Our Managed Risk Analysts work with a wide variety of businesses across the globe. Through their experience with clients as well as data from Cybersource’s fraud platform, we’ve compiled our top 10 fraud trends to watch out for in 2023, as well as recommendations to prevent these types of fraud.
Let's dive into the trends.
1. Influencers intentionally sharing credit card details to increase their following
Social media influencers have been disclosing their full payment card details for self-promotion. This practice has caused havoc on affected merchants' platforms, who can receive thousands of failed authorizations in the space of a few seconds. Though not technically illegal, such promotions from larger influencers have resulted in excessive authorization fees, identity morphing, false positives, and website timeouts based on the surge of traffic.
Our recommendations:
- Ensure you can build velocity controls pre-authorization for these types of payment methods.
- Create alerts for spikes in payment volume using the same credit card number.
- Assign a resource to monitor potential future promotion from influencers.
2. Inflation costs drive consumers to unfamiliar marketplaces
The cost-of-living crisis is driving consumers to more unfamiliar websites as they search for the most competitive prices for their favorite products.
- Grey markets have seen a surge in usage and demand for pre-owned items has increased.
- The number of counterfeit websites and fake merchants on social media has spiked.
- Fraudulent activity associated with marketplaces has also increased during this period.
Our recommendations:
- Send a cease-and-desist letter to the admin domain registrant and CMS platform1.
- Utilize Google’s content removal tool that allows you to temporarily block pages from Google search results.
- Conduct in-depth Know Your Business (KYB) checks before onboarding a new seller.
- Monitor a new seller account for the first 90 days.
3. Geopolitical uncertainty drives the need for robust compliance measures
Since the start of the Russia’s invasion of Ukraine, merchants have taken measures to block payment details from sanctioned countries, but there are still instances of these controls being circumvented.
- There has been an increase in niche freight forwarder activity that supports shipping to sanctioned countries.
- Email domains and IP addresses originating from sanctioned countries are typically associated with these orders.
- Surrogate shipping has sharply increased since sanctions were introduced2.
Our recommendations:
- Use Watch List Screening to check against government-denied persons lists in real time.
- Monitor freight forwarder usage originating from sanctioned countries1.
4. Cost-of-living crisis accelerates reliance on buy now, pay later (BNPL)
Given the ongoing cost-of-living crisis, more consumers are switching to installment loans to make purchases. Fraudsters naturally gravitate to where they can hide in plain sight, which has led to an increase in ‘buy now, pay never’ schemes. Many BNPL companies offer instant installment loan issuing and will not conduct formal credit checks, instead relying on internal algorithms. The potential for an upcoming recession could lead to more consumers defaulting on their payments.
Our recommendations:
- Ensure BNPL transactions are fraud screened alongside traditional eCommerce orders.
- For BNPL linked accounts, use Account Takeover Protection to monitor unusual activity.
- Use Identity Behavior Analysis to flag synthetic identities with no history.
5. Fraud trends adapt in Europe following PSD2 enforcement
Strong Customer Authentication (SCA) has now been enforced in the U.K. and Europe since March 14, 2022. Despite falling fraud rates, fraudsters continue to adapt their attacks, which presents a new set of challenges for fraud teams3.
- Fraudsters have begun testing the card issuers that are most likely to offer frictionless flows for customers.
- Seasonal promotional periods have been exploited to reduce basket sizes to less than €30 and TRA thresholds.
- We’ve seen a sharp increase in dark web guides for fraudsters operating in Europe.
A PSD3 legislative draft is due in 2023, which could come into effect within the next two to three years4.
Our recommendations:
- Protect and secure Mail Order Telephone Order (MOTO) channels.
- Pay attention to BIN countries outside the EEA.
- Prepare for exemptions that are suitable for your business, like delegated authentication.
- Prepare for the transition from PSD2 to PSD3 following the legislative draft.
6. The economic downturn means an uptick in fraudulent activity
Fraudsters are inherently opportunistic and have been using the current economic climate to launch a new wave of fraud attacks. In addition, consumers could be tempted to commit friendly fraud as they cope with the cost-of-living crisis.
- Your business could see an increase in customers claiming items not received or damaged in transit.
- An uptick in fraudulent job postings, where fake employers intentionally post job listings to collect applicants' sensitive information.
- More phishing scams, including new SMS attacks linked to energy grants, mortgage rates, and interest rates.
