Fraud is rising in fintech – learn how to outsmart fraudsters' automated tactics

Jane Lee, Trust and Safety Architect at Sift: The biggest increases in overall payment fraud happened in digital wallets, crypto, and PSPs, and the values of attempted fraudulent transactions exploded in remittance and neo/challenger banks

Sift's Q1 2022 Digital Trust & Safety Index illustrates how cybercriminals are increasingly sophisticated and often using automated tactics to commit payment fraud. Based on Sift's global network of over 34,000 websites and apps and more than 1,000 consumer surveys, the index forecasts an overall 70% increase in payment fraud attack rates across fintech by 2021 (the percentage of fraudulent transactions blocked by Sift out of total transactions). 

Sift has been publishing quarterly editions of the Digital Trust & Safety Index for a couple of years now. What are the differences between this year's insights and those of the Q1 2021 edition in terms of fraud attack rates? 

Between 2020-2021, average daily transaction volumes across Sift’s global merchant network rose in every industry, with the biggest surge in fintech at 121% growth YoY. Order volumes shot up by 29% in digital goods & services, 24% in marketplaces, and 34% in travel & hospitality, signaling new fluctuations in demand for markets hit hard by the pandemic. 

By now, we understand the reasons behind the surge in volume between 2019-2020 caused by the pandemic. However, what was uncertain at the time of the last report was whether online consumer purchasing habits would remain the same once the world began opening up. As our findings show, old habits die hard. All of that growth acted like a magnet for financial fraudsters, driving attempted payment fraud rates up by 23% across our global network—with notable rises in fintech (69%), digital goods & services (49%), and on-demand services (25%) between 2020-2021.

Some subverticals were hit especially hard; remittance experienced a 677% YoY increase in average fraudulent order values, from USD 163.67 in 2020 to USD 1,271.00 in 2021. Fraudulent transaction values also rose in other fintech subverticals, like neo/challenger banks (85%). 

What does automation mean in the fraud context? Besides bad bots, can we look at automated fraud from another angle?

When we use the term ‘bots’, we are referring to a number of different fraud tactics used to automate attacks, so it’s a bit misleading to think of the problem as just a ‘bad bot’ problem. 

When cybercriminals apply automation, they’re using scripts in a variety of ways to attack at speed and scale, giving them a much higher chance of overwhelming an organization’s fraud prevention capabilities. Then, they can rapidly verify stolen information by testing different data—payment details, credentials, promo codes, home addresses—or use info they’ve already confirmed to make unauthorized purchases and transfers.

What are the most targeted commerce and fintech industries this time around and why?

According to the findings in this most recent report, the biggest increases in overall payment fraud happened in digital wallets, crypto, and PSPs, and the values of attempted fraudulent transactions exploded in remittance and neo/challenger banks. 

Cybercriminals know these businesses are less likely to have robust fraud detection systems, and exploit that. Cryptocurrencies and BNPL payment options have also become attractive targets for fraudsters. Fraud follows the money, and this is the case for alternative payments as well, as more merchants explore this option. The fact that alternative payments add another layer to the ecosystem makes them especially alluring for cybercriminals.

Can you elaborate on the current situation with Buy Now, Pay Later? What are the fraud risks there?

Rising fraud in the Buy Now, Pay Later (BNPL) space is another snowballing concern for merchants who offer point-of-sale loan options. We are seeing nefarious actors exploit BNPL mainly by either hacking into existing BNPL accounts, or creating BNPL profiles using stolen identities that will later be held liable for fraud. Once they gain access into a BNPL provider account, they can infiltrate other merchants that offer BNPL purchases, increasing the stakes. 

One thing people don’t realize is that fraud risks double when it comes to BNPL payments, because you are now dealing with threats on both the merchant side and the BNPL provider side. A common misconception among merchants is that they don’t need to worry about fraud because their provider absorbs the risk. However, you don’t want your brand known as an easy target for fraud. Once fraudsters figure out any sort of vulnerability, they will attack you from all angles until they’re blocked. 

What are your thoughts about the next target being the metaverse and the NFTs? Don't you think it's likely for this to happen in the coming months? 

Spoiler alert: this has already happened, and we have seen recent headlines about NFT theft. My totally unrisky bet would be that this will only continue as we see the metaverse expand. We already know how and why the blockchain, by nature, provides cybercriminals with speed and anonymity, so it’s only natural that they should pivot their tactics towards emerging alternative payments, currencies, and marketplaces.

How can Sift help businesses get a handle on sophisticated fraud attacks?

Cybercriminals are becoming less specialized, and more adept at different types of abuse. They use multiple strategies to commit payment fraud, and target individual vulnerabilities across the user journey. Once they’ve bypassed even one security gate, they’re able to launch wider attacks against larger communities of merchants and consumers.

Ultimately, it’s up to trust and safety teams to protect the business and its customers. Because the Fraud Economy is global and interconnected, attacks against one person or organization can impact many other merchants across other industries. Consumer password reuse, and the storage of login credentials on websites, mean that stolen usernames and passwords from one site can be used to hack other accounts owned by the victim. 

In order to stop attacks before they happen and prioritize growth, businesses need a strategy that eliminates opportunities for attack while optimizing for the best consumer experience. Sift’s Digital Trust & Safety Suite is an end-to-end, flexible solution backed by a network of billions of fraud signals every month from over 34,000 apps using our platform. Our customers fight payment fraud, account takeover (ATO), spam, scams, promo abuse, and chargebacks in real time, without giving up on growth or disrupting the user journey with repeated authentication. Our recent acquisition of Keyless, the passwordless and multi-factor (MFA) pioneer, will take us into the next era of account security by allowing users to authenticate by simply looking into their device’s camera.

It can be overwhelming to consider the consequences of fighting something so ambiguous and complex. With that in mind, we’ve also just launched our new Fraud Intelligence Center. This is a trust and safety hub featuring current data from our network, expert insights, and other resources to help analysts better understand how cybercriminals take advantage of multiple abuse types, and how to proactively defend against different threats.   

About Jane Lee

Jane Lee is a Trust & Safety Architect at Sift, who specializes in spam, account/content abuse, and payments risk. Prior to joining Sift, she was on fraud teams at Facebook and Square, and also spent some time as a Private Investigator. She is passionate about designing and operationalizing systems for detection and enforcement of fraud at scale.

About Sift 

Sift is the leader in Digital Trust & Safety, empowering companies of every size to unlock new revenue without risk. Our cutting-edge platform dynamically prevents fraud and abuse with real-time machine learning that adapts based on Sift’s unrivaled global data network of 70 billion events per month. Global brands such as Doordash, Twitter, and Crypto.com rely on Sift to gain a competitive advantage in their markets.