As businesses go digital, fraud will not only follow suit, but will also become more complex and lethal

Fraud continues to evolve in technique and scale, causing digital businesses losses worth billions of dollars and damage to reputation. Fraud has become a profitable ‘business’ with annual revenues worth around $1.5 trillion.

If 2019 will be remembered as a year of data breaches, 2020 and beyond will see the emergence of more complex fraud techniques, along with the tried-and-tested methods of fraud and online abuse—BEC, phishing, CNP, malware, hacked forms, and so forth—that will continue to challenge digital businesses.

Here are six fraud trends that businesses must watch out for in 2020 and beyond:

Frequency of data breaches will increase

2019 was a runaway year for data breaches and we see that continuing well into 2020 and beyond. Data breaches are here to stay as they provide fraudsters with easy access to a variety of consumer credentials and a number of opportunities for financial gain. All of this data is a treasure chest for fraudsters and crime rings to orchestrate social-engineering-based crimes and maximize exploits. Even as you read this, it’s possible that some fraudster or a crime ring somewhere is busy mining consumer details.

Account-centric frauds will continue to besiege businesses

A data breach is a vector for many other crimes. A direct fallout is account takeover (ATO). Fraudsters impersonate genuine consumers to gain access to complete personal information associated with a compromised account. This widens the horizons for fraudsters as they can use this account as a launchpad for a myriad of crimes. Fraudsters are not giving up on account takeover anytime soon and a greater number of consumers will run the risk of their accounts being compromised.

Armed with verified stolen credentials and access to commoditized criminal toolkits, fraudsters are taking advantage of the efforts digital businesses are putting in to make onboarding as frictionless as possible. New account registrations are now the most attacked consumer touchpoint with one in every five account openings being malicious. Fake new accounts provide fraudsters with ample time to build a profile and use it for financial gain.

Human or sweatshop-driven attacks will rise

Automated attacks represent the bulk of all attacks at present. But, they are progressively becoming less successful as businesses focus on identity proofing and corroboration. This has resulted in a rise in human-driven attacks.

Depending on the attack economics and the use case, either lone fraudsters or organized click farms and sweatshops can launch human-driven attacks. Lone fraudsters launch attacks that promise higher monetization—for instance, targeting cryptocurrency—as these attacks are costlier than the sweatshops attacks that are used for low-value, high volume attacks like circulating spam, account testing, and so forth. We foresee a steady rise in human-driven attacks.

Single request attacks will grow

These sophisticated attacks mimic legitimate human users and can bypass traditional bot mitigation products. The requests seem to originate from unique users, but are actually made by a headless browser that can execute JavaScript like a human. Single request attacks prevent device identification by providing a dynamic client fingerprint and network fingerprint to make IP identification difficult. As fraudsters continue to leverage technology, single request attacks will become more sophisticated and strategic in approach.

New fraud hubs will emerge

Developing economies will be the new fraud hubs. Easy access to sophisticated tools, availability of low-cost manual labor, and economic incentives associated with online fraud will be the key factors for this tilt in scales.

Collusion will grow

Collusion is a growing phenomenon and fraudsters will continue to share deep knowledge and ‘expertise’ in order to boost their exploits and maximize ‘profits’. A parallel cybercrime economy, comprising illegal online markets, criminal toolkits, identity farms, click farms, and money mule networks, will continue to fuel the growth of large-scale, organized fraud.

Conclusion

Digital businesses, irrespective of their size or scale of operations, are vulnerable to the rising threat of fraud and online abuse. As fraud continues to evolve, the threat environment will escalate and businesses will realize that it’s not a matter of ‘if’ rather ‘when’ they will be the next target.

Consumer expectations for low-friction online experiences will continue to rise and regulators will demand greater compliance to compliance standards. Businesses will therefore, find it even more challenging to strike a balance between conflicting demands while trying to fuel business growth in an increasingly competitive market.

In such a dynamic market landscape, reliance on standalone risk based authentication will prove inadequate. Businesses will need a long-term approach to fight fraud with intelligent step-up challenges that accurately differentiate between consumers and fraudsters. An approach which is rooted in long-term prevention helps bankrupt the business model of fraud through targeted friction, in order to safeguard business interests and strengthen customer relationships.