Unfortunately, the fraudsters have also been keeping pace with these trends, always focusing on where the systems are the weakest and easiest to steal from. In Latin America, the reported rate of economic crime has increased from 28% in 2016 to 53% in 2018 and continues to rise. The ACFE estimates that close to 5% of GDP is currently loss to financial crime costing Latin America trillions of dollars in losses. In direct relation to this, organizations have increased their spending to combat financial crime.
Here are some of the emerging threats – and key fraud prevention mechanisms to combat them – that we foresee gaining traction in 2020:
- User behaviour analytics (UBA): While yesterday’s security concepts used rules and signatures to prevent “unwanted” occurrences, increasing digitization in payments will lead the industry to rely more on User Behaviour Analytics (UBA) to detect increasingly sophisticated attacks. With UBA, banks and payment companies will assess user behaviour; whether it’s a swipe on the phone, a wiggle of the mouse or a tap on the keyboard, making it quicker and easier to detect unusual or suspicious behaviour. Going beyond static machine learning, adaptive behavioural analytics are extremely proficient and will be better at differentiating between actual fraud, and activities that appear suspicious but are ultimately genuine.
For example, if a user logs into his or her account at an irregular rate or suddenly begins adding priority shipping to high-priced orders, the system will detect this irregularity and immediately raise a red flag. However, if a user simply purchases an expensive gift, or books travel arrangements during the festive season—behaviours that coincide with seasonal activity—the system will recognize and differentiate the fraudulent from the legitimate accordingly.
- Democratized machine learning: With ‘democratized’ machine learning, what we mean is that financial crime risk managers, with specific subject matter expertise, are equipped with machine learning modelling tools that they can build, test and deploy on their own – without extensive help from tech experts. This will give them better understanding and more power to explain their choice of features, use of model scores and the actions taken to their management, auditors and regulators. This more democratized approach to machine learning will make it easier to not only address specific threats but to show ROI – one of the biggest reasons why this trend will emerge strongly.
- Centralized payments intelligence hub: With real-time payments, the window for fraud prevention is much shorter and the ability to recover a fraudulent payment is much lower. Traditional rules-only systems are great at detecting known threats but can’t uncover new criminal fraud strategies or zero-day attacks, which puts customers at risk. Hence, 2020 will see more interest among banks for shared intelligence (features and signals vs. data) for increased accuracy of fraud detection and prevention.
- Rise of application fraud: Across the world, identity scans are largely broken, meaning that synthetic IDs and pure identity theft will continue to increase next year, especially as banks and credit grantors continue to neglect reporting these losses or lose them in credit losses. This could be further fuelled by attacks on central infrastructures that manage digital identities and other important information, for example attacks on Aadhaar data and similar breaches.
- Card-not-present (CNP) fraud: CNP fraud is done by obtaining details of a credit card holder like billing address, account number, three-digit security code and expiry date of the card. Credit card holders are generally fooled through mediums like online phishing, but both customers and merchants suffer when card-not present fraud occurs. In the recent past, after the mandate of two-factor authentication from RBI, the number of such ‘card-less’ or ‘card not present’ transactions have marginally gone down. However, due to the rise in SIM swaps and skimming, the percentage of such frauds could potentially rocket. These types of attacks will compel businesses to look beyond traditional endpoint security solutions if they are going to effectively combat evolving threats.
Cybersecurity and digital payment fraud cases are a critical concern when it comes to digitization of payments, and banks and other players in the ecosystem will have to take the right steps to mitigate them. Investments in next-level authentication methods, behavioural biometrics, multi-factor authentication, and real-time monitoring of frauds are some of the tools that will come to the fore in 2020 and can be leveraged to reduce frauds and continue to instil in consumers’ confidence in digital payments.