Criminals are increasingly targeting consumers directly, but that doesn’t mean the threat to merchants has abated. In triangulation fraud, for example, cybercriminals create fraudulent e-commerce storefronts and offer steep discounts on popular items. The orders are fulfilled by legitimate merchants, but the payment data is compromised.
According to Visa’s Spring 2024 Threats Report, triangulation fraud alone can cost merchants up to $1 billion per month. It is just one of the increasingly sophisticated methods criminals use to target consumers and organizations. However, merchants can utilize solutions to optimize their fraud prevention mechanisms and navigate the shifting fraud landscape.
Biometric Buffer
In an increasingly online world, one of the main challenges merchants face is simply verifying that customers are who they say they are. Consumer identity verification is a critical part of the payments process, but recent data from Visa suggests that by 2026, 30% of organizations will no longer be able to rely on their current identity verification and authentication solutions.
One of the main ways merchants can enhance their authentication services is to adopt biometric authentication methods like fingerprints and facial scans. Cybercriminals are increasingly using technology and AI to impersonate customers, which makes biometric verification even more important as an added layer of protection for merchants.
Solutions like Visa Payment Passkey Services can bind consumers’ account credentials to their devices. That means customers can use the same biometric verification they use to unlock their phone or authorize downloads to pay for purchases.
Visa’s system is differentiated from other biometric verification systems because it doesn’t require merchants or issuers to take part in the authentication process. Visa Payment Passkey Services is built on the company’s Fast Identity Online (FIDO) server that authenticates consumers’ identities autonomously.
FIDO authentication uses standard public key cryptography techniques to offer a verification method that deters phishing attempts. Unique passkeys are created and assigned to a device and are much stronger than passwords. In addition, integration with Visa Payment Passkey Services is a turnkey, one-time process that doesn’t require companies to build servers or integrate the platform into their tech stack.
For merchants, using biometric methods to verify customers’ identities makes transactions more secure and reduces fraud. There are benefits to consumers as well, because many have already adopted biometric authentication on their phones. When a customer uses their phone to verify their identity and make a payment in one action, it not only protects them but also reduces friction at the point of sale.
AI Authentication
Because criminals use artificial intelligence to attack businesses, merchants must have AI capabilities themselves. Cybercriminals use AI to find flaws in organizations because the technology excels at identifying patterns in massive amounts of data.
As merchants grow, many expand their operations and supply chains to include multiple third-party services and vendors that could be based anywhere across the globe. Each of those connections presents a possible weakness, and criminals use machine learning models to constantly test organizations for flaws and find ways to exploit them.
One powerful new defense for merchants is Visa Deep Authorization. The AI-driven solution runs on a deep learning recurrent neural network model and petabytes of contextual data. The model can monitor every transaction on the network and assign risk scores to each. The scores are created in real time and sent along with payment data to banks.
The AI model can flag fraudulent transactions faster because it can identify patterns on a larger scale, helping merchants mitigate fraud before it happens.
Visa Deep Authorization also works fast enough to accommodate the real-time payment rails many businesses increasingly use. The platform can uncover suspicious behavior that was previously unknowable, like when a dormant debit card suddenly becomes active and is used in unusual ways.
Purchase Return Authorization
Another emerging type of tech-based attack is purchase return authorization fraud. Criminals obtain point-of-sale devices, either by theft or by posing as merchants. Then they program the devices with legitimate merchant credentials.
The criminals conduct thousands of dollars in purchase returns to gift cards, then they cash the gift cards out at ATMs. Purchase return authorization fraud attacks have gone up 83% in just the past five months, and it is estimated that each successful attack causes roughly $115,000 in fraud losses to banks.
Incorporating AI-powered fraud mitigation solutions like Visa Deep Authorization is critical, because AI can detect when there are unusual patterns like those that occur in purchase return authorization fraud. When criminals begin a string of unauthorized chargebacks, AI can let merchants know sooner.
Friendly Fraud
The constant threat of fraud has put consumers and merchants on guard. It can lead merchants to identify false positives, which can irreparably harm a customer relationship. A disturbing rise has also been seen in the number of legitimate transactions that consumers report as fraud.
This is called “friendly fraud,” or first-party fraud. For example, a customer might forget about a subscription and report the charge as fraud. Or a child or other family member could use a person’s card without permission, prompting the cardholder to report the transaction as illegitimate.
In each of these cases, the customer is disputing a legitimate charge, and there is evidence that friendly fraud makes up as much as 75% of all chargebacks. That makes it the second-most prevalent form of fraud merchants face.
Because friendly fraud is expected to increase, moving to biometric verification systems like Visa Payment Passkey Services is even more important. Biometric identification can eliminate purchases by unauthorized users. In the event of a dispute, it can also be used as a definitive record that the customer authorized the purchase.
Powerful Defenses
Criminals are increasingly using complex means to attack merchants, so companies must adopt solutions to mitigate fraud. Biometrics and artificial intelligence are two solutions merchants can use in their fight to protect themselves and their customers.
Visa Deep Authorization and Visa Payment Passkey Services can easily be integrated into a merchant’s operations, and that makes them powerful defenses against cybercriminals.