Fraudsters tend to take advantage of economic downturns to launch new waves of attacks. This year, we have been seeing fake jobs advertised online to gather consumers’ personal information, as well as phishing campaigns that reference hot topics like mortgage rates, interest rates, or energy grants.
Meanwhile, consumers struggling with the cost of living may commit first-party fraud (claiming that goods were not delivered or damaged in transit), leading to increased disputes. We have also observed customers frustrated by delivery delays or service cancellations caused by industrial action instigating 'angry' chargebacks.
As well as establishing clear payment and returns policies, we recommend using an identity behaviour analysis (IBA) tool to flag customers associated with disputes. From April 2023, businesses can use Visa Compelling Evidence 3.0 to help defend better against first-party fraud.
Use of Buy Now, Pay Later (BNPL) is on the rise. Fraudsters may use BNPL schemes too, but with no intention of maintaining payments, so we suggest screening BNPL orders for fraud alongside other ecommerce orders and using an account takeover protection tool to monitor BNPL-linked accounts for unusual activity. Whilst IBA tools can help flag synthetic identities with no history.
Finally, fraudsters may set up grey markets or counterfeit websites that appear to offer deep discounts on popular brands. Be sure to conduct in-depth Know Your Business (KYB) checks before onboarding new sellers and monitor their accounts for at least the first 90 days.
Emerging artificial intelligence (AI) models bring true innovation but may also come with additional risks. Fraudsters could use the opportunity to:
Generate polished phishing messages that consumers find more believable
Create fake websites incorporating chatbots that mimic those on legitimate websites to obtain personal information from consumers
Attempt AI voice generation or cloning in an effort to bypass biometric checks
Create AI-generated photos to add credibility to synthetic identities
Build malware or ransomware that could be used to compromise merchants' websites
Develop scripts that create fake websites to support phishing campaigns and other fraudulent activity, for resale on the dark web
Launch bot-driven enumeration and other attacks that may bypass traditional bot mitigation solutions
Monitoring AI developments can help to assess potential threats to your business, and don’t forget about a multilayer approach to defending against AI-driven bot attacks.
Cybersource incorporates AI and machine learning into our fraud management platform, and we see potential for increasingly sophisticated AI to further automate prevention with capabilities like real-time fraud identification.
Since the Strong Customer Authentication (SCA) requirement of the revised Payment Services Directive (PSD2) came into force, indications are that fraud rates have fallen across Europe.
Card testing where issuers are more likely to offer a frictionless flow (without authentication steps)
Focus on the low-value exemption with basket sizes of less than EUR 30
Focus on the low-risk exemption for purchases below the transaction risk analysis (TRA) threshold
Businesses should protect mail order/telephone order (MOTO) channels, to which fraudsters may migrate as it's out of scope for SCA, and scrutinise transactions made using cards with BIN ranges outside the UK/European Economic Area.
And, finally, the legislative draft of PSD3 is due out this year. Make time to review it for potential impacts on your business and get a head start on planning. I’m also expecting a ramp for the new release of EMV® 3DS version 2.3, which offers new capabilities such as support for device binding, additional recurring transaction data, split SDK, and automated out-of-band (OOB) transitions.
The Cybersource team is here to help you stay ahead of fraudsters. Check out our fraud and risk management resources to learn more.
Case studies, research and recommended practice recommendations are intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. When implementing any new strategy or practice, you should consult with your legal counsel to determine what laws and regulations may apply to your specific circumstances.
Mark owns the EMEA Managed Risk portfolio at Cybersource and is a fraud risk professional with more than 15 years’ experience in the card payment and banking industry. His role allows him to work closely with enterprise clients on strategies to reduce the risk associated with fraudulent activity and optimize revenue.
At Cybersource, we know payments. We helped kick start the ecommerce revolution in 1994 and haven’t looked back since. Through global reach, modern capabilities, and commerce insights, we create flexible, creative commerce solutions for everyday life-experiences that delight your customers and spur growth globally. All through the ease and simplicity of one digital platform to manage all your payment types, fraud strategies, and more. Knowing we are part of Visa and their security-obsessed standards, you can trust that your business is well taken care of —wherever it may go.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now