This is particularly true and relevant with multistep authentication processes, long held as the gold standard for online security, beginning to show their age.

Multifactor authentication was developed as a response to the growing risks of password-only security. By layering verification steps like one-time passcodes sent via SMS or email, or biometric scans or app-based confirmations, financial institutions were looking to bolster user identity validation and reduce fraud. While this approach added a layer of protection, it could frequently come with complexity and user frustration.

The PYMNTS Intelligence report “Consumers Struggle with Passwords and Fraud Prevention — Metal Payment Cards Offer a Smarter Alternative,” a collaboration with Arculus by CompoSecure, found that 41% of fraud cases today are still driven by stolen or falsified credentials. This finding suggests that even with multifactor authentication in place, current methods aren’t foolproof. Instead, they often introduce new points of failure.

For example, reliance on SMS codes can be undermined by SIM-swapping attacks, and email verifications may be delayed or intercepted.

Now, a new wave of innovation in physical-digital convergence is taking shape and offering alternatives. One solution gaining traction is the tap-to-authenticate metal payment card, a technology that aims to merge strong security with user-centric simplicity.

Password Struggles and Innovative Solutions

The report revealed that 65% of consumers struggle to remember passwords. In response, many reuse login credentials or opt for easily guessable passwords, two behaviors that inadvertently weaken security. Frequent password resets and cumbersome verification steps also contribute to “authentication fatigue,” a phenomenon where users become desensitized to security protocols or, worse, choose to bypass them.

The practical implications are stark. Small banks and credit unions reported an average authentication time of 3.2 minutes, the longest among financial institutions. Even at large national banks, the process still takes close to three minutes.

In a fast-paced digital world, these minutes matter. To address these issues, financial institutions are now exploring alternatives — and tap-to-authenticate metal payment cards are emerging as a frontrunner. These cards integrate physical durability with embedded digital authentication capabilities, allowing users to securely confirm identity or authorize transactions with a simple tap.

What makes this solution compelling is its ability to deliver security without sacrificing ease of use. In the study, banks cited several top advantages of metal authentication cards.

• Frictionless Authentication (58%): A simple tap eliminates the need to remember passwords or wait for passcodes, speeding up the process.
• Premium Appeal (57%): These cards offer a high-end, modern aesthetic that appeals to consumers seeking exclusivity and benefits.
• Perceived Security (54%): Users view these cards as safer because of their physical nature and secure cryptographic capabilities.

The report found that 77% of financial institutions are now exploring or considering such solutions. This growing momentum underscores a market readiness to move beyond the password paradigm toward a future of passwordless, tap-based authentication.

See also: Metal Payment Cards Move From Luxury to Everyday as Fraud Fears Deepen

A Strategic Shift in Authentication Philosophy

The rise of tap-to-authenticate metal cards signals a broader shift in how banks and FinTechs think about security, from layering inconvenience to layering intelligence. Instead of adding more steps, financial institutions are finding ways to make each step smarter and less intrusive.

By anchoring security in a familiar physical format — the payment card — and embedding it with cutting-edge digital capabilities, they create a seamless bridge between the analog and digital worlds.

As awareness grows and financial institutions scale their deployments, these cards could redefine how consumers interact with their digital financial lives — all with a single, secure tap.

The post Tap-to-Pay Metal Cards Touted as Sleek Shield Against Digital Fraud appeared first on PYMNTS.com.

In a letter to the bankrupt genetic testing service Thursday (April 17), members of the House Committee on Energy and Congress expressed concerns that this data could be compromised following a sale.

The letter from Rep. Brett Guthrie of Kentucky, Rep. Gus Bilirakis of Florida and Rep. Gary Palmer of Alabama said that generally speaking, direct-to-consumer firms such as 23andMe are not covered by the Health Insurance Portability and Accountability Act (HIPAA).

