Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s be honest – the burden of payment fraud has for years fallen squarely on the shoulders of scammed customers – A.K.A., victims. Reimbursement has largely been tactical; an opt-in gesture of goodwill administered on a case-by-case basis to customers who either make enough noise, or hold accounts banks can’t afford to lose. If you’re familiar with the UK’s APP fraud reimbursement mandate, you’ll know that things are changing in a big way.

Due to compromised accounts, financial institutions lose billions annually in unauthorized transactions and account-related fraud. Airlines suffer millions in fraudulent ticket purchases, and retailers face widespread loyalty fraud and resold gift cards. Automated, bot-driven takeovers further amplify the issue, driving costly credential-stuffing attacks that inflate operational costs and burn through budgets. The list goes on, and the problem is only getting worse.

Fraud is built on deception, and third-party fraud is no exception. In this type of fraud, attackers use stolen or synthetic identities to impersonate legitimate customers and gain unauthorized access to accounts, services, or funds. By exploiting the trust between businesses and their customers, fraudsters bypass traditional security measures, making third-party fraud a growing threat in an era of automated attacks and large-scale data breaches.

Fraud has moved from an IT issue to a boardroom topic across industries. The more complex the fraud, the bigger the financial, brand, and customer risk. E-commerce fraud, for example, is expected to cost from $44.3 billion in 2024 (when it was last reported) to $107 billion in 2029, a 141% increase. And that’s just one industry. When the stakes are this high, you can’t blindly chase threats.

The Digital Operational Resilience Act (DORA) is the EU’s answer to ensuring digital operational resilience in financial services. This wide-reaching regulation applies to over 22,000 financial entities and Information and Communication Technology (ICT) service providers operating within the EU. But what does achieving compliance with the EU’s vision for resilience in digital financial operations look like?

Customer confidence is the fragile foundation of developing economies, and nowhere is this more true than Asia Pacific where phishing and customer account takeovers (ATO) threaten to bring that foundation crashing down. For financial institutions and airlines in APAC, scam-related fraud is no longer an isolated cost center—it is an existential risk to digital trust and economic growth.

Most people know not to click on obvious spam emails, but today’s scams are polished, highly personalized, and AI-powered. Whether it’s a fake banking alert, a deepfake customer service call, or a cloned e-commerce website, social engineering fraud often spreads fast. When customers see familiar branding, hear a confident voice, or receive a message that appears to come from a trusted source, it’s easy to comply and get duped.

It’s no secret that phishing has always relied on deception. Scam-targeted enterprises the world over warn their customers of the social engineering tactics and brand impersonation designed to trick them into handing over credentials. Besides email-based phishing, social media has become a hotbed for phishing attacks, with scammers using fake ads, impersonated accounts, and fraudulent messages to lure users.

As the adage goes, time is money, and nowhere does this ring more true than in an evolving threat landscape. The faster companies detect, respond, and recover from data breaches, the better for their pockets. Using AI and security automation to shorten the breach lifecycle has been shown to save $2.2 million more on average compared to not employing these technologies.