Fraud is growing faster, which means organizations’ defenses need to constantly be evolving.
Today’s digitized payments landscape has given bad actors an increasingly sophisticated array of tools and tactics to defraud both businesses and individuals, making it mission-critical for organizations to defend their exposure points with a potent mix of future-fit technology, best practices, and both consumer and employee education.
PYMNTS research in the May report, “Real-Time Payments Tracker: Fighting Fraud in Real-Time Payments,” a collaboration with The Clearing House, found that the number of attempted fraud transactions skyrocketed by 92% between 2021 and 2022, with attempted fraud dollar amounts spiking by a massive 142%.
That’s because as the payment landscape becomes faster, easier and more digital, cybercriminals are staying in step with the pace of innovation themselves by updating historical fraud methodologies to improve the effectiveness of their methods while simultaneously leveraging emergent modern tools like generative artificial intelligence (AI) for new attack strategies.
Still, not all types of fraud are created equal, and one of the key differentiators for organizations to be aware of is the type of payments being targeted.
See also: Rise of Behavioral Fraud Makes Smart Prevention Critical for Businesses
The Federal Trade Commission (FTC) reported the amount of money that was lost to fraud in 2022 grew more than 30% from the year before to $8.8 billion.
And that was just for consumers. Businesses had to account for their own variety and scale of fraud.
The PYMNTS report “The State of Fraud and Financial Crime in the U.S.,” a collaboration with Featurespace, revealed that the total dollar cost of fraud is expected to rise in the coming years, as scams and other fraudulent crimes increase.
“It’s a continuous spectrum,” Michael Jabbara, global head of fraud services at Visa, told PYMNTS earlier this year. “[Businesses need to] think about every interaction across multiple dimensions and think strategically about the appropriate safeguards to put in place to reduce potential incidents of fraud.”
Jabbara emphasized that while the “core components” of the payment ecosystem are relatively constant across channels (think money movement infrastructure that enables an exchange between buyers and sellers), the methods bad actors are using to target and attack these key components are constantly evolving as new technologies and players are brought to market.
This means that consumers and businesses entering relationships with payment providers need to be aware of the types of fraud endemic to those transactional channels to both ensure prevention and hold the providers accountable.
Data from the “Real-Time Payments Tracker” showed that credit and real-time push payments are inherently safer than debit and paper check pull payments because they often do not require payers to disclose sensitive information, such as bank account numbers, to recipients.
Read also: The Overlooked Importance of Securing Incoming Payments
Still, as emphasized by many of the risk management leaders PYMNTS has spoken to, the first line of defense is increasingly an organization’s own employees and consumers, making individual education around next-generation attack tactics, and the best practice methods to combat them, more important than ever.
Unintentional access points from human vulnerability, including poor security habits and susceptibility to social engineering tactics, form one of the most common causes of data breaches.
“People are already using ChatGPT and generative AI to write phishing emails, to create fake personas and synthetic IDs,” Gerhard Oosthuizen, chief technology officer of Entersekt, told PYMNTS in an earlier conversation.
PYMNTS research in the “Real-Time Payments Tracker” found that even push payment customers are still potentially vulnerable to social engineering scams, in which bad actors trick users into sending them money by posing as trusted confidants or companies with which the victim does business.
A survey found that more than half of companies have reported fraud related to faster payments, largely due to social engineering.
Managing the ever-escalating threats prevalent in today’s digital environment can be a particular challenge for small- to medium-sized businesses (SMBs), which often have budget constraints and sparse security teams, making employee upskilling around scam identification and prevention a key line of defense.
Ongoing business landscape transformations like remote work only exacerbate this situation, giving bad actors isolated on-ramps into organizations via employees working at home alone. Their sensitivity to fraud has been dulled by near-constant notifications, pings and requests throughout the day — many with the expectation of near-instantaneous response.
As bad actors continue turning innovations to their own ends across new payments environments, businesses of all sizes must stay vigilant and remember that the right technology, paired with the right education, can prove to be a formidable defense against cybercriminals who are looking for easy targets, not a challenge.