Emerging Tech: The Future of Online Fraud Prevention

30 January 2025 - ID G00789999 - 13 min read
By Dan Ayoub, Pete Redshaw,  and 2 more
Online fraud prevention will change significantly by the end of the decade. Point solutions from multiple business functions will be consolidated into unified platforms centered around case management and decisioning engines. Product leaders must prepare for this trend or risk becoming obsolete.

Overview


Key Projections

  • The number of disparate solutions available in the market is at an all-time high, with many buyers struggling to integrate data from different systems into a cohesive defense posture. Buyers will demand the ability to orchestrate data from multiple point solutions into unified journey time workflow builders with a decision engine and case management system.
  • Vendors are already working toward and will soon offer fully consolidated online fraud prevention platforms that combine elements of cybersecurity (such as business logic protection and digital risk protection services) with existing market solutions (such as identity verification and online decision engines).
  • Large organizations are now starting to consolidate online fraud prevention roles and responsibilities into cybersecurity team roles, resulting in converged buying centers.

Implications

  • Over the next two years, data orchestration will become an increasingly important competitive differentiator. Vendors should consider this a standard feature necessitating proper investment rather than something they can use to nickel and dime customers for increased revenue.
  • Trying to maintain parity with competitors without making significant investment in long-term product planning is not going to be successful. The market is changing and so too are buyer wants and needs. Organizations that do not begin planning for this trend now will find themselves obsolete and struggling to remain competitive within the next four years.
  • Purchasing decisions are going to shift toward more cybersecurity-centric buyers over the next six years. Hybrid offerings that appeal to multiple stakeholders today will have an easier time penetrating these new cost centers due to greater familiarity with security buyer requirements and objections. Vendors that do not begin developing inroads with security teams now will find it increasingly challenging to secure multiyear renewals.

Strategic Planning Assumptions


By 2029, more than 50% of vendors will offer fully consolidated online fraud prevention technology stacks combining elements of digital risk protection services, business logic protection, identity verification and decision engines.
By 2031, at least 50% of large financial institutions and online retailers will consolidate online fraud prevention personnel, duties and responsibilities into cybersecurity teams reporting to the CISO.

Analysis


What You Need to Know

Cyberfraud fusion describes an emerging trend within the security market where elements of cybersecurity, identity and online fraud prevention are combined into holistic defenses to combat fraud online. At present, these systems are typically purchased separately and may not be cohesively integrated into a unified decisioning or case management system. This leads to dealing with multiple vendors, additional staff training and increased licensing costs.
Gartner has been tracking the emerging trend of cyberfraud fusion for more than a year and has previously published research describing how the trend has already begun to manifest in various parts of the globe (see Emerging Tech: Security — Cyber-Fraud Fusion is the Future of Online Fraud Detection). Cyberfraud fusion is expected to accelerate and become increasingly important through 2031 as organizations of all sizes continue to reach the understanding that online fraud is a cybersecurity issue. Figure 1 highlights several of the components that would typically be found in a cyberfraud fusion architecture.
Figure 1: Cyberfraud Fusion Architecture
Cyberfraud fusion architecture v1.0 integrates identity, security, fraud and compliance teams. Key components include web API protection, online fraud decisioning, transaction monitoring, etc. Layers address session, application, regulatory, identity, threat intel and infrastructure. A holistic approach enhances fraud prevention.
The shift from online fraud prevention to cyberfraud fusion will occur in phases over the next six years (see Figure 2). However, organizations will approach each stage differently depending upon their industry, size and level of maturity. At present, cyberfraud fusion appears to be most relevant to online banking and financial services, but large retail organizations are also following suit. Additionally, the trend appears to be primarily appealing to organizations that are very large or very small, with midsize organizations lagging behind.
This gap can largely be attributed to organizational maturity, where large organizations typically have a firm understanding of risks and available controls, along with the resourcing necessary to address challenges proactively. Small organizations, on the other hand, tend to be far less mature in their understanding of necessary protection layers. Instead, small organizations are moving toward cyberfraud fusion due to a lack of resourcing and already having shared systems, processes and roles responsible for cybersecurity and online fraud prevention.
Figure 2: The Future of Cyberfraud Fusion
The future of cyberfraud fusion involves data integration by 2027, hybrid cybersecurity and fraud prevention products by 2029, and team consolidation by 2031. Organizations will increasingly integrate and consolidate functions to enhance fraud prevention.

Key Projections

By 2027, buyers will require the ability to orchestrate data from multiple point solutions into a unified decision engine and case management platform.

