Author

Dan Brightmore

Published

10 September 2025

Estimated Read time

2Mins

Data from Mangopay’s global fraud detection solution Nethone shows UK online platforms among most frequently attacked countries, driving a 48% year-on-year rise in fraud checks

New data from Nethone, Mangopay’s global fraud detection solution, reveals online fraud pressure rising to record levels and breaking out of traditional holiday cycles. 

From January 2024 to July 2025, monthly inquiries (events assessed for fraud risk such as transactions, logins and sign-ups) grew from around 240 million to over 525 million. More than doubling in 18 months. Peaks landed outside classic shopping windows, notably Sep-Oct 2024 (480m) and set a new all-time high in July 2025 of 525m. 

The year-on-year picture tells the same story: between January and July 2025, Nethone processed an average of 470 million inquiries per month, compared to 300 million in the same period in 2024 – an increase of 48% year-on-year. 

Nethone’s full risk profiling analyses (“profilings”), which combine device fingerprinting, behavioural biometrics and account history checks, also rose from an average of 110 million per month (January-July 2024) to 170 million (January-July 2025), a 37% year-on-year increase, with an all-time high of 245 million in June 2025. 

Geographically, the UK emerges as one of the most targeted hubs for online fraud, alongside France, Germany and Spain. Sector patterns underscore the year-round threat. E-commerce accounts for the majority of fraud events detected across the year. This is consistently driving volumes well above 400 million monthly checks in 2025. Travel and mobility platforms bring in seasonal spikes during summer holidays, while FinTech platforms show sharp surges in specific months, reflecting event-driven criminal activity. Gaming platforms follow a similar pattern around promotional campaigns. 

Mark Burton, VP Engineering, Fraud Platform, Nethone

“Fraud is no longer a seasonal threat. Our data shows that criminal activity has become a year-round pressure on UK and European platforms. Fraudsters now exploit promotional cycles and refund windows just as much as traditional shopping peaks. They are becoming more persistent and opportunistic, driving higher costs for businesses and risks for consumers. Online marketplaces, travel providers, and FinTech platforms need to be prepared for a constant baseline of risk, not just one-off surges.”  

About Mangopay 

Founded in 2013, Mangopay powers a wallet-based payment infrastructure specifically designed for organizations with complex, multi-party fund flows. Our programmable wallet solution optimizes fund management, allowing platforms to regain control over payments, secure transactions, and automate payouts.  

By leveraging Mangopay’s end-to-end white-label infrastructure, clients generate additional revenue and enhance operational efficiency while remaining compliant and protected with 360° AI-driven fraud prevention. 

With over 250 million end users and more than €130 billion in processed transactions, Mangopay continues to lead in the fintech industry, providing flexible wallets designed to move money your way. 

About Nethone, a Mangopay solution 

Nethone, a Mangopay solution, is an AI-powered fraud detection system that offers the most in-depth user analysis and precise risk analysis for merchants and fintech companies.  The proprietary profiler analyzes thousands of data points for a 360° view of every user, detects fraudulent behavior with 130 signals combined with AI-based models, and keeps companies safe from account takeover, payment fraud, bots, and organized attacks.  

  • Cybersecurity in FinTech
  • Digital Payments

Author

Rob Meakin

Published

12 June 2025

Estimated Read time

5Mins

Rob Meakin, Director of Fraud & Identity at Creditinfo, on leveraging tech to tackle fraud

Financial fraud is increasing around the world, putting both mature and emerging digital economies at risk. The overall global economic impact of financial crime has been estimated to be $5 trillion. Furthermore, according to the 2024 Nasdaq global financial crime report, fraud losses totalled $485.6 billion worldwide. This from fraud scams and bank fraud schemes alone. As such, organisations face a series of challenges, from eroding profit margins to reputational risks to data breaches.

Many factors contribute to this growing wave of fraud. For example, digitisation in banking has created new opportunities for bad actors. With more identity data existing online, attack surfaces have expanded. Hackers now have more possible entry points to exploit vulnerabilities.

