Share on
About the author
Leo Hao Li is Senior Risk Management Strategist at Antom, Ant International. He works closely with international and local businesses in Asia, Europe and the US, across verticals including e-commerce, travel, mobility, digital & entertainment and new energy.
2024 was a year of heightened fraud risk, and in 2025, fraud will continue to be a threat for businesses if there are no risk management strategies in place. Even as a consumer, we would have, by now, encountered one or a few scam or fraud attempts, and that is already a sign that fraud is as ubiquitous as global commerce. Fraud doesn’t discriminate, though some unique cases happen in certain verticals which we will speak about later on.
The widespread nature of fraud has led to a greater consumer awareness, which in turn become a driving force to ensure businesses have some levels of risk management. But of course, that is not enough as a risk strategy to keep fraud at bay. Tech advancements, especially in AI, will greatly improve fraud prevention, though it’s also helping fraudsters move faster, smarter and into more sophisticated operations.
Here are some fraud trends we think global businesses should pay attention to in the year ahead.
1. Phishing and social engineering fraud
Many of us should be familiar with phishing by now. Phishing attacks are fake email, text messages, or websites to trick users into providing personal information, passwords, or other sensitive information.
For example, fraudsters may send a seemingly real bank email telling users to update personal information to ensure account security. In the email, users may then be led to a fake bank website, asking for user password, card number and other sensitive information. Thanks to the amount of data fraudsters can easily glean on social media, along with the use of AI especially generative AI (GenAI), bad actors can now mimic and simulate the user's biological characteristics, voice and movements to create emails and messages that are harder to differentiate from real communications.
2. Credit card theft and friendly fraud
Credit card thefts are thefts where fraudsters make a fraudulent transaction by stealing from the user or by stealing credit card information. With the digitalisation of payments, credit card thefts have become more common. While technology has made payment frictionless, the same tech is also used by criminals to steal card information. Fraudsters are also purchasing card information on the dark web, then doing card testing on various e-commerce stores or buying high-transaction value items then reselling for a profit.
First-party fraudulent transactions, or friendly fraud, are also an area of concern for global businesses. Friendly fraud happens when a consumer deliberately makes a dispute or refund claim after receiving a good or service. Though not all cases are malicious, friendly fraud can impact businesses bottom lines, their brand reputations and related credit scores. Sometimes, this can even cause the business to be blacklisted with the financial institutions.
3. Synthetic identity fraud
Synthetic identity fraud is a highly complex form of identity fraud that mixes real and fake information to create fictitious identities. With AI, especially Deepfake technology, photos and videos can easily be created or manipulated.
Sometimes, all it takes is fragments of data from any data leak and a whole new identity can be created. Fraudsters may first use this synthesised identity to make low-cost transactions to establish a credit record. As the credit rating increases, they gradually increase the transaction amount to build a higher credit rating, then apply for credit cards or loans, or quickly withdraw large amounts of money from users’ accounts. This is a growing issue with the increased number of data leaks globally, and the ever-increasing amount of personal information fraudsters can get from social media.
4. Account takeovers
Users, as well as merchants operating from their own accounts, may be susceptible to account takeover fraud. Fraudsters can steal users’ account information, such as user names and passwords, to take over the users’ accounts and make fraudulent transactions. These can be easily obtained by using tools, AI and machine learning – by studying the users’ patterns, habits, account usage frequencies, etc. Large-scale authentication attacks may also be carried out to take over user accounts. One of the more sophisticated ways fraudsters are doing this is by intercepting verification codes and redirecting users to a fraudulent site before taking over the account. The speed and seamlessness of at which such operations happen have made account takeovers harder to prevent.
5. Fulfilment fraud
This refers to when sellers deliberately mislead buyers during the delivery/fulfilment process, for example, by changing the delivery address, recipient address, the items to be delivered, etc., to commit fraud. There had been cases where empty packages, or garbage, were sent, to create a fake delivery record. Fulfilment fraud can negatively impact businesses in terms of costs, revenue, customer complaints and brand reputation. This type of fraud impacts merchants such as those running e-commerce shopfronts, platforms or marketplaces.
