The real cost of online fraud

In fraud research sponsored by PayPal, the Ponemon Institute asked 632 cybersecurity specialists who deal with fraud investigations on a daily basis how they fight fraud and prevent losses in their organizations. These findings reveal that 65% think scammers are becoming more sophisticated, but many organizations don’t have the right technology, or the know-how, to stop them effectively.

61% of respondents claim their organizations’ current tools and technologies aren’t advanced enough to reduce the impact of fraud, and keep them compliant with important security and privacy regulations, such as PCI-DSS.

51% think their organizations make protecting online transactions a priority, but they’re still feeling the impact of fraud and losing $4.5 million each year on average. 38% say the cost of fraud protection outweighs the cost of dealing with losses.

Key findings

• The increasing sophistication of fraudsters is concerning cybersecurity experts, and less than half of those surveyed think they have the right tools and expertise to effectively fight fraud in their organizations.
• The majority of cybersecurity specialists want to use AI and machine learning to spot fraud faster and improve their organization’s defenses, but just 51% are actually using it.
• Digital transformations have got our respondents worried. 81% think the process of embedding new software and digital tools makes them vulnerable to online fraud attacks.
• Businesses are less effective at dealing with fraud post-COVID. Remote working has lowered network security and exposed their telecommunications teams to more phishing attacks.
• On average, just 4.5% of these organizations’ annual 2021 IT budget was dedicated to preventing, responding to, and containing online fraud.
• The highest performing organizations in the survey are using fraud solutions that balance threat detection with business growth and productivity.

Key Finding #1: Organizations are worried about the increasing sophistication of online payment scams

Just 45% of organizations surveyed say they have the in-house expertise to fight online fraud, and just over half say they’re effective at minimizing the consequences. Financial information, customer information, and payment data are the most at risk.

If we break those figures down a little more, we can see cybersecurity specialists are most worried about the increasing sophistication of fraudsters, and not having the right tech or expertise to fight them. 38% of our cybersecurity experts are spending longer detecting, containing, and responding to online fraud incidents.

Overall, these findings show organizations are struggling to deal effectively with online fraud, and it’s mainly because they lack the in-house tools and the know-how.

Key Finding #2: Machine learning would transform fraud detection capabilities

60% of the fraud specialists surveyed say machine learning and AI technologies would be a fraud detection game-changer for their organizations, but just 51% are using it. 76% agree that the most important benefit of automation is the ability to stop attacks before they do any damage. 71% think the greatest benefit would be saving time and effort for them and their team.

Chargeback fraud makes up 42% of online fraud incidents, and the organizations surveyed in this research are clear on what helps them to prevent it. Having clear merchant descriptions, flexible return policies, and responding to every dispute make the top three – demonstrating clear opportunities for automation to speed up processes.

Key Finding #3: Digital transformation leaves the door open to fraudsters

A worryingly high 81% of respondents say their organization is more vulnerable to an online fraud attack following digital transformation. 80% say it’s very likely, likely, or somewhat likely they have experienced a fraud attack because of an insecure digital transformation.

Just 7% of the organizations represented were confident there was ‘no chance’ of exposing themselves while embedding new technologies.

Key Finding #4: Remote work means greater risk

COVID-19 changed how every business operates, from big decisions in the boardroom to the smallest daily tasks. For these organizations, the pandemic has made them more vulnerable to online fraud, with effectiveness in reducing it dropping from 45% to 34%.

Insecure external networks and phishing scams aimed at staff are the two biggest risks, and the increased use of remote workers makes all kinds of valuable data more vulnerable, including customer information (71%), financial information (70%), and payment data (62%).

Key Finding #5: Fraudulent online transactions are costing $4.5 million each year on average

The fraud and cybersecurity specialists in this research represent organizations processing over 18 million annual transactions. They also lose $4.5 million on average each year to fraudulent transactions.

We asked these 632 fraud specialists about their organizations’ 2021 IT budgets too. The average organization had just under $300 million to play with, using 19% – $56,914,500 – to fund security, and 24% of this – $13,659,480 – to prevent, respond to, and contain online fraud incidents.

Key Finding #6: The most effective businesses make fraud detection and prevention a priority

Our report highlighted 23% of organizations were ‘high performers’ – in other words, very effective at spotting fraud, investigating it, and eliminating it. They’re making it a priority to protect online transactions, continually assessing how effective their IT systems are at preventing and containing fraud, and balancing this with business growth.

75% of these high-performing organizations have teams dedicated to fighting fraud, compared to 62% of average performers. They’re embracing AI – 63% of the highest performers are using automation, behavior analysis, and machine learning compared to 47% of average performers. They’re being rewarded for it too. 45% of high performers are spotting threats which have slipped through standard security defenses.

How to reduce online fraud risks in your organization

It’s time for the most important stuff – how you can reduce fraud in your organization. We’ve broken it down into six core priorities.

• The right in-house expertise and technology are essential. To plug any knowledge gaps, organizations should work with industry partners to process secure transactions and continually assess their IT system’s ability to prevent financial fraud. 61% of respondents say their organization doesn’t have the right technologies to mitigate online fraud.

• Organizations need to use fraud-detection techniques powered by machine learning and advanced analytics. 60% of our respondents say this is essential for spotting and containing fraud alerts that usually slip through the net. Top benefits include the ability to integrate these tools with threat intelligence sources and the ability to improve security teams’ effectiveness. Just 45% of cybersecurity and fraud specialists surveyed in our research say their organizations have the necessary in-house expertise to effectively deal with the impact of fraud. 51% are currently using automation, machine learning, and/or behavioral analytics.

• Digital transformations can increase the risk of an online fraud attack – this is a major cause of concern for 79% of respondents. Organizations should use advanced intelligence to toughen up their defenses during updates and migrations. 81% say their organizations are more vulnerable during and after digital transformations.

• Fraud detection, containment, and response need to be faster than they currently are in most organizations. Automation is helping 47% of respondents to speed up routine tasks. 38% of respondents say detecting, containing, and responding to fraud incidents is taking them longer than it used to.

• No department is an island. Fraud and cybersecurity teams need to work together to improve online fraud detection and investigation. 64% of respondents agree collaboration is important, but only 29% of respondents have achieved it in their organizations.

• To create and maintain customer trust, organizations need to put safeguards in place and tell customers what sensitive and financial data is being processed, and when. 51% of organizations surveyed are making it a priority to protect online financial transactions for their customers.

Stop fraud threats automatically with Fraud Protection Advanced

It’s clear that preventing fraud takes in-house expertise, tools that are more sophisticated than the scammers, and smart automation.

PayPal fraud prevention is an integrated, adaptive technology which uses machine learning to prevent fraud as threats evolve.

• Make fraud detection do what you need it to do. Your fraud and cybersecurity teams can choose from 200 custom rules and create their own fields and strategies.

• Access PayPal enterprise insights. Your team will have access to insights from our 2-sided network and over 15 billion PayPal transactions, giving them the intelligence tools to manage and investigate every potential threat.

• Managing risk is easy with simple fraud analysis. Your organization will be able to see exactly which transactions have been blocked, and why.

• A tool that keeps learning. No matter how sophisticated the fraudsters get, Fraud Protection Advanced will keep up with them, thanks to machine learning and extensive PayPal intelligence data.