Future-proofing payments security on a fragmented landscape
In today’s global, instant and inter-connected world, the payments ecosystem comprises more players than ever before. The benefits of such a model have included unprecedented levels of competition, innovation, and service – for everyone. But this has also meant that there is an increased attack surface for bad actors, making fraud prevention and security even more of a priority.
In order to benefit from this partnership-rich environment – while also delivering safer, more frictionless experiences to merchants and consumers – it is critical for institutions to future-proof their business with enhanced security, layered solutions and advanced AI-based tools to stay ahead. With almost $500 billion lost to fraud globally in 20231, an holistic approach to fraud prevention brings long-term benefits to everyone.
From the four-party to multi-party ecosystem
Traditionally, the payments landscape operated under a four-party system, involving cardholders, merchants, acquirers and issuers. These parties were well-defined and the responsibilities clear.
Today, the model is increasingly complex, driven by developments in technology, networks, and legislation, including the second Payment Services Directive (PSD2). With the entrance of new rails, payment processors, gateways, merchant services providers (MSPs), independent sales organisations (ISOs), and payment facilitators (Payfacs), there are now numerous parties involved in global commerce payments.
Consumers have not been shielded from this change either. Indeed, people are increasingly seeking digital-first or embedded services, creating space for multiple service providers to enter the market and deliver new innovative products. The pandemic accelerated the transition to digital payments, and consumers are increasingly turning to players who can deliver the seamless consumer experience they demand.
There is a risk, therefore, that this new landscape can be seen as overly fragmented, leading to an increase in fraud attack surface. And, in some cases, this is borne out by the data. Fraudsters will always look to exploit payment rails with fewer consumer protections, and enumeration, brute force attacks, and authorised push payment (APP) frauds remain top threats in the payment ecosystem. In 2023, payment fraud losses were 53% higher than in 2022, and cases had risen by 74%2. This followed a near-doubling in case volumes and losses in 2022. This is an expensive fight for financial institutions (FIs).
Sooner than later, FIs must move to reliably catch financial crime across the payments ecosystem and, even better, stop it before it happens. This goal necessitates scalable solutions across all rails, irrespective of the network – and the good news is there is already the technology and products to help make this a reality.
Tools to fight fraudsters
Once upon a time the roles of financial criminals were clearly delineated: there was a middleman, a dark web collaborator, a counterfeiter, and a mule. Today, criminals are organised, agile, collaborative, and can take advantage of cutting-edge financial technologies. In fact, fraudsters invest in this part of the operation just as concertedly as banks. At their disposal are dark web search engines, marketplaces for identifying and purchasing specialist skills, AI chatbots configured for crime, polymorphic malware creation engines, as well as AI-powered biometric bypass and deepfake capabilities. One of the most high-profile cases recently saw UK engineering firm, Arup, fall victim to a £20m deepfake scam in which their Hong Kong employee was duped into transferring cash to criminals via an AI-generated video call3. The financial damage of these attacks is measurable; the emotional toll on employees or customers is not.
Fortunately, there are many tools deployed by FIs to stay ahead of criminals. AI – powered by vast data sets – is just one example, and can be used to discern patterns in transactions that are indicative of fraud. Using payments data, location or user behaviours, AI models rapidly recognise potential fraud cases. Interestingly, almost 80% of consumers expect their banks to deploy AI to this effect4.
Generative AI models with advanced machine learning deployed at scale, on the other hand, can take banks well beyond the rudiments of solutions trained on their portfolios. By analysing and learning fraud patterns across entire networks, these models can understand the characteristics of financial crime and spot them as they unfold in real time – and, in some cases, even beforehand. This allows FI to be even more proactive in protecting themselves and their customers.
AI has long been used in the financial services industry, becoming an invaluable tool in FIs’ arsenals. Fraudsters are continuously scanning for weaknesses across attack surfaces, with multiple players and steps involved in completing a payment transaction. Therefore it is even more essential to consider the deployment of network level advanced AI solutions that protect a transaction at every step.
Fraud is a responsibility for all stakeholders in 2025
Every link in the payments value chain – from the merchant to the consumer, and every step in between – benefits from payments security, and therefore every player has a responsibility to prevent fraud.
To begin with merchants. As businesses and brands, their goal is to thrive – not least by being safe places to transact. Ultimately, they seek payments solutions that drive high sales conversion, while also keeping down costs, including those from fraud.
Continuing along the value chain, there are often a number of other actors participating in the facilitation of a payment. They too want to drive value for merchants and financial institutions, by ensuring genuine transactions happen seamlessly and securely.
FIs incur significant costs associated with fraud in addition to the operational costs from supporting consumers who have been victims of fraud. Staying ahead is critical not just to minimise costs but to also drive customer retention.
As for the consumer, their highest priorities are knowing they are safe, their funds are protected, and that they can trust their provider. This is a basic need. Of course, seamless experiences also matter, but the moment trust is lost, consumers will chose to purchase, pay or bank with a different provider. Upholding trust and security is fundamental to payments.
All players need to take responsibility for their part in preventing fraud and financial crime, since they all stand to benefit from more secure commerce.
At present, some of these players, such as service or platform providers, are covered by various payment regulations, but not all. This can place additional burdens on regulated parties, such as banks and payment networks, to monitor the activities and legitimacy of other participants – but ultimately, accountability must evolve to ensure everyone is incentivised to reduce fraud across the ecosystem.
Looking ahead: Security vs. experience
The need for improved payments security should not detract from the industry’s primary aim: to enable and empower good actors, as much as it is to deter those that are bad.
Even well intentioned security implementations, such as strong customer authentication (SCA) in Europe that introduce two-factor authentication into the payments process, done badly can drive basket abandonment. With high friction and poor user experience, there is more potential for frustration – and the risk that customers use an alternate, less secure, payment method or decide to abandon the purchase altogether.
Therefore, in 2025, it is even more important than ever that we work together to strike the right balance between consumer protection5 and economic growth, creating a safe environment where business and consumers are supported, valued and can achieve their full potential.
Stay current with the latest payments insights from Visa Navigate Europe - subscribe today.
Article reposted from Finextra.
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.
1 Nasdaq 2024 Global Financial Crime Report
2 UK Finance 2024 Annual Fraud Report
3 https://www.theguardian.com/technology/article/2024/may/17/uk-engineering-arup-deepfake-scam-hong-kong-ai-video
4 https://www.pymnts.com/fraud-prevention/2024/77-of-consumers-expect-banks-to-use-ai-to-fight-fraud/
5 Visa future of payments whitepaper: https://globalclient.visa.com/Using-AI-to-secure-the-future-of-payments
Share Feedback