Battling Cyber Threats in Latin America's Payment Landscape

Global e-commerce sales are projected to reach US$6.3 trillion this year, with Latin America prominently contributing to this growth, driven by the increasing adoption of online payments. To sustain the ongoing expansion of the e-commerce landscape, it is imperative to establish robust technological infrastructure to protect consumers and businesses from the escalating cybersecurity threat of online payment fraud.(1)

In 2023 alone, fraudsters distributed the information of over 119 million payment cards through the dark web (hidden internet sites accessed via specialized browsers, enabling users to conceal their identity and location from others and law enforcement) and other channels. This translates into US$9.4 billion in preventable fraud losses for card issuers and US$35 billion in potential chargeback fees for merchants and acquirers.(2)

Recorded Future, a cybersecurity company, revealed that these stolen cards frequently contain cardholders' personal details, such as names, addresses, and phone numbers. Mexico is notably susceptible to these incidents, ranking second in Latin America for the highest number of payment cards being exposed on the dark web, totaling 1.2 million.(3)
 
Now, more consumers are using smartphones and tablets for things like online banking and shopping. Because of this, cyberattacks on mobile devices are becoming more common. It is worth noting that there are more mobile broadband connections in Mexico than there are people, with 130 million recorded in just the first half of 2023.(4)

Between August 2022 and August 2023, Latin America experienced a staggering 2.3 million cyberattacks on mobile devices, including smartphones and tablets. We are talking about more than 6,300 attacks per day and around five attacks per minute. Brazil emerges as the most attacked country, ranking fifth globally, closely followed by Mexico, ranking eighth worldwide.(5)

Within the current wave of cyber threats, banking trojans that target mobile platforms stand out as one of the most dangerous types of malware within the online payments system. These malicious programs sneak into your device by tricking you into downloading them, usually disguised as something else, to steal sensitive data like your credentials and bank card numbers.

Another common threat in online payment fraud is chargeback fraud, also known as friendly fraud or cyber shoplifting. It happens when someone buys something online with their own credit card, but then asks their bank for a chargeback, claiming they never got what they paid for, even if they did.

Best Practices for Cybersecurity in Payments in 2024

By adopting a multilayered approach to cybersecurity and staying vigilant against evolving threats, businesses can better protect themselves and their customers from the growing risks associated with e-commerce and online payments. 

Some key practices:

• Employing data encryption and tokenization ensures that sensitive data is transformed into unreadable code; tokenization replaces personal data with unique tokens, reducing the risk of data exposure in case of a breach.
   
• Leveraging artificial intelligence. A good example of how the potential of AI can be harnessed to achieve positive outcomes is the integration of AI systems into anti-fraud measures that analyze transactions in real time. This enables swift detection and prevention of fraudulent activities before they cause harm to businesses.
  
  - For instance, Conekta relies on an AI-driven anti-fraud system called Fortress. This defense tool is built on a decade's worth of transactional data and continuously learns to detect anomalies or risky movements that could signal fraud, like chargebacks, with AI algorithms that provide top-notch security for online transactions.
   
• 3DS-Secure acts as a secondary authentication mechanism for online card payments. Instead of just typing in card details, you might get a one-time code sent to your phone or email for confirmation. This makes sure it's really you making the transaction.


• Obtaining PCI (Payment Card Industry) Certification ensures that businesses follow standards to secure and protect credit card data provided by cardholders.
   
• Partnering with reliable digital infrastructure companies specialized in secure payment processing technology is crucial to ensure the protection of both businesses and consumers against cyber threats.
  
  - Payment processing companies provide secure gateways through advanced encryption methods and inherent features like secondary authentication mechanisms and anti-fraud systems, along with obtaining PCI certification. Additionally, these companies maintain constant vigilance, regularly updating security measures to address emerging threats and protect businesses and consumers from cybercriminals.
• Training and Awareness Programs that educate employees regarding common cybersecurity threats, such as phishing, social engineering, and malware help foster a culture of cybersecurity awareness and vigilance within the organization.

In the dynamic landscape of e-commerce and the payments industry, adopting robust cybersecurity measures is key to safeguarding both businesses and consumers against evolving cyber threats. Given the alarming statistics on fraud and cyberattacks in Latin America and Mexico, the stakes have never been higher. By prioritizing cybersecurity and adopting a proactive approach to risk management, we can foster a safer and more resilient e-commerce ecosystem for businesses and consumers alike.

1. Ecommerce growth worldwide will pick up before tapering off, Insider Intelligence | eMarketer (June 2023)
2. Annual Payment Fraud Intelligence Report: 2023 by Insikt Group, Recorded Future (december, 2023)
3. Ídem
4. Mexicanos se ‘apoderan’ del uso de smartphones; líneas con internet móvil llegan a 130 millones, El CEO (agosto 2023)
5. Brasil, México y Ecuador: los principales blancos de ataques a dispositivos móviles en la región, Kaspersky, (September, 2023)