As guardians of sensitive cardmember and account data, financial institutions running credit card programs must monitor cybersecurity trends closely to protect cardmembers.
Perhaps not surprisingly, credit card and cardmember information are a key target for cybercriminals due to their high value, and data confirms credit cards are one of the most reported fraud incidents.
In 2023, global fraud losses exceeded $36 billion and the Nilson Report forecasts global losses from card fraud to total $397.4 billion over the next 10 years. From 2022 to 2023, fraud losses increased by over $3 billion continuing an upward trend over the last three years.
Sophisticated attacks are more difficult to detect and can lead to greater losses. Although data suggests that financial institutions have successfully thwarted more basic attempts — which are no longer working as effectively — they must ensure that the proper protections are in place to guard against new and evolving fraud methods.
Here are five current attack methods to be aware of:
1. Artificial Intelligence (AI) developments, like ChatGPT, have made phishing attempts much more effective. This technology allows cybercriminals to create more realistic messaging to convince cardholders of false legitimacy. Typos and mismatched fonts in scam emails — once a visual cause for a reader’s suspicion — are now edited and corrected by AI technology. In 2022, 41% of cybercrimes were phishing attacks.
2. Another sophisticated form of phishing has emerged combining voice and email known as telephone-oriented attack delivery (TOAD). First, attackers use social engineering tactics to lend credibility and build trust during a phone call and then direct the victims to a phishing site or mobile app where remote access is enabled allowing the attacker control of the victim’s device to steal funds or data. Some common lures are associated with banks, tech support, Apple, Amazon, and PayPal.
3. Social media fraud is advancing. In 2023, losses from social media scams reached $1.4 billion. Recent trends involve scam merchants that advertise on social media promoting goods at discounted prices.
4. Account takeover (ATO) is another type of fraud on the rise. Criminals attempt to gain access to a consumer’s account for fraudulent purposes using stolen credentials. From 2020 to 2021, losses from ATO increased 90%, and 2021 losses topped $11 billion.
5. Scam merchants manipulate search results using sponsored links and creating fake reviews that ultimately recommend the scam merchant. These tactics manipulate cardmembers into trusting the validity of the site or merchant and result in purchases for inferior or undelivered products, compromised card credential, and more.
Fraud doesn’t just happen at the point of sale. Cybercriminals are successfully creating fake accounts at financial institutions. Charges that occur through those accounts then become charge-offs when the fake customer fails to pay.
Because of additional loss provisioning due to the full implementation of CECL, financial institutions must allocate more money to cover expected losses. Challenges such as this can burden profitability, requiring senior leaders to provide additional oversight to effectively manage risk, expense, and capital.
Depleting gains takeaway from the investment financial institutions can dedicate to enhanced security, new technology, and fraud protection. A recent report said smaller financial institutions have doubled their investments in digital transformation from $200,000 per one billion in assets to $425,000 from 2021 to 2023.
Failure to effectively address cyber threats not only results in financial risk, but also carries significant reputational and regulatory risk that could harm a financial institution’s core business.
A report by Elan Credit Card and PYMNTS Intelligence, found that 68% of high-spending credit card users who pay off their balances every month, shared that real-time fraud monitoring was an important feature they’d look for in a credit card. Beyond education and awareness, ensuring the payment solutions offered to customers employ robust fraud detection and enhanced security help mitigate instances of data exposure and loss.
Employees will always be the first line of defense for your financial institution. Allocating time and resources to educate staff about current and emerging threats is essential. Education should include what threats look like and protocols to follow should they arise.
Safe data practices, such as strong passwords and education on when, where, and how (i.e., letter, phone call, email, text message, in-app, social media, etc.) threats may appear, is critical for both employees and cardmembers. Encouraging safe practices and providing ongoing resources shows cardmembers how dedicated you are to their safety deepening trust, and loyalty.
Read more in the full whitepaper.