Digital payments are taking the world by storm, with their total transaction value expected to hit $8.5 trillion by the end of this year.
Gone are the days of electronic payments being solely the domain of large corporations via wire transfer, with peer-to-peer (P2P) payment apps such as Cash App, Venmo and Zelle becoming a fixture of smartphone home screens. However, many people still rely on paper checks, particularly members of older generations, for whom smartphone and eCommerce use is less widespread.
No matter an individual’s payment preference, there are still cadres of fraudsters looking to intercept payments or exploit the personal data attached to them. Nearly half of all consumers in the U.S. have reported being victimized by payments fraud in the past, with bad actors deploying a staggering variety of techniques to steal money or data. Consumers are turning to businesses to keep them safe from these fraudsters, and organizations are deploying an equally diverse array of defenses to fend off these attacks.
This month, PYMNTS examines the methods that fraudsters use for check and digital payment fraud. We also explore the defensive measures that are most effective at stopping them.
Methods of Payment Fraud
Check fraud is as old as checks themselves, so fraudsters have had plenty of time to refine their techniques. Stolen and altered checks are some of the most common methods, with bad actors stealing checks out of the mail, possibly changing the amounts and then cashing them. Other bad actors make color copies of checks after changing the information to make it less obviously forged, while others have access to check printing software at companies and can embezzle by printing checks themselves. A new trend is called check washing: Bad actors steal checks, erase payees’ names with household cleaning products and then print their names on the checks and cash them. This method can be hard to catch from the payors’ end because the amounts have not been changed.
The growth of P2P payment apps has also contributed to a new wave of fraud that is, in many ways, the online successor to check fraud. One of the most pervasive threats that payment app users face is account takeovers. Fraudsters seize control of accounts and use them to access credit card data, drain stored account values or even pay themselves or their other accounts. Cybercriminals gain access to user accounts in several ways, including phishing and brute force botnet attacks. Still, one of the most common ways is by purchasing stolen credentials in bulk online.
Other fraudsters forgo infiltrating accounts in favor of tricking payment app users into paying them directly by posing as friends or trusted authorities. These scams have grown more sophisticated as app users become more aware of the threats, with fraudsters becoming increasingly creative. The Better Business Bureau warned digital wallet users against a new scam in which users receive messages from fraudsters asking for the return of “accidental” payments made to their accounts — these payments actually being the products of stolen credit cards. Users return the money in good faith, but by then, the scammers have switched out the stolen credit card information with their own. The stolen money goes into the scammers’ accounts, and the accidental payment victims suffer a net loss of those funds when the original cardholders report their cards stolen and seek reimbursement from the apps.
Fighting Payments Fraud
Consumers believe it is their banks’ responsibility to protect them from fraud, but at present, they think banks are letting them down. A recent study found that 22% of respondents in the U.S. said they lack confidence in their banks’ ability to handle suspicious activity, yet 25% spend less than an hour every year checking their accounts for fraud.
Biometric security methods hold some of the most promise in preventing financial fraud, and customers are largely willing to use this method as well. A recent PYMNTS study found that 71% of account holders would be in favor of biometrics to authenticate their identities, with 49% favoring fingerprint scans and 44% open to using facial scans.
Passwords might be the most common authentication method, but their efficacy has recently come under serious doubt. Studies have shown that 51% of consumers struggle to recall the passwords they use at work and home, and 60% are unable to memorize the passwords they need in their day-to-day lives and resort to writing them down or recycling them, compromising security in both cases. Biometrics, meanwhile, require no memorization, nor can they be guessed by fraudsters.
Deploying more secure authentication methods such as biometrics could prevent payment fraud, especially as payments become more digital. Banks must step up to the challenge of protecting the customers who rely on them.