Under the heavy pressure of AI payment fraud, how can global enterprises break through the barriers?

In the digital torrent of data flowing and everything interconnected, the business tentacles of global enterprises have reached far and wide.

Payment, as the starting point and key node of the business closed - loop, its security and convenience are like the "digital lifeline" of enterprises in the global arena, maintaining transaction trust and guarding against fraud.

However, when business crosses regional boundaries and hackers start to use new AI technologies, the challenges of payment security have escalated sharply. The unpredictable cyber threats, increasingly stringent global compliance requirements, and complex and changeable fraud means together form the "hidden reefs and dangerous shoals" on the global journey of enterprises.

Secure payment has once again become the "lifeline" of global enterprises, rather than an additional question.

A McKinsey report in 2024 shows that in the next decade, the global losses caused by payment card fraud are expected to reach $400 billion. Behind these cold numbers lies the real dilemma faced by global enterprises:

A large - scale data breach may instantly destroy user trust and incur huge fines; a well - designed fraudulent transaction may instantly disrupt the capital cycle and even force the enterprise to withdraw from the market. Secure payment is no longer just a technical guarantee, but the cornerstone and core competitiveness of an enterprise's global strategy.

Against this background, on July 25th, TrustDecision, a global risk decision - making intelligent service provider, jointly held an offline salon with 36Kr in Hangzhou, titled "How Global Enterprises Can Achieve Secure Payment in the Digital Age". The event brought together decision - makers of global enterprises from different industries, risk control experts, and technology service providers to jointly analyze the deep - seated pain points of secure payment and explore cutting - edge strategies for building a resilient payment system.

One of the core pain points of current global payment lies in how to implement refined risk control strategies to ensure transaction conversion rates while strictly preventing fraud risks. Traditional strong verification processes often increase the user payment steps, leading to a rise in the shopping cart abandonment rate and directly impacting business growth. The solution lies in using technology for real - time analysis to accurately identify the level of risk. For example, simplify the process for low - risk transactions to improve the user experience, and only dynamically trigger strong verification for high - risk scenarios to effectively intercept third - party fraud such as card theft.

On this issue, Mastercard, a global payment technology company, shared their risk management strategies at the salon, such as strict monitoring of fraud and chargeback requests. They also reminded overseas enterprises that deploying refined risk control measures is crucial for enterprises of any size, as hackers will not "spare" small merchants. However, at the same time, small and medium - sized overseas enterprises, due to the lack of self - built risk control capabilities, need to rely more on the power of technology and third - party solutions.

The TrustDecision team deeply feels this. Especially in the era when "AI fraud" is gradually taking the mainstream stage, AI applications enable fraudsters to challenge payment security with lower costs and more "realistic" impersonation means. Although security technologies are constantly upgrading with the iteration of AI capabilities, attackers are still constantly trying to exploit vulnerabilities to avoid them.

Currently, the global payment field has presented a pattern of diversified risk dynamic stratification. The attack chain of the black industry has evolved from traditional transactions and card testing to breaking through modern payment verification systems. Facing new threats, enterprises need to build a more comprehensive defense architecture. At the technical level, it is necessary to strengthen the identification of potential permission bypass or injection behaviors of terminal devices and build a solid security foundation; at the data level, an internal and external intelligence coordination mechanism needs to be established to dynamically monitor risk indicators. Regarding AI applications, TrustDecision also mentioned the value of special solutions such as model - layer analysis technology, feature extraction, pre - training, and optimization.

From the professional perspective and service experience of TrustDecision, risk control should not blindly pursue a reduction in the fraud rate. More importantly, it should consider the overall ROI of enterprise customers to ensure that core revenue indicators such as GMV are not negatively affected. Therefore, it is necessary to first improve the payment success rate, then block risks, and finally use early warnings as a "backup". In this way, a "full - link security funnel" can be built to achieve a dynamic balance between reducing the fraud rate and ensuring the payment conversion rate, so that the effectiveness of risk control ultimately returns to the essence of business.

According to the research of TrustDecision, the anti - fraud investment of enterprises can currently be quantified into business value. Enterprises can calculate based on variables such as the operating cost of direct losses and users' consideration of compliance risks, combined with risk control costs, and then consider whether anti - fraud can bring value to the enterprise.

At the salon round - table, experts from atsec, a global information technology security consulting company, and Checkout.com, a global leading acquirer, shared the new forms and trends of current global payment fraud. Firstly, there is "triangle fraud". Relying on mature overseas black industry chains, through channels such as social platform purchasing agents and second - hand transactions, fraudsters use stolen funds to place orders at low prices. Finally, the real cardholder initiates a chargeback, resulting in double losses for merchants.

The second type that needs attention is "friendly fraud", which has increased sharply due to the rising price sensitivity of consumers, manifested as cardholders maliciously appealing for unauthorized transactions (such as family members denying consumption).

Thirdly, service - type chargebacks are triggered by large - scale disputes and claims due to performance issues such as cross - border tariff disputes and logistics delays; the abuse of policies has evolved into systematic arbitrage, including multiple accounts taking advantage of new - customer subsidies and using the return and exchange policy to cash out the price difference across orders and other derivative forms.

The common root cause of these three trends lies in the alienation of consumer behavior caused by the adjustment of global tax policies. Price sensitivity may force consumers to seek non - formal channels, while stimulating diversified black industries and fraud motives. Therefore, prevention and control strategies also need to be deployed in layers: start - up enterprises can build a defense line relying on basic risk control tools (3DS/CVC verification), while high - growth enterprises must build a coordinated joint defense mechanism among card organizations, acquirers, and third - party risk control technology service providers, and optimize data and rules to deal with industrial - chain - level fraud threats. Generally speaking, fraud prevention and control is evolving from technical confrontation to a competition of ecological coordination capabilities.

TrustDecision's focus on the enterprise value in the risk control field is consistent with the judgments of other manufacturers and experts. Currently, three breakpoints, namely the crisis of compliance "red lines", the failure of marketing risk control, and the out - of - control infrastructure cost, are constantly eroding the living space of overseas enterprises. Among them, security and compliance experts from Amazon Web Services (AWS) provided professional judgments and suggestions on the data privacy compliance issues of enterprises going global.

For overseas enterprises, the three - fold compliance pressure faced by global payment lies in: new extraterritorial regulations such as the 14117 Act strictly restrict the cross - border flow of data, the requirements for financial data localization are becoming more and more strict, and payment certification standards such as PCI - DSS continue to be upgraded. AWS's practice shows that a deep - level dynamic framework from both technical and compliance aspects is still the most effective solution. Its core value lies in transforming compliance constraints into technical controls, enabling global enterprises to focus on business innovation rather than compliance investment.

The global payment industry is at the intersection of technological innovation and cognitive reconstruction. Opportunities are as bright as stars, and challenges are also closely following. On one hand, the AI - based black industry is irreversible; on the other hand, merchants want to provide users with a safe and seamless transaction experience. Security evolution and risk control upgrade do not mean building high walls, but rather allowing good traffic to flow faster and bad traffic to be detected immediately. Therefore, more traffic lights need to be established to better regulate traffic.

The era of ecological collaboration has begun. In the future, only by allowing different roles and professional forces in the ecosystem to give full play to their strengths and enabling enterprise risk control and efficiency to go hand in hand can every cross - border transaction be filled with the "blood" of trust while showing the "muscle" of global brands.