A new study from Juniper Research indicates that online payment fraud is set to top $343 Billion over the next five years. This number is due to fraudster innovations in the areas of account takeover fraud and identity theft, regardless of the widespread implementation of identity verification measures. The research identified physical goods purchases as the largest single source of losses, expecting this to account for 49% of cumulative online payment fraud losses globally over the next five years, growing by 110%. Lax address verification processes in developing markets are also a major fraud risk, with fraudsters targeting physical goods specifically due to their resale potential.
I have a pair of comments on this. The first is from Saryu Nayyar, CEO and Founder of Gurucul:
“With account takeover fraud and identity theft being the two common tactics used to execute fraud-based attacks, even zero trust initiatives and programs are susceptible to be evaded by threat actors. This requires security teams to have a solid baseline of current identity access rules for the purpose of applying behavior analytics as a leading threat indicator. Combining abnormal user and entity behaviors with identity and access analytics can rapidly distinguish and confirm malicious activity. It is rare to find this combined set of capabilities in most SIEM and XDR platforms but is critical as identity-based attacks are becoming the norm.”
Chris Olson, CEO of The Media Trust has my second comment:
“When it comes to online payment fraud, organizations need to take the consumer perspective seriously: consumers pay the highest price for lax security, driving reduced trust and lower brand equity over the long term. Better verification tools are a must-have – at the same time, organizations must pivot to prevention over reaction and work to harden their digital ecosystem against vulnerabilities originating from third-party vendors.
In recent years, thousands of online businesses and eCommerce sites have fallen victim to attacks through compromised payment software – Magecart continues to affect organizations in 2022; more recently, hundreds of stores were breached through a remote code execution (RCE) vulnerability in Adobe Magento. Ultimately, it’s crucial to know who your digital vendors are, monitor their activity, and eliminate potential attack surfaces at every stage of the customer’s journey.”
Clearly threat actors are evolving their attacks to score bigger paydays. Thus every effort must be made to make sure that individuals and companies aren’t victims. And that’s done by making sure that these sorts of fraud are difficult to perpetrate.
External Link: Online payment fraud to top $343 Billio: Juniper Research