“Given the lack of HIPAA protections, the patchwork of state laws covering genetic privacy, and the uncertainty surrounding what happens to customer information should a sale of the company or customer data transpire, we are concerned that this trove of sensitive information is at risk for being compromised,” the letter said.

In addition, users have complained of difficulties in accessing their data, whether that meant the website being down or never getting the two-step verification codes needed to delete their accounts.

PYMNTS did not receive a response from 23andMe to a request for comment.

The company said in a March 26 press release that it was seeking Chapter 11 bankruptcy protection and searching for a buyer. Days later, the company said that the terms of its sale would require bidders to “agree to comply with 23andMe’s consumer privacy policy and all applicable laws with respect to the treatment of customer data.”

Last year, the company said it would pay $30 million to settle a lawsuit tied to a data breach, while also agreeing to provide three years of security monitoring as a result of the class-action litigation. That suit had accused 23andMe of failing to protect the private information of nearly 7 million customers exposed in the breach in 2023.

The settlement also resolves allegations that 23andMe did not inform customers with Chinese and Ashkenazi Jewish ancestry that a hacker had apparently targeted them specifically, selling their information on the dark web.

The company revealed the data breach in October 2023, roughly six months after it began, impacting nearly half of the 14.1 million customers in 23andMe’s database at the time.

The incident and other data breaches underscore the need for service providers to secure their infrastructure.

The post 23andMe’s Data Security Catches Attention of House GOP appeared first on PYMNTS.com.

Capital One Databolt is designed to let companies protect sensitive data at scale without sacrificing performance or speed, according to a Thursday (April 17) press release.

“In an era marked by increasing data breaches, complex data privacy requirements, and the adoption of generative AI, the need for robust data protection has never been greater,” Capital One Software President Ravi Raghu said in the release. “Traditional data security methods often fall short with limited scalability and added complexity. Tokenization [provides] next-level security as companies navigate a growing need to protect their data and prepare for an AI-first world.”

Databolt replaces sensitive data with secure tokens, reducing the risk that sensitive data is exposed during a breach, the release said. At the same time, Databolt preserves the underlying data format so that companies can still run applications, manage third-party data sharing and safely adopt generative artificial intelligence.

“At Capital One, we recognized the power of tokenization early on and built our own solution to meet the needs of a cloud-first enterprise at scale,” Raghu said in the release. “Today, we run more than 100 billion tokenization operations a month across hundreds of applications.”

The PYMNTS Intelligence report “Tokenization at Scale: Why More Retailers are Investing in the Future of Cybersecurity” examined the growing popularity of network tokens and payment tokens among businesses. Nearly 80% of small- to medium-sized merchants surveyed said they enabled one of the two types of tokens, with adoption reaching near-universal levels among higher-revenue merchants.

Meanwhile, the PYMNTS Intelligence report “The Tokenization Innovation Report: The Future of Security and Personalization” found that network tokens offered by major credit card networks are poised for even more growth.

For example, 77% of merchants not currently offering network tokens have plans to introduce them. Beyond that, 92% of payment service providers (PSPs) that already enable the technology plan to invest in further capability. Some of the key areas that merchants PSPs want to upgrade include digital wallet card payments, card-on-file payments and recurring payments.

The post Capital One Launches Data Security Solution Databolt appeared first on PYMNTS.com.

The enhancement is designed to support financial institutions’ broader adoption of instant payments by delivering real-time fraud detection at the point of origin and processing, the provider of interbank transaction and reporting systems said in a Wednesday (April 16) press release.

“With our embedded AI fraud engine, we’re enabling real-time detection and decisioning, giving financial institutions the confidence to not only protect their assets, but to fully participate in the next generation of faster and instant payments,” Juniper Payments CEO Jon Budd said in the release.

These AI-powered fraud tools analyze large volumes of transactional and behavioral data in real time, enabling them to detect subtle patterns that indicate fraudulent activity while minimizing false positives, according to the release.

The tools also add risk-scoring capabilities across traditional payments like wires, ACH and cross-border payments, the release said.

