Professional Documents
Culture Documents
Rising Risks:
Addressing new payment
fraud threats and evolving
customer expectations in
the digital payments era
Contents
Executive Summary.............................................................................................................................................................................................................................. 02
Table of figures
1. ACH Network Growth
2. Same-Day ACH Growth
3. Payment methods subject to fraud by type
2
Executive summary
To understand the ongoing challenge of safeguarding payments, Meanwhile, organizations are finding that fraud is not exclusive to
consider this: fraud and innovation are two sides of the same coin. account opening. Fraud groups are targeting every stage of the
customer lifecycle, from enrollment, change event, payment, and
Over the past year, innovations, consumer trends, and risks have
more, signaling their willingness to adjust tactics as new tools and
converged, presenting new challenges for preventing payments
vulnerabilities arise.
fraud. These challenges include the adoption of digital payments,
the expectations of frictionless, faster payment experiences, and As organizations strive to create a safer environment for payments,
new AI-driven fraud schemes. keeping up with fraud’s evolution requires constant improvements
to fraud prevention measures. The rapid, concurrent shifts in market
While the emergence of these trends will capture much of the focus
conditions, emerging technologies, and regulatory requirements,
in the months ahead, they add to an already fraught landscape.
means organisations must act now to confront multiple challenges
The common theme across these challenges is that fraud groups, simultaneously, all against the backdrop of a more demanding
who are highly organized and global in scale, are evolving their consumer.
tactics and finding new ways to infiltrate payment networks and online
In this paper, we examine the most consequential trends impacting
accounts through identity theft and advanced social engineering.
payments at present. Included is the effect of AI, the risks associated
Complicating efforts to slow down fraud’s advance are new with instant payments, and managing changing customer expectations.
payment systems, vulnerable third-parties, coordination through the The paper will provide insight into how organizations like yours
Dark Web, and networks of crypto wallets and mule accounts that have can navigate these trends, while simultaneously mitigating risk and
created both novel entry points and new ways to transfer ill-gotten balancing customer experience. Central to this effort will be managing
gains from account to account. The bottom line is that fraud groups risk across the complete customer lifecycle with better, more robust
have developed new and enhanced tactics that make preventing data that validates and secures payments instantly and automatically.
losses difficult.
Ramesh Menon
Group Director of Product Management
Digital Identity & Fraud Solutions
LSEG Risk Intelligence
Trends Set to Impact Payments Risk in 2024
1 “Three billion phishing emails are sent every day. But one change could make life much harder for scammers.” 5 “E-commerce Fraud Trends and Statistics: Merchants Need to Know in 2023.” Mastercard Business Network.
ZDNet. March 23, 2021. URL Reference: https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every- URL Reference: https://b2b.mastercard.com/news-and-insights/blog/ecommerce-fraud-trends-and-statistics-
day-but-one-change-could-make-life-much-harder-for-scammers/ merchants-need-to-know-in-2023/
2 “Payments Fraud Survey Report.” Association for Financial Professionals. URL Reference: https://www.afponline. 6 “New FTC Data Show Consumers Reported Losing Nearly $8.8 Billion to Scams in 2022.” Federal Trade
org/publications-data-tools/reports/survey-research-economic-data/Details/payments-fraud Commission. February 28, 2023. URL Reference: https://www.ftc.gov/news-events/news/press-releases/2023/02/
3 “Crimeware-as-a-Service Model Is Sweeping Over the Cybercrime World.” CyberNews. URL Reference: new-ftc-data-show-consumers-reported-losing-nearly-88-billion-scams-2022/
https://cybernews.com/security/crimeware-as-a-service-model-is-sweeping-over-the-cybercrime-world/ 7 “New FTC Data Show Consumers Reported Losing Nearly $8.8 Billion to Scams in 2022.” Federal Trade 4
4 “Payments Fraud Survey Report.” Association for Financial Professionals. URL Reference: Commission. February 28, 2023. URL Reference: https://www.ftc.gov/news-events/news/press-releases/2023/02/
https://www.afponline.org/publications-data-tools/reports/survey-research-economic-data/Details/payments-fraud new-ftc-data-show-consumers-reported-losing-nearly-88-billion-scams-2022/
AI, Deep Fakes and the Next Generation Fraud
First Payments Fraud Trend
“
In the past year, AI has already proven to be a catalyst for significant
leaps in productivity, similar in scale to the assembly line, the launch Using deep fake technology, a
of the hard drive and the arrival of cloud computing. However, the
”
same benefits gained from the legitimate application of AI are also
fraudster was able to impersonate
proving to be powerful tools in the hands of fraud groups. the voice of a company CEO and
From deep fakes to AI-generated communications, fraudulent actors request the transfer of funds.
are adopting their own AI-powered campaigns to polish existing
tactics or to deploy new ones.
