The Growing Threat of Payment Fraud in EMEA
July 9th, 2021
In an era where diverse digital payment methods are proliferating, data breaches are more frequent. With intelligent technologies rapidly advancing, the nature of payment fraud in the EMEA region is becoming increasingly complex and pervasive.
Areas that have traditionally evolved slowly, such as payments operating models and customer behavior, have radically accelerated over the past year. The overall shift towards contactless and instant payments, digital wallets, e-commerce, electronic peer-to-peer payments and consumer-to-business payments is likely to continue. Subsequently, a continuous decline in cash transactions, ATM usage, and in-person purchases is expected, which alongside new developments in card payment fraud presents a host of challenges for banks and other financial services organisations (FSOs) in Europe.
Fraudsters are growing bolder, galvanized by the volume and accessibility of sensitive consumer data, as well as the pandemic-driven global surge in online shopping. With more customers storing their payment card data online and increasing their online purchasing frequency, an environment conducive to card payment fraud has quickly manifested.
Organisations lose approximately 5 percent of revenue to fraud annually, which amounts to over €3.6 trillion fraud losses globally every year. By 2024, online payment fraud loss will increase by more than 50 percent in Europe, despite the implementation of Secure Customer Authentication (SCA) and biometrics.
As fraud losses surmount, FSOs across Europe must address the challenges and threats of the evolving payment fraud landscape, in addition to the implications of increasingly complex fraud prevention.
Payment Fraud Transforms Alongside Evolving Landscape
Online fraudulent activity is escalating alongside the growth in online transactions. Fraudsters are adept at deploying diverse techniques to commit fraud, and are able to easily access digital channels. Digital payments correspondingly represent a growing global risk, regardless of differing payment technologies per region.
Cashless development has amplified and led to a spike in contactless card payments. While contactless payments were already increasing before the pandemic, COVID-19 accelerated growth. Visa Europe reports that 80 percent of all Visa card transactions at POS in Europe were contactless in 2020. Growth in this area is also benefiting from significant boosts in maximum contactless transaction limits at the early onset of the pandemic, with Mastercard and Visa doubling contactless limits throughout numerous global markets.
Other new payments trends and comparable behaviors are emerging from the pandemic across a framework of consumers, technology, market and regulation that is influencing the outlook for the payments landscape in 2021 and the near future:
- Seamless access to funds: The shift to digital payment methods, particularly mobile and contactless payments has increased, with consumers preferring mobile wallets, card-based payments and other digital payments.
- Fluid commerce: Seamless customer interactions and experiences across channels has led to unified commerce, and businesses can no longer rely on their physical locations as pure sales
- Customised privacy: Businesses must respond to the growing demand for customised privacy by providing corresponding value and incentives to their customers in exchange for their data.
- Quantified self: Consumers are increasingly relying on insights derived from behavioral data to reimagine themselves, and organisations are looking to leverage this opportunity to situate their business as part of a consumer’s identity.
- Simultaneous bundling and unbundling: Simultaneous bundling and unbundling of products, services and business models are accelerating due to the pace of digital transformation and the economic and market uncertainties arising from the pandemic.
- Decentralised trust: Organisations must prepare for the increasing adoption of distributed ledger technologies emerging from the mistrust in established public and private organizations.
- Responsible consumerism: Demand for sustainable products and services is resulting in rising consumer expectations for responsible, transparent practices from businesses.
- Global commerce: Consumer support for local brands and businesses grew during the pandemic, and this behavior is influencing the necessity of a local presence from brands.
As payment behaviours shift, so do fraud behaviours. Fraud attempts accelerated by 4 percent during the first half of 2020, and the approximate transaction value of attempted fraud increased 13 percent despite the overall decrease in legitimate transactions across the same time period.
A global survey of fraud examiners in August 2020 indicated surges in various fraud risks with 31 percent of respondents reporting an increase in payment fraud risks, and 47 percent anticipating a significant acceleration of payment fraud risk over the next twelve months. With payment card usage forecasted to continuously grow and remain dominant in the near future, European financial institutions are facing the changing impact and context of fraud mitigation in a chaotic risk landscape.
