1
CHARACTERISTICS OF A SUCCESSFUL PAYMENT METHOD: SECURITY
Digital Wallet Fraud From the merchant’s perspective, fraud involving pass-through digital wallets occurs in the CNP environment given many digital wallet transactions are essentially passing through card credentials. However, there are nuances for digital wallets, including consumer device cardholder verification methods (known as CVM) which mean a consumer is often required to authenticate their device using biometrics or a passcode to access their wallet - adding a certain level of security for many CP and CNP digital wallet transactions. Additionally, pass-through digital wallets typically employ network tokens, which can add a layer of security because an intercepted token obtained by fraudster, either mid transaction or in a data breach, is of little use without the ability to detokenize. Other potential benefits of network tokens include token interoperability and lifecycle management; however, network tokens can make transaction routing more challenging for merchants, meaning any added security potentially comes at the price of higher cost. Authorized Push Payment (APP) Fraud In 2023, APP fraud loss amounted to $4.38 billion; 63% of those losses are attributed to real-time payments. 39 Authorized Push Payment (APP) fraud usually takes place in the form of pig butchering scams (see Pig Butchering Scams in Card-Not-Present Fraud). Push payments present a new playing field for scams to take place. In a push payment the customer approves the transaction by sending the payment, unlike pull payments where the customer provides payment information and gives permission for the funds to be pulled. 40 Bank transfers, real-time payments and stablecoins are all considered push payments and are often more vulnerable to this type of fraudulent activity because they are likely instantaneous and irrevocable, and there is often a lack of error resolution compared to the pull payment card system. However, the long batch standards in the card system make users vulnerable to different types of fraud. Buy Now, Pay Later Fraud When it comes to fraudulent transactions concerning a Buy Now, Pay Later (BNPL) payment, the BNPL provider is usually held liable. 41, 42, 43, 44 Credit losses account for a large portion of costs in BNPL provider financial statements which could include loss due to fraudulent activity. If a BNPL account is taken over by a fraudster and a purchase is made, the merchant is paid by the BNPL provider, and the consumer is in debt to the BNPL provider. Once the consumer is aware of the fraudulent behavior on their account, they must report it to the BNPL provider whose responsibility it is to remediate the funds.
“BNPL can also be used by ID fraud as some of them don’t require social security numbers, just card or bank info and name and address. For example, if a fraudster stole someone’s debit card and work address information to apply for a micro BNPL loan to buy a laptop.”
JUSTIN STASKIEWICZ | DIRECTOR OF CONSULTING, FRAUD SOLUTIONS, CMSPI
27
Powered by FlippingBook