Virtualization Technology News and Information
NuData Security 2022 Predictions: Fraudsters Are Getting Smarter, But So Are Businesses

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Fraudsters Are Getting Smarter, But So Are Businesses

By Michelle Hafner, chief operating officer at NuData Security

Companies have no time to slow down cybersecurity measures in 2022. In fact, based on 2021 trends, businesses will likely face more cyber threats this year than ever before.

Couple that reality with ever-rising expectations for improved customer experiences and organizations really do have their hands full - they must delight shoppers with new and helpful digital capabilities, while ensuring that tech add-ons don't diminish security standards. Factor in the dramatic evolution of our online identities over recent years and unprepared businesses are left grappling with how to effectively move beyond passwords and usernames to adopt modern (and more secure) cybersecurity measures.

Expanding digital identities will shape 2022 trends for fraudsters and brands

As online touchpoints with customers increase, businesses must contend with more signifiers of digital identity - from actions and physical characteristics, to device data, personally identifiable information (PII), and other contextual clues like customers' transaction and interaction histories.

Thankfully, with the right tools and mindset, 2022 can be the year organizations reign in vulnerabilities across their networks - and fully leverage shoppers' multi-layered online identities to improve security measures and demonstrate how well they know their customers. This approach ensures that businesses can connect various tools to uncover how users behave across platforms, offering shoppers better experiences without asking them to share more of their data (and put themselves at greater risk of fraud as a result).

As a starting point, consider three trends that we expect to see this year, and what those predictions mean for your company's cybersecurity strategies:

1.  Stolen credential quality will continue to climb unless organizations intervene - and fast.

Throughout the pandemic, attackers have refined and specialized their approaches in response to our evolving digital ecosystem. Today's fraudsters increasingly evade standard bot-detection tools by turning to tactics that imitate human behaviors - what we call sophisticated attacks.

In 2022, bad actors will continue to brainstorm creative ways to boost their success rates and bypass defenses, particularly by increasing the quality of the stolen credentials they wield. Consider that the average percentage of valid credentials used by fraudsters during attacks spiked to nearly 10% by the end of last year, up from around 2% in 2020. Why? Because fraudsters are getting smarter, and they're leveraging more advanced methods to steal and test credentials, and ensure success. For example, card cycling - a common method for testing the validity of stolen card details - increased by 54% in 2021.

Brands will work hard this year to fill security gaps for customers, understanding that digital experiences aren't going anywhere - and neither is fraudsters' ability to circumvent traditional cybersecurity measures. There's no denying the pandemic propelled many more shoppers toward eCommerce, some we can expect for the first time. Take the fact that based on Mastercard SpendingPulseTM from December 2021, holiday retail sales increased 8.5% year-over-year during the 2021 holiday season (excluding automotive). Powering that growth was an 11% increase in eCommerce sales, compared to just an 8.1% increase for in-store sales. This underscores an even larger divide started in 2019 between the boom of online versus in-store holiday retails sales, 61.4% to 2.4% respectively through the end of the 2021 holiday season.

However, rising online shopping trends also help generate an ever-growing pool of consumers who may prove - and too often do prove - less adept at recognizing phishing attempts whether through email, phone, or malicious websites.

And fraudsters are waiting for those shoppers: In 2020, Google registered a record 2 million phishing websites, an almost 20% increase over 2019.

2.  Businesses will continue to prioritize seamless customer experiences, which could create vulnerabilities for unprepared brands. 

The drive to improve digital user experiences as more people shop online is great for everyone - including fraudsters.

As new and enhanced manners of providing services online emerge, digital and hybrid experiences like Buy Online Pick Up In Store (BOPIS) represent important improvements for consumers. These capabilities simultaneously allow bad actors to take advantage of existing systems when all customer touchpoints are not thoroughly protected, and also add complexity for companies that are unable to assess the risks of traffic coming through each channel in real time. By increasing the number of manual reviews involved in validated online purchases, for example, trends like BOPIS can overburden workers tasked with verifying customers' actions. Although manual reviews help prevent some instances of fraud, the process also undermines the seamless customer experiences that users now require.

The bottom line is that in 2022, more seamless customer experiences are not beneficial to shoppers if those perks come with increased levels of risk and vice versa. However, brands can implement anti-fraud tools to prioritize security and maximize the shift toward seamless shopping experiences. In fact, with more users buying more online - once proper security measures are in place - companies can leverage the increased behavioral data this brings to:

  • Design more personalized, streamlined experiences, and remove user friction points
  • Enable more accurate fraud detection, countering sophisticated attacks and other threats
  • Impress first-time shoppers with safe and easy digital experiences, helping turn them into repeat customers
3.  Companies will critically evaluate their overall fraud detection strategies - with behavioral biometrics taking center stage. 

As attacks have grown more sophisticated, companies are increasingly motivated to step back and review their overall fraud detection strategy. A key shift within this evaluation process throughout 2022 will be working to identify threats via behaviors rather than credentials, largely thanks to behavioral biometric tools.

Let's review how we got here. First, with sophisticated bad actors now better at emulating humans, standard security measures like bot-detection tools and traditional password authentication are not enough. Across the board, fraudsters are better prepared with valid credentials and data on their victims thanks to social engineering techniques, such as card cycling mentioned earlier.

At the same time, common supplementary security methods that require more end-user input like two-factor authentication add unwanted friction to digital interactions, and may push away valuable customers. For example, shoppers may find it frustrating to input a code from their phone when at work or without cellular service and instead take their business to a brand that doesn't require this verification step to protect their account.

Thanks to behavioral biometrics, organizations can prioritize both customer security and experience.

Behavioral biometrics are effective because they rely on a deep understanding of your customers. Rather than looking for behaviors that scream "fraud" (although this is possible as well), behavioral biometrics flag occurrences that deviate from an individual shopper's typical ways of interacting. For example, if a customer traditionally shops with a brand from the West Coast using the Chrome browser on their phone, but suddenly logs on via desktop using Safari from a different location, behavioral biometrics could consider this cause for concern. Other behaviors tracked include the type of device, how many times per day someone enters (or fails to correctly enter) their password, keystroke dynamics, mouse-use characteristics, and more.

Not only will this strategy help brands identify and stop fraud before it takes place in 2022, but the emphasis on knowing your customers also empowers decision-makers to improve future digital experiences for good actors based on customers' own legacy behaviors and data. Armed with behavioral biometric strategies, businesses can then strategically invoke friction based on suspicious activity - for example, reducing hoops to jump through for a customer who behaves as expected, while introducing security challenges to double-check dubious interactions. We will witness more brands introduce this strategy - referred to as intelligent interdiction - in 2022.

Elevated customer expectations are here to stay, and so are smart fraudsters

In 2022, businesses have a tough task ahead of them - staying one step ahead of bad actors without sacrificing top-notch user experiences. While this responsibility can feel daunting at times, remember that while fraudsters are getting smarter, so is your business. By paying close attention to the trends and solutions outlined above, you can circumvent bad actors while avoiding adding unnecessary friction online and downgrading customer experiences.

Are you ready for 2022? Because you better believe users and fraudsters are.




Michelle Hafner is chief operating officer at NuData Security, a Mastercard Company. She oversees innovation and product development, including the integration of NuData Security’s suite of fraud management and security products. Michelle is also part of several industry forums and serves on the Merchant Risk Council (MRC) Americas Advisory Board. She has also led MasterCard’s Card Not Present advisory group responsible for recruiting participants, collaborating with merchants, issuers and acquirers to discuss topics aimed at driving industry innovation and change.

Published Thursday, February 03, 2022 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2022>