The Good, the Bad, and the Ugly: What Will 2019 Bring for Fraud?
By Angela Marrujo /
8 Jan 2019
Landmark events and advances in fraud, abuse, and risk management came out of 2018. We experienced some of the largest data breaches to date, made strides towards greater data regulation via GDPR, and saw some of the world’s biggest companies face public outcry over the mishandling of sensitive user information.
Fraud isn’t going anywhere in 2019 – in fact, it’s expected to get worse. So we turned to the members of our Trust Advisory Board, which includes industry experts from companies such as Poshmark and Equifax, for their predictions on what fraud trends they expect to see in the coming year.
Robbie Fritts, Director of Fraud and Payments, Poshmark
Authentication technology becomes the norm. Biometrics and other behavioral analytics will become the standard for the internet, evolving beyond merely short message service (SMS) as the only common option.
Greater government focus on privacy. The U.S. will adopt more comprehensive privacy policies either at the federal or state level, which have already been implemented in California.
Deeper investment in security. Investors will continue to funnel money into cybersecurity and fraud prevention companies, resulting in big wins for these organizations (IPOs, major acquisitions, etc.).
Wendy Roberts, Senior Director of Marketplace Trust and Safety, Thumbtack
Now or never for cryptocurrencies. It’s going to be a make or break year for cryptocurrencies – they will either emerge from the shadows and become regulated or they won’t.
Pulling back the curtain on data collection. There will be even more focus on what information internet companies are collecting and what they do with it, including how they safeguard it. This could result in additional regulations, especially in the EU.
The year of synthetic identities. Synthetic identities (new identities created using real – usually stolen – and fake information) will increase and become a much more prominent fraud vector.
Oggie Nikolic, Principal Engineer, GRAIL; former Google engineer specializing in risk management
New targets for data breaches. Password management services will be breached.
2FA to become a requirement. We’ll see a major shift to two-factor authentication (2FA) on most major websites, with some even making it mandatory.
Jevin Bhorania, Director of Risk & Data Science at Faire (formerly Indigo Fair)
Social engineering to commit fraud. Since fraudsters now have unprecedented access to emails, phone numbers, and other PII credentials, they will be targeting Support and Sales departments to take over accounts and extract funds. They will also attack by acting as customer service agents to retrieve 2FA codes.
More ID theft. Since the economy is at an all-time high, so is creditworthiness. Thus, fraudsters have all the more incentive to to steal identities to open new lines of credit and steal funds.
Caleb Callahan, VP of Fraud Operations and Strategy, Equifax
Attack vectors will diversify. As core fraud technologies continue to improve, every avenue to monetize an institution will be poked at. This includes increased attempts at peripheral channels, such as loyalty, phone, affiliate/referral, discounts for reselling, and continued focus on any stored value associated with consumers.
An increase of 3D Secure. The lines between authentication and fraud prevention will blur as checkout flows introduce direct interaction with the banks through technologies like 3DS 2.0.
Questioning merchant liability. The payment industry will begin to question the liability of merchants for new accounts provided to fraudsters by financial institutions, versus the more traditional stolen credentials.
Kevin Lee, Trust & Safety Architect, Sift Science
Trust & Safety becomes a need. Budgets and demand for security, risk, and trust & safety teams will grow faster than those in legal, finance, and operations due to increased publicity surrounding abuse.
Rise of the bots. Bot traffic to sites will grow over 80% year-over-year.
No new digital privacy policies in the U.S. The U.S. government will not implement any new digital privacy policies, even given recent congressional hearings with Facebook, Google, and Twitter.
While I agree with my colleagues that data privacy regulations will be a primary issue that impacts our industry in 2019, I foresee policies being implemented at a later time due to the division of support for the tech industry in the government. The political climate in the year ahead seems unclear and too soon to tell if any regulation will be in place.
As cyber-attacks and crime continues to thrive online, businesses need to make risk management and fraud prevention a priority in 2019. Many are betting on the trends around authentication technology, account fraud and data privacy regulation.
With online dangers like account takeover, content abuse, payment fraud, and more becoming prevalent, severe, and diverse, it’s largely at the hands of businesses to protect their assets and users. For companies to come out successful in 2019, they need to establish and sustain digital trust & safety with their users. This includes protecting their customers’ information while enabling good customer experiences. In the year ahead, it seems that there will be no shortage of activity for this industry as fraudsters continually get smarter and savvier in their attacks.
Angela Marrujo, Content Marketing Manager at Sift, is a lifelong gamer with a deep love for Nintendo, in particular. Illustration and music are her other passions. Angela is a San Francisco State University alumna and, prior to Sift, worked in PR and Marketing in the video game industry.