Sponsored Ad Feature is produced by an advertiser with the specific intent to promote a product and is not produced by the CityAM team.
CityAM’s journalism is supported by our readers. .
 |  Updated: 

Payment fraud is becoming more sophisticated, creating new vulnerabilities for organisations

By:

Add as a preferred source on Google

Author: Tim Forster, Strategic Partner Manager, Financial Messaging at Finastra 

In the digital age, security is a top priority for corporates and financial institutions. As payments become increasingly more sophisticated, so too do fraud attempts, particularly as payments are increasingly operating in real-time. The operational characteristics of instant payments (fast, irrevocable, simultaneous clearing and settlement) makes them an especially enticing target for fraudsters.

According to BDO, in 2023 UK fraud increased by 104% from 2022, amounting to £2.3bn in losses, and the number of reported cases increased by 18%. Organisations must stay ahead of fraud types so they can intervene before losses occur. Businesses also need to ensure they put robust processes and procedures in place as well as utilising some of the fraud prevention tools available.

Authorised fraud methods

According to UK Finance, while the total value of Authorised Push Payment (APP) losses has fallen from its peak during the pandemic, case numbers still increased 12% in 2023 compared with the previous year. APP fraud relies heavily on social engineering and impersonation scams, whereby fraudsters use manipulation techniques to trick individuals and businesses into making payments or sharing personal details under false pretences. 

Common methods include pretending to be a system administrator or manager to gain the usernames and passwords of company staff, and CEO fraud, where fraudsters impersonate CEOs to give legitimate-sounding payment instructions to accounting and finance departments. They usually claim that the payment is urgent and extremely sensitive, as in the case of an acquisition, and using AI, can even sound like the CEO over the phone. This discourages everyday due diligence. 

In the case of business email compromise (BEC), fraudsters assume the identities of suppliers, business partners or subcontractors to intercept legitimate electronic invoices and direct payment to themselves. Other popular methods include purchase scams, where fraudsters convince their victim to pay for goods and services by bank transfer, but they never receive them, and investment scams, where victims are tricked into investing money in bogus schemes.

Unauthorised fraud methods

According to UK Finance, unauthorised fraud losses were £708.7 million in 2023, down 3% from 2022, and there were 2.7 million cases of unauthorised fraud, down 2%. While these stats are promising and reflective of advancements in anti-fraud technology solutions, firms can’t be complacent. This is especially important as instant payments become more mainstream, as anti-fraud technology will need to operate in real-time.

With this type, fraudsters illegally extract personal data without authorisation from the account holder. This can involve using a variety of technology-driven methods, such as bots, AI and hacking software to obtain banking information, or capitalising on data breaches to obtain personal information. 

Another popular method used is phishing. Millions of fake company emails and text messages are sent every day, and large corporations and banks in particular are a favourite target for impersonators. The messages contain links that once clicked, install malware that collects all the personal information needed for an account takeover (ATO). 

An ATO is a form of identity theft where fraudsters gain unauthorised access to a victim’s account. They can then make purchases and transfers in vast quantities, and in real-time, which makes it one of the most severe forms of attack for organisations, with the potential for great financial and reputational loss. 

The need for modern fraud detection and prevention solutions

Organisations have long been hampered by legacy fraud monitoring technologies that rely on pre-set rules to detect payment fraud, flagging only the exact scenarios that have happened before and often after the fact. AI and machine learning are changing the game, while use cases for Gen AI are emerging. Modern fraud detection and prevention solutions analyse each payment message instantly in the context of the customer’s past behaviour before posting.

Finastra’s AI-powered fraud prevention solution, powered by NetGuardians and pre-integrated with Finastra Financial Messaging, is helping banks and businesses to prevent fraudulent payments in real time. 

Banks using the solution have achieved reductions of 85% in false positives, saved 75% on risk mitigation costs, while at the same time increasing their fraud detection rate. Businesses are also benefiting from the robust fraud prevention software Finastra provides.

Find out more here.