In today’s digitized environment, it is becoming more complex to combat all the potential exposure points where businesses could lose money.
“Fraudsters, as a general rule of thumb, tend to be very sophisticated and are always finding new ways to defraud individuals and businesses,” Doriel Abrahams, head of risk in the US at fraud prevention provider Forter, tells PYMNTS.
Abrahams emphasizes that while organizations often leverage artificial intelligence (AI) and machine learning (ML) tools to train anti-fraud models and establish robust controls, “fraudsters can do the same.”
“There are so many tools available today, making it very easy [for criminals] — and we’re seeing the impact of that as ‘amateur’ fraudsters take the lead,” he says.
Behavioral-driven fraud tactics are becoming increasingly popular for breaching a merchant’s defenses, whether through business email compromise (BEC) attacks or account takeover (ATO) scams.
“The weakest link in the online payment journey is the human link,” Abrahams said.
Unintentional access points from human vulnerability — including poor security habits and susceptibility to social engineering tactics — form one of the most common causes of data breaches.
“Generative AI now gives scammers an easy and effective way of building confidence with their targets — using more convincing conversational text through a friendly online chat service, it’s possible to build enough trust and emotion between the attacker and their victim,” says Abrahams. He noted Netflix’s docu-movie “Tinder Swindler” highlights a prime example.
“It can be very challenging, particularly for non-digitally native generations, to discern what’s real from what’s fake in today’s AI-driven landscape,” added Abrahams.
This means training employees on scam identification and prevention is critical to building an effective front-line defense.
Abrahams explained that in just a few minutes, he coaxed an AI tool into developing a software code that could generate hundreds of thousands of fake credit card numbers in an instant.
“It took me 12 minutes of prompting, but I was able to have a bot write me a script that could validate whether a credit number was real or not. With this information, I could hypothetically break my way into a system,” he says, adding that what technology has done is serve to amplify the scale of existing threats and risks.
Still, it’s not just criminals who can take advantage of today’s technology.
“There are many effective models that use AI and machine learning to learn what someone’s legitimate behavioral patterns are and replicate believable actions across the web,” he said.
The ultimate goal of fraud prevention is to shut out fraudsters — but merchants also need to ensure that while doing so, the user experience for legitimate everyday customers is as seamless as possible with minimal friction points or step challenges.
This, Abrahams said, is critical to establishing a “holistic protection circle” from threats.
“Make sure you know what you’re looking for,” he added.
Education, awareness and the ability to react effectively when red flags are raised are all foundational elements of a best-in-class fraud prevention strategy.
“Stay ahead of emerging trends and know that businesses are using something, scammers probably are too,” Abrahams said. “If something looks out of place or you haven’t seen it before, pay attention to it. It may not be fraud, but it may be indicative of a new attempted strategy.”
Still, while he acknowledges that implementing new technologies to supplement or amplify fraud prevention at scale may seem overwhelming, “any and all progress is a good thing.”
And that’s because fraud is a numbers game — it just takes one weak link. If fraudsters encounter an obstacle with a business that’s been raising their defenses, they may decide to simply move along to a new victim.