By Gergo Varga, SEON
Adjacent to but not synonymous with cybercrime, fraud today is one of the primary concerns for businesses of all shapes and sizes—despite historic trends showing that fraudsters once targeted only enterprises that had a lot to lose. Notably, some of the main reasons behind this are the meteoric rise of e-commerce and the adoption of online payment methods, coupled with the increased trust and familiarity both private individuals and professionals have slowly developed in them since the early ‘10s, when the e-commerce boom is generally acknowledged to have taken place.
So where are we today? And what mistakes do we make in our efforts to thwart fraud?
The Numbers Don’t Lie: Fraud Concerns Every Organization
In 2022, there are more attack vectors than ever; the landscape is much more complex and continues to hold promise for fraudsters in every single sector of the digital market. Per TransUnion, digital fraud in financial services rose by 218 percent in the first quarter of 2021 compared to the previous four months. Official government figures list 46,604 people as victims of fraud in Canada, up from 42,191 in 2020, with C$231 million lost to fraud from January 1 to November 30 of last year—a more than twofold increase year on year. The pandemic exacerbated an already widespread phenomenon, to the point where £4 million (C$6.87 million) is lost to fraud every single day just in the U.K. per UK Finance figures.
Though certain areas of economic activity are still more susceptible to fraud and scams, practically every organization, no matter what it does, needs some level of protection. According to the 2020 report of Canada’s Association of Certified Fraud Examiners, the industries most targeted are banking and finance, government, manufacturing, healthcare, energy and retail. In terms of actual losses to fraud though, the list is different: in Canada, mining tops the list of revenue lost due to fraud, followed by energy, real estate, telecoms and construction. Due to the nature of these industries and the often elaborate nature of the fraud schemes that target them, huge losses can result from just one event.
Mythbusting Fraud Fighting Software: No One Size Fits All
At its core, fraud management software combines the functions of monitoring, investigating and blocking/mitigating attempted schemes. Yet anti-fraud platforms’ approach and methodology vary from vendor to vendor.
It is also important to note that different sectors of commercial activity have diverse needs and priorities, which can include anything from making sure nobody harms their bottom line to needing to closely follow government-issued mandates for their industry. Financial services, including banking, is a good example of such a sector, as it has to follow certain due diligence requirements by law, which fall under fraud and risk management. Transaction monitoring that flags transactions over a certain amount of money and identity verification checks are two ways that banks and fintech companies' fraud management needs differ to those of an online shop, for example.
One of the most common pain points in e-commerce is chargebacks—when cardholders appeal to their bank to reclaim money previously paid to merchants for various reasons, legitimate or not. This disproportionately impacts merchants, ultimately costing them much more than just the price of the lost merchandise. For this reason, those who run e-shops should be in search of antifraud software that is particularly strong against chargebacks without putting off shoppers with unnecessary checks and additional verification steps—which can cause churn. On the other hand, in the iGaming/online gambling world, companies are likely to be targeted with affiliate fraud as well as bonus abuse, and are thus advised to seek out solutions that efficiently address those concerns more than others.
Once you have established exactly what your fraud challenge is, breaking it down into a clearly defined set of requirements, there are more questions to answer before you can select an anti-fraud vendor that suits your needs. Your attack surface will affect whether you purchase a full suite or standalone products. Some systems are entirely customizable, even employing machine learning modules to learn from historical data and recommend rulesets particular to each specific company; others come with industry-specific rulesets, or “best practice” type presets, which are nevertheless the exact right fit for specific types of companies.
One last important consideration has to do with the price point—not just how high it is but what model it is based on. Software as service (SaaS) may be standard in various industries but there are alternatives in fraud: Though there certainly are SaaS fraud prevention vendors, some of which will only work with you if you commit to lengthy contracts, there are also micro-payment models based on API calls. In simpler terms, this means you pay a very small fee every time you make a request through the software, and only then. This is a welcome alternative for those who only need this functionality a few times a month, for example, rather than near-constantly.
The Fraud Trends of 2022: Pandemic After-Effects and More
Moving into 2022 and beyond, there are clear indications fraudsters will be directly responding and adapting to measures introduced over the past few years to keep our operations and customers safe. This makes the need to assess and boost one’s existing antifraud infrastructure more pressing.
The rise in online criminal activity has certainly been exacerbated by the pandemic. More consumers than ever turned to online shopping, no longer merely out of preference but, often, necessity. From there, opportunists might have partaken in first-party fraud or friendly fraud, targeting online businesses of various sizes. Unemployed people in urgent need of money who were not able to look for new work offline turned to online platforms and might have thus found themselves involved in reshipping scams, or even falling victim to identity theft committed by scammers who are presenting themselves as recruiters. Unfortunately, the list is long, and virtually endless media outlets and professionals have pointed out this “epidemic of fraud within a pandemic”.
But how are fraudsters adapting? One obvious example is recent findings on how criminals have developed OTP (one time password) interception bots, who intercept and steal the additional authentication factors in 2FA and MFA setups, gaining access to ostensibly safe user accounts. Another is the increased accessibility of deepfake-creation software, which puts more stress on biometric authentication methods. Unfortunately, biometrics are not as safe a method of user authentication as laypeople have been led to believe, while when they combine with synthetic IDs, they can make it easier to fool organizations into believing they are dealing with a legitimate customer.
To fight these and other threats, companies need to develop strong and close partnerships with anti-fraud experts. Whether there is a fraud analyst team in-house or the entirety of prevention is outsourced, robust fraud detection and prevention software is of vital importance to any company that could be targeted. And, unfortunately, in 2022 this means every company with an online presence. The above suggestions are a good starting point to assess whether a platform is the right fit for you.
Gergo Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He's the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what's happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.