Fintech fraud is growing rapidly. As society becomes increasingly reliant on technology, the unfortunate truth of the matter is it also becomes more vulnerable to cybercrime.
Borderless, sophisticated and nearly invisible, cybercrime is committed anonymously, at scale and remotely; sometimes, and even quite literally, a world away from its victims.
It’s a challenge that fintech and financial institutions, both large and small (just look at payment giant PayPal) can’t seem to escape. Which begs the question: are financial Institutions getting worse at fraud protection or are fraudsters just getting smarter?
Fraud in the pandemic
Unfortunately, it’s a little more complicated than that, especially when there’s a global pandemic thrown into the mix. Since COVID-19 reared its ugly head in 2020, fintech fraud risk has exploded.
Thanks to government-imposed lockdowns and related movement restrictions that require more people to stay at home; online shopping has skyrocketed. This accelerated shift from in-store to online purchases has resulted in a decline in the use of more secure, in-person cash and card payments.
The pandemic also saw PayPal add 120 million new customers. Or did it? With a new marketing campaign that encouraged new customers to sign up by depositing cash into their accounts, the company became a prime target for fraud. Bots (software created to automatically visit websites and take actions), posing as real people, started to cash in on those incentives by creating accounts.
It was a learning experience to the tune of a 25% stock slump. Now, Paypal has changed its customer acquisition strategy from incentive to engagement programs to help protect it from fraud.
The cost of fraud: A billion-dollar affair
In July 2021, the Australian Institute of Criminology, sponsored by the Australian Government, stated that the total economic impact of pure cybercrime in Australia in 2019 was $3.5 billion.
Let’s take a closer look:
- $1.9 billion – money directly lost by victims
- $597 million – money spent dealing with the consequences of victimisation
- $1.4 billion – money spent on prevention costs
- $389 million – amount recovered by victims
These losses are believed to be conservatively estimated, as many victims were unable to quantify precisely how much had been lost or how much had been spent dealing with the consequences of the crime.
The unintended impact
There are limited options available to fintech businesses to reduce fraud in the current environment. The biggest challenge facing these companies is implementing fraud detection methods that don’t have an unintended impact on the customer.
This impact may be the inconvenience of compliance measures and other operational procedures designed to detect or prevent fraudulent activities that compromise ease-of-use and operational efficiency. Consumers tend to resist these service impediments and take their business to e-commerce sites that offer a path of least resistance to fraud control measures. This is exactly what cybercriminals want to see and is the most difficult challenge confronting fintech businesses today.
Traditional fraud minimisation measures, such as real-time auditing and real-time reporting are expensive and not always effective. Existing identity authentication measures, such as one-time SMS codes and knowledge-based authentication measures are no longer capable of outsmarting digital criminals. One-time SMS codes can be re-routed and even the most novice hackers can easily identify the answer to your mother’s maiden name.
While fraudsters will always find a way to beat the system, there are still ways for companies to protect themselves and their customers.
How to beat fraudster at their own game
- Stay agile: Financial institutions need to develop fraud-prevention strategies and tactics that enable them to respond quickly and evolve.
- Embrace innovation: Financial institutions and other fintechs need to invest in new digital security infrastructure that doesn’t compromise operational efficiency and customer satisfaction. Options available include biometric identity authentication measures – think fingerprint, eye and facial identification or voice recognition. This technology is advancing rapidly and now extends to behavioural biometrics as well, like keystroke dynamics or the way objects are used.
- Decision with data: Compiling enough data to make a good decision takes more than payments data; companies also need to look at location ID data, digital identifier data, and unique customer data and cross-reference it to get the full picture and ultimately, stop fraudsters in their tracks. When financial institutions combine payments data with all known elements, it paints a more accurate picture of what’s normal and what’s fraudulent.
The bottom line? While cybercrime protection demands evolving solutions that require significant capital outlays, it’s worth the investment. The more traditional fraud prevention solutions are no longer a match for the growing sophistication of cybercriminals.