TMT Analysis: The PayPal Fake Accounts Crisis Shows Why All Financial Services Must Step-Up Security

Paypal is up to its eyes in controversy at the moment, after it was revealed that a staggering number of false accounts were created on its service; placing a black mark on the provider’s cybersecurity rap sheet.

Fergal Parkinson

The aftermath of this news hit close to home for TMT Analysis, which analyses over 60 million numbers a day, verifying the authenticity of a user through to their mobile device. It helps companies mitigate fraud and help them onboard quickly and cheaply.

Here, the company’s Co-Founder and Director, Fergal Parkinson discusses what Paypal’s security slip means for the everyday user and why, if left unchecked, false accounts could lead to a real crisis for the safety of online payments.

THE PayPal fake accounts crisis shows why all businesses in the financial services sector must step-up security.

For most of us, it seems incredible that one of the largest payment companies in the world does not have adequate security measures in place to prevent major fraud.

It emerged last week that PayPal identified 4.5 million accounts it believes ‘were illegitimately created’. Shocking news for the millions of consumers and businesses that rely on PayPal and financially devastating for the company itself – its stock slumped 25 per cent when the news broke.

The firm admitted that many of these fake accounts were being created by ‘bot farms’ to take advantage of a free money incentive for new sign-ups. It’s important to note that PayPal is far from alone in falling victim to this kind of crime.

Fraud continues to plague fintech businesses large and small; since the pandemic began, fintech’s fraud issues have grown at a frightening pace, particularly with the rise in smartphone usage.

The crisis – yes, a crisis if the industry does not take immediate action – is an example of how all businesses face the same issue regarding the rise in digital identity fraud and that even the greatest tech providers are fallible. How can businesses improve security?

Any company in the FS industry, their CIOs or Risk Management teams, should not just be relying on pre-existing security checks – such as two-factor authentication – to onboard new customers and keep their details secure.

SupTech and RegTech will increasingly support businesses needing AI and machine learning to rapidly (and in real-time) assess the authenticity of customers.

A crucial step, which is often overlooked, is ensuring that devices are linked to a specific person. This is a much more secure approach that dramatically reduces risk to both customers and retailers. Locking a mobile device to an individual is a low cost, low friction way to verify a user using live telco data.

This needs to be done at account creation or registration, not just at point of sale/transaction, to avoid the difficult position PayPal finds itself in, where fake accounts needed to be weeded out after criminals had already committed fraud, rather than focusing on preventing it from occurring in the first place.

It’s not a one-off and there will be more fraud in 2022. UK Finance recently stated that “Fraud is a growing problem, with criminals stealing more than £750million in the first half of 2021 alone”. It’s a core reason why Strong Customer Authentication (SCA) measures have been put in place for high value or high risk transactions.

It is a notable and welcome step-change for FS and retail sectors, despite its delayed introduction into the UK, protecting both consumers and the businesses offering their services. However, the new rules do not go far enough and still leave the door wide open for fraud, like the one PayPal fell victim to.

Other sophisticated frauds, such as International Revenue Share Fraud (IRSF), Account Takeovers (ATO) are also on the rise. In fact, sim-swapping is an increasingly common technique adopted by fraudsters – where they intercept authentication text messages, giving them access and control of people’s accounts to clear funds, as well as pursue other fraudulent activity – and it continues to cause concern in the industry.

Businesses should not rely on pre-existing models, as criminals become smarter and use new techniques and tech to attack even the largest of businesses. Fraud is becoming increasingly elaborate and complex and will continue to negatively impact the sector unless more robust and thought-through prevention by fintechs is put in place.