Since the outset of the pandemic nearly two years ago, there’s been one constant thread in the business world: everything has gone digital. With technology at the forefront of the accelerated shift to work from home, ecommerce, and digital payments there have been a wealth of opportunities for criminals to employ new forms of payment fraud. This year we’ll see the proliferation of some extraordinary, best-in-class security practices that will change the game in the fight against fraudsters.
Here are five top trends we’re watching in 2022:
1-Biometrics will become the default form of authentication selected by fintechs, issuers and merchants.
There have been lots of false starts with biometrics in the past but the confluence of the pandemic, improvements in recognition accuracy, new modalities (behavioral biometrics), and the growing number of technology inclined consumers comfortable with that format offers a tailwind for change in 2022.
Biometrics also a key technology for implementing Europe’s of Strong Customer Authentication (SCA) requirement. The European directive has reverberated beyond Europe and now even markets without regulation are exploring how to strengthen authentication requirements as a result of overall rise in internet crime. At Visa, we’ve processed more than 3.5 billion EMV® 3-D Secure transactions to date to help prevent fraud in ecommerce transactions through stronger customer authentication. Data shows that risk-based authentication leads to higher authorization rates and growth.
Moreover, the increase in open banking companies continues to grow with Europe and the Americas leading the way. These companies will have to manage factors such as fraud detection and prevention, cybersecurity, risk management, and local regulation. The FIDO Alliance is an example of broad participation among industry leaders across all categories trying to address these issues. They recognize that all companies and industries must move away from passwords and adopt digital identities as the way forward.
2-Manually addressing the rise in enumeration attacks will no longer be adequate.
eCommerce has been a lifeline for businesses of all sizes throughout the pandemic and that won’t change – we’ll only see an evolution in the different ways consumers want to pay, with things like Buy Now, Pay Later. But these new payment methods present opportunity not just for consumers, but for fraudsters as well.
Enumeration attacks, identity fraud and account takeover fraud are on the rise, targeting ecommerce channels around the world. They take advantage of online channels that lack adequate fraud prevention capabilities and leverage the anonymity offered by the internet to commit fraud. It’s an emerging challenge facing issuers and merchants alike, and one that both parties will have to tackle together.
3-Interest in crypto will continue and the sector will mature with regulation appearing in markets on KYC/AML and cybersecurity.
Consumer interest in cryptocurrencies continues to rise, and fraudsters are following the money. Despite the many daily headlines suggesting cryptocurrencies are becoming mainstream, cryptocurrencies remain in the nascent stages of development, which creates opportunities for fraudsters to exploit. Sustained and responsible growth in the sector will be dependent upon building trust — that includes addressing payment security and regulatory requirements.
4-Issuers and merchants will team up to tackle first party misuse.
First party misuse has risen simultaneously with ecommerce adoption, whether it’s an unrecognized transaction, friendly fraud (a child purchases an app on their parent’s smartphone without consent), or something more intentional.
Traditional authentication solutions are only half of the equation since the misuse is sometimes perpetuated by legitimate accountholders. The cost of first party misuse burdens issuers and merchants with added expenses such as dispute processing costs, fraud model degradation and increasing fraud risk profiles that can lead to lower approvals. There is an opportunity to address this before it becomes a bigger problem, but it will require all parties involved to contribute and share.
5-Companies will invest more money into business continuity and risk management with 3rd party providers scrutinized more closely to mitigate risks.
A part of risk management that is often overlooked and underappreciated is business continuity. The pandemic showed that organizations need to be prepared to prevent service disruption to clients and employees, especially global companies with exposure to region specific risks. These risks can range from cyber to public health to climate change and natural disasters. At Visa, we’ve spent decades building, evolving and implementing business continuity plans to ensure that no matter the situation, our global payment network remains operational and secure, so worldwide commerce continues to function.
Moreover, exposure to risk extends beyond the four walls belonging to a company and includes that of ecosystem partners and service providers. The pandemic put many business continuity plans through a rigorous test and companies will need to regularly revisit and audit their plans to ensure compliance and relevance.
We’ll have to check back next January to see where the balance of tech vs fraudsters nets out for 2022, but here’s to hoping for a happy and digitally safe new year.