In our last blog, we looked at 2022’s most prominent global payment fraud trends, including application fraud and synthetic identities, bot-driven DDoS attacks, brute force BIN attacks, and authorized push payment fraud. We also discussed the convergence of cybercrime and payment fraud as cybercriminals constantly look for new ways to exploit payment networks by distracting infosec teams with cyberattacks while they launch fraud attacks. In this blog, we’ll discuss five payment network fraud trends that we expect to see in 2023.
Here are five major and evolving trends to keep top of mind:
1. Convergence of Cybercrime and Payment Fraud
Financial criminals make use of the same tools that businesses use to increase productivity, such as bots. New technologies make it easier not just for criminal syndicates, but also for citizen criminals to launch attacks. Cybercriminals use payment networks to move money or as a gateway to commit other types of cybercrime. Citizen criminals can easily access tools to create DDoS attacks. A CISO won’t likely see payment fraud as a security issue, while a payment executive doesn’t manage infosec. Issuers, acquirers, and payment networks need to look at the overall threat landscape, instead of viewing payment fraud and, for example, DDoS attacks, as separate vectors.
2. Synthetic Identities
Synthetic identity fraud will continue to be a major problem in 2023. It involves the creation of a new identity using real and fake information. Unlike traditional identity theft, where criminals steal an individual’s personal information, synthetic identity fraud involves combining real information with fake or fabricated details to create a new identity. This new identity can then be used to open credit accounts, apply for loans and commit financial fraud with less chance of identification. There are two primary types of synthetic identity fraud: manipulated identities and fabricated identities.
First-party synthetic or manipulated identities involve the use of real information, such as a stolen Social Security number, that has been combined with fake or fabricated details, for example, a fake name or date of birth. These identities are often created by the individual themselves, rather than by a criminal organization, and are often used to hide their credit history or hide a criminal background, in order to be approved for bank loans or credit cards. The use of first-party synthetic identities can be difficult to detect, as much of the information used is legitimate.
Third-party synthetic or fabricated identities involve the creation of a completely new identity that is not associated with a real person. These identities are created using fake information, such as fake Social Security number, name, date of birth, and address, that do not belong to a real consumer. This form of synthetic identity fraud is most often used by criminal syndicates in order to plan and execute more malicious attacks.
Both types of synthetic identity fraud can be difficult to detect as the fraudsters will use these fake identities to build credit over time before attempting to commit large-scale fraudulent transactions.
3. Authorized Push Payment Fraud
Authorized Push Payment (APP) fraud, where criminals deceive individuals or businesses into transferring money from their bank account to a fraudulent account, will continue to be a significant threat vector. Unlike other forms of fraud, such as phishing or identity theft, the victim willingly initiates the transfer, often because they believe they are paying a legitimate invoice or supplier. The scammer typically poses as a known or trusted organization, such as a utility company or a government agency, and persuades the victim to transfer the funds electronically. Unfortunately, once the funds are transferred, they are almost impossible to recover, leaving the victim out of pocket. In recent years, APP fraud has become one of the fastest-growing types of financial crime, with losses expected to double by 2026.
4. Acquirer Payment Fraud and Rogue Terminals
Payment fraud is a significant concern for acquirers as they continue to deal with rogue terminals in 2023. Fraud resulting from rogue terminals costs financial institutions, acquirers, and consumers billions of dollars each year. For example, the US Federal Bureau of Investigation estimates more than $1 billion is lost yearly due to card skimming that is enabled by rogue terminals.
A rogue terminal refers to any card terminal that has been tampered with to process fraudulent payments. These terminals are designed to look like legitimate payment terminals but are modified by criminals to capture card data. That data is then used to create fake debit or credit cards linked to the victim’s accounts. Rogue terminals can be placed at retail locations, gas stations, or other points of sale. They can also be used in ATM skimming attacks, where the device is placed over the ATM’s card slot to capture card data as customers insert their cards.
The presence of rogue terminals can significantly impact the security of payment systems and can result in significant financial losses. Therefore, acquirers must identify rogue terminals and block any fraudulent activity to ensure the safety of their payment systems. Learn more about protecting your ATM fleet.
5. Electronic Benefits Transfer Fraud
Electronic Benefits Transfer (EBT) Fraud involves misusing or abusing funds allocated through electronic benefit transfer cards. EBT fraud can also include using a false identity to obtain an EBT card or using the card to purchase things that are not allowed under the program. This is a serious problem, as EBT fraud can lead to the loss of valuable resources and targets the most vulnerable in society.
Protecting against EBT fraud is an urgent concern for organizations that dispense electronic benefits. Unfortunately, EBT fraud is one of the fastest-growing forms of fraud in the United States, with California alone seeing an increase of 4000% from 2021 to 2022. The cost impact is about to become even greater for US government agencies who administer these programs. The Consolidated Appropriations Act of 2023, which was signed into law at the end of 2022, gives Americans who have had their benefits stolen the right to reimbursement.
How INETCO BullzAI Combats Payment Network Fraud in 2023
Fraudsters continue to evolve their techniques to bypass security measures. As they adopt new technologies to create increasingly sophisticated attack vectors, cybersecurity, and fraud prevention teams need to regularly evaluate new technologies and continually assess the threat landscape.
At INETCO, we have a deep understanding of how payment networks operate, and how financial criminals attack them. That’s why we have developed INETCO BullzAI (BullzAI), an intelligent, AI-powered fraud prevention solution to help you secure your payment networks. Providing you with comprehensive real-time monitoring and end-to-end transaction visibility for every step in a transaction’s journey, BullzAI enables you to quickly identify potential security threats and respond to them in real time. It provides actionable insights to optimize your payment network security and reduce the risk of payment fraud, insider threats, and advanced persistent threats like BOT, BIN, and DDoS attacks.
How prepared are you to combat payment network fraud threats in 2023? Watch our on-demand webinar with Ali Solehdin, INETCO’s Chief Product and Strategy Officer, where he shares valuable insights into some of the threats posed by financial criminals in 2023 and tips on mitigating them.