ProofID | The Fraud Landscape: Evolving tactics, escalating impact

Fraud isn’t new. But the way it’s executed today is.

Cybercriminals no longer need to “hack in” through firewalls or malware. Instead, they exploit trust by pretending to be someone they’re not. Armed with compromised credentials, fake identities, or emulated devices, they slip through traditional defences unnoticed—triggering downstream losses that impact customers and entire business units.

And those losses are growing:

• Global eCommerce losses to online payment fraud hit $48 billion in 2023 with the U.S. accounting for more than a third (Statista)
• In financial services, U.S. consumers lost over $1.59 billion to transfer fraud in 2024, driven by social engineering and account takeover (PYMNTS)
• Healthcare fraud attempts rose 66% in 2024, targeting patient portals, provider identities, and insurance data (Experian Health)

Behind these numbers is a web of techniques:

• Account Takeover (ATO) using credential stuffing, phishing, or SIM-swapping
• Bot attacks that automate login attempts, gift card abuse, or fake account creation
• Device spoofing using emulators and headless browsers to mimic trusted users
• Synthetic identity fraud, especially in finance, where criminals mix real and fake PII to open accounts or access services

These attacks are not only more frequent—they’re harder to detect and resolve with traditional tools alone.

A closer kook: Sector-specific pressures

Retail & eCommerce

Retailers are caught between rising fraud threats and consumer demands for speed and convenience. Every friction point during checkout can lose a sale—yet every weak point invites abuse.

• Bots test stolen credentials at scale, launching ATO attempts across login pages
• Fraud rings create fake accounts to exploit referral programs and promo codes
• Gift card and refund abuse is rising, costing retailers millions in manual review and write-offs

The challenge? Balancing fraud control with seamless digital experiences.

Banking & finance

Financial institutions are facing an arms race. Attackers are becoming more surgical—using social engineering, behavioural mimicry, and mobile device emulation to bypass fraud rules.

• ATO leads to drained accounts, wire transfer fraud, and reputational damage
• Synthetic identities are used to open credit lines, launder money, or trigger chargebacks
• Regulatory pressure is intensifying, with FFIEC and OCC pushing firms to adopt real-time, risk-based defences

Here, identity is both the frontline and the back door.

US healthcare

Fraud in healthcare isn’t just about money—it’s about patient safety and data integrity. As portals expand and virtual care becomes mainstream, attackers exploit any identity weakness they can find.

• Stolen credentials give fraudsters access to health records, billing systems, and prescription services
• Fake patients use false insurance info to claim care or drugs
• Provider impersonation can lead to fraudulent claims and regulatory breaches

Healthcare is increasingly digital—but its defences are often built for a pre-digital world. And fraudsters know it.

What ties it all together? Identity risk

No matter the sector, modern fraud has one thing in common: it begins with identity. It’s not the firewall that fails – it’s the assumption that a user is who they say they are.

This makes the identity layer the most important – and most overlooked – point of fraud detection. It’s also the best opportunity to act early, with minimal disruption to legitimate users.

From reactive to proactive: Identity-first fraud detection

Traditional fraud systems often kick in too late—after a transaction has occurred or after suspicious behaviour has been flagged post-event. That’s expensive, inefficient, and damaging to user experience.

By contrast, identity-first fraud prevention—powered by tools like PingOne Protect – brings real-time intelligence into your login and access flows.

Here’s how it works:

PingOne Protect uses a combination of advanced signals to detect anomalies before access is granted.

• Behavioural biometrics: Typing speed, mouse movement, touchscreen patterns
• Device intelligence: Is this a known, consistent device or an emulator?
• Contextual insights: Time of day, geolocation, network reputation, and more

These signals are analysed in real time to produce a risk score. That score allows you to:

• Approve low-risk users instantly
• Step up authentication only when needed
• Block or flag high-risk attempts for review

It’s a smarter way to detect fraud—without disrupting the user journey.

Why business leaders should care

Fraud might originate in security, but its consequences ripple across the business:

• Compliance & legal face audit and regulatory exposure
• Digital & CX leaders wrestle with false positives and churn
• Operations teams deal with higher costs, slower workflows, and increased manual fraud investigation
• Boards and executives must preserve brand trust and ensure resilience

When fraud escalates, it’s no longer just a security issue—it’s a boardroom priority.

Take action: Trial PingOne Protect with a low-cost Proof of Value (POV)

At ProofID, we help organisations prove the impact of PingOne Protect in their own environment—quickly, safely, and without the burden of a full implementation.

Our low-cost Proof of Value (POV) engagement is ideal for teams in fraud, identity, and digital security roles who want to:

• No disruption to users (listen-only mode)
• Minimal setup changes to authentication process
• Data-driven fraud and UX insights
• Full business impact report and costed deployment plan
• Try before you buy a full implementation
  
  

Fast, focused, and flexible—our POV gives you the insight you need to move forward with confidence.

Final thought: Identity is the new frontline

As fraud becomes more adaptive and personalised, organisations must respond with equal intelligence and agility. That starts with recognising that identity is no longer just an enabler of access—it’s the deciding factor in who gets in, what they can do, and whether they belong.

By embedding fraud detection at the identity layer, businesses can outpace attackers, protect their customers, and deliver the trust today’s user’s demand.

Let’s stop treating fraud like someone else’s problem. It’s time to own the solution—starting with identity. Reach out to our team – talk to one of our fraud experts.