Payment providers in the European Union (EU) must assume legal responsibility for fraud throughout the breadth of their online seller portfolio under the Revised Payment Services Directive (PSD2), which was originally intended to go into effect in September 2019. However, the deadline was extended to 31 December 2020 as the European Banking Authority (EBA) allowed further potential exemptions. However, these additional exemptions and out of scope transactions provide fraudsters with additional options to exploit. PSD2 also applies to organisations outside of the EU if they extend payment services within the European Economic Area (EEA).
Occupational Fraud Rates Soar
Occupational fraud is a pervasive threat shaping the fraud landscape, often going undetected and unreported. Recognized as one of the most expensive forms of financial crime today, this type of fraud is perpetuated against organisations by employees who have access to the organisation’s financial assets, whether that’s a C-suite executive or entry-level employee.
Generally, occupational fraud includes:
- Asset misappropriation: Entails an employee misusing or stealing resources from the organisation who employs them, which happens in 86 percent of occupational fraud schemes.
- Corruption: Encompasses economic extortion, conflicts of interest, and bribery, and occurs most frequently in larger organisations and
- Financial statement fraud: Though only occurring in 10 percent of fraud schemes, this is the most expensive form of occupational fraud, and involves a fraudster purposefully executing omissions or misstatements in an organisation’s financial statements.
The financial damage that results from occupational fraud can be monumental. In a recent study of 2,504 cases of occupational fraud across 125 countries, the average loss per case is approximately €1,237,104.73, totalling about €2.9 billion in losses. In Western Europe, the typical loss is about €524,390.77 per case.
Banking and financial services are one of the most common industries to be victimized by occupational fraud, experiencing a median loss of €82,190.00. In 354 cases, 40 percent were attributed to corruption, which generally lasts about 18 months before being detected by the organisation.
Once a victimized organisation has detected occupational fraud, the primary concern becomes fraud loss recovery. Yet 54 percent of organisations could not recoup any of their fraud losses, and success in this regard vaires according to region. In Western Europe, for example, 19 percent were able to fully recover their fraud losses, 32 percent made a partial recovery, and 49 percent were unable to recover anything. Whereas 61 percent of organisations in Eastern Europe and Western/Central Asia recovered nothing.
Payment Fraud Trends and Drivers
In an always-connected consumer landscape that’s increasingly defined by constantly shifting purchasing behaviors, compounded by creative and technologically proficient fraudsters, European FSOs are up against complex new challenges.
Fraudsters are constantly discovering fresh methods to perpetrate digital fraud and adapt their techniques alongside emerging technologies and tools, evolving consumer behaviors, industry and market disruption and the changing payments landscape. Furthermore, the progressive shift towards online identity fraud due to factors such as EMV card adoption and increasing data breaches, gives criminals a distinct advantage.
Emerging payment fraud trends and drivers include:
- Dark web activity: The escalation of Personally Identifiable Information (PII) on the dark web enables fraudsters to use this platform as a resource to purchase, sell and share payment card data and other information directly related to perpetrating fraud, such as which automated tools to
- Identity theft: Fraud schemes that use stolen and synthetic identities are on the rise, particularly in the current climate of accelerated digital transformation and contactless interactions that make it challenging to prove an identity is stolen, manufactured or manipulated.
- Authorized Push Payment (APP) fraud: The trend of APP fraud has been increasing for a few years and is growing as consumers shift to digital channels and real-time payments. This threat is expected to grow dramatically this year, more so than credit card fraud, as consumers are victimized by fraudster scams.
- Transaction payment fraud: Unauthorized transactions using stolen payment data or details are increasing, with both small and large scale fraudsters perpetrating these criminal activities via a number of mediums, including phishing.
- Social engineering: Attacks can occur over numerous channels with the objective of deceiving users into providing their systems, credentials, or financial assets. APP fraud, for example, is increasing and is frequently a gateway to other forms of attacks.
- Malware: A broad range of malware is a growing, evolving threat to cybersecurity, including cryptoware, spyware, and advanced persistent threats (APTs). This is a growing risk as organisations push digital transformation programs forward and migrate to the cloud and potentially become exposed to malware.
- Advanced Persistent Threats (APTs): Well-organized, sophisticated attacks using customised tools, codes and techniques have been increasingly directed at FSOs in recent years. Due to the nature of the threat, which includes “kill chains” to access target systems and dedicated persistence despite failed attempts, makes this a highly difficult threat to address.
- Botnets: Inexpensive botnet kits are accessible and commercialized on the dark web, enabling fraudsters to commit crypto-currency mining, DDoS attacks, or other malicious activity to gain access to payment credentials and account verification data.
