As the world becomes more interconnected, we are exposed to an even greater variety of payment methods — some well-established in certain regions but novel to others. Offering more payment options at checkout means a higher acceptance rate. However, adding every available payment method to your platform comes with its own set of risks, especially when dealing with real-time transactions.
Open Banking payments remove the scheme fees for the merchant, but also take away the buyer protection provided by a card from the consumer perspective. As payment methods evolve to balance merchant benefits and consumer flexibility, BNPL emerges as an alternative that addresses some of these trade-offs. BNPL benefits everyone as it helps to increase conversion, the liability shifts away from the merchant, and they receive the funds quickly — unless it's being abused.
Lacking regulatory oversight under PSD2, the BNPL sector became a prime target for fraudsters exploiting lenient credit checks and inadequate fraud prevention, leading to the collapse of numerous providers that grew rapidly during the COVID-19 pandemic's economic boom. The providers that have endured are currently diversifying their offering and have secured their place as a staple of any merchant's checkout experience.
Fraudsters will always look to exploit vulnerabilities or perceived weaknesses, with real-time processing – spanning payment, settlement or refunds – increasing that risk. Merchant gateway accounts have become a critical component for sophisticated fraud, with fraudsters now exploiting Purchase Return Authorisation (PRA) mechanisms to initiate refunds without corresponding transactions. Once approved, these fraudulent returns are immediately liquidated through ATM withdrawals or transferred to digital wallets, bypassing traditional safeguards.
As digital impersonation technologies become increasingly sophisticated, the boundary between authentic and synthetic identity is dissolving, exposing individuals to heightened fraud risks. And with technology advancing rapidly, deepfakes have transformed from a high-profile celebrity risk to a widespread security challenge. At the same time, social media provides endless examples of our likeness in the public domain, and individuals are increasingly exposed to sophisticated impersonation techniques. Deepfakes now pose a critical threat to digital trust, enabling bad actors to mimic legitimate customers.
In the instance of a data breach, generative AI (GenAI) provides the ability to summarise data from the breach far quicker than a human being can, shortening the gap between the actual breach and the data being used to improve its quality. Feeding this into ‘bots-as-a-service’ allows fraudsters to automate and scale their activities, that can be used to automate the creation of accounts to perpetrate account takeover via brute force attacks, phishing, and much more. Visa recently announced that enumeration or brute force attacks inflict an estimated USD 1.1 billion in fraud losses globally.
The 25th edition of the MRC's Global Ecommerce Payments & Fraud Report concurs and states that enumeration is one of the top fraud types affecting merchants in the EU alongside:
Refund/policy abuse
First-party misuse
Phishing/pharming/whaling.
With the increased pressure in the cost of living (as reported by a European Parliamentary Survey), it is no surprise that ‘friendly fraud’ types are increasing. Individuals rationalise differently when faced with financial pressures, especially in a world fuelled by social media that perpetuates pressure to maintain and exceed a certain level of living.
Scams are often reported from the perspective of banks and account-to-account payments (A2A), but retailers are also involved. Whether it's counterfeit tickets to see Taylor Swift purchase scams on online marketplaces or even flight or holiday scams, these can weaken the trust consumers have when spending their money online.
In tandem with ecommerce scams, we can also mention fake courier scams that continue to plague consumers. When we buy online, we expect to receive the goods, and criminals understand that during the run-up to peak periods, the urgency of receiving those goods increases. NatWest states that ‘fake parcel delivery texts are the fastest-growing scam this year’.
With scams moving away from payments to cards, we could see merchants pulled into the scam funds disbursement ecosystem, as the perpetrators look to cash out in other ways such as the purchase of goods and services, with the additional possibility of issuing fake chargebacks to further compound the effect on merchants.
Financial institutions need to think about incorporating fraud detection into their overall strategy and not treat it as a bolt on. Similarly, navigating exemptions isn't a cookie-cutter deal. Businesses should recognise that digital and physical goods play by different rules and look to leverage advanced technologies that treat each consumer as a unique entity. By selecting providers with adaptive technologies capable of understanding each consumer as their own entity, businesses can transform regulatory complexity into a strategic advantage to optimise protection and leverage diverse payment ecosystems.
Continuous monitoring is the heartbeat of your fraud prevention strategy. Measure how each issuer is responding to your 3DS/exemption decisions. Understand your customers and the countries you do business in, if you cover multiple regions, have a different strategy for each, and for each payment method. Your fraud prevention provider should be more than just software – they’re your strategic partner, bringing global insights and experience from across their customer base.
Fraud doesn't sit still, and neither should your approach. Every region and every payment method requires its own strategy, with real-time performance tracking that helps you stay one step ahead of emerging threats.
Finally, customers are demanding a phygital experience – a joined-up shopping experience in the same way that we want a 360-degree view of them. They want the same experience online as they have in person, with the ability to take advantage of offers and loyalty programmes as they would if they were shopping online. However, bringing data together isn't without its issues and consolidating customer entities means ensuring your Card Present and Card-Not-Present (CNP) infrastructure can coexist together. Another consideration is utilising wallets equipped with intelligence to dynamically select the best card to use based on factors such as location and benefits which can all help to boost conversion.
With technology in mind, we are seeing an increasing growth of SoftPOS devices replacing traditional hardware, thereby offering greater flexibility to retailers. This could further increase in countries that are phasing out cash faster than others.
At the same time, superapps and marketplaces that provide a one-stop-shop to consumers will continue to grow providing their own wallet and other ancillary services such as loyalty points and bespoke credit offers using algorithms to target specific customers.
Just as physical checkout has been revolutionised by contactless technology, online payments are moving towards a seamless, cardless experience. Tokenization and digital wallets are gaining traction, offering enhanced security and user convenience by eliminating the need to manually enter card details on payment pages. This shift simplifies the transaction process and provides robust protection against threats like Magecart-style skimming attacks, fundamentally transforming online payment security.
As with any new venture, you need to assess what you provide and view it with the lens of a criminal, considering how they would exploit it, and where gaps exist. Organisations such as the Merchant Risk Council (MRC) are a powerful tool that offer consortium knowledge and a sounding board to expedite these fact-finding initiatives. Your fraud solution vendor shouldn’t just provide you software, it should be your partner working with you to understand threats and how to mitigate them, but also how to expand your business in a safe and secure way.
Steve has worked within the fraud and payment industry for almost 20 years, in the banking, travel, and retail space. He has worked closely with merchants advising on fraud strategies as well as running operations teams. He has worked with banks and PSPs globally in product management roles, leading major development initiatives to deliver solutions to external customers.
About Featurespace
Featurespace is a leader in enterprise technology that prevents fraud and financial crime. With a mission to make the world a safer place to transact, Featurespace helps banks and financial institutions protect customers, reducing risk and business operating costs by providing industry-leading machine learning, fraud & financial crime prevention solutions via its award-winning platform. Founded in 2008, and headquartered in Cambridge, UK, Featurespace has over 400 team members, operating globally from six locations.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now