Financial institutions will need layers of increasingly sophisticated systems to combat a growing online payment fraud problem, projected to reach a cumulative $343 billion over the next five years, according to Juniper Research.
An increasing range of online payment fraud techniques and potential attack surfaces and increasingly diverse set of consumers and behaviours, means financial institutions and online merchants face a difficult battle.
“Online payments are not isolated, they operate in complex web of interactions, and the use of open APIs, whilst creating expansive opportunities for all stakeholders, must now be a consideration.
"The identity network, a key component of payments, is also a driving force that, used well, can build trust, but also adds into this heady mix opportunities for fraud,” Juniper Research said this week in the new report.
The report comes after Lloyds Bank in Feb moved £180 million in fraud charges from its impairment sheet to costs sheet with CFO William Chalmers telling analysts on an earnings call that "it used to be the case that much of the fraud that happened in the business was linked to the lending side of the business. What's happened with the growth -- unfortunate growth of push payment forward is that it's moved the liability side of the business. And so it becomes very transactional from a customer basis.. we've chosen to move it up and put it into the cost base."
Subscribe to The Stack's Command Line newsletter
The research house believes API security has become a “central aspect” of creating a secure payments ecosystem.
The report singles out account takeover (ATO) as a critical type of online payment fraud: “[Financial institutions] will need to focus on a multi-layered approach to mitigate ATO losses, including increased adoption and sophistication of authentication, such as multi-factor access authentication… Individually, authentication and profiling can be exploited by fraudsters. When combined, and with additional layers, they are an effective deterrent.”
Unbanked people starting to use financial services for the first time also represent a particular challenge, according to the report: “With more innovative financial product roll-outs expected in the next two to three years, the fraud risk in this area will also grow. There needs to be an increase in the use of alternative data to identify fraud risk for the unbanked. Unbanked consumers do not have or have very limited banking or credit data.”
“Alternative data” means information such as rent, utility or mobile phone payments, as well as employment details and other aspects of identity – but acquiring, ingesting and using this data will also be a challenge. Additionally, unbanked people will be increasingly targeted by fraudsters, as their lack of education on online payment fraud risks will make them easier targets, according to Juniper Research.
See also: NCSC and ICO issue stark warning on ransoms
“Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users,” said report author Nick Maynard in a press release.
Artificial intelligence will play an increasing role in preventing online payment fraud, suggested the report. AI profiling during authentication, along with the use of AI in background checks, can be used to reduce numbers of both fraudulent transactions and fraudulent accounts – and then shared with other institutions, in the same way credit profiles are.
“For example, once a set of details (including name, email, address and even IP address) is flagged as fraudulent by one company, it can be flagged to the entire network and all associated vendors. Once AI systems learn what patterns and behaviours to flag. the number of fraudulent accounts will significantly reduce,” said the report.