The enhancement joins Juniper’s Payments Hub, which manages the rails for automated payment delivery and receipt via the company’s connected rails to the Federal Reserve, The Clearing House and foreign exchange (FX) gateways, per the release.

“Many financial institutions have been hesitant to flip the switch on full instant payment functionality,” Budd said in the release. “Our new solution provides the assurance they need to move forward with confidence, knowing they can protect their customers while staying competitive in a digital-first payments world.”

Instant payments can help financial institutions grow by enabling them to deliver the immediacy that their customers expect, Budd wrote in the PYMNTS eBook, “The New Value Equation: 11 Financial Services Leaders Share Their Vision for 2025.”

“Businesses of all sizes are excited to use instant payments when they learn about the benefits,” Budd wrote. “The ability to collect revenue quicker, hold onto money longer and make payments later is attractive for any business. These businesses could be a customer of your financial institution, but they will also most assuredly drive consumer adoption.”

Velera, the credit union service organization formerly known as PSCU/Co-op Solutions, completed its acquisition of Juniper Payments in 2022, saying Juniper’s work in the automated and unattended banking ecosystem was able to help with “vision and reliability.”

The post Juniper Adds Embedded AI-Driven Fraud Prevention Engine to Payments Hub appeared first on PYMNTS.com.

It shows 28% of consumers having already fallen victim to credit card fraud within the last year. Moreover, 37% express being very or extremely worried about the prospect of unauthorized access to their credit card accounts.

This pervasive anxiety underscores a fundamental expectation among consumers: that banks will take a leading role in both preventing and resolving fraudulent activity. The findings suggest that financial institutions face a growing imperative to actively monitor and intervene in cases of suspected fraud to maintain customer trust and satisfaction.

The report highlights a clear consumer sentiment that the onus of fraud prevention and resolution lies primarily with banks and credit card networks, not with individual account holders. Indeed, the vast majority of consumers, 82%, believe banks are responsible for resolving credit card fraud, and 75% hold them accountable for preventing it in the first place.

Encouragingly, the data indicates that banks largely meet this expectation, with 91% of consumers reporting that their bank intervened before they had to take action. Notably, consumer satisfaction is highest when banks proactively alert them to fraudulent charges before they themselves become aware. This proactive stance not only mitigates potential financial losses for consumers but also significantly bolsters their confidence in their banking partners. 

Key data points from the report underscore the urgency for banks to prioritize fraud prevention and response:

• Nearly three in ten consumers (28%) experienced credit card fraud in the past year, indicating the widespread nature of the threat and the potential for a large segment of the customer base to be affected.
• A strong majority of consumers (90%) who had their banks proactively address fraud reported being very or extremely satisfied with the handling of the situation, demonstrating the positive impact of vigilance on customer loyalty.
• Only a small fraction (5.2%) of consumers switched banks after experiencing fraud, but those who did suffered a significantly higher average loss of $475 compared to the $287 lost by those who took less drastic actions, signaling that higher-value fraud events can trigger significant customer attrition.

Beyond these key findings, the report also delves into the preferred methods of fraud notification, with mobile alerts being the most common. It further examines the actions consumers take after experiencing fraud, with requesting a new credit card being the most frequent response.

The data also reveals the varying levels of concern across different demographic groups. The report’s methodology is based on a census-balanced survey of 2,158 U.S. consumers conducted in August 2024, providing a comprehensive snapshot of consumer experiences and expectations regarding credit card fraud. For banking professionals, this report offers valuable insights into the critical role they play in safeguarding their customers and maintaining trust in a digital financial landscape.

The post 37% of Consumers Highly Concerned About Credit Card Fraud appeared first on PYMNTS.com.

The FTC revealed that figure in a recent report on its actions in the wake of the Government and Business Impersonation Rule, which took effect last year. 

