In a digital world, regulators and innovators need to team up to beat fraud
Innovation in payments has moved rapidly over the past decade, with companies of all sizes and industries diversifying their payment methods and incorporating network tokens. Furthermore, the development of app-based payment models has led to a massive decrease in the use of plastic and cash, and the ubiquity of authorized push payments and mobile devices has resulted in consumers expecting to be able to make payments securely at the click of a button.
The race to satisfy the demand for frictionless, real-time payments has produced impressive technological innovation, however it’s also allowed fraudsters to slip through traditional payment fraud detection methods, leaving consumers open to abuse. Payment industry regulators have made well-intentioned efforts to better defend consumers against fraud and abuse, with recent safeguards including those that protect consumers from inadvertently signing up for costly subscription schemes (which also force merchants to provide opt-out clauses and notifications).
Still, in the quest for consumer protection regulators can be too narrow in their approach and lack a comprehensive understanding of the implications of new data protection rules. For example, current data privacy laws mandate that merchants remain unable to access information that might be used for secure and quick user authentication. Fraudsters, on the other hand, who aren’t bound by regulation, can access this information and therefore have an advantage over merchants in targeting consumers. In fact, data protection laws have the ability to benefit fraudsters even further if they’re committed to playing the long game, as fraudsters can easily return to attack previous victims after their data has been deleted.
Balancing consumer data privacy with effective authentication and fraud prevention certainly creates challenges for both businesses and regulators. Complicating matters even further is the long-standing impact of COVID-19 on the payments landscape. With businesses having to revamp their entire operations, pivot towards online revenue streams and integrate contactless payment methods, the volume of digital transactions stands to continue to skyrocket. This will provide an even more effective smokescreen for fraudsters, allowing them to avoid detection due to the increased volume of legitimate traffic.
To safely transition into what’s becoming an increasingly cash-free world, businesses must prioritize identity management not just when a customer onboards, but throughout the entire customer life cycle. Because money movement happens in real-time and fraudsters can easily hijack a payment before any involved parties become aware, a multi-pronged approach that leverages behavioral biometrics, device heuristics and other fraud mitigation tactics is essential. By applying such an approach as the first line of defense earlier in the attack life cycle, businesses and their payments partners can better understand underlying intent, identify telltale signals of fraud, segment traffic based on its risk profile, and better distinguish between bots, human fraud rings and legitimate users.
While employing technical best practices like identity management and targeted authentication is crucial, overcoming the drastic rise in payments fraud also means fostering greater collaboration between all the participants in the payments ecosystem. Businesses should consider sharing their data on known bad actors so they and their peers can devise more effective fraud prevention strategies. Furthermore, a close collaboration between leading payment innovators and regulators could help regulators better understand the direction the industry is headed. This would ultimately enable regulators to incorporate risk-based machine learning techniques and deliver more customer-friendly, fraud-focused regulation -- a critical component in the fight against payments fraud and abuse.