2023 repeated some familiar payment fraud trends from 2022.There were some shifts in the prevalence of different fraud types, according to data from Verifi. The persistence of phishing remains at the forefront, posing significant challenges for businesses and consumers. Notably, friendly fraud became the second most prevalent fraud seen in 2023.
In an era where information spreads rapidly, a single social media post about a customer being defrauded can spread like wildfire and heavily influence public perception. The consequences of fraud extend far beyond the immediate financial loss. A company’s reputation and customer trust are also at risk. It makes sense, therefore, to adopt a proactive approach to fraud prevention and transaction security. Being aware of recent trends and employing the right tools to combat known threats and zero-day will help you to protect your finances and reputation in 2024.
Looking Back at Payment Fraud in 2023
Fraud trends typically evolve gradually rather than undergoing major yearly changes. Fraudsters subtly modify established attack methods to bypass existing security systems. This may result in zero-day attacks that can significantly impact crucial systems and result in substantial losses. Here are some of the key fraud trends observed in 2023.
- Phishing remains a stubborn challenge in payment fraud, as fraudster continuously adapt to outmaneuver conventional security measures. Fraudsters masquerade as legitimate entities – such as banks, service providers, or known contacts – to lure individuals or employees into disclosing sensitive information.
- Email Phishing: This is the most common form, with an estimated 3.4 billion spam emails sent daily. In this attack, fraudsters send emails that look like they come from reputable sources. These emails often contain links to counterfeit websites or attachments harboring malware that steals personal and financial data or sets a company up for advanced persistent threat attacks.
- Smishing and Vishing: Phishing is not limited to emails. Smishing (SMS phishing) and vishing (voice phishing) use text messages and phone calls to deceive victims into revealing confidential data. Vishing scams are increasing in sophistication each year, as financial criminals use AI for deep fakes and voice cloning.
- Friendly fraud, also known as chargeback fraud, occurs when a consumer makes a purchase with their credit card and then disputes the charge with their bank. The bank reverses the transaction and returns the customer’s funds, even though the customer has actually received the goods or service. This type of fraud can happen for various reasons:
- Accidental: Sometimes, a customer legitimately may not recognize a transaction on their credit card statement due to unclear merchant names or delayed billing. As a result, they might file a chargeback, mistakenly believing it to be an unauthorized charge.
- Malicious: Customers intentionally abuse the chargeback process. After receiving the purchased product or service, they claim it was never delivered or was not as described, or they may deny having authorized the purchase, all to get a refund while retaining what they bought.
- Card fraud remains pervasive, both for card-present (CP) fraud and card-not-present (CNP) fraud. Each type poses unique threats and requires specific strategies for mitigation.
- Card Present Fraud: occurs when a physical card is used for unauthorized transactions. It typically happens when a stolen or cloned card is presented to make purchases or withdraw cash. Magnetic stripe cards are easy to clone through card skimming. In regions using where EMV chips, with their enhanced security features, become widely implemented, card-present fraud has been significantly reduced. EMV chips can, however, be bypassed.
- Card Not Present Fraud: CNP fraud occurs when a transaction is made without the physical card being presented, typically in online purchases, over the phone, or through mail orders. This type of fraud is becoming increasingly common as more and more purchases are made online. Fraudsters can use stolen card information ― card numbers, expiration dates, and CVV codes― to make unauthorized online transactions. CNP fraud poses a significant challenge since the merchant cannot physically check the card or the cardholder’s identity. Overall, CNP is more prevalent, responsible for an estimated 70% of all card-related fraud. For every one hundred dollar card present transaction, six cents is fraud. With CNP fraud, the amount per hundred dollars is ninety-three cents. Those numbers might not seem particularly scary until you consider that CNP fraud is forecasted to be over $US10 billion in 2024 in the US alone.
- Synthetic Identity Fraud: This involves creating a new, fake identity using a combination of real and fabricated information, or sometimes entirely fictitious details. Fraudsters might combine a real social security number (often stolen) with a fake name and other personal data. They use this synthetic identity to open fraudulent accounts and make financial transactions. Over time, they can build a credit history with the synthetic identity, giving new avenues to larger-scale fraud like loan defaults. This type of fraud is particularly challenging to detect because it involves seemingly legitimate identities.
- Authorized Push Payment (APP) Fraud: APP fraud occurs when fraudsters deceive individuals or businesses into willingly making payments to an account controlled by the fraudster. This is typically achieved through social engineering techniques, where the victim believes they are paying for a legitimate service or product or are transferring funds for a legitimate reason. Scams like invoice fraud, where a business is tricked into paying a fake invoice that appears to come from a legitimate supplier, fall under this category. In recent years, APP fraud has become one of the fastest-growing types of financial crime, with losses expected to reach 6.8 billion across six leading real-time payment markets by 2027.
Increased Reliance on AI
- Increased Reliance on AI: Artificial Intelligence (AI) integration in the financial sector has dramatically reshaped payment fraud landscape. AI’s capabilities offer significant advantages in fraud prevention and, paradoxically, new opportunities for fraudsters. The increased use of AI in payment fraud presents a dynamic challenge as fraudsters learn new ways to use AI and Generative AI tools like FraudGPT and EvilGPT. These tools give fraudsters the ability, with just a few prompts, to create attacks they’d never have been able to do without them.
Make 2024 Your Safest Year Yet with INETCO BullzAI
By leveraging advanced technologies like machine learning, behavioral analytics, and real-time monitoring, businesses can create a robust strategy to protect their payment networks against complex payment fraud and cyberattacks. INETCO BullzAI is an ideal solution for enhancing your payment fraud prevention strategy. With its comprehensive, real-time, AI-driven platform, BullzAI ensures secure payment networks, offering precise risk evaluation and rapid response to fraud. This results in more accurate payment fraud detection and fewer false positives for card issuers, acquirers, and merchants. In addition, its seamless integration enhances existing security systems, providing comprehensive protection across your payment network.
Discover how INETCO can help you mitigate payment fraud risks by scheduling a demo with our experts to learn how BullzAI can help keep your payment networks safe in 2024.