Personalized Attacks, Scalable Solutions: The Payments Industry’s New Security Imperative

The payments industry faces the dual challenge of enhancing user experience while combating sophisticated fraud.

“There’s a lot of emphasis on doing things as frictionless as possible,” Sunny Thakkar, head of global fraud, disputes and authentication products at Worldpay, told PYMNTS during a discussion for the “What’s Next in Payments: The Payments Circle of Trust Risk” series.

“People have become used to really instant payments,” Thakkar said, adding that risk management traditionally required deliberate processes to ensure accuracy. “The challenge is maintaining a fast user experience while managing the inherent risks of eCommerce.”

Technological advancements are central to this effort. By harnessing passive signals such as device information, geolocation and behavioral biometrics, companies can build risk models without burdening users with excessive verification steps. These innovations not only enhance security but also cater to consumers’ expectations for frictionless transactions, he said.

However, as the volume of digital payments grows, so does the complexity of managing risk.

In this environment, creating a “circle of trust” around the customer through advanced risk management practices has emerged as a strategic imperative and a competitive advantage, he said.

The shift to online commerce during the pandemic introduced new vulnerabilities. Fraudsters, emboldened by the availability of data from record-breaking breaches in 2023 and 2024, are exploiting digital ecosystems in novel ways.

“The information from data breaches is like the DNA of fraud,” Thakkar said.

Criminals now target systems holding personal identifiable information (PII) — such as healthcare databases and credit bureaus — rather than payment-specific data. This allows them to construct synthetic identities, which they use to defraud credit systems and secure fraudulent loans.

At the same time, the emergence of technologies like buy now, pay later has introduced new avenues for fraud, requiring innovative risk management solutions.

In such an environment, trust is not an abstract concept; it’s a measurable asset. Companies that can effectively embed trust into their payment processes — through risk management strategies, transparent policies and seamless user experiences — stand to gain not just customer retention but also long-term loyalty.

Artificial intelligence (AI) is also a boon and threat in the fight against fraud. On the positive side, AI enables companies like Worldpay to analyze millions of data points, detect anomalies and improve decision-making accuracy. However, Thakkar expressed concerns about fraudsters using generative AI to create deepfakes and bypass biometric authentication.

“The same tools we use for good are being leveraged for malicious purposes,” he said, citing increasingly personalized phishing scams as a troubling example.

Regulation remains a critical factor in shaping payments. While the European Union continues to lead with stringent policies, the U.S. regulatory approach is evolving. Collaboration among regulators, financial institutions and security companies fosters a secure ecosystem, Thakkar said.

“Bad actors don’t play by the rules,” he said, advocating for data sharing across industry players to enhance fraud detection.

There is also a need for companies to be proactive participants in regulatory discussions, ensuring that policies balance innovation with security, he said.

Ultimately, customers demand precision. They expect companies to accurately detect fraud while minimizing false positives that disrupt legitimate transactions.

“The balance between stopping bad actors and ensuring a smooth experience for good actors is critical,” Thakkar said.

To meet these expectations, Worldpay is focusing on greater collaboration with issuing banks to share insights and improve decision-making on both ends of the payment process.

Despite its importance, building a circle of trust is easier said than done. The fragmented nature of the global payments ecosystem poses challenges.

Thakkar said he is looking toward the future with a mix of optimism and caution. While advancements in AI and data analysis have the potential to revolutionize fraud prevention, the increasing sophistication of cybercriminals is a growing concern.

“AI is one of the areas I’m extremely excited about, but also very fearful of if it ends up in the wrong hands,” he said.

For the payments industry, collaboration and innovation will be paramount in staying ahead of threats while delivering the seamless experiences customers demand, he said.

“The future of payments is about building trust — and keeping it,” Thakkar said.

The post Personalized Attacks, Scalable Solutions: The Payments Industry’s New Security Imperative appeared first on PYMNTS.com.