Where digital payments are concerned, we need to recognize the need for a delicate balance between customer experience and security.
In the digital economy, where e-commerce and mobile payments are key pillars, it is no surprise that recent research forecasts more than 50% surge in the Asia Pacific payments market by 2026, reaching USD 22.97 trillion.
Amid this digital payments boom, a shadow looms large – consumer fraud has risen with 54% of all confirmed cases linked to authorized push payment (APP) fraud attacks. As businesses eagerly embrace cutting-edge digital payment technologies, any compromise between customer experience and security will emerge as a critical concern.
Where digital payments are concerned, we need to recognize the need for a delicate balance between customer experience and security.
How has fraud evolved in the fast-evolving payments landscape?
Warren Hayashi (WH): The payments ecosystem has broadened well beyond traditional banks, with fintechs, neobanks and payment service providers (PSPs) pushing a variety of payments innovation such as mobile wallets, QR codes, and contactless payments. While these advancements have transformed the way transactions occur, they have also created a playground for bad actors intent on exploiting these technologies, leading to an increase in sophisticated fraud tactics to defraud unsuspecting users.
Payments fraud has a huge impact on consumers and businesses, with global losses reaching an estimated US$1.02 trillion (S$1.4 trillion) from 2022 to 2023, and victims in Singapore experiencing the highest average losses most commonly to mobile payment fraud and phishing scams. In the first half of 2023, more than 750 of such cases were reported with estimated loss amounting to more than S$10 million (US$7.4 million).
Payments fraud poses substantial risks, necessitating the implementation of robust security measures to safeguard against digital payment fraud for both users and businesses.
With 54% of all confirmed cases of consumer fraud linked to authorized push payment (APP) fraud attacks, what can businesses do to address this concern?
At its core, APP fraud attacks are social engineering attacks on consumers. It pushes individuals or businesses to make a payment to a fraudulent account through the impersonation of a trusted entity such as a bank or service provider. It’s important to note that no single risk management solution can be a panacea. To effectively manage and mitigate the risk, businesses need to take a multifaceted approach that involves technological solutions, educational initiatives, and robust operational controls.
Transacting online is all about trust and consistency. Consumers are often unaware of such fraudulent tactics, which means that businesses can take it as an opportunity to cultivate trust by alerting consumers on the risks of APP fraud and ways to avoid falling prey. This could include providing information on the common types of scams, ways to identify them and how to address the issues should they ever be a victim.
At the same time, leveraging the right technology and building an effective risk strategy, can help businesses prevent, detect and respond to APP and other types of fraud. For instance, using secure payment methods that require two-factor authentication when conducting transactions and adopting fraud prevention measures and technologies such as transaction limits, phishing filters and AI-enabled detection software can provide a better and safer customer experience for all.
What other key steps should retailers and merchants take into consideration to secure online payment gateways?
WH: There is no one-size-fits-all solution to risk management. Every business is different and will have unique risks to deal with across the board. However, the challenge for the majority is finding the right balance between risk management and customer experience.
One effective step to take is payment tokenization, where sensitive payment details, like credit card numbers, are replaced with a unique, non-sensitive token. This allows transactions to be processed without transmitting or storing the sensitive information. Beyond thwarting fraud attempts using stolen data, it also helps business comply with various regulations and standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).
Consumers also experience less friction in their shopping journey with payment tokenization. The technology enables merchants to securely save payment data with non-sensitive tokens, which allows consumers to make future purchases without re-entering their payment details. In addition to enhancing the overall customer experience, this streamlined process significantly increases conversion rates at checkout – and hence business revenue.
Beyond taking measures to secure their online payment gateways, businesses are also encouraged to adopt holistic fraud detection solutions. At Adyen, we work with customers to implement solutions such as RevenueProtect, a built-in risk management solution that utilizes robust machine learning models to detect fraud, reduce false positives and operational burden in combination with simplified rule creations to have control of decisioning for business rules and policy.