Overcoming Latin America’s Digital Fraud Challenges
Latin America is among the regions most troubled by payment fraud worldwide.
This success of fraudsters stems from multiple factors: fast-paced digitalization and banking development, an expanding instant payments market, and insufficient regulatory implementation and law enforcement. Let’s examine the key challenges that Latin American financial institutions encounter in fraud prevention.
Latin America is experiencing rapid technological inclusion, with widespread effects across this large region. The region is increasingly online: As of 2022, 77.9% of the population used the internet, an increase from 74.8% the previous year and above the global average of 66.3%, according to the International Telecommunication Union (ITU). Latin Americans are amongst the heaviest internet users in the world and lead global usage for many social platforms. Nearly half of the region’s internet users spend an average of six hours daily on social networks.
However, this trend has also triggered a surge in payment fraud and cyberattacks. Latin America leads the world in credit card fraud, with rates 97% higher than North America and 222% higher than the Asia-Pacific region. It also has the highest revenue loss to fraud, at 20%.
The scam wave: Latin America’s toughest battle
The post-COVID surge in scams and social engineering cases that have swept the world has also engulfed Latin America. The region’s “scampocalypse” has been further fueled by the rise of instant payments, which demand greater user caution and enhanced security. Additionally, real-time payments provide fraudsters with a quicker means to siphon funds.
Amidst this rapid digital adoption, specific platforms such as Brazil’s Pix highlight both the benefits and emerging challenges. Pix stands out as one of the world’s most successful real-time payment platforms (alongside India’s UPI). Pix now handles about 36% of electronic payments in Brazil, digitizing billions of transactions that were formerly conducted in cash. Despite the many positives of digital evolution, this shift has also led to an increase in payment fraud in the country, particularly authorized-push payment (APP) scams, whereby the legitimate account holder initiates a transaction because they fell for some sort of scam.
According to ACI Worldwide and GlobalData report, Brazilians lost nearly $247 million to APP scams in 2022. The report further estimates that the value of losses from APP scams will increase at a Compound Annual Growth Rate (CAGR )of 21% to just under $635.6 million between 2022 and 2027. In this context, the majority of consumers are tricked into paying for goods or services upfront (27%). According to TransUnion’s data, one out of ten Brazilians fell victim to scams between September and December 2023. A further 30% experienced an attempted fraud but were able to detect it in time.
While Brazil’s experiences are concerning, similar challenges are echoed throughout Latin America, demonstrating a regional trend. In Colombia, for example, identity theft and digital fraud crimes have increased by 409% since 2020, based on official Colombian government data.
The fraud situation is particularly problematic in Mexico. Approximately 15,000 cases of financial fraud take place there every day, as reported by the Belisario Dominguez Institute. The National Institute of Statistics estimates that nearly 15% of the Mexican population has already been a victim of fraud, which is one out of every five users. And in 92% of cases, the fraud is successfully completed.
Friendly fraud: The hidden challenge
Massive digitization and banking inclusion, involving consumers of varying digital proficiency and organizations with differing fraud detection capabilities, have fostered the growth of a specific type of fraud in Latin America known as friendly fraud. What is it?
Friendly fraud occurs when a customer makes an online purchase with their own credit card and then requests a chargeback from the issuing bank after receiving the goods or services. Instead of contacting the merchant to resolve any issues, the customer bypasses the merchant entirely and claims the transaction was unauthorized or that the item was never received. This type of fraud can be challenging for merchants and financial organizations as it’s often hard to distinguish from cases of intentional fraud.
The term “friendly fraud” refers to the fact that the “fraudster” in this case is a legitimate customer and is not always aiming for unfair profit. Consumers are often convinced that they are entitled to a chargeback. How is this possible? Studies show that at least 77% of people have trouble accurately identifying transactions that appear on their bank statement.
Friendly fraud is very burdensome and expensive for the financial system. Unlike a refund, which is applied directly to the merchant, a chargeback involves all parties participating in the transaction process and places a disproportionate burden on banks. The financial and operational costs are often much higher than the value of the original transaction. Yet the data is staggering: Up to half of all chargeback requests in online businesses are friendly fraud, according to Americas Market Intelligence.
