Survey Reveals Digital Innovation Invites New Fraud Attacks

of businesses say digital fraud slows their innovation and expansion Into new digital channels and services

The 2020 report by Javelin Strategy & Research evaluates the state of digital innovation and fraud across retail, restaurant, banking, and insurance verticals, and discusses how digital transformation attracts complex fraud scenarios.

 

Businesses report customer experience is a top priority.

of retailers are investing in customer experience

Businesses are investing in new digital product innovations:

59% mobile app, 32% mobile wallet, 28% voice products

But they don’t anticipate emerging fraud: Only

are investing in fraud prevention and mitigation

Blog: New Report on Digital Innovation and Fraud Highlights Areas of Focus for Industries

Find out how businesses are balancing innovation and fraud.

Get the Report

Javelin Report Highlights

Click on a section to expand.

Introduction and Executive Summary

FOREWORD

This original report provides insights and education to retailers and merchants to demonstrate how digital transformation also brings about more complex fraud scenarios. While improving the user experience, it is critical that vulnerabilities are identified and mitigated. This research report was independently produced by Javelin Strategy & Research. Javelin Strategy & Research maintains complete independence in its data collection, findings, and analysis.

OVERVIEW

Innovative businesses—both retailers and financial institutions—that disrupt their industry are also facing the most complex fraud mitigation strategies as criminals rapidly deploy new tactics to steal consumer identity and payment data. Over 40% of companies that perceive themselves as highly mature in the market find that fraud prevents their advancement in business. Mix in competitive threats and growing expectations of frictionless commerce from consumers, and the challenges are rising.This survey and whitepaper review different verticals of businesses, some that are doing well in advancing innovation while balancing fraud reduction.

EXECUTIVE SUMMARY

An excerpt of the report is included below:Digital front-runners face the greatest fraud challenges. 42% of businesses that consider themselves to be very digitally mature found that fraud restrained them from continuing their digital innovation efforts.Businesses can learn from digital innovation processes in other industries. In facing unique customer expectations, competitive environments, and fraud pressures, each industry has a unique perspective on digital innovation.Digital fraud demonstrates commonalities across industries. While different industries have unique use cases and exploitation outcomes, criminals attack digital infrastructures with similar methods that transcend industry.Retail merchants take a balanced approach to innovation. Many merchants are working on building bridges between their different channels with features like buy online, pick up in-store. Read the retail industry focus.Restaurants focus on expanding their feature sets as they catch up with competitors and other industries. 70% of restaurants with a digital presence plan to invest in new digital features and products over the next year. At the same time, the proliferation of such features as digital gift cards and rewards programs exposes restaurants to types of fraud that they were largely insulated from in the past. Read the restaurant industry focus.Insurers’ main focus is expanding mobile functionality. Just as restaurants are rushing to catch up with the digital standards set by retail merchants, insurers are catching up to the features pioneered by financial institutions. More robust mobile capabilities allow insurers to simplify the claims process for policyholders. Read the insurance industry focus.Financial institutions are heavily focused on investments in fraud mitigation. 52% of FIs plan to invest in additional measures to secure existing accounts, and 46% plan to invest in better identity-verification measures. Read the FI industry focus.

collapse section

Get the Report

Recommendations

An excerpt of the report is included below:Engage with fraud teams through the product development process. Consultation with fraud management and cybersecurity teams from the earliest stages of product and feature development is key to keeping organizations from scrambling to react to heavy fraud losses after a product goes live.Identify the key fraud risks facing each part of your business. Underestimating the fraud threats currently targeting an organization and how they will shift to attack new features exposes organizations to potentially significant fraud losses.Use well-informed, risk-based authentication to judiciously apply step-up authentication. Using tools such as behavioral biometrics, device recognition, and geolocation can help distinguish between legitimate and malicious users without requiring the intervention of authentication challenges.Move away from one-time passwords. One-time passwords (OTPs), delivered through a text message, email, or standalone app, are the most prevalent means of step-up authentication in financial services. Unfortunately, OTPs are prone to interception, with criminals having years of experience finding workarounds to this authentication method.

collapse section

Get the Report

Protecting Digital Innovation

An excerpt of the report is included below:Digital innovation permeates every aspect of businesses’ relationships with their customers. Wherever new digital services are deployed in an effort to provide new ways for businesses and consumers to engage, criminals are eager to find new ways to exploit the capabilities. Successfully navigating digital innovation initiatives while continuing to protect customer accounts requires a concerted effort within enterprises to assess risk and align controls from Day 1.

