When it comes to digital payments, there are only two certainties about the year ahead. Transaction volumes will continue to grow. And so will the losses stemming from payments fraud.
Thanks to the rocket fuel provided by COVID-19, global ecommerce grew 16.8% to nearly $5 trillion in 2021, with no signs of slowing down. Even the most resistant among us have come to embrace card-not-present (CNP) transactions and payment options like Buy-Online-Pickup-in-Store (BOPIS) and Buy-Now-Pay-Later (BNPL).
But there’s also plenty of risk. According to Aite-Novarica Group, CNP fraud topped $15.3 billion in 2021. Illicit transactions facilitated by account takeovers (ATOs) now lead to more than $16 billion in annual loss. As adoption of digital payments continues to climb, cybercriminals with adapt their attack methodologies to avoid detection and maximize profit. Here are five key trends to look for in 2022:
#1 ‘Buy-Now-Pay-Later’ Bubble Runs Risk of Bursting
Buy Now Pay Later (BNPL) services such as Afterpay, Klarna, and Sezzle achieved meteoric growth in 2021 as consumers racked up $100 billion in debt-driven purchases. That’s up from just $24 billion in 2020.
In the US, a third of all BNPL users have fallen behind on payments. Roughly 72% have seen a drop in their credit score. And despite being touted as a pennywise alternative to credit cards, analysts believe the people most drawn to BNPL are those with maxed out cards. Let’s just say the “Buy-Now-Pay-Never” memes are already flying fast.
It gets worse. Cybercriminals increasingly use stolen login credentials to infiltrate BNPL-enabled accounts and go on illicit shopping sprees at their victims’ expense. They’re also gaming the BNPL account enrollment process to defraud merchants and other organizations. Compromised and synthetic identity data used to apply for personal loans already contribute to annual loss of more than $57 billion.
As the industry enters 2022, anti-fraud solutions that employ machine learning, data science, and shared global intelligence could be crucial to preventing BNPL fraud and neutralizing calls for increased regulation.
#2 Deepfakes Do Real Damage
Phishing scams leveraging deepfake technology will bedevil organizations in 2022. In these attacks, fraudsters use audio synthesis technology to sample and manipulate the voices of corporate executives for use in social engineering campaigns targeting employees.
Context, timing, writing style, and voice idiosyncrasies are painstakingly mimicked. The result: highly personalized and extremely convincing messages capable of duping even the most vigilant employee.
Just within the last four months, cybercriminals leveraged forged emails and deepfake phone messages appearing to come from a corporate CEO to fool a branch manager into wiring $35 million to the perpetrators. In 2022, real-time deepfake technology may even reach the point where fraudsters can readily pull off live phone and video chats with their targets.
To defend against such rackets, businesses must prioritize high-quality fraud training. A single slide on cybersecurity won’t cut it anymore. Employees need to be updated regularly with examples of scams that accurately reflect the threat landscape.
#3 Touchless Transactions Crack the (QR) Code
In surveys, 60% of consumers claim they’d choose a business with contactless payment options like scan-and-go, pay-at-the-gate, and pay-at-the-table over a competitor that lacks them. But 2022 will also bring a Back-to-the-Future quality to many transactions as QR codes stage a comeback.
First introduced more than 30 years ago, these squiggly, black-and-white squares are actually 2-D barcodes that you scan with your smartphone to board airplanes, read menus, attend concerts, download coupons, dial up call centers, or make direct purchases.
Today’s QRenaissance will combine 2-D barcodes with facial recognition, voice printing, embedded biometrics and risk-based assessment to transparently authenticate customers behind the scenes. The most robust solutions on the market have been shown to prevent 95% of all fraud loss with a small 5% intervention rate.
According to Mastercard, the use of contactless payments options jumped 40% in 2021. Look for savvy retailers to follow Tesco and Amazon in expanding the use of QR codes, near-field communication (NFC), and other ambient payment technologies in order to deliver a compelling touchless customer experience.
#4 It Takes a Village to Tackle Payments Fraud
Cybercriminal groups have adopted many of the same technologies and organizational efficiencies as any other enterprise. They also nurture networks to sell, barter, and share stolen identity information, payment card numbers, and money mule accounts. A go-it-alone approach against this kind of collusion is ill advised.
In 2022, more banks, card issuers, merchants, telcos, healthcare companies, law enforcement agencies, and governments will form consortiums across industries and geographies to share fraud and transaction data, resources and insights that can help them detect and block cybercriminals.
In just the first half of 2021, our own global fraud and transaction data helped protect more than $100 billion in transactions while facilitating fast, frictionless transactions. And it’s a good thing, too. According to Forrester, the coming year will consumers show little forgiveness to companies that are unable to meet their expectations for speed, ease, and security.
#5 Cybercriminals Crash the Cryptocurrency Party
Today, there are more than 6,000 cryptocurrencies worldwide. With a growing number of merchants accepting them, cryptocurrency is expected to become the fourth most popular payment option by year’s end. That is, provided exchanges and wallet providers can keep crypto funds safe from intruders.
Blockchain’s reputation for impenetrability notwithstanding, cybercriminals armed with compromised login credentials can raid Internet-connected wallets just the same as any other account. And billions of dollars’ worth of cryptocurrencies have been pilfered from exchanges via inventive phishing scams, brute-force attacks, and other tactics.
Exchanges and wallet providers are advised to deploy AI-based anti-fraud solutions along with cyberattack intelligence and takedown services to not just detect fraud, but also to shut down the phishing sites used attacks before they can do serious financial harm to customers.
To learn more about payments fraud trends and how to defend against them in 2022 and beyond, download the latest Outseer Fraud & Payments Report, featuring digital transaction insights from the Outseer Global Data Network, here.