In the past decade, the payment fraud landscape has changed beyond recognition. While the appetite to get something for nothing hasn’t abated (fuelled by a struggling global economy), attacks have rapidly become more sophisticated. Some of the biggest challenges today lie in understanding Digital Identity, where attacks are propelled by bots and synthetic identity and crafted using generative AI tools.
Another component of the equation is the rise in first-party fraud manifesting in chargebacks on genuine purchases, as well as escalating return and refund abuse. When it comes to fraud prevention, today’s merchants face a constant dilemma. Strategies that are too stringent can jeopardise sales but, conversely, strategies that are too relaxed can facilitate fraud. Keeping customers safe, without impacting the fast, frictionless experiences they now demand, is mission-critical for sales conversion. Rather than specifying anti-fraud solutions based on cost, merchants are now seeking tailored approaches that drive value through smoother experiences and lower false positives. Merchants understood that a 1% incremental uplift in acceptance can create a significant increase in revenue and drive faster ROI without compromising fraud performance. Being confident of the buyer’s identity and monitoring metrics across the board is vital to let merchants genuinely accept more business. In addition, it can minimise chargebacks and costs associated with false declines and manual processes to help plug leaky payment pipes that can sap profit potential.
Many fraudsters are now luring in the digital domain, where fraud vectors are evolving at breakneck speed and prevention windows have shrunk to milliseconds. In the online world, false identity is the nemesis and customers are often the weakest link. From sharing details on social media to phishing and bot farming to whaling and scamming, fraudsters can dupe customers into parting with their data and money. Stolen data enables fraudsters to create synthetic identities, which can be used to set up new accounts or reactivate old accounts before targeting unsuspecting webstores. Giving consumers easy access, speed, and convenience has inadvertently opened the door to fraudsters. With real-time payments set to be the next big thing for merchants, instantly and accurately distinguishing between genuine customers and bad actors is now a priority more than ever.
The COVID-19 pandemic moved more people online and caused massive shifts in consumer behaviours, which further impacted existing predictive anti-fraud models. In the wake of this, fraudsters have been eager to diversify and exploit a new generation of widely available, low-cost AI tools that can be used to trawl vulnerabilities and automate attacks. As a result, AI-generated threats are now overtaking human-led attacks, creating a surge in illicit activities like account hacking. With AI making it easier and faster for criminals to plan, perform, and profit from fraud, we have seen a rise in online data breaches, ID theft, and socially engineered attacks (i.e., bot-driven email and social phishing scams). Fraudsters are also turning merchant safeguards to their own advantage.
They use bots to card test huge volumes and to exploit weaknesses in some anti-fraud solutions’ behaviour-based algorithms. As cards are likely to be spotted and blocked, fraudsters use sheer numbers to distract systems and identify vulnerabilities – for instance, taking advantage of merchant sites that provide automated responses with specific decline details to adjust card data (i.e., expiry dates) and achieve a successful transaction. Without a multi-layered digital ID and anti-fraud solution, these types of large-scale, multi-level attacks can be hard to tackle.
Data science and methodologies evolved to keep pace with diversity in behaviours, channels, and payment types. Fraud is now more likely to be anomalous and happen aggressively, at scale, and in sharp bursts. To combat this, merchants and their security providers are turning to new generative AI models and neural networks to identify the patterns and structures within existing attacks in near real-time.
By adopting multi-layered technology approaches, they are crafting increasingly smarter and more advanced weapons, targeting, and tailoring them to fight fraud across all sectors, as it happens. This involves being both predictive and prescriptive, learning from the past and the present, and ensuring they are verifying and authenticating identity to keep customers safe. By taking advantage of new developments like incremental learning, they can create adaptive and independently thinking models, preventing degradation of model performance, and avoiding expensive and time-consuming model refreshes, no matter how consumer behaviours and fraud patterns shift. This allows them to minimise vulnerabilities and false declines while avoiding checkout friction.
AI helps fraudsters push harder but it may also inadvertently become their Achille’s heel. Using generative AI models to train and retain text-based social, email, and phishing attacks, can result in a looping effect where attack text develops a distinctive flavour, tone, or feel that anti-fraud models can be designed to detect. In the next 12 months, we can expect huge development as AI is productised into marketable solutions that can help customers across multiple use cases.
Intuitive machine learning (ML) is also making anti-fraud solutions smarter and helping merchants close vulnerabilities faster using fewer resources. Rather than relying on historical data to identify vulnerability trends, it analyses real-time data to actively learn, retrain, and recalibrate controls, without requiring human intervention, programming, or rules setting. Rather than just being able to guess where and when fraud is happening, ML drives prescriptive models with the autonomy to make decisions, counteract threats, and take action to prevent fraud from being repeated. There is never room for complacency in keeping customers safe. As the expansive digital payment landscape grows, bad actors are ready to exploit every weak link and profit from any blind spots. While government mandates have been indicated to protect merchants and consumers from the latest fraud attacks, this alone is not enough.
Leveraging new technologies, attacks will continue to become more sophisticated. Merchants will have to counter with strategies that verify transactions in milliseconds. Even then, consumers will still need to be authenticated before purchases are approved but in a way that doesn’t cause additional friction. With merchants looking to expand their customer base and boost revenue through a globally online approach, they will need to accurately determine the digital identity of the consumer. They must also ensure that the data has been evaluated in real-time, using various fraud prevention tools. Some of these tools can include Behavioural Analytics, Device ID, authentication tools, soft credit checks, and machine learning. It’s a delicate balance, and only time will tell how the payments industry will be able to navigate the opportunities and threats of AI to be certain of identity and deliver the safest seamless experience for their customers.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2023-2024, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
Amanda Mickleburgh has held a variety of strategic roles since joining ACI Worldwide in 2007, with a strong focus on ecommerce fraud prevention. Specifically, she has developed expertise in leveraging data intelligence to aide checkout conversion and remove friction from payment flows. Amanda also joined the Merchant Risk Council (MRC) European Advisory Board in 2021 and, more recently, she has been appointed Co-Chair, deepening collaborations with industry experts.
ACI Worldwide is a global leader in mission-critical, real-time payments software. Our proven, secure, and scalable software solutions enable leading corporations, fintechs, and financial disruptors to process and manage digital payments, power omni-commerce payments, present and process bill payments, and manage fraud and risk. We combine our global footprint with a local presence to drive the real-time digital transformation of payments and commerce.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now