Voice of the Industry

Three fraud trends to watch out for in 2023

Friday 17 February 2023 10:43 CET | Editor: Irina Ionescu | Voice of the industry

Fraud trends for 2023 look set to be defined by economic uncertainty, increasingly sophisticated AI models, and attempts to exploit SCA exemptions. Mark Strachan, Managed Risk Europe Regional Lead at Cybersource, shares his insights on these three trends and offers guidance on how to tackle them.

1. Economic downturn changes fraudster and consumer behaviour

Fraudsters tend to take advantage of economic downturns to launch new waves of attacks. This year, we have been seeing fake jobs advertised online to gather consumers’ personal information, as well as phishing campaigns that reference hot topics like mortgage rates, interest rates, or energy grants. 

Meanwhile, consumers struggling with the cost of living may commit first-party fraud (claiming that goods were not delivered or damaged in transit), leading to increased disputes. We have also observed customers frustrated by delivery delays or service cancellations caused by industrial action instigating 'angry' chargebacks. 

As well as establishing clear payment and returns policies, we recommend using an identity behaviour analysis (IBA) tool to flag customers associated with disputes. From April 2023, businesses can use Visa Compelling Evidence 3.0 to help defend better against first-party fraud. 

Use of Buy Now, Pay Later (BNPL) is on the rise. Fraudsters may use BNPL schemes too, but with no intention of maintaining payments, so we suggest screening BNPL orders for fraud alongside other ecommerce orders and using an account takeover protection tool to monitor BNPL-linked accounts for unusual activity. Whilst IBA tools can help flag synthetic identities with no history.

Finally, fraudsters may set up grey markets or counterfeit websites that appear to offer deep discounts on popular brands. Be sure to conduct in-depth Know Your Business (KYB) checks before onboarding new sellers and monitor their accounts for at least the first 90 days.

2.  Emerging AI models bring new opportunities for fraudsters

Emerging artificial intelligence (AI) models bring true innovation but may also come with additional risks. Fraudsters could use the opportunity to:

  • Generate polished phishing messages that consumers find more believable

  • Create fake websites incorporating chatbots that mimic those on legitimate websites to obtain personal information from consumers 

  • Attempt AI voice generation or cloning in an effort to bypass biometric checks 

  • Create AI-generated photos to add credibility to synthetic identities 

  • Build malware or ransomware that could be used to compromise merchants' websites

  • Develop scripts that create fake websites to support phishing campaigns and other fraudulent activity, for resale on the dark web

  • Launch bot-driven enumeration and other attacks that may bypass traditional bot mitigation solutions

Monitoring AI developments can help to assess potential threats to your business, and don’t forget about a multilayer approach to defending against AI-driven bot attacks. 

Cybersource incorporates AI and machine learning into our fraud management platform, and we see potential for increasingly sophisticated AI to further automate prevention with capabilities like real-time fraud identification. 

3.  Fraudsters look to SCA exemptions

Since the Strong Customer Authentication (SCA) requirement of the revised Payment Services Directive (PSD2) came into force, indications are that fraud rates have fallen across Europe

Fraudsters will, nevertheless, continue to adapt their techniques as they always have, presenting fraud teams with an evolving set of challenges. Look out for:
  • Card testing where issuers are more likely to offer a frictionless flow (without authentication steps)

  • Focus on the low-value exemption with basket sizes of less than EUR 30 

  • Focus on the low-risk exemption for purchases below the transaction risk analysis (TRA) threshold

Businesses should protect mail order/telephone order (MOTO) channels, to which fraudsters may migrate as it's out of scope for SCA, and scrutinise transactions made using cards with BIN ranges outside the UK/European Economic Area. 

And, finally, the legislative draft of PSD3 is due out this year. Make time to review it for potential impacts on your business and get a head start on planning. I’m also expecting a ramp for the new release of EMV® 3DS version 2.3, which offers new capabilities such as support for device binding, additional recurring transaction data, split SDK, and automated out-of-band (OOB) transitions.

Learn more

The Cybersource team is here to help you stay ahead of fraudsters. Check out our fraud and risk management resources to learn more.

Case studies, research and recommended practice recommendations are intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice.  When implementing any new strategy or practice, you should consult with your legal counsel to determine what laws and regulations may apply to your specific circumstances.

About Mark Strachan

Mark owns the EMEA Managed Risk portfolio at Cybersource and is a fraud risk professional with more than 15 years’ experience in the card payment and banking industry. His role allows him to work closely with enterprise clients on strategies to reduce the risk associated with fraudulent activity and optimize revenue. 

About Cybersource

At Cybersource, we know payments. We helped kick start the ecommerce revolution in 1994 and haven’t looked back since. Through global reach, modern capabilities, and commerce insights, we create flexible, creative commerce solutions for everyday life-experiences that delight your customers and spur growth globally. All through the ease and simplicity of one digital platform to manage all your payment types, fraud strategies, and more. Knowing we are part of Visa and their security-obsessed standards, you can trust that your business is well taken care of —wherever it may go.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: chargebacks, artificial intelligence, fraud detection, online fraud, fraud management, fraud prevention, BNPL, KYC, eKYC, KYB, bot attacks, ecommerce, scam, SCA, 3-D Secure, PSD2, EMV, account takeover, ecommerce platform
Categories: Fraud & Financial Crime
Companies: Cybersource
Countries: World
This article is part of category

Fraud & Financial Crime


Discover all the Company news on Cybersource and other articles related to Cybersource in The Paypers News, Reports, and insights on the payments and fintech industry:

Industry Events