The fraud prevention landscape: what has made headlines in 2018

This year, technology vendors have displayed a huge drive to innovate – all while they have developed various technology tools based on machine learning, AI, behavioural biometrics or blockchain – in order to mitigate the most important threats in the payments landscape. Once again, we have witnessed a market consolidation through major acquisition and funding rounds. And all these actions are sprinkled with a desire coming from industry players: merchants, financial authorities, law enforcement organisations to collaborate and share best practices.

Major threats in 2018: malware, ransomware, and social engineering

According to the 2018 Payment Threats and Fraud Trends Report released by the European Payments Council, malware remains a major threat, with ransomware being on the rise during 2017, and requiring new mitigating measures.

Out of these, we single out Zyklon – a malware targeting telecommunications, insurance and financial services industries to steal passwords, and allow hackers to launch DDoS attacks or mine cryptocurrency, Android Trojans that steal money in 5 seconds from PayPal accounts even with 2FA on, MysteryBot – a malware that targets banking apps, and CamuBot - a financial malware that targets Brazilian banks through their business banking customers. Together, these have all made the cybersecurity headlines in 2018 by luring mobile users into installing them onto their devices with the purpose of walking them through unknowingly authorizing fraudulent transactions, taking control over their devices, or even worse, taking them out and demanding ransomware.

Also, social engineering attacks and phishing attempts are still increasing and they remain often instrumental in combination with malware, as the report continues to state. In 2018 the most targeted brands by bad actors were Microsoft, Paypal, Netflix, Facebook in phishing attempts – and we anticipate that in 2019 the rankings won’t vary too much.

Data breaches in 2018 – not that big as last year, however still valuable for cybercriminals

The number of data breaches disclosed in Q1, 2018 fell to 686 compared to 1,444 breaches reported in the same period of 2017. However, this still leaves the innocent people’s personal data available on the dark web, and to minimize its effective use by criminals, businesses need to protect customers against account takeover and identity impersonation. The hospitality and travelling sectors have been highly targeted this year. The Marriott data breach, in which 500 million guests lost personal and financial details over a four-year period, as well as the British Airways hack, highlight the need for stronger identity proofing procedures to limit the use of stolen data for account fraud and identity impersonation.

Consumers and businesses should be aware that all personally identifiable information (PII) has utility for bad actors. Basic information such as an email address or phone number can be used to perpetuate targeted social engineering, phishing and other attacks that can result in identity impersonation and financial theft. As a result, account takeover and new account applications have flourished in 2018 from this wealth of data available on the darkweb. The industry should bear in mind that cybercriminals use both manipulation and technical skills in order to defraud their victims, and they will most likely exploit this combination even more.

Major acquisitions and biggest funding

At the beginning of 2018, LexisNexis announced that its parent company, RELX Group, closed the acquisition of ThreatMetrix. This year, TransUnion has also announced that it had completed the acquisition of iovation, consolidating its position in fraud and identity management.

In 2018, PayPal made a few important acquisitions, among which we name Simility, a US-based machine-learning technology provider. PayPal acquired the fraud prevention technology company for USD 120 million and planned to make Simility’s services available to its merchants following the close of the transaction.

In terms of funding, at the beginning of the year, Anomali, a provider of threat management and collaboration solutions, closed a USD 40 million round of Series D funding. In March 2018, Sift Science announced a USD 53 million Series D funding round to expand its global footprint in the fraud detection and prevention market. Similarly, Signifyd raised USD 100 million in new venture funding to expand its ecommerce fraud prevention services globally and Forter, an ecommerce fraud prevention company that protects merchants during each stage of the customer lifecycle in real-time, secured USD 50 million in a Series D financing in September 2018.

Blockchain forward, Bitcoin backward

For the last two years, Bitcoin prices have gone through a roller coaster. In 2017, Bitcoin prices started at USD 998 and rose to USD 13,412.44 on 1 January 2018. On 17 December Bitcoin’s price reached an all-time high of USD 19,666. China banned trading in Bitcoin, with the first steps taken in September 2017, and a complete ban starting 1 February 2018. Despite these fluctuations, in 2019 we might see increased understanding of cryptocurrencies and greater markets maturity.