- Increasing dependence on the gig economy means that more consumers are willing to consider illegitimate sources of income, such as being a shipping mule.
- Strikes or other forms of industrial action could result in delivery delays, which could also lead to an increase in friendly fraud from so-called ‘angry chargebacks.’
- Tighter budgets for risk teams means fewer resources to adequately respond to attacks.
Our recommendations:
- Utilize Visa Compelling Evidence Update CE 3.0 to help fight first-party abuse.
- Ensure payment and return policies are made as transparent as possible for customers.
- Use Identity Behavior Analysis to flag customers associated with disputes.
- Establish a friendly fraud review list and create a team to re-establish relationships with customers.
7. ChatGPT and Open AI create new risks for merchants
New and innovative types of artificial intelligence (AI) software, such as ChatGPT, are being heralded by many as the future of the internet. But this kind of AI software can present potential risks for businesses as this technology continues to evolve.
Open-sourced AI software could potentially be used in the future by fraudsters to:
- Create AI-generated phishing correspondence.
- Mimic chatbots from legitimate websites to solicit personal information.
- AI voice generation and voice cloning.
- Create AI-generated images to be used in synthetic identities.
- Build malware or ransomware that could be used to compromise merchants’ websites.
- Generate dark web marketplace scripts.
Our recommendations:
- Monitor the development of open AI technology to assess the opportunities and threats the software represents to your business both internally and externally.
8. Rise of Web3 and the metaverse bring new risk threats
The metaverse remains one of the hottest topics in technology.
- The majority of metaverses are decentralized, unregulated, and require minimal checks to onboard new customers, which naturally attracts fraudsters.
- The ramifications of account takeover have never been higher than that in the metaverse. A consumer could potentially lose their entire online identity and the entirety of their digital assets at once.
- Most metaverses are still in their infancy and pose the risk of social harm in the form of bullying, harassment, and explicit material.
Our recommendations:
- Agree on a company strategy for the metaverse and your risk appetite.
9. Airline recovery means fraudsters likely returning in full force
Airline travel is expected to continue to rebound in 2023following a three-year slump. Unfortunately, as customers return to the skies, fraudsters may return too, with new emerging threats following the recovery.
- Dark travel agencies promising inflation-proof discounts.
- Friendly fraud from cancelled flights following the summer disruption.
- Loyalty fraud abuse from dormant accounts not used since the pandemic.
- False account credits claims/professional refunders.
- Fictious reservations used for card testing.
Our recommendations:
- Account for the rise in friendly fraud from travel disruption in the summer.
- Reconcile false compensation claims with original bookings.
- Establish a long-term approach to last-minute bookings.
- Monitor the usage of voucher redemption.
- Account for the influx of fake travel agencies offering travel-related discounts.
- Protect customer accounts for lapsed flyers.
- Focus on loyalty points targeted by fraudsters for new business lines.
10. Crypto winter further disrupts fraud prevention for exchanges
Recent volatility in the market coupled with the high-profile collapse of the FTX crypto exchange will likely result in a crypto winter in 2023, placing additional strain on exchanges.
- Consumers who invested using fiat in the past year may look to recoup their losses in the form of friendly fraud.
- Investors now expect even greater safeguards to ensure accounts are protected and safe.
- Crypto exchanges could be victims of market manipulation, user-provoked volatility, and other fraud schemes.
Our recommendations:
- Use Account Takeover Protection to defend against suspicious account creation, login, and account changes.
- Use third-party data sources for additional identity verification and risk scoring.
- Use enhanced device profiling, which builds on device fingerprinting to increase device profiling accuracy and helps prevent fraudsters from blocking device profiling.
Here's how we recommend you tackle fraud this year5:
- Account for a possible rise in friendly fraud originating from the cost-of-living crisis.
- Ensure you can screen both pre-auth and post-auth dynamically through your fraud solution.
- Start to discuss plans to adopt Compelling Evidence 3.0 to defend against friendly fraud.
- Explore alternative authentication methodologies such as delegated authentication, FIDO, and biometrics.
- Ensure your business is screening alternative payment methods for fraud.
- Monitor the development of open AI technology for both opportunities and risk.
- Familiarize yourself with the upcoming PSD3 legislative draft.
Want to take fraud management off your plate this year?
Benefit from powerful machine learning and highly experienced managed risk consultants and let us handle your fraud prevention.