Why This Will Happen
  • The number of disparate solutions used for online fraud prevention to protect a single user journey is reaching an inflection point (see Figure 3). Buyers are expressing increasing frustration over gaps in coverage due to lack of depth and breadth from point solutions. Component technologies are still deployed and managed individually, resulting in data silos that necessitate information sharing and ingesting between systems. These disconnects and gaps between systems, teams and processes hinder cohesive defense strategies. Data is often captured and provided in proprietary formats that do not follow any industry standards, further complicating integration efforts.
  • Orchestration still remains an afterthought for most decisioning platforms. Many vendors do not prioritize orchestration as a core function of their product offering, since it is generally not monetizable and most organizations do not allocate budget specifically for this capability. Instead, vendors should focus on developing orchestration as a key component of their solution that is included at no additional cost. Solutions that intentionally prioritize orchestration capabilities as a cornerstone of their offering have already begun seeding the market and have a significant opportunity to revolutionize the industry and leave many providers scrambling to play catch-up or get left behind.
  • Rapid growth of specific cases pushing up combined offerings from vendors that bundle together fraud detection and anti-money-laundering (AML) into “FRAML” packages. According to a recent survey of AML vendors, over 40% of vendors who responded (n = 36) now supply a single FRAML platform (see Banker’s Guide to AML Tools for Productivity). Note that this FRAML offering is rarely a single instance of code — more often, they are still two separate applications that are marketed and sold together as a single SaaS offering. However, there is enough commonality between the two systems for significant synergies to be realized, such as between the transaction monitoring capabilities they both use and also among the modules that handle know your customer (KYC), risk scoring decisions, case management, reporting and the orchestration needed to ingest risk indicators from many of the cybersecurity systems.
Implications
  • Product leaders who do not prioritize the ability for their solutions to easily integrate or absorb data from other solutions will have an increasingly difficult time winning in competitive situations. Large organizations will typically have multiple point solutions used for various portions of the user journey that are managed by different teams today. Solutions that are designed to be flexible and easily integrate with other solutions will be viewed more favorably during proof-of-concept stages.
  • Regulatory compliance in some regions around the globe has already begun necessitating data collection and sharing between security and online fraud prevention products. While not yet a widely held requirement, organizations may find it difficult to compete in developing regions (such as Southeast Asia and the Middle East) where these requirements are becoming increasingly important.
  • The need to identify the overall patterns and trends in financial crime, rather than isolated transactions, is driving consolidation of solutions as vendors strive to position themselves as a one-stop shop for financial crime solutions. For example, the EU’s Digital Operational Resilience Act (DORA) is now triggering a standard approach to reporting incidents across the 27 countries in the EU. Furthermore, the European Banking Authority (EBA) and other European Supervisory Authorities (ESAs) will keep and maintain an open DBMS with all these reports that can be accessed by the banks to learn from others. This is part of DORA, and it is the principle behind the incident reporting rule.
  • Vendors that continually attempt to monetize every feature on their roadmap rather than view innovation as part of the natural cycle of investment are likely to fall out of favor with existing clients as competitors deliver better value. Instead, focus on investing in core platform features such as orchestration and data normalization to become a technology enabler. Recognize which capabilities within existing product portfolios will be the gatekeepers and system of record versus which will be supplementary signals that are likely to be commoditized over the next few years.
Figure 3: Cyberfraud Fusion User Journey View
The cyberfraud fusion user journey involves stages from prejourney to postjourney, integrating web API protection, online fraud decisioning, transaction monitoring, etc. A layered approach enhances security across the user life cycle, improving fraud detection and prevention.

By 2029, vendors will offer fully consolidated technology stacks that combine, at minimum, digital risk protection services, business logic protection, identity verification and online fraud decisioning.