The case of a certain global marketplace comes to mind. Fraudsters had set up multiple fake storefronts within the marketplace, and sent out low-value items or empty packages to buyers to avoid having to refund customers – and turned a profit from the fraudulent operation.
Some industry examples
E-commerce
E-commerce fraud is a significant problem for online retailers. Fraudsters can use stolen financial accounts to obtain goods or services from merchants, causing financial losses and damage to the reputation of the affected businesses.
Besides, with a wide variety of merchandise and at different transaction values, fraudsters can easily employ all of the tactics we mentioned earlier. Through phishing and identity thefts, fraudsters can quite quickly carry out credit card thefts, account takeovers, etc.
Fraudsters can also commit fulfilment fraud by either delivering empty packages, or create fake delivery records. According to Juniper Research, e-commerce fraud has reached US$ 44.3 billion in 2024 and will exceed $107 billion by 2029, which is a very concerning increase, so it is recommended that all e-commerce merchants consider a risk management system if there’s none in place yet.
Digital Entertainment & Streaming
Digital entertainment and subscription businesses can be characterised by frequent online transactions and involving large amounts of user personal and payments data. These merchants can be impacted by unique fraud types like subscription fraud, virtual purchase fraud, etc. We often share these two examples to illustrate just how easy it is for businesses to fall prey to fraud.
Subscription fraud: A certain digital entertainment merchant was hit by a massive fraud case where fraudsters had purchased a large number of premium subscription accounts using stolen credit card information and then reselling those accounts.
Virtual item purchases using stolen information: This is an extension of credit card and identity thefts. Fraudsters had targeted a popular online gaming platform and bought in-app credits and virtual items using stolen credit card information, then quickly reselling on the black market. Not only did it cost the merchant great losses, but also impacted the overall gaming experience.
Travel
Think air tickets, hotel bookings, attraction passes, meal vouchers and so forth. Payments within the travel industry can involve high-value transactions and many different parties; pre-payment is sometimes required too – all of which add to the payment risk in travel transactions.
Some unique fraud types faced by the travel industry include black market resale and refund fraud. There was a case of fraudsters targeting an airline merchant where unauthorised resellers had purchased a large number of discounted tickets and putting them up on the black market, costing the merchant significant revenue losses. This type of reselling can happen throughout the entire travel purchase journey. On the surface, travelers may be purchasing discounted items from resellers. But what happens is that, some of these resellers may also be selling users’ personal data and profiting in many different ways.
Airline merchants are also susceptible to refund fraud. There have been cases where travelers cancelled their flights last minute and requested refunds, yet, while the refunds are being processed, these travelers have actually boarded the plane and proceeded with their trips!
How does fraud compare across regions like Asia, Europe and the US?
From a global perspective, fraud rate has gone up – but for various different reasons when you take a closer look at the different regions.
In Asia, mobile payment fraud appears to have increased. One reason is that mobile payments have become the payment of choice in many Asian markets over the last decade, especially in China and India. Fraudsters have been quite opportunistic, leveraging phishing, social engineering fraud, creating fake payment links and making use of security loopholes within the payment apps to commit fraud.
In the US, credit and debit card have been common payment methods and card fraud have grown to become more sophisticated. There have been cases where fraud syndicates use phishing, data leaks and email fraud to create synthetic identities, and after which, using the information to apply for credit card, loans, etc.
In Europe, two fraud trends have been apparent: friendly fraud and credit card cloning. Fraudsters have taking advantage of EU region’s common currency to abuse refund policies and commit fraud, increasing the cases of friendly fraud. Read on for our recommendation on how to keep friendly fraud cases like these in check.
Credit cards are a common way to pay, and credit card cloning is a common tactic among fraudsters in Europe. To combat this, strict payment regulations are now in place, for example, Strong Customer Authentication (SCA) requirement under PSD2 (Payment Services Directive).