Deep fakes, a fraud tactic using Generative AI to create voice and/ Other specific threats that employ Generative AI range from account
or video that can mimic a real-life person, is one of the most deceitful takeover and business email compromise, to synthetic identity
tactics developed to date. According to a recent report, deep fake fraud. Each scheme is targeted at gaming fraud controls or socially
fraud increased 1,740% in North America in 2023 compared to the engineering victims. For example, fraudsters could use Generative AI
previous year.8 The earliest record of this scheme dates back to 2019 to create passable communications and identity details. They could
when, according to The Wall Street Journal, a fraudster was able to also create profile pictures that take advantage of real-life photos
impersonate the voice of a company CEO and request the transfer of found online. Using Generative AI to create identities – along with
funds. The scheme only required deep fake technology, the phone matching profiles, online accounts, and other identity assets – stolen
number of an individual within the organization, and some knowledge from real or made up individuals, and built up over time, fraudsters
of the company’s payments. can attempt to open an account or takeover an existing account.
5
AI generated identities can also be used to socially engineer victims transactions (reviewing velocity, amounts, merchants, or locations),
into transferring money by leveraging such tactics as business email account activity, identity data, or it can be programmed to review
compromise, investment scams, or romance scams. And because of the customer communications. By using AI in this way, organisations
power of these tools, Generative AI allows fraud groups to deploy these might be able to pick up on anomalies not easily detected by
identity-based attacks faster, with less effort, and at scale. fraud investigators.
Concerns over the use of Generative AI for deceptive purposes have As the quality and breadth of data that feeds the AI improves, its
caught the attention of regulators worldwide. An Executive Order from effectiveness is likely to multiply.
the Biden Administration has called for the practice of “watermarking”
On top of leveraging AI to combat AI generated fraud, organisations
or embedding information into AI generated content to verify its
should consider putting stronger fraud controls in place overall. For
authenticity and origin.9 In the UK and EU, similar plans have been
example, any organisation onboarding new customers or facilitating
formulated to regulate deceptive AI content, including the use of
changes to payment information should consider starting ongoing
labeling or penalties in the form of heavy fines. 10, 11
monitoring in order to build account histories. Establishing layered KYC
AI, however, is also emerging as a powerful tool to combat fraud. When protocols is another way organisations can protect themselves from
applied to fraud detection, AI’s data sorting and pattern recognition convincing fake identities. To further authenticate customers, multi-factor
capabilities can be used to more quickly and effectively spot fraudulent authentication and the use of biometrics will also be important.
activity or suspicious identities. For example, AI can be used to monitor
9 “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” The White House. October 30, 2023. URL Reference: https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/ex-
ecutive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/
10 “Britain to Label Deepfake Pictures and Videos in AI Crackdown.” The Telegraph. September 17, 2023. URL Reference: https://www.telegraph.co.uk/business/2023/09/17/britain-label-deepfake-pictures-videos-ai-crackdown/
11 “EU Strengthens Disinformation Rules to Target Deepfakes, Bots, Fake Accounts.” CNET. URL Reference: https://www.cnet.com/news/politics/eu-strengthens-disinformation-rules-to-target-deepfakes-bots-fake-accounts/
6
Faster Payments: The Rise of FedNow, RTP and Same Day ACH
Second Payments Fraud Trend
Faster payments offer the benefits of processing speed, high RTP and Same Day ACH Trends
transaction limits and low fees, making them a desirable payment
option for many consumers and businesses. Within the past few Growth of RTP Growth of Same Day ACH
years, new faster payment channels and features have come to Source: The Clearing House13 Source: Nacha14
market, including FedNow, Real Time Payments (RTP), and Nacha’s
Same Day ACH.
4Q23
74 million transactions for $39 billion
15% volume growth and 14% value increase from 3Q23
7
While increasingly popular, the benefits of speed come with a price: To protect faster payments from fraud, organisations should consider
faster payments are largely irreversible. This makes mispayments in putting several processes and procedures in place including bank
cases of fraud or error difficult to claw-back. Fraud operators take account validation, identity verification, multi-factor authentication,
advantage of this fact, specifically targeting faster payments so that velocity tracking, strong KYC and KYB procedures, device
misdirected funds can move quickly from target account to mule authentication, and more.
