That’s because the increased authentication and security checks required by the mandate purposely introduces friction that could not only confuse, but also interrupt online retailers, their customers and their user journeys.
5. P2P spells problems ahead
With over 1.5 billion Chinese users between them, WeChat and Alipay are expected to begin challenging US-based person-to-person payment platforms like PayPal’s Venmo and bank-backed Zelle. These and other P2P payments services are used by 60% of the US population to split the dinner bill, or to reimburse a friend for buying movie tickets. Stolen login credentials and other tactics have already resulted in one bank suffering 90% fraud rates on P2P transactions. Though other factors contributed to the losses in that case, there’s no reason to expect fraudsters will hold back new attacks against providers in the space this year.
6. Merchants make a Federal case out of real-time payments
Online merchants, credit unions and community banks will continue lobbying the Federal Reserve to create and operate a real-time payments network to compete with the private sector network run by The Clearing House. According to a study from McKinsey, if the US had adopted real-time payments when the UK did 10 years ago, American consumers late on payments would have saved $100 billion in overdraft fees, penalties, reconnection fees for utilities, check cashing and payday loans.
7. In the fight against fraud, sharing is surviving
In 2019, fraud prevention strategies will increasingly center on data sharing within industry-specific consortiums. By leveraging real-time data from trusted sources within the same sector, organizations will gain a more accurate view of user identity and risk. Watch out for this to gain further traction in 2020 when cross-industry consortiums start to emerge.
8. Behavioral biometrics enhance protection
The trend toward behavioral biometrics and analysis for continuous user authentication will gain traction as organizations embrace passive risk assessment to identify high-risk behaviors and payment fraud, even in instances when a transaction attempt is made by a legitimate customer who has been manipulated or recruited into perpetrating a crime. This same technology will also be used to detect and disrupt credit card-testing and purchasing bots capable of mimicking human behavior.
For more on how organizations can reduce online payment fraud and thrive in digital channels, download a solution brief titled, “Increase Payment Processing Confidence and Efficiency”