Frictionless Payments Are a Fraud Factory. Banks Can’t Afford the Tab
By Matt Kunkel, CEO at LogicGate
Simple Subscribe
Subscribe Now!
Executive Summary
- Consumers love the ease of frictionless payments — but the same convenience makes fraud and impulsive claims more likely.
- Banks face growing pressure as traditional fraud protections are tested by blurred consumer responsibility.
- Financial institutions must rethink liability and strengthen safeguards to balance convenience with sustainable risk management.
Consumers generally view friction as a bad thing. Nobody wants to go through extra steps or jump through unnecessary hoops just to activate a device, log into an account, or make a purchase — today’s consumers desire a user-friendly interface that allows them to accomplish their goals quickly and easily. But it’s important to remember that friction serves a purpose: you may not enjoy entering your credit card verification code whenever you want to make a purchase, but it exists to help keep your payment data secure.
Recently, however, consumers have begun to embrace increasingly frictionless payment methods. Embedded payments, which integrate payment processing directly into software applications, allow users to make payments without ever leaving the app — adding convenience at the expense of security. These new, frictionless payment methods are creating new risks and it’s important for both banks and consumers themselves to understand the steps they can take to limit those risks and move forward with confidence.
The Changing Payment Landscape
The rise of fintech has pushed banks to modernize in ways that meet consumer wants and needs. The popularity of peer-to-peer financial apps like CashApp and Venmo helped banks recognize the easier it is for customers to engage with a product, the more they will want to use it. By creating Zelle to compete with those apps, banks were able to capitalize on that fact. But bad actors will always find a way to exploit new payment methods and the push-pull relationship between convenience and security creates vulnerabilities. Embedded payments and tap-to-pay systems may be convenient, but they create new opportunities for attackers to insert themselves into the transaction and steal payment data.
Fraud rates are also increasing. Embedded payments make transactions quicker and easier—but the more frictionless the transaction, the less opportunity users have to think about what they’re doing and reconsider their actions. If all you need to do is scan a QR code to make a purchase, you may not have time to notice that “amaz0n.net” probably isn’t legit. Worse still, this blurs the line for financial institutions. If a credit card number is stolen, the credit card company will usually reimburse the charge. But what happens if the “fraud” is just a customer who regrets a transaction? The same policies designed to protect customers from fraud risk victimizing legitimate businesses whose only crime is making impulse purchases “frictionless.”
Evaluating Fraud in a Modern Context
Regulators have attempted to draw the lines a bit more clearly, with mixed results. The Federal Reserve has established Regulation E, which provides guidelines for electronic funds transfers (EFTs) including ATM transfers, point-of-sale transactions and other exchanges. Regulation E outlines consumer liability for credit card misuse as well as the circumstances in which consumers can dispute a transaction. But the lines are still gray, and businesses often chafe against rules they see as unfairly slanted toward consumers. If a customer returns a product, that’s one thing. If they claim fraud, the business loses that product — and may even receive a chargeback. Many see that system as too easy to abuse and they fear frictionless payments may lead to an influx of unwarranted claims.
Dig deeper:
- The Frictionless Fiction: Why Banking CX Requires Intelligent Pauses
- Four Ways Banks Can Turn Fraud Into a Loyalty Play
- First Person: How Fraud Found My Family
This is leading banks to reevaluate what constitutes fraud. A quick payment a customer made intentionally — but didn’t adequately research — does not meet any reasonable definition of fraud. And if embedded payments and other frictionless transactions lead to an influx of unwarranted claims, banks are likely to begin looking at fraud in a broader context. For example, if a customer is victimized by a romance scam, the bank probably isn’t going to reimburse that money. Similarly, customers are not reimbursed if they fall for a bitcoin investment scam or an advance-fee scheme. Careless behavior is not the same thing as fraud and many banks are beginning to look at ways to better protect themselves. Why, then, should banks be reimbursing customers for purchases they regret, just because the payment was easy to make?
Limiting Liability and Establishing Adequate Protections
While Regulation E outlines protections that include many potential fraud scenarios, financial institutions may see the current environment as an opportunity to push the regulatory boundaries. That means banks are likely to place additional responsibility on customers at a time when making a questionable payment is easier than ever — and if banks raise the threshold for what constitutes fraud, consumers will need to be more mindful of their actions. Everyone has heard stories about a parent who discovered their child spent hundreds of their dollars in Roblox or Fortnite. Embedded payments make mistakes like that even easier but getting that money back may prove more difficult in the future. If frictionless transactions lead to an influx of fraud claims, banks will take measures to limit their own liability
That means practices like embedded payments may force banks to take a harder stance on “fraud.” And if banks begin placing added responsibility on customers, that won’t just impact individuals, but businesses as well. If a man-in-the-middle attack robs a small business of hundreds of thousands of dollars, that’s obviously fraud…but what if the attack only happened because the business failed to address a known cybersecurity issue? Where does the ultimate responsibility lie? Banks have traditionally taken pride in being customer-friendly, but that has its limits — and both individuals and businesses will need to ensure they are taking the necessary steps to protect themselves and avoid engaging in careless behavior. Addressing these risks requires a holistic effort and both sides need to play their part.
Improving Awareness and Limiting Risk
Banks cannot stop the rise of embedded payments and other frictionless payment methods —nor should they necessarily want to. But as transactions become easier, faster and more convenient for consumers, they do need to prepare themselves to face the changing fraud landscape. That likely means limiting their risk exposure by placing more responsibility on the customer — which means consumers themselves need to improve their risk awareness as well. While streamlined payment methods may offer added convenience, they also make it easier for mistakes to happen. Banks and consumers alike need to improve their awareness of the risks involved in these “frictionless” payment methods if they want to avoid putting themselves in an uncomfortable position.
