How to Tackle Payment Fraud in 2021
Article by Damon Madden is Principal Fraud Consultant— Fraud & Risk Management, ACI Worldwide
Every year typically has a few defining moments, but 2020 seems to have borne multiple world-changing, paradigm-shifting developments. Parallel to this, global economies have moved quickly in ways that have accelerated technological change, which is having a lasting impact on consumer behaviour, fraud patterns as well as risk mitigation. The payment landscape is evolving rapidly too, driven by innovation, plus a growing appetite and acceptance for real-time banking and payment solutions. With a growing number of digital channels available to consumers, virtual interactions are also on the rise, offering additional avenues for fraudsters to exploit.
In the wake of all this changes, let us take a look at some key trends that we expect to shape 2021:
- Fraud management as a service: As we move into 2021, increasing cost pressures will result in more financial institutions (FIs) choosing to outsource their fraud detection requirements; this will range from cloud hosted solutions through to the complete outsourcing of fraud detection capabilities.
- Increased reliance on network intelligence: Isolation from the fraud detection community will prove to be costly for organisations. As fraud evolves, criminals too are becoming more organised in their approach to committing cybercrime. Increased collaboration among the fraudsters is making fraud detection more difficult than ever. To counter this, a community approach to fraud detection and prevention is of utmost importance. A syndicate of financial institutions to share fraud-related intelligence will ensure that if any member is targeted by a criminal, the signals can be propagated out to better protect the entire community from attack.
- Trust in automation: Managing transactional fraud will remain a priority for banks and FIs. Fraud solutions providing enterprise-wide monitoring with a combination of machine learning (ML) and rules-based strategies have enabled significant reductions to the volume of fraud transactions and total value of fraud losses. While some FIs have managed to do well in this area, during the COVID-19 pandemic we have witnessed the closing of offshore fraud contact centres and the shift of this workload back to fraud operations teams. There will be pressure post-COVID-19 to learn from this and address the business resilience risk. The most efficient way to achieve this is through increased automation – namely two-way customer communication. For example, when authentication fails, a bank must communicate with the customer in order to reset the authentication. If the transaction is genuine, the customer might get frustrated by their inability to progress, on the other hand, if it’s an attempt at fraud, customers need to know about it as soon as possible. In both cases, two-way communication with the customer needs to be quick and effective. This is where automation will play a big role. There’ll also be more dependence on other automated actions – auto block, remove block, automated report filing, auto marking and even applying machine learning models to reduce rules so that fraud strategy optimisation is less reliant on manual review for refresh.
- Continued growth in identity fraud: We will continue to see an increase in identity theft stemming from data stolen via data breaches and social engineering scams. Many people are experiencing social isolation and are therefore more susceptible to romance scams, employment scams like fake employment adds, stimulus or support payment offers or simply spending more time on online entertainment sites or portals where fraudsters are lurking with fake giveaways and investment deals. All of these scams aim to convince unsuspecting victims to hand over financial and other sensitive data. Vulnerable members in our community will continue to be a prime target for scam activity. With this continued trend, we will need to turn our attention more to utilisation of behavioural profiling capabilities to detect shifts from normal behaviours so we can trigger additional authentication measures. Increasing pressure will come from consumer protection regulators for payments organisations to own the responsibility for extending existing protection from fraud to scams and take on liability for losses.
- Better customer profiling and behavioural analytics: Access to a new data element trumps a new fraud capability – this feeling is widely shared in the payments industry, as data elements we currently have access to become redundant, for example, IP addresses. This highlights the need to bring on and use new data. Banks and financial institutions that are responsible for protecting customer information and their payments will need more data points to identify genuine customers accurately and quickly, while weeding out the ones that require additional action to authenticate. There will be a pressing need to identify customers whose data is” vulnerable” and those whose behaviour suggests they are being coerced or threatened.
As banks continue to automate processes for making their defences robust, fraudsters will turn to entities in the ecosystem that are more vulnerable – this could be a business or an individual. Since banks and FIs are better equipped with advanced fraud management solutions that can help protect businesses and their customers, they have an evolved role to play. Furthermore, regardless of the risk management solutions in place as we enter 2021, it’ll be imperative for banks to stay on top of changing fraud trends.