Fighting Online Payment Fraud: AI and Biometric Challenges

Payment processors and financial institutions are continuously enhancing their fraud detection systems to identify and thwart fraudulent transactions, writes PaySpace Magazine. However, they must remain vigilant against emerging threats and evolving fraudulent methods.

As ChatGPT emerges as the fastest-growing application, it presents new business opportunities. Yet, hackers are exploiting innovative AI tools and chatbots for malicious purposes, creating their versions of generative AI solutions such as WormGPT and PoisonGPT. These unethical tools, based on open-source large language models (LLMs), like GPT-J from 2021, lack anti-abuse restrictions. WormGPT, for example, is used for Business Email Compromise (BEC) phishing attacks targeting large businesses, enabling hackers to engage in various malicious activities upon request.

Similarly, PoisonGPT is designed to "poison" trustworthy LLMs with malicious models, allowing for the dissemination of false information and the theft of sensitive data. While PoisonGPT was originally crafted by security researchers to highlight AI system vulnerabilities, cybercriminals can easily employ such tools for nefarious activities.

Reports from 2023 revealed over 50 fake AI apps engaged in phishing scams, while investment scams leveraging AI hype, such as promising unrealistic profits through AI-driven trading, have surged. Legitimate AI chatbots like ChatGPT may inadvertently aid malefactors by generating polished text for phishing messages. Furthermore, social media scams utilizing sponsored posts lure users into downloading fraudulent AI software, compromising their data for potential online payment fraud.

AI voice scams utilize audio data from social media to deceive targets' family members into initiating fraudulent money transfers.

Fraudsters employ innovative techniques like spoofing digital fingerprint data points and manipulating biometric data, leveraging AI to overcome security measures. They use sophisticated VPN services and proxies to bypass restrictions and exploit vulnerabilities in biometric verification systems, either intercepting data during transmission or stealing it from databases. As a result, biometric verification alone cannot serve as the ultimate authentication method for e-commerce and financial institutions.

Online payment fraud, evolving with AI advancements, demands heightened cybersecurity measures. The rise of deepfake technology, data spoofing, and biometric hacks underscores the urgency for smarter authentication methods and increased investments in global cybersecurity systems.