5 minute read
Virtual fraud: How to catch a digital thief
Imagine you receive a call from what you think is your bank. The person on the line asks for personal information. Would you think it’s coming from a trusted source? This was the case for 200,000 individuals in the UK who were targeted in the iSpoof fraud website in 2021. They were tricked into handing over money or giving fraudsters access to their bank accounts. More than 100 people were eventually arrested by authorities, who brought down the website that scammers used to steal tens of millions of pounds from Britons via fake bank phone calls.
This example shows fraud prevention and detection are challenges in the digital space. The issue is that rapid adoption of virtual spending and payment options (e.g., virtual cards and wallets) has led to new opportunities for sophisticated fraud attacks which companies, individuals and banks are unprepared to handle.
The state of virtual fraud and payments
Digital wallets, virtual cards, crypto, and buy now, pay later—the rapid rise of digital payments is changing customers’ shopping experience and it’s adding up to nearly $9.7 trillion projected digital transactions. Virtual card transaction volume alone is expected to increase 340% between 2022-27, surpassing 121 billion transactions. Though as digital adoption increases, so does fraud. New forms of online fraudulent activity are already showing signs that more fraud management is needed.
In 2022, fraud from digital payments rose
10%
with commercial cards
6%
with ACH credits
6%
with virtual cards
Some companies have improved their digital user interface and experience to account for the shift in online buying habits, but many are unprepared to enhance fraud controls without affecting the customer experience. With 1 in 6 consumers saying they would leave their bank if they were not satisfied with its response to a fraud complaint, how can banks and companies reduce evolving virtual fraud while ensuring a great cardholder experience?
Why are people unprepared?
It’s partly because virtual fraud is new in comparison to other types of payment fraud, such as fraud which involves a physical plastic card. Also, how we use virtual cards and their increased exposure to fraud is changing. Initially, virtual cards were meant for single use, meaning after one transaction they were “disposable.” Plus, they were used with trusted and known B2B trading partners for recurring payments, which helped with authorization controls. Virtual cards can now be used multiple times like digital cards (e.g. credit cards) and stored over devices, via app or mobile wallet. They also have longer expiration periods and less authorization controls that allow for more flexible on-demand payment needs.
These enhancements give virtual cards greater payment flexibility but make them more vulnerable to fraud, especially if your mobile device is stolen and information accessed. There are 70 million smartphones lost each year, with 4.3 percent of company-issued cell phones among those lost or stolen. Plus, 52 percent of devices were stolen from the workplace and another 24 percent from conferences.
Attach a dollar amount to an employee’s virtual card and the average spend with each transaction is roughly $500. If a fraudster gets the card and makes 10 transactions with that average, that’s roughly $5,000 lost with a single card.
What can be done to ensure more security and peace of mind with virtual payments?
Evolving fraud requires a smarter fraud strategy
As banks consider using more sophisticated fraud management tools, they must account for technology complexity, payment choice flexibility and even how they support the cardholder experience. That’s where a solid fraud prevention strategy is key.
The right strategy can improve business efficiency and visibility by identifying, responding to and understanding fraud risks. This requires a multi-layered approach: Offer risk assessment across multiple communication channels plus have identity/authentication validation that pushes data points such as device verification.
For example, a two-step authentication process can prompt an employee to enter a verification code found on their laptop to confirm it’s them when making a purchase by phone. Such tactics should not only be common practice to verify oneself, they should be part of a work device security policy.
The approach can also include distribution of security touchpoints for account creation and accounting for behavior with biometrics.
Another consideration from an account standpoint is a virtual solution integrated with your core processing platform. If all accounts are on one solution, you get a holistic view of transactional activity.
With the growing trend of tokenizing a virtual card for use in mobile wallets, having one solution to manage all account numbers means you can see and understand all card data in one place. You can quickly assess if a transaction is genuine or suspicious, and take the appropriate actions to allow genuine spending to continue while stopping fraudulent activity. That integration offers deeper insights into servicing, reporting, fraud and dispute management.
Using technology to your advantage
Did you know there is evolving technology driven by AI and machine learning that constantly learns about cardholder buying activity to create a picture of an individual and assess risk?
For example, an employee uses a corporate card to purchase supplies every month with the same vendor for roughly the same amount. One day the card is used with a different merchant and the spend amount is much higher. This transaction would be “flagged” to verify if it’s legitimate. More transactions means a clearer picture of the cardholder.
But fraud prevention isn’t just about what the technology does, it’s also about how we use the technology to improve security and the cardholder experience. There are steps you can take to further mitigate fraud on virtual payments to reach these goals. Some preventative measures to take using the technology include:
- Applying authorization controls to limit how virtual cards can be used for business purposes (e.g., merchant types, effective dates, single limits, and number of allowed transactions);
- Adding virtual cards to mobile wallets for additional security for authentication and tokenization;
- Defining fraud prevention and detection rules specific to virtual card spend to monitor velocities and isolate potential suspicious activity for identifying patterns and anomalies and/or
- Deactivating virtual cards when there is suspected fraud to limit spend and loss.
The adoption and value of virtual payments
Customer experience and technology implementation are top challenges when detecting virtual fraud. This is from a consumer standpoint, but the challenges are also relevant for the commercial side. Many companies are aware that ease and security of payment options are priorities for their employees, especially for business travelers.
Virtual wallet enablement and centralized booking are technologies that give corporate travelers added convenience and security with transactions. Such solutions can also detect transactional anomalies such as if the user is making purchases at the company-approved hotel.
Plus, virtual payments improve automation with expense reporting, including the ability for receipts to be automatically attached to reports and transactions to be matched to trip expenses. With expense reimbursement fraud comprising 17% of all business fraud in the U.S., which costs billions of dollars, it presents an opportunity to more accurately track and report expenses as well as prevent potential fraud.
“The payments industry has a history of processing transactions a certain way and built a good fraud system around it. With systems changing and the introduction of virtual accounts into mainstream use cases, we have already taken steps to protect the new ways people spend to help drive the next generation of fraud solutions.” said Michael Mason, fraud expert at TSYS, a Global Payments company.
Finding out more
Nearly 80 percent of organizations are most likely to seek assistance from their banking partners for guidance regarding the steps to take to minimize the impact of virtual payments fraud. With more potential risk on the horizon, you should consider fraud management and authentication solutions that are built to evolve for the future. Such solutions exist today and are often powered by machine learning and behavior-based authentications.
“Digitized banking experiences are becoming the norm,” King said. “Banks need the right provider to navigate the complexity and challenges with fraud management for continued growth with enhanced security.”
If you are interested in learning how TSYS can help fight fraud and be your preferred method of payment, click here.
Latest articles
Never Miss an Insight
Get the latest from TSYS a Global Payments Company