Alicia Hope | CPOmagazine.com »
A study by Juniper Research warns that online payment fraud losses globally will reach $343 billion between 2023 and 2027.
The cumulative online payment losses will equal 350% of Apple’s reported net income for the 2021 fiscal year, showing the massive extent of online payment scams.
The report listed banking, money transfer, airline tickets, and the online sale of physical and digital goods as the main sources of online payment fraud. A third of the losses will arise from banking and money transfer.
Similarly, the report identified various tactics used by online fraudsters, such as social engineering, phishing, and business email compromise (BEC).
According to the Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2022-2027 report, innovation in threat actors’ tactics such as account takeover fraud fuels online payment scams.
Sale of physical goods accounts for most online payment fraud losses
The sale of physical goods will account for the largest source of cumulative online payment fraud losses between 2023 and 2027. This common business activity will account for 49% of the total losses to online payment fraud, representing a 101% increase.
The report noted that the lack of verification processes in developing markets is a major risk factor for online payment fraud.
Additionally, the intrinsic value of physical goods made them an attractive target for online payment fraud because of their resale potential.
Complex web of interactions and APIs expand the attack surface for online payment fraud
Many businesses and buyers adopted online transactions during the pandemic and will likely maintain this trend beyond 2022.
This situation expands the attack surface and user behaviors that threat actors could exploit to takeover accounts and commit online payment fraud.
According to the report, online payments do not work in isolation but “operate in a complex web of interactions and APIs.”
“The identity network, a key component of payments, is also a driving force that, used well, can build trust, but also adds into this heady mix opportunities for fraud,” the researchers warned.
The researchers advised merchants to adopt source address verification processes and multi-factor authentication to combat online payment fraud from the sale of physical goods.
Innovation needed to combat online payment fraud
The researchers stated that merchants and financial institutions must address account takeover attacks (ATO), whose sophistication has improved over the years.
“In order to combat rising fraud, fraud prevention vendors must orchestrate the right mix of verification tools, at the most effective point in the customer journey, to best protect users, but that this will require significant capabilities to achieve.”
Subsequently, they should adopt “sophistication of authentication, such as multi-factor access authentication” and combine them with other layers of security to deter online scammers.
Additionally, they observed that unbanked individuals presented a significant risk for online payment fraud because they lacked enough data and credit. Such individuals were also vulnerable to cyberattacks because of their low education levels.
The researchers advised financial institutions to find “alternative data” to address the risk posed by unbanked people. Possible solutions include using rent, utility, and mobile payment data to verify unbanked people.
However, given the diversity of transactions, analyzing data from multiple external transactions requires significant effort.
“Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances …,” the report author Nick Maynard stated.
However, with the modern advances in artificial intelligence (AI), fraud prevention vendors can easily utilize data from multiple sources and validate users.
“With account takeover fraud and identity theft being the two common tactics used to execute fraud-based attacks, even zero trust initiatives and programs are susceptible to be evaded by threat actors,” Saryu Nayyar, CEO and Founder at Gurucul, said. “This requires security teams to have a solid baseline of current identity access rules for the purpose of applying behavior analytics as a leading threat indicator. Combining abnormal user and entity behaviors with identity and access analytics can rapidly distinguish and confirm malicious activity.
“It is rare to find this combined set of capabilities in most SIEM and XDR platforms but is critical as identity-based attacks are becoming the norm.”
Chris Olson, the CEO of The Media Trust, said customers suffered the most from organizations’ poor cybersecurity practices.
“When it comes to online payment fraud, organizations need to take the consumer perspective seriously: consumers pay the highest price for lax security, driving reduced trust and lower brand equity over the long term.”
online payment fraud
According to Olson, businesses must identify their digital vendors and eliminate every attack surface at every transaction step.
“In recent years, thousands of online businesses and eCommerce sites have fallen victim to attacks through compromised payment software – Magecart continues to affect organizations in 2022; more recently, hundreds of stores were breached through a remote code execution (RCE) vulnerability in Adobe Magento. Ultimately, it’s crucial to know who your digital vendors are, monitor their activity, and eliminate potential attack surfaces at every stage of the customer’s journey.”