In the second article for our series about the phygital economy powered by leading PayTech specialists G+D, we argue growth alone is not enough – outpacing fraud and fraudsters’ ingenuity is also essential.
The structure of the global payments economy is changing as a new phygital world emerges.
According to Worldpay’s Global Payments Report 2024[1], online transactions are growing at three times the pace of point of sale (POS) – despite the fact that, as we’ve covered elsewhere, consumer still want to shop in-person for many different kinds of goods.
Opportunities for banks – and fraudsters
While the phygital economy has created opportunities for banks and fintechs to deliver solutions that work both online and in the physical world, the shift to digital has also opened up gaps for fraudsters to exploit.
In the UK and US, for example, the rise of digital banking and ubiquitous use of email has enabled fraudsters to develop Authorized Push Payments (APP) scams that trick consumers into sending money to fake companies and false accounts.
According to Resistant AI[2], APP fraud now accounts for 75% of all UK digital crime and is set to hit $5.25 billion in losses across the US, UK and India next year.
Other forms of fraud such as Account Takeover, in which stolen credentials are used to access consumer accounts and conduct apparently legitimate transactions, or synthetic ID, where stolen identities are used to create fake accounts, are also thriving.
What’s more, fraud has a different character across different markets and regions: in 2023, the ECB reported that[3], despite an overall decline in card fraud across the Eurozone, CNP fraud linked to cross-border transactions still accounted for 63% of all fraudulent incidents as fraudsters exploited varying approaches to fraud defence between banks in different markets.
Germany: how fraud dynamics change over time
Fighting fraud: beyond compliance for top performance
As financial services has become increasingly digitalized, criminals have turned their focus away from bank vaults and toward the digital ecosystem.
Firms therefore face a growing threat – how to secure their customers’ sensitive information in an age of mounting paranoia and distrust.
Over the last 15 years, the financial services market has undergone a transformation, with some brick-and-mortar institutions closing down and digital-native “neobanks” challenging incumbents for market share.
Fraud – which has always gone hand in hand with finance – has also changed, with criminals deploying increasingly sophisticated methods to dupe unwitting victims. During the Covid-19 pandemic, for example, phishing emails, false stimulus claims, and fake charities proliferated[4].
“Phygital technologies have simplified confirmation of user presence and identity online – but more needs to be done.”
Recognizing these increased threat levels, regulators around the world have taken action to enhance online fraud defences through legislation such as the EU’s second payment services directive (PSD2), which mandates the use of Strong Customer Authentication (SCA) for online transactions.
Multi-Factor Authentication (MFA) methods, such as one-time passwords (OTPs) and OTPs delivered via SMS were introduced to reduce the risks associated with passwords.
However, there are several limitations to such systems for both customers and banks, from a cumbersome user experience to lack of control.
Banks’ chief concern with these methods was the fact that such two-factor authentication doesn’t guarantee greater security.
Indeed, OTPs are still vulnerable to fraud. Phishing attempts, such as tricking users with fake websites, text messages, and calls, as well as SIM swapping, are common methods of bypassing some MFA measures and gaining access to a user’s credentials.
Device-bound biometric authentication is currently seen as the gold standard in authentication – and within biometrics, device-bound passkeys, which cannot be shared or exported from the device, are vital for success.
These passkeys add an extra layer of security as banks can always that a transaction has been authenticated by a known user from a trusted device.
With device-bound authentication solutions, banks can take the next step and shape a future of authentication where ‘something you have’ (your device) and ‘something you are’ (your biometrics) merge seamlessly.
All customers need is the touch of a thumb or a glance at a camera and, thanks to the FIDO-based technology under the hood, the second factor remains invisible to the user. That’s how banks can provide two-factor authentication that feels like one.
Although industry-standard solutions such as 3D-Secure are effective in combating CNP fraud – especially when combined with Risk-Based Authentication techniques – evidence suggests that 3DS is most effective when its rules are tuned to fit the fraud dynamics of a specific market or product – such as responding to higher levels of ID fraud in Romania, or recognising the different threats faced by a card product used in-store compared with an account-to-account transaction conducted online.
Failure to tune existing systems and address the specific dynamics of fraud in your markets can lead to a significant drop-off in growth in terms of transaction volumes and values both online and in-store.
In Austria, for instance, a January 2024 report[5] from regulator the FMA noted a 26.2% increase in the number of “phishing” attacks, in which consumers are tricked into sending fraudsters money.
The prevalence of such fraudulent schemes have led to a situation in which just 34% of Austrians[6] are confident in shopping online and a reduction in e-commerce growth in Austria to just 2.9%[7] compared to an already-low 4.6% over the last five years.
For comparison, the average e-commerce growth rate across Europe last year was 6%, more than double the rate seen in Austria in 2023.
To protect your business, fraud defences must be relevant to your geographical markets and product types, taking into account the specific threats you face and the nature of your business.
Fintechs and banks of all kinds need to deploy highly effective fraud solutions that go beyond compliance to outpace the creativity of fraudsters.
Since time and cost are essential factors in any business decision, these solutions that combat fraud must also be easy to integrate with existing systems and readily tailored to counter the specific threats your business faces.
Failure to act will not just have negative consequences for turnover and profitability – it could lead to consumers seeing your services as simply too risky to be trusted.
Find out more about how G+D is enabling phygital payments with an innovative, tailored suite of products and services: Convego® Service Market – The Future of Card Issuance | G+D
[1] Worldpay, Global Payments Report 2024
[2] Fintech Global, 10 August 2023: “Is APP fraud the biggest threat to fintechs?”
[3] The European Central Bank, 26 May 2023: “Card fraud in Europe declines significantly”
[4] https://www.fraud.com/post/the-history-and-evolution-of-fraud
[5] FMA Austria, 3 January 2024: “Increasing numbers of dubious providers are active in Austria”
[6] https://www.forbes.com/sites/riskified/2021/09/15/ecommerce-has-an-overconfidence-problem-why-execs-should-take-note/
[7] Payments Cards & Mobile, March 2024: Digital Card & Payment Yearbooks 2023-2024 – Austria
The post Fintechs and banks hunt growth – but they must outpace fraud appeared first on Payments Cards & Mobile.