“
account to an encrypted digital wallet. Once the funds move this far,
Important to this layered approach of identity and payments
they become virtually impossible to recover.
verification is that it is applied throughout the customer lifecycle,
from enrollment, to change event, to payment, and on an ongoing
basis. Without a baseline of identity and payments history, developed
”
The benefits of speed come through always-on, ongoing monitoring, faster payments might be a
with a price: faster payments fast way for you and your customers to experience fraud.
As the adoption of faster payments picks up and the expectation of How was the Products & Services Fraud
Authorized Party
faster settlements becomes normalized, customer demand for these was Manipulated
Authorized Party
Manipulated? Relationships & Trust Fraud
of the risks, i.e., that faster payments are difficult to recover and Unauthorized Party
How did the
Unauthorized Party
Compromised Credentials
Initiated the
Like other types of payments, faster payments are at risk of Payment?
the fraud
takeover (i.e., fraudulent and unauthorized transactions). Party executed? How Was The
Unauthorized Party Digital Payment
Account Information/
Misused Account Information/ Payment Instrument
Payment instrument Physical Forgery/Counterfeit
Misused?
8
15 The Federal Reserve, “Fraud and instant payments: The basics,” June 2020. URL Reference: https://www.frbservices.org/financial-services/fednow/instant-payments-education/fraud-and-instant-payments-the-basics.html
Changing Customer Preferences: Digital Accounts,
Online Payments and Frictionless User Experiences
Third Payments Fraud Trend
Consumers have grown accustomed to seamless onboarding, login In payments, eliminating friction and improving user experience has
and payment. In recent years, what consumers expect has changed been a key metric dating back to the ‘90s with the introduction of the
so much that in order to compete, customer experience will likely “pain of paying” concept and the rise of credit card acceptance. (The
need to change as well. concept, made popular in behavioral economics, suggests that most
consumers are loss averse and the more time and thought spent
The good news is that a thoughtful, seamless user experience
making a payment, the more painful the payment becomes.).
is incredibly effective at boosting the bottom line. According to
Forrester Research, a frictionless user experience has been shown to It should be no surprise then, according to PwC, 73% of consumers
increase conversion rates by 400%. In addition, Forrester Research cite customer experience as an important factor in their purchase
found that every dollar spent on improving user experience sees a decisioning while 43% say they would pay more for greater
“
$100 return.16 convenience.17
Online accounts, digital wallets, P2P payment apps, and other digital
experiences have all succeeded in the effort, helping organizations
enhance customer experience and improve transaction volumes.
”
Every dollar spent on However, while mass adoption has followed so, too, has fraud.
improving user experience According to recent reporting, fraud losses on P2P payment apps
sees a $100 return. reached an estimated $1.7 billion in 2022 – a 90% increase from the
year prior.18 Digital wallets also experience high rates of fraud, with
surveyed financial institutions claiming to have seen an increase in
fraud using Samsung Pay (65% of FIs), Apple Pay (60% of FIs), and
Google Pay (52% of FIs).19 Account takeover on digital accounts,
meanwhile, has been recorded to impact a whopping one-third of
U.S. consumers.20
16 “40+ UX Statistics (from 130,000 hours of UX Research),” Baymard Institute. URL Reference: https://baymard.com/learn/ux-statistics
17 Tom Puthiyamadam et al., “Experience is everything: Here’s how to get it right,” PwC. URL Reference: jpmorgan.com/content/dam/jpm/commercial-banking/insights/cybersecurity/download-payments-fraud-Survey-key-highlights-ada.pdf
18 “Peer-to-Peer Fraud Statistics in the Year.” Forbes Advisor. URL Reference: https://www.forbes.com/advisor/money-transfer/peer-to-peer-fraud-statistics-in-year/
19 “Digital Wallets Exhibit Highest Increase in Fraud Among All Payment Methods.” PYMNTS.com. URL Reference: https://www.pymnts.com/fraud-prevention/2023/digital-wallets-exhibit-highest-increase-in-fraud-among-all-payment-methods/
20 “Understanding Account Takeover,” GIACT, 2022. URL Reference: https://giact.com/understanding-account-takeover/
9
The adoption of digital payments and changing customer To capture this growing, financially up-and-coming set of younger
preferences also has much to do with changing demographics. consumers, the payments will need to be both seamless and secure.