Scams in which criminals impersonate businesses and government offices are consistently one of the top frauds reported to the FTC, leading to $2.95 billion in consumer losses in 2024. Since the new rule went into effect last April,  the FTC has brought five cases involving alleged violations and closed down 13 websites it said were illegally impersonating the commission online.

“The billions of dollars American consumers lose at the hands of impersonators is staggering,” Chris Mufarrige, director of the FTC’s Bureau of Consumer Protection, said in a news release. “The FTC will not hesitate to enforce the Impersonation Rule against bad actors.”

In the last year, the FTC has brought law enforcement actions under the Impersonation Rule against companies including Superior Servicing, which it accused of pretending to be affiliated with the Department of Education. This company, the FTC said, falsely promised student loan forgiveness, taking millions from student loan borrowers. 

“In November, a federal court temporarily halted the scheme and froze its assets at the request of the FTC, which is seeking a permanent ban on the defendants’ deceptive practices,” the commission said.

The FTC says it has also spent the last year working with domain registrars to take down websites impersonating the commission.

Recent research by PYMNTS Intelligence highlights the pervasive nature of financial scams, with 30% of American consumers — 77 million people — reporting financial losses to scams in the last five years.  Fraudsters are also turning to social media and GenAI to perpetrate scams.

“The financial damage is often significant, with most victims losing over $500 and many suffering losses in the thousands,” PYMNTS wrote last month. “Perhaps more alarmingly, the report debunks the notion that these scams primarily target older generations, revealing that victims span all demographics, including age, education and income.”

Still, the study spotlights the fact that specific groups are more susceptible to certain types of scams based on their circumstances, such as younger people being more vulnerable to job search scams and older adults facing being at greater risk from fake eCommerce schemes.

“This tailored approach by scammers poses a challenge to consumer-facing financial institutions (FIs), as it not only inflicts financial and emotional damage on their customers but also erodes trust in the institutions and the broader financial system,” the report added.

The post FTC: Impersonation Scams Cost Consumers Nearly $3 Billion in 2024 appeared first on PYMNTS.com.

It’s no surprise to Eric Stratman, senior director of analytics and insights at ValidiFI, who told PYMNTS in an interview that many firms grapple with outdated risk assessment processes. Because of those legacy systems, they transact online and across ACH networks playing a futile game of catch-up with scammers.

“Fraudsters are constantly evolving” as they shift to different attack vectors depending on the “use case” of the customer and the payment being made, Stratman told PYMNTS.

When businesses “use standard validation methods to verify payments, they’re lagging,” he said. There’s no longer any way for a bank to simply look at variables or data points to make sure that bank accounts are valid — among the first lines of defense against criminals.

Several Data Points

Triangulating a range of data points to validate those accounts and detect fraud before it makes an impact can save those firms massive hits to their bottom lines and reputations. Artificial intelligence and machine learning are key technological ingredients in collecting and analyzing a slew of data, spanning payment performance, identity elements and bank account level data to find the fraudulent patterns and the “needle in a haystack” that ValidiFI (through its banks solution) can point out to client firms to prevent adverse events, he said.

Predictive bank account intelligence, then, becomes a multilayered line of defense, thwarting the criminals before they strike with malevolent intent — and identity-related fraud is a clear favorite of the criminals as those stolen identities pave a path to new account fraud, takeover fraud and fraudulent loan applications.

“Pairing typical account validation with fraud checks provides us with a clearer picture and more confidence because we’re not only able to tell you that the account trying to process a transaction is valid — we can tell you if that consumer matches with that bank account, and how often they’re appearing and changing in our database as well,” Stratman said of his firm’s intelligence algorithms.

That same data, provided to banking clients, can help improve their operational efficiencies.

In a nod to those efficiencies, Stratman gave the example where a banking client came to ValidiFI with the pressing concern of a high rate of fraudulent transactions. The company’s data and analytics uncovered that a single individual was transacting across 10 different bank accounts in a bid to cover their tracks.