- Monetisation channels: Once a fraudster has successfully established a fraudulent payment transaction, a monetisation channel is quickly leveraged. Mules are often used to avoid tracking and escape investigation. Instant payments make it challenging for FSOs to pursue investigations and recover funds.
- Mobile and IoT device threats: Mobile device transactions are increasing, with 66 percent of all transactions generating from mobile devices in 2020. Developments in mobile payments, including peer-to-peer payment apps, mobile banking services and mobile wallets, has created corresponding theft of payment card data and money by fraudsters.
- Friendly fraud: Skyrocketing online purchasing behaviors have contributed to a spike in charge back abuse, which is estimated to make up between 60 percent to 80 percent of chargebacks regardless of if it’s intentional or not, and can lead to high operational costs.
- Phishing: The pandemic increased the volume and effectiveness of phishing scams, with fraudsters taking advantage of consumers to procure Between January and March of 2020, there was a 250 percent increase in phishing sites identified by Google.
A deeper exploration of shifting payment adoption and payment fraud in the U.K., for example, reveals the impact of these fraud trends and enablers. Only 23 percent of total transactions was attributed to cash in 2020 in the U.K., demonstrating the accelerating global decline in cash usage. A July 2020 survey of shopping behavior in the U.K. revealed that 63 percent of consumers used more electronic payments and card payments, with 80 percent using more contactless card payments.
In the U.K., the focus on payment speed is growing; in the fourth quarter of 2019, the average daily value of transactions processed via Faster Payments service increased by over 10 percent to the end of March 2020. New, faster payments solutions can result in faster fraud, and the acceleration of real-time payments can make it difficult to protect systems and transactions from fraud.
One of the most challenging and prolific fraud threats in the U.K. is APP fraud, with 66,247 cases reported in the first half of 2020, totaling £207.8 million in APP fraud losses.
In an effort to address growing push payment fraud, the Confirmation of Payee (CoP) was recently enacted in the U.K. The U.K. Payment Systems requires six of the region’s largest banking groups to implement CoP as of June 2020.
Fraud Prevention Solutions and Best Practices
FSOs must refresh and modernize their fraud risk assessments and fraud controls to reflect the new threats emerging from the pandemic, and ready their organisation to respond to new fraud risk typologies.
Though many organisations continue to rely on the fundamentals of fraud prevention, such as standard analytics and rules-based engines, fraud prevention solutions and tools have quickly evolved. Modern fraud prevention encompasses a broad spectrum of advanced artificial intelligence (AI), machine learning (ML), deep learning and cloud technologies that enable FSOs to introduce more agility, intelligence, accuracy and intuition into their approach to fighting fraud.
Legacy systems, standard analytics and manually-driven fraud analysis severely limits FSOs to only addressing fraud after the fact. Organisations must use AI and ML as a pillar to enhance the effectiveness, efficiency and quality of their fraud detection and prevention approaches.
An end-to-end, advanced analytics and AI-driven approach to fraud prevention, such as that provided by the integrated fraud management platform, IFM-X, from NICE Actimize, helps FSOs use autonomous intelligence to identify suspicious behaviors and quickly respond to changing risk management demands:
- Facilitates a holistic, real-time and data-centric approach to combating constantly changing, sophisticated fraud techniques.
- Enables real-time transaction approval or rejection via automated
- Improves upon current fraud prevention models, operations and systems to boost accuracy and efficiency while optimizing cost-effectiveness.
- Accounts for evolving fraud trends and behaviours to generate actionable insights regarding customer risk.
Allows greater unification throughout the fraud management ecosystem with a single platform and a single view of risk.
- Continuously adapts, learns and becomes more intelligent to grow alongside evolving needs.
- Safely reduces friction and enables effective monitoring and quantification of customer risk across the complete lifecycle to allow FSOs to optimize profitability without compromising customer acquisition.
The Next Step for Fraud Prevention
Numerous fraud prevention frameworks that were already experiencing vulnerabilities prior to the pandemic continue to face increasing pressure from the diversity, volume and strength of fraudster attacks as digital fraud threats and risks grow across European markets. FSOs must adopt agile, advanced analytics powered solutions to respond to changing fraud risks and disruption, recuperate from the vulnerabilities resulting from online payment fraud and enable their organisation to better defend against fraud in the future.