At the vanguard of the push for more frictionless user experiences
To balance security and user experience, the introduction of smart
are younger consumers. Companies that want to capture these
friction (such as knowledge-based questions and one-time passwords),
customers, especially those in the Millennial and Gen Z cohort
biometrics and other tools that move beyond relying on password
(who are growing in economic importance), will need to focus on
protection will be important.
seamless digital experiences.
These tools will need to verify identities and payments in real time, and
Not surprisingly, because of their reliance on payment apps (85% of
on an ongoing basis throughout the customer journey to be effective.
consumers 18-29 years of age use these apps) and online accounts,
Much of this work will need to be done in the background without
this same group of younger consumers are also more acutely at risk
slowing down the customer experience, unless totally necessary.
of fraud.22 In fact, according to Deloitte, Gen Z consumers were three
times more likely to be defrauded in online scams than Baby Boomers.23
21 “53% Of Americans Use Digital Wallets More Than Traditional Payment Methods: Poll,” Forbes. URL Reference: https://www.forbes.com/advisor/banking/digital-wallets-payment-apps/
22 “Consumer Advisory: Your Money Is at Greater Risk When You Hold It in a Payment App Instead of Moving It to an Account with Deposit Insurance.” Consumer Financial Protection Bureau. URL Reference: https://www.consumerfinance.gov/about-us/newsroom/consumer-advisory-your-
money-is-at-greater-risk-when-you-hold-it-in-a-payment-app-instead-of-moving-it-to-an-account-with-deposit-insurance/
23 “Generation Z vs. Boomers: Who’s Winning the Battle Against Scams and Hacks?” Vox. URL Reference: https://www.vox.com/technology/23882304/gen-z-vs-boomers-scams-hacks/
10
How to Effectively Mitigate Risk
Effectively mitigating identity and payments risk requires a holistic, Managing the Customer Lifecycle
layered approach applied throughout the customer lifecycle. Source: LSEG Risk Intelligence
11
In the event of a change of address, password change, new bank From a process perspective, this would mean employing a dynamic
account, or any other change event, a similarly rigorous process verification workflow that can adjust the level of friction depending on
should likely be applied. This will help ensure the protection of existing the organisation’s risk tolerance.
customers from instances of account takeover.
To accomplish all of these objectives, a single API solution that is easy
With the establishment of a strong ongoing process for managing to integrate into the customer journey and into your organisation’s
identity risk, the monitoring and verification of each and every payment workflow will be key. This includes a solution that can seamlessly
will be critical. Verifying receiving financial institutions and authenticating incorporate different data sources and services in a waterfall approach,
senders will better protect payments from fraud. and be able to stretch that approach throughout the customer lifecycle.
Required in all of these checks will be access to a broad database of By striking a healthy balance between a positive customer experience
personally identifiable information, bank account records, sanctions and a safer environment for payments, organisations will be able to
records, and more. navigate and combat new risks in payments fraud head on.
12
LSEG Risk Intelligence – A spectrum of risk solutions. All from one trusted partner.
LSEG Risk Intelligence is a business division of London Stock Exchange Group (LSEG). We provide a suite of solutions to help organisations efficiently navigate risks, avoid reputational
damage, reduce fraud and ensure legal and regulatory compliance around the globe. From screening solutions through World-Check, to detailed background checks on any entity or
individual through due diligence reports, and innovative identity verification, bank account verification and customer onboarding services – you can trust us to help you successfully
manage your risk, so you can operate more efficiently, more effectively and more confidently. Learn more: lseg.com/risk-intelligence.
With LSEG Account Verification (previously GIACT), you can verify bank accounts and their owners quickly and seamlessly – and transact with confidence. Leverage our full suite of
payments and identity verification solutions – available via a single API – to mitigate risk, prevent fraud, verify payments and ensure the legitimacy of customer identities in real-time
across the full customer lifecycle.
To learn how to protect your organization from sophisticated fraud schemes, protect instant payments, manage customer expectations, as well as deploy vendor management,
disbursement, and contact center tools that protect your payments and your customers, click here.
LSEG Risk Intelligence has five key capabilities to support its customers at multiple points in their business workflows. These capabilities include the below. To learn more, click here.
Digital onboarding
– Onboard and convert customers seamlessly, quickly, and with the confidence they’re not – Low-code workflow solution supports quick-to-market products
bad actors – API orchestration platform
– Establish a stronger channel or supplier ecosystem – Highly configurable to your customer journey and risk management requirements
13
LRI3206074/11-23