Why This Will Happen
  • Buyer fatigue and confusion are leading to a desire for consolidated offerings that fulfill multiple business functions. Natural synergies already exist between adjacent technologies used within the same user journey that are managed by different teams today (see Figure 4). These synergies are already resulting in hybrid solutions in market that are able to combine elements of online fraud decisioning with other key functions (such as bot management, digital risk protection services and identity verification).
  • Tightly integrated solutions create a holistic defense, eliminating gaps and data silos while also increasing the overall efficacy of the solution. Buyers are increasingly expressing frustration around lack of budget for additional point products where their existing products fall short. This is creating significant opportunities for emerging solutions to cater to multiple business functions while delivering increased effectiveness and potential cost savings. As more organizations focus on fraud as a security problem, these silos will naturally begin to fade away in favor of hybrid offerings.
Implications
  • Adjust long-term roadmaps to bolster existing capabilities with tech from relevant adjacent market categories. Competing head-on in adjacent markets may not be feasible without significant investments. However, hybrid offerings that can address multiple use cases will be attractive to buyers.
  • Look to strategic partnerships or inorganic growth in the near term to jump-start consolidation efforts. Focus on functionality that most closely complements existing features and capabilities to deliver better real-time decisioning than would be possible with a single layer alone.
  • Avoid having a line card of different modules or functionality. Instead, consolidate point solutions from acquisitions into a single unified platform. Focus on better customer outcomes and delivering value through tightly integrating disparate solutions in a comprehensive platform rather than charging customers for every feature.
Figure 4: Cyberfraud Fusion: Natural Synergies
Cyberfraud fusion highlights synergies between security, fraud and identity. Key elements include fraud intelligence, impersonation prevention and business logic protection. Integrating these areas enhances overall protection and reduces cyberfraud risks effectively.

By 2031, up to 50% of large financial services, banking and digital commerce organizations will consolidate online fraud prevention roles and responsibilities into cybersecurity teams resulting in converged buying centers.

Why This Will Happen
  • Organizations are increasingly recognizing online fraud as a cybersecurity issue. The amount of overlap between these two categories has always been significant, but many organizations have kept fraud prevention at arm's length due to complexity, immaturity and legacy operations. Large financial institutions and big-box retailers in North America and Western Europe have been at the forefront of this trend for several years; it will continue to trickle down market over the next six years.
  • The trend is also manifesting downstream in small organizations (such as regional banks and credit unions) due to lack of resources and recognition that many teams already fulfill multiple business functions. Over the next six years, natural cross-pollination of personnel will occur as individual contributors and leaders migrate between organizations, bringing with them best practices and emerging trends (such as cyberfraud fusion).
  • Regulatory requirements in several regions are already pushing toward consolidation of technology, data, systems and processes. Personnel is a logical progression in this sequence but will take more time as incumbents resist integration in order to preserve legacy operations. Organizational changes and realignment are commonly contested, difficult issues that face internal resistance and obstacles, even when they are in the best interest of the business. While KYC processes have traditionally centered around compliance and fraud prevention, leading financial institutions are increasingly emphasizing developing low-effort, yet compliant KYC and/or authentication journeys with low friction for the customer.
  • Identity and access management teams are also wrestling with similar problems. The industry’s top vendors are implementing the concept of “identity fabric,” in which the focus changes to an identity-first approach. Cyberfraud fusion is a logical extension of this “identity fabric” concept, where additional fraud detection, orchestration, signal consumption, continuous monitoring and improved user journey are being delivered by identity-industry-leading vendors.
Implications
  • Online fraud prevention vendors must begin making inroads with security teams in the near term to understand their buying considerations and requirements. These will be different from what fraud teams typically require and more complex than existing reviews by security teams during the proof-of-concept phase. This will also require development of new sales enablement and go-to-market collateral that more closely targets the needs of security buyers.
  • Note that there will likely be a divergence in procurement strategy between the very largest, Tier 1, financial institutions (FIs) and their smaller peers. Smaller FIs will prefer to follow a long-term strategy that gradually consolidates around two to three primary vendors with a one-stop shop and off-the-shelf delivery capability for cyberfraud solutions. This limits the number of data scientists the FIs need and reduces the integration effort. Contrastingly, the Tier 1 FIs will continue to follow more of a best-of-breed approach because they have the deep internal resources (the data scientists and the integration capability) to do so, and they believe it will differentiate them.
  • Product leaders who refuse to invest in hybrid offerings that appeal to security teams will find their success fading over the next five years. In addition to investing in product roadmaps, vendors should also focus on developing marketing collateral, positioning and messaging that resonate with security buyers and speak the vernacular of security (such as the cyberfraud kill chain) to demonstrate how online fraud products can address security use cases.

Background and Context


At present, there are several critical components of technologies that Gartner typically recommends as part of a layered defense against online fraud. This technology stack at minimum includes: digital risk protection services, business logic protection, identity verification and online fraud decisioning.
These solutions are still largely disparate systems and point solutions. However, Gartner has begun to see hybrid solutions emerge that combine two of these four services (typically centered around online fraud decisioning plus one additional capability).
Acquisitions appear to stifle growth and innovation; building a line card is not convergence.

Acronym Key and Glossary Terms


ASM
attack surface management
CIAM
customer identity and access management
DRPS
digital risk protection services
IDV
identity verification
OFD
online fraud decisioning
WAAP
web application and API protection

Evidence