Gaps in regulation and cybersecurity
“Latin America has a challenging financial crime environment. (…) The region suffers from high levels of corruption and bribery, low levels of financial transparency, and weak public transparency and accountability,” explains Fernando Peyretti, Forensics Partner at Deloitte, for Financier Worldwide Magazine. State weakness then leads to failures in enforcing the anti-money laundering framework. State economies are also losing out. For example, it is estimated that approximately 50% of the Argentine economy operates in an unregulated market.
As recently as 2022, Latin America reportedly had the largest number of unprotected data in the world. According to The International Telecommunications Union’s Global Cyber Security Index, in 2020, 28 countries in the region provided no incentives to improve private cybersecurity, and 17 countries did not have a national cybersecurity strategy focused on critical infrastructure.
Naturally, this situation creates room for criminals and leads to the high incidence of ransomware, which was responsible for six of every ten attacks in 2022. Scam centers, a phenomenon until recently largely associated with the Southeast Asian region, are also proving to be a problem. Interpol recently supported Peruvian law enforcement in the case of 40 Malaysian victims who were forced to run cyber scams.
Regulatory responses: Latin America’s push against cybercrime
Latin American countries are finally stepping up their defense mechanisms against fraud. Cybersecurity measures in the region are improving and local governments are also taking action. Brazil is a fitting example as the Central Bank of Brazil has adopted Resolution 6. This regulation mandates that financial institutions, payment providers, and other authorized entities detect and report fraud-related data.
Liability for fraud losses is also evolving. For instance, with Brazil’s popular Pix platform, the Central Bank has implemented the Mecanismo Especial de Devolução (MED), or Special Return Mechanism in English. Introduced in 2021, MED is designed to speed up the recovery of funds lost to fraud or operational failures.
The surge in fraud has prompted legislative changes in Colombia. In 2023, the country passed a law exempting victims of internet fraud from paying loans or being reported to credit bureaus. This legislation mitigates the harsh impacts of identity theft, where victims previously had to shoulder debts and the consequences of actions by fraudsters using stolen identities.
These are likely not isolated actions; we can expect Latin American governments to further intensify their efforts to combat fraud and preserve citizens’ trust in digital transactions.
Read more about the fraud liability
The role of technology in fraud prevention
As responsibility shifts from defrauded customers to financial institutions, banks and payment service providers (PSPs) in the region are challenged to enhance their anti-fraud mechanisms. Strengthening these protections is essential to curb the flow of financial revenues to fraudsters. Furthermore, combating increasingly sophisticated fraud, often powered by artificial intelligence, requires advanced technology (read more in our recent article).
An effective defense against various types of online fraud involves a comprehensive approach to fraud detection. Behavioral intelligence solutions, such as ThreatMark’s Behavioral Intelligence Platform, demonstrate excellent results by detecting a wide spectrum of modern fraud types. These include authorized push payment (APP) scams, remote access tools and trojans (RAT attacks), all sorts of social engineering, phishing, account takeovers, and other forms of payment fraud.
ThreatMark achieves these results through a holistic analysis of all digital (mobile + web) channels. The behavioral intelligence comes from a detailed overview of device fingerprinting, early warning threats, user identities, user behaviors, and payment transactions across the financial institution’s digital banking channels, and presented through a single, user-friendly interface.
Read more about the behavioral intelligence platform
Beyond detection: Disrupting the fraud cycle
For banks and PSPs in Latin America which face various types of financial crime, leveraging technologies like ThreatMark’s Behavioral Intelligence Solution is especially valuable.
Financial institutions can radically shift their approach, focusing not just on immediate threats but on the entire fraud ring: from the attack infrastructure and account activity to fraudsters’ interactions with users and the laundering of illicit funds. This comprehensive strategy results in up to a 65% greater reduction in fraud losses with lasting effects.
The solution to the fraud problem—not just in Latin America—is to actively dismantle fraudster operations in addition to protecting consumers. This is precisely what ThreatMark’s solution achieves. By disrupting the entire fraud operation, it strikes at the root of fraud.