Global companies need to pay attention to international regulations to ensure the right fraud strategies are in place. If a company only implements a set of risk rules following the security requirements of a certain market or region across all markets, two situations can happen. One is that the risk strategy may allow more transactions to pass through because thresholds have been set too low, another is that less transactions may be allowed to pass through because thresholds are too high following stricter requirements. While it’s good to consider dynamic risk strategies such as dynamic 3D Secure (3DS), it’s best to speak with our team on risk management strategies that can cater to global markets, to ensure fraud rates and actual fraudulent transactions are well understood.
What are some risk management strategies companies can adopt to always be ahead of fraudsters?
Better customer authentication
The first thing for companies to do is to conduct better KYC (Know Your Customer) especially for businesses with their own platform and payment systems, particularly when high-risk transactions are involved. Use multi-factor authentication such as password, one-time verification code and biometric verification, etc. In addition, merchants can also consider monitoring user behaviors to further confirm the authenticity of users.
For high-risk transactions, such as high-value transactions or high-velocity transactions, business should take additional verification steps, such as asking users to provide additional identity documents or video verification. Through these strategies, merchants can reduce the risk of fraud arising from identity misuse or account misuse.
Clear refund and return policy
The second thing is to implement a clear refund and return policy. Not only will this help with the overall customer experience, but also effectively prevent chargebacks. The refund and return policy should include the timeframe for refund/return, return charges and the state of the returned items. Regarding high-risk items such as virtual assets, merchants can implement even stricter conditions. Through these measures, merchants can greatly reduce the chances of friendly fraud and losses from such cases.
Detection of unusual activities
The third is look out for unusual transaction patterns while protecting privacy. Merchants can consider implementing monitoring systems to identify irregular activity such as an abnormally large transaction or small transaction, abnormal transaction time, etc. as these can be signs of fraud. Merchants can use machine learning and big data analysis technology to develop privacy-compliant fraud detection models, and these models can automatically identify potentially fraudulent transactions and activate triggers to stop the transactions.
Merchants should ensure that any monitoring is conducted in accordance with relevant data protection regulations, by implementing measures such as data minimization, encryption, and transparent customer communication.
Dynamic and intelligent anti-fraud solution
Next is dynamic and intelligent risk solutions. Dynamic fraud protection is a big part of payments strategies for businesses today. Businesses have the option of building their own risk system or employing a third-party for easier automated risk management and fraud control so merchants can focus on the business.
Antom Shield provides two levels of fraud protection. Firstly, using Antom’s risk management platform to implement overall risk coverage with the relevant risk rules in place.
Merchants can also delve into a deeper level to assess the risk level in real-time and make risk-based decisions by using machine learning and AI technology to analyse patterns. Over time, through learning fraud patterns, Antom Shield can help to optimise the risk settings, reducing the need to manually monitor and time or resources invested to keep out fraud.
For example, a gaming merchant without a comprehensive risk management has had a case of credit card fraud amounting to US$ 1.7 million in losses. After the fraud attack, the merchant quickly applied 3DS as a blanket strategy, causing the overall payment success rate to drop by 10 points, impacting the customer experience and business.
Our solution for the merchant was to balance payment performance and user experience. By implementing Antom Shield, we were able to turn things around quickly, firstly by keeping out fraudulent transactions – and in just three months, we helped increase the payment success rate by 6%.
Payment security education for end customers
Last but not least, educate end customers on fraud prevention. As mentioned earlier, social engineering fraud and identity fraud are likely to persist and increase in the coming years. To ensure better fraud prevention, it’s best to approach it on two fronts – merchants taking prevention measures, and at the same time, educating users on data privacy and data security via their apps, websites, social media and so forth. This strategy will also help reinforce fraud prevention measures businesses implement by building a united force against the bad actors.
Want to learn more about risk management that works for your business? Contact us to find out more about best practices for your industry and risk strategies you can consider.
