Online fraud lessons learnt in 2020

Share this post

This year a series of difficult challenges have been faced across the globe. And in terms of online fraud, levels have been grave and unprecedented, as fraudsters sought to exploit the increased use of digital channels such as online shopping as well as the fear and uncertainty everyday life has been shrouded in due to the pandemic.

As we look to the new year ahead, we do so with an optimistic eye, as we finally make breakthroughs in the fight against Covid-19. However, in the world of online banking fraud there’s a huge amount to be done in order to compete with the fraudsters and comprehensively fight online fraud.

Here are the three main ways we think Covid-19 has changed the world of online fraud, and what this means for the fraud prevention industry as we enter the new year:


There has been an increase in fraud seeking to circumvent payments security

Sophisticated fraudsters are renowned for their innovative techniques and the reason online fraud continues to increase year-on-year is that fraudsters are constantly adapting their techniques. As banks catch up and plug the holes in their systems created by Covid-based scams, fraudsters are turning their attention to thwarting the very defenses put in place to stop them.

With record numbers of people performing processes like shopping online, we’ve seen a development in the sophistication of fraudster techniques, and in the use of these techniques in combinations seeking to circumvent specific payments security, such as SIM swap scams, as well as social engineering techniques specifically aimed at stealing sensitive information.

Fraudsters have started to focus efforts on phishing attacks that attempt to steal one-time passwords (OTP) such as those sent to customers during the step-up authentication phase that can be requested through payments security protocols, such as 3D Secure, in the case of a risky transaction.

For example, fraudsters may pretend to be legitimate brands and even banks themselves in order to fool customers into unwittingly handing over their OTP to the fraudster. Cybercriminals have even worked out a way to replace pop-up windows with their own – disguised as the bank’s – that appear to genuine customers during this verification step. In entering their OTP, the legitimate password goes straight to the fraudster.

Another particularly sneaky way in which fraudsters intercept this information is through SIM swapping. This technique allows a criminal to impersonate a genuine user by managing to get their phone number switched onto a different SIM card that they own instead, again thereby receiving the genuine OTP in the cardholder’s place. Additional means of impersonation can be executed by using the spoofed phone to call a banks call center to change access password and contact information or open new mobile accounts.


Behavioral biometrics took steps towards becoming a foundational cybersecurity technology

As mentioned before, the global pandemic has seen a huge spike in fraud; in February in the UK alone, Coronavirus-themed scams targeting both individuals and companies caused losses of over £800,000 (the equivalent of nearly €1million).

Between January and March this year, buguroo saw a 75 percent jump in the number of online banking sessions that included anomalous and suspicious user behavior and subsequently, the increased need for a technology that can accurately detect and prevent online banking fraud and payments fraud. This has accelerated the rate at which behavioral biometrics-based authentication technologies reached maturity. This is mainly why 2020 has seen behavioral biometrics as a method of detecting online fraud become indispensable to the financial services industry.

As we move into 2021, we expect this trend to continue, as behavioral biometrics cements its position in the online fraud detection industry as the essential foundational technology for any anti-fraud strategy, due to its ability to scale as well as work in unison with other layers of security, where it is highly effective at catching those fraudsters who might have found a way to slip through a ‘gap’ in the net.


Fraud prevention in 2021 will become as much about response as detection

As illustrated by our first two observations regarding online fraud this year, the root of the problem lies in fraudsters’ ability to adapt and develop new methods of committing their crimes. The overwhelming levels of fraud seen this year mean that organizations – even beyond the financial services sector – are searching for more granular ways in which to not just detect fraud, but once detected, respond to the fraud and block it from ever happening again.

This likely means that artificial intelligence and deep learning will continue to play critical roles in fighting online fraud, as companies implement systems capable of not only pinpointing fraud, but then automating predefined actions to respond to them in real-time, and ‘remembering’ the fraud or fraudster in order to block similar attacks in the future. Only in this way can we cut fraud off at its root and have a chance of comprehensively preventing it.

Reflecting on the lessons of 2020 and the role behavioral biometrics has played and will continue to play in fraud prevention, we’re optimistic that 2021 can be the year financial institutions finally get ahead of evolving forms of fraud and maintain this advantage in order to safeguard customers and their hard-earnt money.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?