Close countries panel

Select country

For solutions in a specific country please visit our local website

Nets is a part of the Nexi Group - The European PayTech. Visit our Group website at

The new Fraud Frontline: Three fraud battles that issuers must win against criminals post Strong Customer Authentication

​The changes in the payment market in connection with the pandemic and the effect on the fraud landscape are escalating. We have identified three of the current fraud battles that banks and issuers should focus on in times of serious threats in combatting payment fraud. The key weapons to win over fraudsters include enriched information to consumers in authentication; empowering via AI-enabled Risk Based Authentication (RBA); and use of data to enrich AI enabled decision making. 

The pandemic has floored the accelerator of the digitisation of payments. In contrast to previous years, in 2020 the biggest change was not the speed of change in technology but the leap that consumers made to engage with the technology that the payment industry provides. As non-tech savvy consumers were forced to become accustomed to online shopping, online investments, online banking, online financial management, and even online dating, consumer anxiety around fraud has seen a considerable spike. 

According to a recent Fraud survey by Marqueta (Fraud Research Report- Marqeta) two-thirds of consumers say they are more concerned about fraud since COVID-19 and two-thirds think shopping online more during COVID-19 has put them at a higher risk of fraud. Consumer nerves are high with good reason, given that fraud is a serious threat in today's digital economy. A quarter of all people say they have been victims of fraud within the last 12 months, an increase of 25% since 2020 (Marqueta, 2021 Fraud Report). 

PSD2 and the associated requirements to comply with Strong Customer Authentication (SCA) was intended to combat many of these threats in the area of consumer payments. The EU implementation deadline has now passed, and we are starting to see the benefits and challenges of the new regulation. Even the UK Financial Conduct Authority (FCS), despite no longer coming under the regulation, agree with the intent of SCA and are pressing on with a delayed implementation to give time for the challenges to be resolved.

​Author/source: {attribution}

Jeppe Kirkegaard Folling

Jeppe is the VP of Risk Management Services and part of the Product Management Leadership team at Nets, Issuer and eSecurity Services. He has deep knowledge and experience with agile, customer and user-focused product development and is an eager participant in the fight against fraud and financial crime.

​Author/source: {attribution}

Andrew James Brock

​Andrew James Brock is a Product Manager in Nets Issuer & eSecurity with more than 18 years’ experience in the credit card and payments industry covering Fraud Risk, Commercial and Product Management.

Nets' perspectives to challenges and solutions

We have identified three battles that issuers must win against criminals post Strong Customer Authentication:

1. Enriched information to consumers in authentication
Firstly, now that the technical systems have been strengthened by SCA, fraudsters are targeting the weakest point: people. They are mobilizing scams that are devious, timely and clever, and victims cannot simply be written off as gullible fools – they could potentially trick any of us on a Monday. Push payment attacks, when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences or re-direct the payment to an account controlled by the fraudster, is on the rise. Here the payment is made by the genuine customer and SCA cannot prevent it. Criminals use social engineering techniques and may hack into email and other systems in order to set up their victims. We've seen a huge increase in smishing scams in the UK related to covid (test results / vaccine appointments), Brexit (online goods stuck at customs), the delivery companies (postage payment required to get goods), and the big retailers (Amazon-related). 

At Nets, we are enabling measures to confirm purchase information, merchant name or logo, before authenticating consumers. These measures are empowering consumers to make smarter decisions and safer payments.

2. Empowered via AI-enabled Risk Based Authentication (RBA)
Secondly, as convenience equals conversion, we can expect fraudsters to be looking for vulnerabilities that will appear as Merchants and Issuers learn how to navigate exemptions in the regulation. These exemptions are intended to make the payment process frictionless for consumers, but consequently they open up loopholes for criminals. One example could be payments initiated through acquirers outside the PSD2-zone for which SCA is not mandatory, although good practice. Nets' 3D Secure team is working day and night to build easy authentication flows and sophisticated RBA functionality, including machine learning models empowering banks and issuers to deploy and monitor rules that balances user experience suited for the new reality to their risk appetite.

3. Data to enrich AI enabled decision making
Thirdly, Data is also a key weapon to fight fraud. EMVCo 3-D Secure 2.0, the new communication standard adopted by the card schemes to support authentication, allows more data to be provided by merchants to issuers. This includes fields like the customer's e-mail address so the issuer can check if it's one of the customer's known addresses and information on IP and device. 

But issuers are in danger of drowning in data and thereby failing to spot tell-tale signs. Automated analysis and especially Machine Learning or AI can help make sense of this new data, but new technology will require supervision and explanation to the regulator. Ensuring algorithms that are unbiased will be a key challenge as we start to use them. 

Nets has expected this increasing trend, as we knew SCA implementation would take place in December 2020, so we have been preparing for it. A designated model has shown to be a successful proof-of-concept against 3DS fraud in 2020. As we continuously gather more 3DS fraud data in 2021, our analytics advances quickly where new data elements are utilised to update our AI eco-system. The harmonisation of rules and models ensure a market-leading fraud-to-false-positive ratio for our Issuers. 

Winning the fraud arms race

While online payments have gone through their 'chip and PIN moment' with SCA, it is now down to processors and their Issuing and Acquiring partners to remain a step ahead of the fraudster to keep fraud levels low. There are already signs of increasing attacks to dupe cardholders, so at Nets we will continue to assess new data sources, like v2 3DS, against our fraud data with our cutting edge machine learning models to ensure fraud cases are generated and dealt with appropriately.