Digital Transformation Requires a Balance of User Experience,Operational Considerations, and Fraud Mitigation

Figure 1. Planned Digital Investment Focuses, by Industry

Three areas of investment for digital innovation initiatives are: operations, user experience, and fraud mitigation. Each of these three areas must be effectively aligned within the enterprise. Allowing investments in features and functionality to run ahead of the organization’s ability to manage fraud can lead to significant financial losses. In the face of unique competitive environments, customer expectations, and the level of prior investment in digital channels, each industry has an approach to digital innovation that is focused on where it receives the greatest value.

Each Industry Emphasizes Different Priorities for Digital InnovationFigure 2. Planned Digital Innovation Investments

The core areas where organizations plan to invest correspond with the objectives they aim to achieve, which can vary widely by the digital maturity of the organization. Across the four verticals, adding new products or services was the top digital priority (57%), followed by a focus on the user experience in existing channels (55%).A third of respondents said that adding support for new channels was one of their top digital initiatives for the next year. For merchants, which were the most likely industry to plan expansion into new channels, this frequently means making forays into the Internet of Things (IoT) and voice assistants.For many omni-channel organizations, integrating digital services can help modernize and streamline existing physical infrastructure through features like buy online, pickup in-store. Forty percent of respondents said their organization plans on investing in better integration between digital and physical channels to bridge the omni-channel gap, and 34% will be implementing buying online and paying in-store (Figure 3).

collapse section

Get the Report

Fraud and Digital Innovation

An excerpt of the report is included below:As businesses find new ways to engage with their customers with new features and interaction points, criminals find new vulnerabilities to exploit. Over a third (35%) of enterprises reported that fraud is a significant impediment to digital innovation efforts, forcing them to slow the expansion of their features and functionality as they seek ways to mitigate the new risks these innovations attract.

Fraud Prevents a Third of Business from Expanding Digital CapabilitiesFigure 4. Attitudes Around Fraud and Digital Innovation, All Businesses

Even when organizations do not feel directly impeded by fraud, they must be cognizant of the measures they employ to manage risk. As the pace of commerce and finance accelerates, consumers expect seamless service, with 48% of organizations reporting that their customers are more sensitive to the friction imposed by anti-fraud measures than they were a year ago.Organizations that consider themselves mature in their feature sets and user experience were most likely to be challenged by fraud, with 42% reporting it as a significant impediment to digital innovation.Fortunately, more than half of organizations in all covered industries plan to expand their investment in fraud mitigation over the next year. Financial institutions are leading the charge, with 82% of FIs planning to invest in greater fraud countermeasures over the next year. Insurers are least likely to expand their fraud mitigation tools, with only

collapse section

Get the Report

Retail

An excerpt of the report is included below:For retail merchants, innovation is moving beyond the ability to sell products and services via mobile apps and browser channels. Device-based payments are evolving as retailers and customers engage. Approximately 40% of merchants plan to deliver product information and digital payments via voice channels in the next 12 months.

Retailers Focus on Technology to Deliver ServicesFigure 8. Retailers’ Planned Digital Features Investments

As physical retailers move into omni-channel merchants with digital experiences, the retail merchants are not prepared for account takeover and identity theft challenges that come with anonymous payments. A heightened focus on building a frictionless experience, to facilitate online and in-person commerce, prevents companies from deploying strong fraud prevention capabilities.

CNP Fraud and Account Takeover are Top Fraud Threats to MerchantsFigure 9. Top Fraud Threats for Retailers

Account takeover and online fraud risks can be mitigated if the proper authorization protocols are set up. However, most merchants have weak authentication protocols. Just under half of all merchants require only a username and password to authenticate consumers, and approximately a quarter of merchants supplement usernames and passwords with tools like device recognition (28%) and location (24%).In addition to the increased fraud risk, limited authentication methods can constrain merchants when chargebacks and disputes occur. Merchants traditionally look at the transaction detail to determine if the transaction is legitimate. However, as digital payments expand, so does the need to authenticate the user.

collapse section

Get the Report

Restaurants

An excerpt of the report is included below:The food service industry, especially quick- service restaurants (QSRs) and fast-casual locations, is rolling out digital product innovations at a fast pace compared with other industries.