At the same time, new technologies, like machine learning (ML), artificial intelligence (AI), and automation are enabling bad actors to innovate faster and evade detection more effectively. AI, in particular, is a double-edged sword. While many businesses use the technology to improve efficiency and decision-making, it also gives bad actors a helping hand. Deepfakes and social engineering, for example, enable them to impersonate individuals with uncanny realism.

Additionally, cybercrime – especially financial crime – is becoming more sophisticated. Today, over two-thirds of financial institutions admitting they’re unprepared to defend against the rising wave of attacks.

Counting the many costs of fraud

Rising fraud creates challenges at local, national, and global levels. Financial loss is, obviously, a primary concern. But financial loss is only part of the total cost of cybercrime. Fraud also brings reputational damage, increased risk of data breaches, and potential legal consequences.

As organisations devise new strategies to tackle rising fraud, they must also heed regulatory requirements. Namely, Anti-Money Laundering (AML) registration, as well as other standards for privacy and consent. These regulations create further challenges for organisations as they aim to uphold rigorous compliance requirements without impacting sales, operating costs, or the customer experience.

It’s time for a different approach to fraud detection

On both local and global levels, mounting fraud threatens economic growth. In its Plan for Change, the UK government has recognised global co-operation will be necessary to tackle fraudsters. However, existing security strategies are too fragmented to suit the needs of diverse markets.

Emerging economies, for example, often lack mature controls, making them inherently vulnerable to hackers. Yet, with smaller digital infrastructures, they’re also less attractive targets for financial crime.

In contrast, more mature economies usually have stronger security defences. However, their larger digital ecosystems make them perhaps even more vulnerable to bad actors’ advances. After all, the more digital an economy becomes, the more fragmented and complex an individual’s identity and the more opportunities for bad actors to exploit or impersonate it.

Combatting fraud at a global scale requires going local

Considering the scale and sophistication of cybercrimes, combatting global fraud will require organisations to turn to localised data for more precise identity verification.

By integrating data from diverse, localised sources and tailoring fraud prevention strategies to market-specific risks, organisations can better detect fraud and establish identity trust. And in a way that both upholds the customer experience and promotes financial inclusion.

Combine credit, government, and digital data to enhance intelligence

Thwarting fraudsters begins with building intelligence to establish trust and verify presented identities. This is where localised data can help. By combining credit bureau data with government registries and digital signals, organisations can find a correlation across multiple digital identity attributes and digital risk signals to assess risk and enable real-time identity trust.

Credit bureau data associated with the presented identity can be used to determine risk and trust based on four vectors:

  • The bureau footprint: information comprising records from multiple contributing organisations
  • Activity history: evidence of recent and consistent payment activity
  • Data consistency: personal data stability
  • Application velocity: recent application history

Meanwhile, government information services and other registries can be incorporated to further cross-check the presented identity and strengthen verification.

By leveraging such a wide range of independent, localised data sources and correlating them with the presented identity attributes, organisations can significantly enhance intelligence to detect fraud without compromising the customer experience.

Tailor strategies to specific markets to support compliance and accessibility

It’s also important that organisations tailor their security and identity-verification strategies to the unique needs and maturity levels of specific markets. For example, in emerging economies, many people struggle to access financial services. This is often due to a lack of a formal credit history or other recognised financial records. Without this information, it can be a challenge for organisations to verify identity and reach trust decisions without inadvertently excluding legitimate users.

But by using localised data sources and market-specific strategies, organisations can make more informed decisions to bring more traditionally excluded parties into the financial system and promote broader financial inclusion without increasing risk or compromising security.

These targeted, market-specific fraud prevention strategies also help organisations with regulatory compliance. For example, for AML compliance, organisations must “identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed.” Using localised data and market-specific strategies can help organisations meet this expectation by aligning fraud detection controls with region-specific threat intelligence.

Conclusion

Global financial crime continues to ramp up, creating new challenges for organisations to detect fraud, verify identities, and comply with regulations. But finding strategies to beat bad actors is made even more difficult by markets’ varying needs, maturity levels, and digital infrastructures.

To combat fraud and cyberthreats on a global scale, organisations should pivot to a localised approach. By combining credit, government, and digital data and tailoring fraud-prevention strategies to specific markets, they can enhance intelligence, maintain compliance, and better manage risk. In doing so, they can not only strengthen security but facilitate access to financial products and services for broader financial inclusion, worldwide.

