Digital payment adoption is on an upswing—that’s the good news. But perhaps not surprisingly, so, too, is digital fraud in one form or another—especially in the financial services sector.
Changing Landscape
According to a report from TransUnion, the rate of financial services digital fraud rose by 149.44 percent globally between the period spanning September 1, 2020 through December 31, 2020, and the period spanning January 1, 2021 through May 1, 2021. In the U.S., that number was 109 percent.
Findings of a survey conducted by the Association For Financial Professionals (AFFP) and JP Morgan also shed light on digital fraud in the financial services sector. For example, according to the survey, “more fraud activity is shifting to ACH transactions, suggesting that fraudsters are growing more sophisticated with schemes.”
Additionally, the survey reveals, business email compromise (BEC) “persists as the primary source of payment fraud activity.” Nearly two-thirds (63 percent) of survey respondents put BEC into this category, and 76 percent of organizations in the survey sample experiencing BEC fraud in 2020. The accounts payable department is the most vulnerable business unit targeted in respondents’ organizations.
Meanwhile, a report issued by DataVisor sheds light on evolving trends in how digital fraud in payments is committed within and beyond the financial services sector. “One of the biggest questions dominating the fraud landscape…is how many attacks are carried out manually vs. by automated bots?” the report states. Currently, 100 percent of fraudulent accounts now use automation (i.e., bots) at some stage.
Moreover, at least 30 percent of fraudulent accounts originate from IP ranges associated not with individuals but with data centers, virtual private networks (VPNs), or proxies on platforms “that experience massive, coordinated attacks.” Across “all platforms,” fraudulent accounts display “spiky behavior,” with a sudden, rapid succession of activities.
As for evolving fraud techniques and sources, the DataVisor report reveals that 22 times more events occur via routed or jailbroken (compromised) devices than non-compromised devices, indicating that the former is more active now than in the past. While there has been an increase in mobile device usage, desktop computers remain fraudsters’ preferred weapon for committing digital fraud. DataVisor found that mobile devices have a fraud rate of 0.5 percent, compared with 7.4% for desktop devices. A recent uptick in fraud committed from less common operating systems, including iOS, BlackBerry, and Linux, is also highlighted in the report.
Fighting Back
The JP Morgan/AFP survey report includes strategies for combatting both ACH and BEC fraud. Its authors suggest that businesses keep internal processes for all types of payments—paper-based, electronic, and virtual—the same, as well as ensure that disaster recovery plans include “strong controls.”
The experts recommend that to minimize BEC fraud, companies implement policies that call for providing appropriate verification, such as contact information from a system of record, before making any changes in existing invoices, bank deposits, and contact information. They also advocate educating employees about BEC (and what to watch for) and confirming requests for any funds transfers via a callback to an authorized payee at the payee organization, using a phone number from a system of record.
Utilizing only payment processing solutions and services with airtight security safeguards—including, but not limited to Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS)—is equally critical in staving off digital payment fraud—in every vertical.