The only time I don’t want to be right is when I consider the fraud trends I suspect might appear in the year ahead. It’s better to be prepared than shocked, but it’s always alarming to see the opportunities open to fraudsters and consider how costly and dangerous they could be for legitimate merchants and customers.
Unfortunately, the trends I was thinking about last year have become worrying this year. In particular, fraudsters have embraced new technology, such as generative AI, to enable an explosion of social engineering. There’s more, and it’s more sophisticated, making it harder to spot.
As always, fraudsters aren’t staying still. Here’s what I think we’re up against in the year ahead. The TL;DR version is that fraudsters aren’t focused on checkout, cards, and cash anymore. They’re looking at an expansive understanding of the value and burrowing into every vulnerability they can find.
Remote Desktop Attacks
Remote desktop attacks occur when a malicious actor takes over a computer and uses their illegitimate access to access the applications, programs, and passwords on the device so that they can take actions that look just like the victim.
These attacks have been common in banking for some time, but their popularity against digital commerce sites is new this year. Forter saw an 8% increase in this type of attack during the 2024 Black Friday/Cyber Monday weekend compared to 2023.
I think this trend will only increase because it’s partly fueled by the fact that phishing attacks of all kinds are so much easier and more effective now that fraudsters can use generative AI.
Recommendation: This is a threat that fraud prevention teams should start preparing to counter already. It’s not enough to check that a user has the device and IP you expect; you need to look at the whole picture they’re presenting, including their behavior and whether what they’re doing matches what you’ve seen from them in the past.
Supply Chain Risk Comes to Fraud
I couldn’t quite believe it, but I saw it with my own eyes — a discussion on a fraudster forum about pretending to be a retailer to sign up with fraud prevention providers.
The logic is that a fraudster with access to the backend of a fraud prevention provider can test out different orders and see why they’re rejected. Based on that, they can design the perfect crimes and commit successful fraud every time.
I was pretty happy to see the complaints that trying this with Forter is too difficult and not worth the effort, but it’s a pretty worrying trend. This means that fraudsters are looking further up the supply chain to see where they can find or create new vulnerabilities.
This reminds me of the crook offering access to the private information provided by data provider TransUnion and of the supply chain attacks carried out by cybercriminals who target companies that provide well-known services to gain access to their customers.
Recommendation: Fraudsters are looking at the big picture. Fraud fighters have to, as well.
Loyalty Points Prove Costly
When fraudsters stole loyalty points from a large hospitality chain, the FTC held that the chain was responsible for making its customers whole again. This is an important precedent: loyalty points aren’t free “nice to have” extras. They’re valuable, which means if criminals steal them, it could get costly.
I predict that consumers will continue to double down on the importance of loyalty points. That’s a challenge, however — especially since fraudsters, too, love loyalty points. Forter’s data shows that:
- Loyalty point lover? Your account is 4-5 times more likely to be attacked
- Got money or points stored? 6-7x more likely to be targeted
- A program that includes more than one brand? Attacked 2.5x more than a loyalty program for just one brand
Recommendation: This trend is part of the bigger picture shown by the supply chain risk: fraudsters look way beyond checkout nowadays. Fraud prevention strategies need to be holistic, too.
Awesome Experiences Will Be Fraud Loopholes
There’s no better shopping experience than heading into a store and discovering a streamlined shopping flow that delights you with its simplicity. Stores today are often more than places of purchase — they offer immersive experiences that draw you in and make it worth turning up in person rather than staying at home.
Offline and online experiences, too, are increasingly blending. In-store scan-and-go purchases combine app use with in-person presence, and QR codes offer loyalty points or special offers. Buying online, you can often pick up or return in-store.
As a customer, this is amazing. But to a fraudster, it represents opportunity. Stolen accounts, identity theft, stolen payment methods, fake identities, and more can all be used to cheat the ideal omnichannel experience.
Recommendation: Don’t look at fraud in silo. Make sure you’re in constant contact with the marketing, sales, product, customer experience, and customer services departments to work together to ensure that customer experience is not only wonderful but also safe.
Returns Are Risky
Returns are a tricky balance for a retailer because they’re important for customers; in the 2024 Trust Premium Report, 89% of consumers said that return policies are essential in deciding where to shop. Even more than that, 22% had abandoned a cart in the last three months due to restrictive return policies — indicating that a sizable percentage simply vote with their feet if the issue arises.
On the other hand, merchants who are too permissive invite refund-as-a-service fraud, with a massive scale of cheating carried out by customers, sometimes aided and abetted by fraudsters who specialize in exactly this. Sometimes, there’s even double dipping when returns and chargebacks come from the same order. When it comes to returns, merchants have to find the right balance.
Recommendation: Personalize the returns experience. Customers who consistently demonstrate good behavior but sometimes need a refund should get it. Customers who abuse the process shouldn’t be able to cheat.
Fraud Fighters Have the Power Too
Fraudsters are thinking outside the box, outside checkout, and outside credit card fraud. They’re getting creative, using new technologies, and even providing nefarious services to legitimate customers. It can all feel a bit much.
I do think there are real challenges ahead for 2025. But I also think that fraud fighters have access to better tools, collaborative structures, and technologies than ever before. We’re just as creative, determined, and innovative as the fraudsters.
In 2025, I predict that the battle will continue and that the fraudsters will face more than they expect.
Doriel Abrahams is the Principal Technologist at Forter and host of ‘What the Fraud?,’ where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.
