December 23, 2022
E-commerce is growing rapidly worldwide, with fraudsters lurking in the shadows. Unfortunately, a lot of financial crime remains undetected. As digital payment gradually replaces cash, criminals are exploring the weakest links in Card-Not-Present (CNP) and other alternative payment methods. Incidents of fraud are on the rise and costing financial institutions (FI) millions of dollars at a double-digit YoY growth rate. In the past year alone, global e-commerce businesses have lost an estimated $20 billion.
Risk and compliance departments are under increasing pressure to develop long-term fraud detection and money-laundering mitigation strategies to prevent financial and reputation loss or worse, complete account shutdown. Banks have been plagued by huge money-laundering scandals that have made headlines during the previous decades. PSD2 and Open Banking have created an interesting market for emerging Fintechs, which has disrupted traditional banking, forcing FIs to innovate and adapt to the demands of millennials, boomers and digital-savvy zoomers.
In a saturated market, competition is fierce, and the stakes are high. Governance, Risk and Compliance (GRC) solution providers all claim to offer the best value proposition. Let us have a look at the actual fraud landscape.
The 2021 Nilson Report estimated that while total card payment volume will reach $60 trillion, overall, card fraud losses will rise to $40 billion by 2025.
Juniper Research’s latest “Fighting Online Payment Fraud in 2022 and beyond” report states that: “The cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion. As a comparison, this equates to over 350% of Apple’s reported net income in the 2021 fiscal year.”
A recent survey by Experian has found that 25% of consumers across Asia Pacific (APAC) have fallen victim to digital fraud. Experian surveyed six APAC markets (Australia, China, India, Indonesia, Malaysia, and Singapore) in its Global Identity & Fraud Report and concluded that online shoppers in China and in India are most vulnerable. According to the Australian Payments Consulting Network, 2021’s trending fraud schemes were phishing, ID theft, card testing, loyalty fraud, coupon discount/refund abuse and loyalty fraud. A FIS Payment Risk Survey asked merchants in the APAC region about specific payment fraud schemes that put the most pressure on their risk management strategies and their answers were quite interesting:
FICO’s annual European Fraud Map and Euromonitor International’s Consumer Finance 2022 Edition reveal that only four countries did well in their battle against fraud. The UK and the Nordic region are the best performers in terms of both digital penetration and fraud loss reduction. The UK managed to reduce fraud losses by £49 million. Denmark reduced its fraud losses, recording a decline of 19% in overall fraud losses and 24% in CNP fraud. At the same time, Sweden reduced its fraud losses by 12% YoY. In all the other countries YoY fraud figures either remained stable or increased.
The Netherlands (a rise of 18%) and Portugal (+15%) performed worst in combating card fraud losses. While CNP fraud is causing most fraud losses in Portugal, CNP fraud loss in the Netherlands is exceptionally low, mostly because Dutch shoppers prefer to use iDEAL bank transfers for online payment. New types of fraud schemes such as social engineering are on the rise in EU countries with the greatest increases in card fraud. Social engineering fraud and merchant-initiated fraud are extremely difficult to detect and prevent with first- and second-generation transaction monitoring solutions.
Although fraud losses are on the rise across Europe as a direct consequence of the explosive growth of e-commerce since the start of the COVID pandemic, overall fraud losses are not as dramatic as in many other regions. This is thanks to the impact of Strong Customer Authentication (SCA) regulations as part of the 2nd EU Payment Directive (PSD2), which demands financial institutions handling payments add two-factor authentication to their checkout flow.
While e-commerce in Latin America grew by 31% in 2021, fraud figures surged in its shadow. Americas Market Intelligence (AMI) described 2020 as the worst year for e-commerce fraud in Latin America. 20% of all reviewed online transactions were declined as fraudulent. It does not come as a surprise that Forbes Business Intelligence expects the fraud prevention market in Latin America to quadruple and reach $2.9 billion. In December 2021, Mastercard and Visa announced that they will collaborate with Latin America’s major banks to counter card fraud.
The graph below shows the comparison between both trends.
Even though the UK performed better than its EU counterparts, the latest UK Finance fraud report revealed that Authorised Push Payments (APP) grew by 39% YoY, amounting to £583.2 million worth of APP fraud losses. Criminals use social engineering and – disguised as a trusted entity - convince the victim to transfer money under a false pretence. The victim authorises the transaction, making it almost impossible to demand a refund.
There are so many types of payment fraud and criminals never stop in their pursuit of new and inventive schemes that are increasingly hard to detect without innovative risk detection and prevention solutions. It would stretch beyond the scope of this guide to address all the existing and emerging fraud scenarios, but these are considered the most persistent schemes.
In its 7th report about card fraud, the European Central Bank revealed that 80% of all fraud involving cards issued in SEPA countries consisted of Card-Not-Present (CNP) payment fraud. The reason simply being that the buyer and seller do not meet in person. The spectacular growth of e-commerce has boosted CNP payment fraud. The anonymity of CNP payments makes them incredibly vulnerable to fraudulent attacks. CNP fraud involves the unauthorised use of specific credit or debit card numbers, security codes, expiry dates and billing addresses to purchase products and services via e-commerce websites or over the phone.
