Fighting Back Against the Fraudulent Use of Data
Today, a reality facing stakeholders in the payment ecosystem is the potential impact of the fraudulent use of compromised data. To put the scale of this issue into perspective, over 422 million individuals fell victim to data compromise events globally in 20221 .
For financial institutions, this is primarily the result of external cyber-attacks on third party organizations, such as vendors, merchants, payment processors and even government databases. Whenever consumer data, including but not limited to payment credentials, are compromised, there is a high risk that this data could be leveraged by unscrupulous threat actors to perpetrate fraud. Financial institutions are highly exposed to this growing area of risk, where such external data compromise events occur outside their own protection measures and controls.
Over recent years, data compromise events have become an all too frequent phenomenon. Data compromise events that occur outside a financial institution’s organization may include vendor data, merchant data, payment processor data, and even government data.
In most instances, the main risk arising from cybercrime involving compromised data is the risk of payment-related fraud. The potential impact of such fraud is not limited to monetary loss. It can also lead to significant business and operational disruption and have a direct impact on an organization’s customers. However, monetary loss is also a significant factor as cybercrime is expected to cost companies worldwide upwards of $10.5 trillion annually by 20252.
Recognizing risk factors
Today’s payment ecosystem is intricate and complex. Hence, it is important for financial institutions to recognize the inherent risk factors which cause vulnerabilities, make it possible for threat actors to propagate malicious attacks, and increase the likelihood of external data compromises leading to fraud. In devising any defense against fraud, it is also important for financial institutions to understand the dominant threat drivers that significantly increase the risk of fraud arising from external data compromise events.
Protecting against fraud
Visa’s recommended measures and responses include a combination of tactical and strategic actions to detect anomalous behavior, isolate instances of potential fraud or attacks, and establish a layered defense approach across the lifecycle.
In the case of identity theft fraud, actions such as intensifying new client onboarding due diligence protocols and deploying a cutting-edge fraud detection platform for new acquisitions can be taken. Meanwhile, to protect against account takeovers, it is helpful to implement measures such as monitoring unusual login attempts and successful logins on banking portals, and deploying robust authentication controls and protocols at call centers. While the fraudulent use of accounts can be protected against by monitoring for suspicious activity, particularly in relation to cross-border activities and crypto purchases and utilizing best-in-class technology and platforms augmented with predictive capabilities.
Overall, businesses should assess their readiness to prepare themselves for fraud – reviewing options and preparing their response.
For additional insights, please read our full Opinion Paper. For help addressing any of the questions raised in this paper, please reach out to your Visa Account Executive to schedule time with our Visa Consulting & Analytics team, email VCA@Visa.com or visit us at Visa.com/VCA.
Stay current with the latest payments insights from Visa Navigate CEMEA - subscribe today.
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.
1 Identity Theft Resource Center, 2022 Data Breach Report, January 2023, https://www.idtheftcenter.org/wp-content/uploads/2023/01/ITRC_2022-Data-Breach-Report_Final.pdf
2 Security Boulevard.com, “The Top Data Breaches of 2022 so far”, November 2022, https://securityboulevard.com/2022/11/the-top-data-breaches-of-2022-so-far/
Share Feedback