With the festive season in full swing, it feels uncomfortable to put a dampener on proceedings and talk about fraud and scams. But the unhappy truth is that while organisations are using this period to plan their plays and strategies for the year ahead, so are the bad actors.
For any business that’s been impacted by fraud – which is pretty much all of them – that will come to no surprise. And correspondingly, businesses such as Callsign are looking ahead to anticipate and defend against the trends, strategies, and attack vectors that bad actors will put into play.
In this article, five industry experts from Callsign offer their insights and predictions into what challenges the year ahead will bring, and the approaches and technologies that can help businesses address them.
‘ATO will very much remain a problem,’ says Ryan. ‘And it shouldn’t be.’ Indeed, more than a year ago, Ryan questioned why it was still a topic of discussion, given that ATO is one of the oldest attack vectors used by fraudsters. But it’s a problem that keeps growing – 64% of financial institutions are seeing higher rates of ATO than before the pandemic.
‘The problem is that even today, large numbers of accounts are secured with just a username and a password. If there’s a second authentication factor, it’s usually an SMS OTP.
‘Online transactions are by their very nature digital, and that demands a digital approach to authentication. A layered intelligence approach that’s built on device and location intelligence as well as behavioural biometrics will give businesses and their customers more security, and give fraudsters a real headache.’
The headache analogy is apt, ‘…because the most effective technology that’s being used by bad actors today is inside the heads of the scammers. Social engineering is the main tool that they use to ply their trade. Scammers will spend days, weeks, even months on an attack – but when they strike, banks have minutes at most to react.’
Scams are a growing concern for businesses across the world. In a report commissioned by Callsign, 62% of respondents lost up to 13% of revenue due to consumer-based scams. Namrata is positive about the action that can be taken, however. ‘Scammers are not infallible. They rely heavily on their knowledge of a bank’s user journeys. Technologies such as Callsign’s Dynamic Interventions can disrupt that by recognising the signs of an authorised push payment scam in progress, and presenting the user with tailored messages telling them exactly what’s going on.
‘Once the hold is broken, it’s very hard indeed for a scammer to regain control – it effectively stops the scam in its tracks.’
With so many aspects of digital life now being played out on mobile platforms that were designed with security in mind, it’s no surprise that the authenticators that aren’t – passwords, cookies and SMS OTPs – are being gradually deprecated. ‘It won’t happen overnight,’ says Joe. ‘but regulators and the industry as a whole are calling time on these authentication methods.
‘To properly tackle fraud and scams, businesses have to look beyond the older, analogue approaches to the digital-first technologies that combine AI, machine learning, behavioural biometrics and device and location intelligence. The technologies of the past won’t protect us today, let alone in the future.’
That intelligence has the potential to offer more than protection, says Ali. ‘If you shift the focus to the point of check in you not only have a better chance of spotting fraud before it happens, you can also capture more customer insights along the way. Over the course of a user journey, a customer might browse for other products, add or change profile details – all of that is valuable information.
‘Tools such as Callsign provide the ability to capture those insights while passively checking for signs of fraud from the point of logon onwards. And that’s key – it means that there will be fewer chances of risky transactions getting through, fewer chances of false positives, and fewer chances of fraudulent chargebacks.’
Those friendly fraud chargebacks have become a significant issue for businesses. ‘Despite being a term that’s used across the industry,’ says Tanya, ‘first-party fraud is anything but friendly.’ The scale of the problem has led to Visa’s global dispute resolution rules, Compelling Evidence 3.0. It’s an important step forward but, as Tanya reminds, it needs to be bolstered by the right technologies.
‘There’s still an over-reliance on cookies to capture device intelligence. But cookies are easily deleted, meaning that businesses may struggle to capture consistent data over the 120-day-period needed by Visa’s new rule, which comes into play in April 2023. Deep device fingerprinting such as Callsign’s can provide a more persistent, cryptographically-bound device ID, which will meet the rule demands and protect organisations from friendly fraud.’
It would hardly be realistic to begin to hope that 2023 will be the year that we finally defeat fraud. It’s a problem that’s existed long before the digital age was even a pipe dream, and one that shows no sign of ever going away. But one thing is clear: the bad actors, the fraudsters and scammers, are not having it all their own way. New techniques and technologies to combat fraud are emerging rapidly.
That evolution is being driven by another trend that is certainty for the year ahead – increased scrutiny and regulation. In every territory, governments and legislators are taking hard stances against fraud and scams. From Reg E in the US to the Digital Payment Security Controls in India to Strong Customer Authentication in the UK, tighter and more stringent rules and regulations are being put in place for the protection of both businesses and their customers.
And so, despite the slightly sombre opening, it’s good to end both the piece and the year on an upbeat and positive note for everyone – everyone, that is, aside from the fraudsters.
About Sarah Whipp
Sarah Whipp is the CMO and Head of GTM Strategy at Callsign. A global expert in marketing and communications, Sarah is a member of the Forbes Communication Council, advises numerous startups and industry bodies on marketing strategy, and is a recipient and alumnus of awards for European and Global top 100 B2B Marketers.
About Callsign
Callsign makes digital life smoother and safer by helping organisations establish and preserve digital trust so people can get on with their digital lives. The first true representation of identity online, Callsign positively identifies users by their unique characteristics, replicating real-life recognition signals with AI models. The only solution to identify people across every journey, channel, and brand, Callsign makes digital identification seamless and secure, helping drive business growth.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now