Restaurants Are Playing Catch-Up, Which Accelerates InnovationFigure 13. Top Challenges, Digital Innovation by Industry

While restaurants focus on digital innovation, investments in fraud mitigation are not keeping pace with other industries. Managing fraud (4%) is ranked as the lowest priority (Figure 13). Although perceived as low in dollar value with little resale capability, the restaurant industry can be exploited for card testing, taking over stored value accounts and reward accounts, and purchasing digital gift cards. Many restaurants are unprepared for the sophisticated attacks that target digital businesses. Because almost half of digital restaurants (48%) use only name and password for authenticating users to their sites, the digital initiatives are vulnerable to exploitation. Restaurants should increase user authentication in mobile and online channels, especially when digital prepaid cards are used.

collapse section

Get the Report

Insurance Focus

An excerpt of the report is included below:Insurers are racing to catch up with digital features that are the norm at other financial- services businesses. For many insurers, digital innovation means expanding online and mobile capabilities, with just under half (44%) planning to enable customers to submit documentation for a claim through their mobile app, and similar numbers planning to add the ability to open a new policy (42%) and file a new claim through their mobile app (40%).

Insurers Are Heavily Focused on Expanding Mobile FeaturesFigure 16. Digital Features Planned for Implementation in the Next Year

Unlike other industries, insurers are significantly more concerned about first-party fraud than they are about fraud committed by third parties. Just over a third (36%) of insurers identified false claims filed by true customers as their most significant fraud threat, compared with 10% for fraudulent creation of policies and 10% for takeovers of existing customer accounts. First-party fraud refers to false claims filed by the individual legitimately associated with the policy and is distinguished from third-party fraud, which is committed by an unauthorized party impersonating another individual.While insurers don’t think of digital fraud as a top threat, with 10% citing fraudulent policy creation as a top concern, 10% citing account takeover, and 8% citing third-party fraud, there is, in fact, a high risk of digital fraud when policies are moved online.

collapse section

Get the Report

Banking Focus

An excerpt of the report is included below:Financial institutions have been leaders in digital innovation, investing in fraud- management tools while introducing new products and services. Financial institutions are more focused than other surveyed industries on investing in digital fraud mitigation while pursuing digital innovation. One in six (18%) financial institutions identified managing digital fraud risk as their top impediment to digital innovation.

Managing Fraud Risk is the Greatest Digital Challenge for Financial InstitutionsFigure 19. Top Challenges with Digital Innovation Among Financial Institutions

FIs overwhelmingly cite as their top fraud threat stolen card data being used online or in mobile apps, at 34%, followed by account takeover (18%).With fraud tactics evolving and increasing in sophistication, many key authentication tools are losing effectiveness. One-time passwords delivered through text messages, for instance, are second to knowledge-based authentication as the most prevalent form of step-up authentication in the U.S. but face a growing number of vulnerabilities. Due to the increased sophistication, many FIs plan to invest in improving the security of existing user accounts (52%) and improving the identity verification for new users (46%).

collapse section

Get the Report

Looking Ahead

An excerpt of the report is included below:As digital innovation accelerates, organizations of all types need to be mindful of the risks that new channels, products, and features bring to their customers and organization. Successfully bringing new products and features to market while minimizing exposure to fraud risk requires a concerted organizational effort to work with fraud management teams throughout each stage of product development:

  1. New product or feature idea: Fraud management teams should be engaged to assess how criminals might exploit the product or feature to steal funds or compromise customer information.
  2. Business construct/proof of concept: As the new product or feature moves into early production, organizations should consider what existing tools can be cross-applied to fraud mitigation to most efficiently use their current resources.
  3. Pilot/initial commercial product: As the product or feature prepares for early release to a select group of users, organizations should identify what controls need to be in place from Day 1.
  4. Fully commercialized product: Once the product is fully live, fraud controls will generally be stable, but they should be designed with enough flexibility that additional countermeasures can be easily put in place as fraud schemes change or new criminal tools and tactics emerge.

Ultimately, greater collaboration between fraud teams and digital product teams is crucial to making digital innovation a success. By building a strong organizational culture of collaboration and formalizing engagement across the enterprise, businesses can effectively protect their digital innovation efforts.

collapse section

Get the Report

Protecting Digital Innovation:
Emerging Fraud and Attack Vectors