  • Cybersecurity in FinTech

Author

Mark Andreev

Published

6 June 2025

Estimated Read time

4Mins

Mark Andreev, COO at Exactly, presents a practical guide to tackling e-commerce fraud with payment tokenisation

Tokenisation can solve a big problem… e-commerce fraud is a growing threat that continues to impact online businesses worldwide. According to recent figures from Statista (2025), global e-commerce losses due to online payment fraud are projected to exceed $100 billion by 2029. As fraudsters increasingly exploit IT vulnerabilities, it is imperative for online and brick-and-mortar businesses to fortify their cybersecurity posture.

Amidst the current security challenges, payment tokenisation emerges as a technology to future-proof business operations and is projected to reach USD 28.97 billion worth by 2033.

This guide explores the concept of payment tokenisation, emphasising its value and role in ensuring credit card payment processing standards for merchants.

What is Payment Tokenisation?

Tokenisation is the process of substituting sensitive data with non-sensitive values – tokens. It works as a key layer of protection for stored data by replacing card numbers with illegible, surrogate values.

During a transaction, payment details are securely transmitted to a trusted payment provider via hosted payment page or through direct API integration.

In the hosted payment page flow, the customer is redirected to a secure payment page operated by the payment provider. Here they can enter their payment information. The provider handles data collection, encryption, and transaction authorisation, keeping sensitive information off the merchant’s servers.

In the API integration flow, the merchant’s website collects payment details using secure client-side tools. In this case, the merchant is responsible for ensuring full PCI DSS compliance, as sensitive data passes through their systems.

Following a transaction, sensitive card data is substituted by a special character sequence. The translation of characters into randomised values refers to the tokenisation process.

For merchants who are not PCI DSS compliant, storing sensitive information on their side is not allowed. In these cases, the third-party payment provider retains the sensitive data and the tokens for future use, while merchants don’t retain any sensitive information.

This method is one of the key cybersecurity best practices to ensure payment providers remain compliant with PCI DSS and is also crucial for merchants using API integration to store sensitive data.

Different Types of Tokens

There are different types of tokens available to merchants, offering different levels of complexity and security. Simple tokens refer to randomised reference numbers that are unidentifiable and unrelated to customer data. They provide a high level of security when implemented correctly by a reputable payment provider.

On the other hand, token vaults represent a more complex system of payment security and data handling. Essentially, token vaults are encrypted repositories of original payment data associated with tokens from each customer transaction. Depending on the type of payment gateway integration, either the merchant or the payment provider may retrieve the payment information as needed. Token vaults can also be deployed in cloud environments, mitigating the need for extensive infrastructure.

The Value of Tokens

In an era where cybersecurity is paramount, failing to secure customer data can come at significant costs. Recently, the IT systems of the UK’s most prominent retailers suffered significant downtime following a series of cyberattacks. They were prevented from serving their customers as a result. As the consequences of these attacks continue to linger, affected UK retailers are working overtime to get back on track. In these situations, the use of tokenisation payment security has partly helped prevent what could have been a catastrophic breach. Reducing the risk of a lateral exploitation of customer data. In fact, using payment tokens, retailers avoid the need to encrypt and retain sensitive payment details. This lowers the risk of attacks, breaches, and noncompliance with ever-changing payment processing and data security policies.

Tokenisation also enables seamless customer experiences, addressing a crucial customer demand – convenience. In fact, with tokenisation enabling one-click checkouts, customers avoid re-entering card details and access a seamless shopping experience, meeting an important need for comfort and familiarity for consumers.

Finally, from a regulatory perspective, compliance with PCI DSS is mandatory for payment providers and merchants specifically using API integration within payment gateways to store sensitive information. In this regulatory context, tokenisation becomes a straightforward strategy to meet fundamental data handling legal requirements. In an era of rising cyber threats and increasing customer expectations, tokenisation offers merchants a scalable, effective, and future-ready approach to safeguarding sensitive data, building trust, and preserving business integrity.

  • Cybersecurity in FinTech
  • Digital Payments