The global digital payment market is projected to reach $11.53tn in 2024, but along with its popularity comes the increasing threat of fraud. These threats to payment security are increasingly sophisticated, ranging from phishing and skimming to identity theft and payment interception [1]. But what is the impact for organisations, and how can corporations take preventive measures?
The growing threat of payment fraud
In the coming year, the 2024 American Express CFO Survey shows that 40% of CFOs believe virtual payments will be most important to their business in 2024, followed by payment gateways (33%) and echeques (26%).
Yet, alongside this growth in the adoption of digital payment methods, over half (58%) state that security and control will be the most important additional solution provided by their payment provider. It is a telling sign of the conundrum faced by finance leaders — meeting the appetite for digital payments yet ensuring security keeps pace.
In line with this, while 64% say fraud prevention will increase in importance as a strategic goal this year, only half currently feel either ‘extremely’ or ‘very’ confident that they will achieve their fraud prevention goals.
This is perhaps why many organisations are expecting their cybersecurity budgets to increase [2] and as fraud prevention surges up the agenda, CFOs must stay abreast of the rapidly evolving tactics of criminals while still embracing the latest in digital payment technology.
Common types of payment fraud
There are multiple different types of payment fraud. Of them, phishing attacks are the most common [3], where scammers attempt to obtain private information by sending emails purporting to be from a reputable organisation. Other common types of payment fraud include card testing, identity theft, and coupon/refund abuse.
How fraud affects different payment methods
Debit and credit cards
According to UK Finance, there were 2.21 billion debit and credit card transactions in the UK in May, 2.2% more than in May 2023 [4]. While end-user benefits include convenience, low friction and immediate payment confirmation, as well as the staggered payment terms afforded by credit cards, they can be exploited by fraudsters.
Without the right security in place, personal information can be stolen from the card, or the card itself can be stolen or cloned. This can be carried out in a low-tech way, or by ‘skimming’, when a criminal places a device over an ATM's card slot to capture card information. This can enable ‘Card-not-present’ fraud, allowing criminals to make purchases online or over the phone when a physical card is not required. Personal information can also be stolen and used to open a bank account or sign up for a credit card, amounting to identity theft.
However, American Express® Corporate Cards have built-in fraud protection, including account monitoring, online safety protection, and fraud alerts. Moreover, American Express requires customers to authenticate their identity for certain transactions, especially those flagged as unusual or suspicious.
Virtual payments
Juniper Research states that the total volume of virtual card transactions will reach 175 billion by 2028, rising from 36 billion in 2023 [5]. Virtual payments are like traditional debit or credit cards, but they are generated electronically for each purchase, and generally accessed via a mobile wallet or website.
With American Express® vPayment, users are provided with a randomly generated card number, expiration date and security code, and these are linked to a central account, such as a physical credit card account. For example, is a virtual payment product that assigns a single-use or multi-use Virtual Account Number to each transaction.
Virtual payments can be more secure as they can be deleted after use, but without vigilant fraud prevention measures they can still be vulnerable to phishing and account takeover fraud (ATO), where criminals use stolen credentials to gain access and control user accounts to steal money.
Digital wallets and mobile payments
Digital wallets (such as Revolut, Apple Pay and Google Pay) store virtual versions of credit and debit cards, usually in the form of an app, and are used for online payments. Mobile payments are based on the same concept but are used on mobile devices.
Both can be vulnerable to phishing attacks, where fraudsters send messages tricking users into sharing personal information. They can also be breached by malware, which can access the user’s banking details, and account takeover, where criminals steal banking details to set up a mobile wallet using someone else’s account. This can be a result of several tactics such as phishing, data breaches and card skimming.
Buy now, pay later (BNPL)
Many retailers offer a Buy Now Pay Later (BNPL) payment option — a short-term finance scheme such as Klarna, which allows consumers to pay for purchases in instalments without interest.
BNPL fraud often involves criminals exploiting weaknesses in the application and identity verification process. One common type of fraud is synthetic identity theft, the creation of a false identity based on a combination of real data (such as a social security number) accessible on the web, and false data (such as name and address). Orders are then placed, but payments never made.
Fraudsters can also take over legitimate BNPL accounts by hacking into a user’s real account and using it to place orders, redirecting deliveries to a different address.
Tips for better fraud protection
There are several key ways of stepping up payment security:
Use fraud detection software: this can prevent bots from targeting websites and apps, and can monitor transactions for fraudulent activity, such as unusual spending patterns.
Verify customer information: certain credit card providers such as American Express use checks such as Address Verification System (AVS), a service that verifies if a billing address matches the address of a credit card cardholder; and card verification value (CVV), the short number on the back of a credit card.
Use antivirus software: this prevents, detects, searches and removes viruses from computers, networks and devices.
Implement multifactor authentication: this is a multistep account login process that requires users to enter more information than just a password, such as an answer to a secret question or a fingerprint.
Use secure payment gateways: a secure payment gateway, such as the one offered by American Express, encrypts card details and carries out fraud checks before sending card details.
Regularly monitor accounts: continuous fraud monitoring is a proactive approach to fraud, monitoring customer activity and alerting a business to unusual activity.
Stay up to date with security measures: technology moves rapidly, so ensure software is updated and the latest security measures are implemented.
Educate staff: employees are key to detecting and preventing fraud, so ensure regular training is carried out and policies are in place.
The strategic advantage of robust payment security
In a digital world, both businesses and consumers increasingly expect to be able to transact digitally, with maximum speed and minimum friction. But they also demand security, and failing to provide this can not only result in financial loss but also compromised corporate security, reputational damage, loss of consumer trust (which impacts on revenue) and legal and regulatory consequences.
With our survey revealing that 77% of CFOs believe fraud prevention will rise up the strategic agenda this year, taking payment security seriously is not only central to sustaining a competitive edge — it is imperative for the survival of any business in today’s world.
Download the 2024 American Express CFO Survey to learn more about global CFOs' attitudes to digital payments and other issues impacting the finance function.
Sources:
[1] Statista, Digital Payments - Worldwide, 2024
[2] Statista, Share of companies worldwide that expect an increase in cybersecurity budget in the next 12 months as of June 2023, by industry, 2023
[3] Statitsa, Phishing - Statistics & Facts, September 2024
[4] UK Finance, Card Spending, September 2024
[5] Juniper Research, Virtual Cards Market Statistics 2023-2028, December 2023