The client was able to eliminate 25% of invalid payments and 13% of fraudulent transactions, while only cutting 4% of successful transactions.

Cross-referencing has its benefits when seeking to ferret out fraud. In its own reporting, ValidiFI estimated that fraud risk increases nearly 60% when more than three Social Security numbers are tied to a single account used within a 90-day period. In addition, consumers with more than three emails linked to the same Social Security number in the last 30 days are representative of a two times higher fraud risk. Fraudsters are more than twice as likely to have mismatched phone numbers and ZIP codes when they seek to transact from an account.

“We’re minimizing the impact on [legitimate] transactions while increasing the amount of fraudulent payments and accounts that we’re flagging,” he said.

The solution is customizable to the banking client’s risk tolerance, Stratman said.

“We’re creating the full picture of bank account and payments intelligence — because the fundamental piece within the puzzle is that we need to make sure that the account trying to process that transaction is valid,” he told PYMNTS.

The post Validating Checking Accounts Gives the Good Guys a Chance appeared first on PYMNTS.com.

The PYMNTS Intelligence report “Fraud Risk Management Pushes Innovation Delays as Uncertainty Rises” highlighted how increasing fraud-related uncertainty is forcing companies to divert resources and postpone growth initiatives. Heads of payments at middle-market firms, those with annual revenues ranging from $100 million to $1 billion, reported that the need to manage escalating fraud risks is disrupting their businesses. This shift in focus underscores the operational influence that fraud concerns now exert, extending beyond direct fraud prevention measures.

The report, based on a survey conducted from Sept. 5 to Sept. 17, 2024, with 60 heads of payment, indicated a divergence between general business uncertainty and specific anxieties about fraud. While 22% of respondents reported high overall uncertainty in September, a decrease from 30% in March, the percentage citing uncertainty in fraud and risk management impacting their operations surged to 28% in September, up from 17% in March.

This heightened concern is not merely abstract; many of these companies are experiencing tangible consequences and are compelled to delay or cancel innovation projects and reallocate resources to combat the growing threat of fraud. This dynamic suggests that despite positive macroeconomic trends, the specter of fraud is becoming a dominant factor in shaping strategic decisions within the middle market.

Here are three key data points from the report.

• Overall Uncertainty Decline: Only 22% of heads of payment reported high uncertainty in September, a decrease from 30% in March, but before the tariff- and trade-related uncertainty of the first quarter of 2025.
• Rising Fraud Uncertainty: The report found that 28% of heads of payment indicated that fraud and risk management uncertainties impacted their operations in September, an increase from 17% in March.
• Innovation Delays: Approximately 66% of heads of payment in high-uncertainty environments reported frequently delaying or canceling innovation and technology initiatives due to fraud risks.

Beyond these core findings, the report also revealed a softening optimism regarding future uncertainty. While 57% of heads of payments anticipated an improvement in their operational uncertainty over the next year in September, the figure represented a decline from 67% in June.

Those already experiencing high levels of uncertainty were less hopeful, with 15% expecting improvement in contrast to the 56% who felt this way in March. This lack of confidence among firms facing high uncertainty could lead to more cautious decision making, further hindering innovation and long-term planning.

In response to these escalating fraud concerns, over half of the surveyed middle-market firms said they increased their reliance on technology in the prior 30 days, with artificial intelligence investments seeing a rise from 6.7% in June to 22% in September.

A growing number of companies are incorporating new processes and workflows to bolster their long-term resilience against fraud. These strategic adjustments underscore the impact that fraud-related uncertainty is having on the operational priorities of middle-market firms.

The post Fraud Uncertainty Climbs to 28%, Disrupting Operations for Mid-Market Firms appeared first on PYMNTS.com.

A Wednesday (March 26) Reuters report alleges that Edward Coristine, a 19-year-old who goes by the alias “bigballs” online, provided security support to a group called “EGodly” that boasted about trafficking stolen data and cyberstalking an FBI agent.

