The last three years have given security professionals a look into an evolved and more sophisticated fraud ecosystem, with new tactics entering the mainstream and exposing more vulnerabilities. From grand-scale computerized ransomware attacks to the placement of physical skimming devices on gas station card readers, fraudsters are continuously probing, finding new ways to attack, or taking advantage of complacent security measures. According to the FBI’s Internet Crime Report, annual losses from cybercrime in the U.S. nearly doubled between 2019 and 2021 – rising from $3.5 billion to almost $7 billion. Thankfully, the technologies used to protect digital money movement are also evolving, adapting to lessons learned from past attacks and scams.
As an industry, we are at an inflection point where digital technology has transformed how money moves, bringing new players into the payments ecosystem and enabling customers with more ways to pay. While the benefits of these new technologies are undeniable, they have resulted in an increasingly complex cyber landscape that has brought new challenges. A recent report from MIT Technology Review Insights and Visa, shows cybersecurity threats remain the most challenging aspect of expanding digital payment options. Still, every organization that moves money is now tied to digital interactions in some way, from internet-connected point-of-sale equipment to consumer computers and smartphones, making the need to protect digital payments even more important. The same report found that while the use of enhanced authorization, such as biometrics or artificial intelligence, has created a sense of greater security, specialists report ongoing concern as cyber-attacks become more sophisticated.
Maintain security vigilance
With consumer spending behavior on the rise and pre-pandemic activities returning to normal, from shopping in person at brick-and-mortar stores to attending entertainment events, fraudsters have more opportunities than ever to take advantage of gaps across the transaction lifecycle.
These cybercriminals are expanding their tactics to capitalize on both physical and online payments, leveraging strategies like digital skimming to target the checkout pages of merchants. As pandemic restrictions eased following increased vaccine availability, we saw a rapid return of card-present schemes, with one Visa report seeing a 176% increase in physical skimming devices between June and November of 2021. Likewise, tech support frauds have more than doubled in the last year, shaking customer confidence in financial institutions. As a result, payment networks have a massive responsibility to safeguard the transactions of individuals, businesses and governments.
How to secure the future of money
We’ve witnessed many powerful innovations in finance and payments over the past few years, like tap to pay, digital currencies, and buy now, pay later (BNPL) – but what typically goes unnoticed are the products, platforms and services that ensure these new forms of money movement are secure and private, enabling them to scale effectively.
Consider network tokens, the unsung heroes of e-commerce. They replace a cardholder’s 16-digit account number with a secure “token” that protects the underlying card number from fraudsters rending any stolen data useless, while helping approve authorization rates by 28%. Paired with user protection capabilities like EMV 3D Secure, the system can pass enhanced data through security protocols to enable authentication breakthroughs, further securing global e-commerce. We now use artificial intelligence to sift through massive amounts of data to detect patterns otherwise undetectable by humans, identifying instances of brute-force payment account enumeration.
Some products available on the market even make informed decisions to approve or decline transactions on behalf of issuers when their systems are offline – reducing the consumer impact of service disruptions. These technologies can analyze millions of payments a day – reducing fraud, preventing breaches and protecting the integrity of the entire payment ecosystem.
Adopting more advanced security capabilities has become a priority for many says the MIT report, including digital tokens and other forms of enhanced authorization (32%), as well as improving fraud detection through biometric authorization, artificial intelligence and other advanced technologies (43%). However, for businesses that don’t have in-house technical capabilities, these next-generation technologies might seem impractical or confusing, making outsourcing payment services often the best answer.
Threat to small businesses
Small businesses – specifically those using legacy technology – are often the victims of security breaches, data loss and fraud, as they often lack resources or expertise to prioritize security tools and safeguards. A study of almost 1,500 small business owners conducted by the Identity Theft Resource Center showed 58% had experienced at least one security or data breach. Of those, 44% had paid between $250,000 and $500,000 to cover the cost, and another 16% had paid between $500,000 and $1 million. Don’t lose hope. A few steps SMBs can take to secure the payment environment across online, contactless and in-person transactions include staying educated and up-to-date on the latest cyber threats, establishing a governance process to stay nimble in the ever-changing security landscape and utilizing tools such as EMV 3-D Secure, secure digital payment tokens, and chargeback tools.
Regardless of business size, to protect against the threat landscape, organizations require a comprehensive approach to security that relies on multiple layers of technology, analytics, and best practices to help protect the payments system and reduce fraud. While it might seem like an overwhelming process, working with the right tools can give organizations the confidence that they and their customers are protected without having to worry about managing day-to-day, second-to-second security protocols.
Michael Jabbara, global head of fraud services, Visa.