If fraud prevention remains tied to single regions, online payment losses will continue to mount.
The global financial ecosystem has become incredibly interconnected with the growth of e-commerce, where global sales approached the $6-trillion mark in 2023. Fueled by new payment methods and categories like mobile and social commerce, online shoppers have direct access to a seemingly infinite array of digital marketplaces.
This has created a global stage for fraudsters to lift products and funds. Merchants are working diligently to root out fraud and accommodate legitimate users, but global e-commerce losses are staggering, and were projected to reach $48 billion in 2023. Clearly, this needs to change. Everyone in the fraud-prevention orbit—merchants, financial institutions, regulators, and technology providers—must look beyond their four walls.
That’s partly because of a surge in cross-border transactions, which are expected to grow by an exorbitant 108% by 2028. In this prevention campaign, national borders are rendered moot. The fight requires coalitions specifically built to stop online fraud carried out from all corners of the globe. Collaboration will beget stronger, actionable insights—and can help defenders get ahead of rising threats.
Let’s review the widening scope of today’s fraud landscape. This will help explain why this issue demands unity among defenders across every continent and industry group. I believe this is the secret for more meaningful change.
Fraud Has Gone Global
Simply put, fraud is no longer local. Bad actors in the Asia-Pacific or Europe, Middle East, and Africa regions can easily target prominent U.S. retailers, and, through virtual private networks (VPNs), obfuscate their location. This is just one method, but it means prevention must adapt to new standards.
Cultural variability is also a driving force. Fraudsters can exploit different norms and practices related to purchasing behavior to deceive businesses and consumers. Businesses may then over-rotate on fraud controls and thus block valid transactions, presenting a greater need for strong identity intelligence.
This variability also means that a successful fraud-prevention framework in one nation may not translate seamlessly to another, fragmenting a company’s global approach. Fraud fighters can’t use the assumptions they have about U.S. consumers, for example, to judge the legitimacy of customers elsewhere.
VPN use in the United States is relatively uncommon for most shoppers, and, when used, can be a sign of potential fraud. By contrast, VPN use in other regions, such as China, is more common among legitimate customers. What’s considered atypical in one country may be status quo in another. Understanding these nuances is critical to avoid turning away good customers.
Payment diversity is also a factor in fraud’s global expansion, as shoppers pay differently depending on where they live. While payment-method flexibility (credit, debit, digital wallets, cryptocurrency, buy now, pay later, and so on) is helpful for consumers, it creates more channels that fraud fighters must analyze. For example, the rise of open banking and account-based payments is very attractive to bad actors. Whenever there is an immediate funds transfer, fraudsters take notice.
Regulatory Anomalies
Determined to get ahead of these patterns, regulators around the globe are often quick to issue stringent mandates. While these may curb more “macro” impacts of fraud, they can create new obstacles that hamper merchants’ ability to operate and scale. These regulatory anomalies can be difficult for businesses—especially multinational ones—to grapple with. It can even lead to merchants avoiding doing business in a particular region altogether.
In India and China, for instance, data-localization requirements mean personal payment data must be stored domestically. As a result, many businesses cannot leverage their central data to make more informed fraud decisions. Merchants in India are also prohibited from storing card data, making subscription business models difficult to manage. Consumers must re-enter their information for every charge, which creates a lot of friction, especially for monthly subscriptions.
Meanwhile, in Australia, the nation’s self-regulatory body, AusPayNet, sets a standard fraud-rate threshold regardless of the type of business, so high-risk businesses often must choose between leveraging two-factor authentication on every transaction or avoiding doing business there altogether. While it’s simpler to impose this regulation, such a blunt instrument has made it incredibly difficult for businesses to operate in the region.
We’ve also seen fraud-specific carve-outs in some of the world’s leading privacy regulations (the General Data Protection Regulation in the European Union and the California Consumer Privacy Act in the United States). However, continued evolution is necessary to create a more level playing field where, more broadly, data remains secure and retailers can freely operate.
Future regulation must be impressionable and iterative, much like the EU’s Payment Services Directive, or PSD2. This rule built upon its first release, extended requirements to third-party payment providers, and implemented new security mandates. Although its passage and implementation took years, this effort demonstrates a commitment to iteration (especially with PSD3 on the horizon now), which is a promising sign for Europe’s future.
Regulation That Resonates
Again, for principal regulation to resonate, industry stakeholders must enter the fray much earlier on. Retailers, for instance, can lean on their respective industry bodies to both obtain effective intel and elevate their voices. Meanwhile, regulators around the world should pay heed to merchant feedback and guidance.
Luckily, a more collaborative mindset is already taking hold, thanks to the emergence of data consortiums that include financial institutions, marketplace operators, independent software vendors, payment-service providers, system integrators, consultancies, and more. I’m also seeing important fraud-prevention organizations expand their horizons and ask what being “global” truly means.
Take, for instance, the Merchant Risk Council and the Merchant Advisory Group, two prominent bodies that are looking to expand into APAC and EMEA to help broaden the scope of their impact. And CIFAS, the U.K.-based fraud-prevention association, has created a strong model that can be replicated in other jurisdictions. It connects both sectors and opens up greater access to data used for fraud prevention.
This activity and coordination can push the industry closer to directives that truly transcend borders.
Serving the Public Interest
As part of these holistic efforts, every entity must make a commitment to better serve the public interest. The more industry embraces collaboration, the more visibility it will acquire, driving safe and meaningful change (including regulation).
Broader information-sharing consortiums are the first step and the future of our collective defense, facilitating important conversations and setting new global agendas that will, we can hope, keep fraud at bay.
—Jeff Hallenbeck is head of payments at Forter.