Spotlight: payments fraud

Merchants are expected to lose over $362 billion globally to payments fraud between 2023 and 2028. 

No, that's not a typo. 

$362 billion is the number estimated following extensive analysis by Juniper Research. And it sits on top of the $78.5 billion in losses Juniper believes merchants globally have lost to payment fraud since the turn of the decade.

If you didn't know it already, payment fraud is an issue you cannot ignore or treat with complacency. You can be sure the fraudsters aren't. They're scheming away, finding novel ways to hurt your company for their financial gain. And they're getting more innovative and more effective by the day.

In this spotlight, we'll tour the payments fraud landscape. We'll explore

  • The evolution of payment fraud post-pandemic

  • The payment fraud trends you need to know about today

  • Tips to fight payments fraud

The changing payments fraud landscape post-pandemic

The payments fraud landscape has evolved rapidly since the pandemic accelerated the shift to ecommerce. Suddenly, fraudsters had a much larger target to go after—Stripe, for instance, said they had 1,400 businesses a day join its platform in 2021. 

Even more significant is that most, if not all, of these businesses had little to no experience selling online. They found themselves learning the ropes on the fly and often lacking the necessary tools and insights to counter fraud effectively. 

Then, another cohort simply didn't prioritize implementing a robust fraud prevention strategy. They focused on maximizing sales to stay afloat during the tough economic conditions. 

Both situations created an environment tailor-made for bad actors to exploit. And exploit them they did. Research found that merchants saw a 10% increase in payment fraud during the pandemic.

Now for the good news: progress has been made since then. According to the latest insights from the MRC 2023 Global Payments & Fraud report, the percentage of revenue lost to payments fraud has declined. This figure stands at 2.9% in 2023, a significant number but a notable reduction from the 3.6% observed in 2022. 

The report cites several factors for this decline, including increased spending on fraud prevention tools, particularly in markets like the US and Asia Pacific. There's also a broader understanding and appreciation of payments fraud from businesses worldwide, especially those laser-focused on preserving their bottom line. 

The risk of payments fraud continues to evolve

But this is payments fraud we're talking about. Change is the only constant. So, while the overall picture may show improvement, you must stay vigilant and mindful of the developments under the surface that should be cause for concern. 

A recent survey we ran on LinkedIn found that 77% of respondents said they were seeing an increase in attempted payments fraud. 

Let's take a look at a few of the developments:

The growing threat of AI-powered fraud

In what feels like a blink of an eye, we've suddenly entered a new age where AI impacts every aspect of a business. And there's no doubt generative AI will change the game regarding payments fraud.

Fraud prevention software provider Sift documents what it's seeing in its Q2 2023 Digital Trust & Safety Index. It finds that fraudsters are using AI to increase the velocity of their attacks—basically throwing everything at the wall to see what sticks.

For example, another study found it can cost less than $200 to attempt 100,000 account takeovers, with a success rate between 0.2 to 2%.

It's a somewhat primitive use case for generative AI, but it will still put merchant fraud defenses to the test. And the next evolution is not far away, if not here already. These developments will see fraudsters leverage generative AI tools for all sorts of sophisticated use cases, such as creating incredibly realistic deep fakes as well as complex and highly realistic phishing attacks.

Just take a look at this:

Partner Insight: Rebecca Alter, Trust and Safety Architect at Sift

In the last few years, fraud teams have seen a massive increase in the rate of account takeover (ATO) attacks—a trend that's only getting worse due to automation and generative AI tools like ChatGPT. AI tools have made it easier for fraudsters to bypass traditional identity and verification checks, crack passwords, and generate better-sounding language that makes phishing scams more convincing. 

The emergence of tools like ChatGPT in the fall of 2022 is likely responsible for the sharp increase and frequency of social engineering scams, which have, in turn, resulted in a jump in downstream fraud, specifically ATO, which surged over 400% in the first quarter of 2023 compared to all of 2022 alone.