Criminals steal the victim’s personal data (account login details, passwords, bank numbers, social security numbers, etc.) through emails, phone calls, SMS, videos, etc. or by redirecting traffic to a fake website where customers unknowingly enter their personal data. When fraudsters target specific persons (spear phishing) or company executives (whaling) they usually try to steal sensitive corporate information or private customer data.
Many SMB businesses crashed during the pandemic. Forced to sell their online shops, criminal organisations smelled an opportunity to launder money through legitimate retailers while using the existing web shop for merchant-initiated fraud. Fraudsters know very well that high-risk businesses are heavily scrutinised before merchant acceptance. Therefore, these criminals buy shops that are boarded quickly and categorised as low risk. While most types of fraud target consumers, merchants and other stakeholders in the payment ecosystem, merchant-initiated fraud is perpetrated by merchants. Fraudulent merchants set up a merchant account using a false ID obtained through ID Theft. This enables them to remain undetected when their ID is screened against watch lists and sanction lists during the KYC/AML customer acceptance phase of a customer due diligence process. Before fraud detection can occur, the criminal gang has already made huge profits with transactions made using stolen cards.
Transaction laundering is yet another type of merchant-initiated fraud, where a merchant has been screened, risk assessed and accepted, allowing them to process transactions for another obscure business entity. In most merchant-initiated fraud cases, the criminals use a low-risk business entity. Unless payment acquirers monitor transactions as part of enhanced, ongoing due diligence, they are exposed to high levels of risk because of this growing fraud trend. Only after onboarding, do transaction patterns suddenly start to change. Therefore, merchant-initiated fraud is best detected by powerful, third-generation transaction monitoring tools. This will be explained in a subsequent chapter.
Money Laundering is a very persistent financial crime scheme that is very hard to detect and prevent. The United Nations Office on Drugs and Crime (UNODC) estimates that between $800 billion and $2.4 trillion of illegal money is laundered annually, of which only an estimated 1% is detected. Criminally obtained money is placed, layered and integrated. The first phase is the hardest to detect. Once the “dirty” money has entered the legal financial system, the amounts are “sliced and diced” into low amounts that do not raise suspicion. This is called layering.
After placement and layering, it becomes even harder to detect the criminal source of the transactions. This is when criminals integrate their illegal funds into the economy. The laundered money is invested in legal assets, real estate, shops, restaurants, securities, yachts and luxury goods. Below, is an example of a money laundering scheme, where drug profits are laundered and invested in legitimate businesses through the banking system.
Risk and compliance departments have trained experts to detect, report and prevent financial crime. Unfortunately, their limited resources and ineffective payment fraud detection solutions often are no match against sophisticated criminal networks. Some FIs still rely on manual Know-Your-Customer (KYC) and Anti-Money Laundering (AML) customer due diligence procedures. Manual and digitalised steps in their AML workflows are not always streamlined, and systems are not always well integrated. With only 1% of all money laundering detected and with staggering fraud losses, the pressure to invest in the right solutions to protect financial institutions from heavy fines and the huge scandals that have made deadlines in the past decade is intense. In order to find the right solution, decision-makers will need to ask the right questions.
It is clear that the fraud can be extensive, complex and extremely damaging - across Europe, APAC, LATAM, and the rest of the world. Detecting and preventing fraud present significant challenges for businesses. Increasingly stringent regulations are constantly playing catch-up with resourceful and inventive fraudsters. They may even prove counterproductive, increasing the burden on already-strained cybersecurity and compliance teams, without noticeably reducing incidents of fraud.
Instead of focusing on the regulatory climate, many businesses are choosing to adopt future-proof solutions such as those that use artificial intelligence, to fight back against fraudsters. AI can analyse billions of data points in seconds to spot anomalous behaviours that could be indicators of fraud. In addition to lessening the manual burden placed on compliance teams, AI can raise alerts quicker, allowing for faster, smarter intervention.
The effectiveness of AI fraud detection software is already clear. Payments firm Banking Circle1, for example, has closed, or escalated to its compliance department, over 600 bank accounts due to AI-related findings. Similarly, in late 2020, NatWest started using an AI-backed speech recognition solution, discovering that around one in every 3,500 calls is a fraud attempt. Jason Costain, head of fraud prevention at the company estimates that the ROI of the solution is about 300%. Like the criminals they are designed to thwart, AI solutions are continuously evolving, learning from new data points and patterns of behaviour. AI investment can continue to deliver returns long into the future.
It is hardly surprising that AI is increasingly viewed as a key tool in the fight against fraud. In the UK, for example, businesses in the fields of security, fraud prevention, authentication/identity management and online customer experience believe that building new AI models to improve customer decisions should be their top investment priority. But around the world, from LATAM to APAC, AI models are demonstrating their efficacy when it comes to fraud detection.
Pickup, Oliver, “Conversational AI has joined the chat,” FRAUD, CYBERSECURITY & FINANCIAL CRIME, July 26th, 2022, pg 12
How about trying our solution and experiencing the next generation for yourself?