PYMNTS reached out to DOGE for comment but has yet to receive a reply.

Coristine, who has access to official networks as part of the DOGE initiative aimed at reducing the size of the U.S. government, operated a company called DiamondCDN while he was still in high school. The company, which offered network services, was used by the EGodly, the report said.

According to reports, Musk once praised Coristine on his social media platform X, posting Coristine “is awesome.”

On Feb. 15, 2023, EGodly publicly thanked DiamondCDN in a post on the Telegram messaging app for providing protection against Distributed Denial of Service attacks and caching services, which allowed them to host and safeguard their website.

The Reuters report said digital records preserved by the internet intelligence firm DomainTools and the online cybersecurity tool Any.Run showed the EGodly website dataleak.fun “was tied to internet protocol addresses registered to DiamondCDN and other Coristine-owned entities between October 2022 and June 2023, and that some users attempting to access the site around that time would hit a DiamondCDN ‘Security check.’”

The duration of EGodly’s use of DiamondCDN and any potential payments is unclear.

While the report said that EGodly claimed on its Telegram channel that it hijacked phone numbers, infiltrated law enforcement accounts in America and Europe, and stole cryptocurrency, this information couldn’t be independently verified.

According to Reuters, EGodly’s Telegram channel has been inactive for about a year.

In addition, the group allegedly circulated the personal information of an FBI agent who was investigating it, including his phone number and images of his home. Reuters found video evidence of harassment targeting the agent.

Reuters contacted the FBI agent targeted by EGodly, who has since retired. The agent confirmed that the group was under investigation because of its connection to “swatting,” which is making hoax emergency calls intended to send armed officers to targeted addresses.

In the report, Nitin Natarajan, a director at the Cybersecurity and Infrastructure Security Agency (CISA) under President Joe Biden, expressed concern about Coristine’s involvement with such a group just two years before joining an organization that has extensive access to government networks.

Reuters attempted to contact Coristine, DOGE, the FBI and people who participated in, or interacted with, EGodly. Messages were not returned. CISA declined to comment.

The post Report: DOGE Staffer Linked to Cybercrime Ring appeared first on PYMNTS.com.

Trevor Duffy Young and Wessam Baiz, along with companies associated with Baiz, will turn over profits they made from the alleged scam, will be banned from any involvement with any business opportunity, and will be prohibited from deceiving consumers about any good or service they sell or market, the FTC said in a Monday (March 24) press release.

The companies associated with Baiz include Lunar Capital Ventures, Ecom Genie, Profitable Automation and Valiant Consultants, according to the release.

The FTC’s case against the remaining defendants is ongoing, the release said.

“Young, Baiz and Baiz’s companies were part of a deceptive operation that took advantage of consumers looking to invest their hard-earned money, only to learn that promises of successful eCommerce stores were a total sham,” Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, said in the release. “Today’s action holds these defendants accountable by banning them from marketing or selling business opportunities and requiring payments to defrauded customers.”

The FTC said Oct. 28 that its lawsuit alleging an “online business opportunity scam” led a federal court to temporarily shut down the operations of the companies.

The agency alleged that the companies claimed consumers could earn “lavish” profits by paying tens of thousands of dollars to start online eCommerce businesses, but most consumers lost substantial amounts of money.

The complaint alleged that the companies operated the same scheme since 2022, deceived consumers and failed to provide them with disclosures required by the FTC’s Business Opportunity Rule.

The FTC alleged that the business opportunity scam took in more than $12 million from consumers.

The agency said March 14 that its law enforcement actions resulted in $337.3 million in refunds to consumers in 2024, up from $324 million in 2023.

“Getting money back for people across the country is a top priority for the FTC,” Mufarrige said at the time in a press release. “We will relentlessly pursue refunds for Americans who lost money to unlawful practices.”

The post FTC Settles Charges in Alleged eCommerce Business Opportunity Scam appeared first on PYMNTS.com.