The expansion of 'friendly fraud'

Friendly fraud, otherwise known as 'chargeback fraud' or 'first-party misuse,' is always top of mind for merchants. However, with the current economic conditions forcing previously good customers to turn into bad actors, merchants must be more vigilant than ever. 

The MRC 2023 Global Payments and Fraud survey found that over 6 in 10 have reported increased first-party misuse disputes since 2021. It comes with a considerable cost, with merchants estimating they must spend $35 to manage friendly fraud for every $100 they face in disputes.

Further increases in the cost of living and increasing instances of professional fraudsters exploring the chargeback mechanism compound the issue for merchants. 

Check out this blog to learn how to manage disputes effectively. 

Fighting back against payments fraud 

As is often the case in payments, there is no one-size-fits-all approach to fighting payments fraud. But at a high level, if a merchant is considering implementing or evolving their approach to tackling payments fraud, there are three key areas to consider.

Fraud Strategy

It's tempting to declare that the goal is simply to prevent fraud—but the reality is more nuanced. Striking the right balance is crucial: overzealous measures might quash 99.9% of fraud attempts, but they could also inadvertently deter legitimate customers, potentially costing more than the fraud losses themselves.

Going the other way and taking a lax approach brings its own issues, leading to penalties, elevated processing expenses, reputational harm, and, in extreme scenarios, the card schemes banning you from accessing their networks.

Building that strategy requires cross-functional input. It's worth pulling together a group with representation from the payments, go-to-market, risk, and finance teams. These will give you a 360 view of the different considerations when building your strategy. A member of the senior leadership should also be part of the group to sign off the overall approval. Collectively, this group of individuals is well-positioned to determine your risk tolerance.

This group should reconvene a few times yearly—perhaps monthly if you're in a particularly high-risk industry—to ensure the strategy aligns with your overall business goals. 

Fraud Tooling

The next step is to ensure you have the proper tooling to implement your strategy. There are a wealth of options to choose from. 

Some merchants choose to go it alone and build a proprietary fraud prevention system. This approach may give you a bespoke set of tools aligned with your unique business needs, but it's costly to develop and maintain. Alternatively, you can tap into the expertise of specialist fraud prevention tools available in the market. These come broadly in two forms:

Fraud Prevention Tools from PSPs

Most of the full-service PSPs offer some form of advanced prevention. Examples include Checkout.com Fraud Detection Pro, ReveueProtect from Adyen, and Stripe Radar. These tools provide robust functionality, leveraging the PSP's network data to identify and prevent fraud following the merchant's risk tolerance. Typically, these are considered 'value-added services,' so they come at a cost. They also have the limitation of only preventing fraud on transactions processed by that PSP. 

Fraud Prevention Tools from Specialist Third-Party Providers. 

The likes of Forter, Riskified, Sift, and Signifyd also provide fraud prevention solutions. These providers offer a range of tooling to prevent payment fraud, increasingly incorporating AI and traditional rules-based fraud detection methods. As these are agnostic, merchants can flow their entire transaction volume through the solution and provide a more comprehensive level of protection. These tools also offer a growing range of risk management solutions beyond payments or that are payments adjacent.

Learn how Primer gives merchants tooling to fight payments fraud.

Fraud Collaboration

The fight against payment fraud is a collaborative effort. Internally, your organization's members collectively shoulder the responsibility of recognizing and reporting suspicious activities. Externally, merchants should unite with law enforcement, vendors, and industry bodies to exchange insights and foster collaboration. This joint effort contributes to constructing a secure digital economy, benefitting all its users.

Final thoughts

The fight against payments will continue evolving. And it'll be unpredictable. Nobody knows what impact generative AI will have. What new tactics will fraudsters think of next? Or what industry segments they'll target. What we do know, however, is that with the right strategy, tools, and partnerships in place, you can set yourself up to tackle whatever fraudsters throw at your business and focus your efforts on enabling commerce.

If you're interested in learning more about the range of tools we offer to help fight fraud, get in touch; we're happy to chat.