Technology
Weaponised AI, ransomware-as-a-service, long-game identity theft and other 2023 trends
Monday August 28 2023
Over the last decade, a steady stream of innovation has made digital payments easier and more convenient for everyone.
But emerging technologies like generative AI and a pandemic-accelerated digital explosion have also given rise to new forms of fraud — fraud that all together cost online businesses $41 billion globally in 2022 and is expected to jump 17 percent in 2023.
Here are five trends impacting payment security this year — and where security innovation is needed most.
1. The proliferation of fraud tools makes anyone a potential hacker.
As more and more people shop and pay for things online, the number of fraud targets grows. At the same time, inflation, cost of living, and economic uncertainty are giving more people an incentive to turn to fraudulent activity.
And fraud has perhaps never been easier. Today, fraud doesn’t require much in the way of technical skill. It’s even possible, on the dark web and elsewhere, to purchase packages that do the dirty work for you.
Ransomware-as-a-service is one such business model — where ransomware operators write software that non-technical individuals can use to launch attacks.
2. Fraudsters are playing the long game.
The good news: Fraud controls have become highly effective at identifying fraudulent transactions. The bad news: Establishing new accounts with stolen or synthetic identities has gained in popularity. What’s worse is that these transactions are often seen as legitimate, because the credentials — a person’s name or account number — aren’t fraudulent, even though the underlying accounts and identities are.
Some fraudsters are also playing the long game, fabricating entirely new identities rather than stealing them from actual living humans, taking the time to establish years of seemingly legitimate history before maxing out lines of credit and disappearing.
3. Social engineering gets an AI upgrade.
Social engineering has always been a problem. But generative AI is making it easier than ever to fool even the savviest consumers.
Common social engineering tactics like phishing emails may try to manipulate you into revealing confidential information or performing a specific action for illegitimate reasons.
Where poor grammar, wonky formatting and spelling mistakes have long been some of the phishing email’s best-known tells generative AI tools make it easier to hide these imperfections — and harder to spot the fakes than ever before.
4. Consumers want a fast checkout process.
Balancing robust security controls while removing friction from transactions and customer interactions is a critical need.
For example, consumers like the ability to buy directly from social media apps, but many of the security and authentication steps required to authorize a transaction can slow that down.
More security investment in these new ways to pay will help mitigate fraud and ensure a better consumer experience.
5. New tech meets old cons.
The global real-time payments transactions volume was valued at over $100B in 2022 and it’s expected to grow by more than 30 percent per year from 2023 to 2030.
But the convenience of RTP also exposes a heightened vulnerability to fraud. For example, RTP can be a lot like sending cash in the sense that once you send it, it’s gone.
If you are duped into sending money to someone misrepresenting their identity, that money may be gone forever.
Similar challenges exist in crypto and digital currencies, where there is no “claw back” mechanism if you make a transfer to some anonymous scammer’s wallet.
When using any of these new technologies, it’s important to know who exactly you’re dealing with on the other end of the transaction.
While macroeconomic trends signal reduced investment in innovation, it’s as much needed now as it has ever been.
That’s why Visa has spent some $10B in technology, including to reduce fraud and increase network security, over the last five years: to keep our network secure, keep the payment experience seamless, and protect consumers and merchants from the weight of fraud-related losses.
Paul Fabara is the Chief Risk Officer at Visa.