According to Stefania Barbaglio, director of Cassiopeia Services, ‘individuals have finally understood that blockchain is so much more than Bitcoin and can truly revolutionise the way many industries work.’

In 2018 we witnessed many digital identity projects based on blockchain tech. As individuals and organizations are often not in control over their own identities, personal information is regularly shared without awareness and is a centralized source of sensitive data for hackers. Blockchain or Distributed Ledger Technologies (DLT) have the ability to create a decentralized approach to identity management, to support sharing information across different transactional mediums while also protecting user identity and to enable individuals the freedom to create encrypted digital identities that will replace multiple usernames and passwords.

These possibilities have encouraged companies such as Visa, IBM, Deloitte, ING and more to really jump on the blockchain bandwagon this year in order to leverage their vision of transparency and security in payments and digital identity.

In October 2018, Visa announced the launch of its B2B Connect platform, along with partnerships with IBM and Bottomline Technologies. Visa B2B Connect is a distributed ledger-based platform, which aims to provide financial institutions with a secure way to process cross-border B2B payments. B2B Connect’s digital identity feature tokenizes an organisation’s sensitive business information, such as banking details and account numbers, giving them a unique identifier that can be used to facilitate transactions on the platform. Digital payments group Visa has prepared Visa B2B Connect for commercial launch in the first quarter of 2019, with an expanded list of perspective partners. Similarly, Deloitte partnered with Attest, an identity management company, to develop a blockchain-based digital identity system.

Also, ING Bank released its Zero-knowledge set membership (ZKSM) solution, designed to deal with data and privacy while using distributed ledger technology. Zero-knowledge proof is the ability to prove that something exists or has taken place without exposing its content, with the technology being useful and finding applications in both credit and money transfers. For instance, a mortgage applicant could prove that their salary sits within a certain range without revealing the exact figure.

And recently, StarkWare, an Israeli blockchain startup, has raised USD 30 million in new funding to assist it in developing this authentication method known as zero-knowledge proof.

Cooperation and education in fraud prevention and cybersecurity are crucial

An important aspect to mitigate the risks and reduce the fraud related to payments is the sharing of fraud intelligence and information on incidents amongst PSPs. However, often this is being limited by existing regulations related to data protection, even more so in the case of cross-border sharing.

This year, Europol signed a Memorandum of Understanding with Diebold Nixdorf to improve the cybersecurity knowledge sharing, and Cartes Bancaires developed, together with Ethoca the CB Alerts portal which allows ecommerce merchants to collaborate with card issuing banks in near-real-time to fight fraud and reduce chargebacks. Also Verifi issued a new report that highlights the urgent need for collaboration between merchants, issuing banks and consumers to fight chargebacks.

Overall, fraudsters launch every attack with the clear intention of outsmarting businesses, however the latter must continue to prioritize digital first strategies to protect the end consumer. To learn more about the latest trends into fraud detection, digital identity and customer onboarding, check out our Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. In addition to insights into innovation taking place in the fraud management space using machine learning and Artificial Intelligence, the guide also contains a mapping that features some of the main players in the industry whose goal is to continue the fight against fraudsters, as well as to contribute to the improvement of the customer experience.

We hope you enjoyed our headlines retrospective for 2018, and we want to take this opportunity to thank you for following us and reading our stories this year! Don’t forget to subscribe to check out more insights and relevant pieces in the upcoming year.

Happy holidays from The Paypers!

About Mirela Ciobanu

Mirela Ciobanu is a Senior Editor at The Paypers and has been actively involved in covering digital payments - related topics, especially in the cryptocurrency, online security and fraud prevention space. She is passionate about finding the latest news on data breaches, machine learning, digital identity, blockchain, and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor degree in English language and holds a Master’s degree in Marketing.