Catch Me If You Can and The Hidden Risk Inside Modern Payments

It flashed across a computer screen. Then another… 

“I’m the Creeper. Catch me if you can.”

In 1971, that line appeared without warning. Long before the internet became what it is today. A machine speaking when it shouldn’t. A network behaving in ways no one fully expected.

It wasn’t a threat. It wasn’t even malicious. Bob Thomas, a researcher experimenting on ARPANET, had built a small program that moved from one machine to another, leaving that message behind like a digital calling card.

It was an experiment dressed up as a joke. But it revealed the rule that still shapes digital payments today. Once systems connect, small weaknesses can spread fast.

The First Cyber Heist

More than twenty years later, the targets changed. The mindset did not.

And eventually, someone pushed it further.

That someone was Vladimir Levin, a Russian hacker who in 1994 broke into Citibank’s systems and transferred roughly $10 million. There was no creepy message this time. Only missing money.

It is widely regarded as the first major cyberattack on a bank. It changed how digital systems were viewed. Payments were no longer just convenient. They were vulnerable.

Since then, the internet has grown. So have the risks. Tools became sharper. Automation became faster. Attacks became quieter and more precise.

Cybersecurity was no longer a technical detail. It became a requirement. Any system that moves money now carries that burden.

When Scale Met Automation

Scale meant repetition. What once required a single targeted breach could now be executed millions of times across connected systems. Automation moved intrusion from human effort to continuous code.

Together, they reshaped the economics of fraud, making even a small success rate profitable at scale. That shift was visible in 2013 when attackers gained network access to Target Corporation through stolen vendor credentials and deployed malware across its payment terminals.

The code ran quietly, capturing card data before encryption with each swipe, repeating the same action across thousands of systems for weeks. 

The breach was powerful not because of a single exploit, but because the same weakness was applied at scale.

MENA and the Rise of Digital Payments

This evolution from single breaches to ongoing exploitation did not unfold in isolation. It matured alongside the rapid digitization of payments.

In markets like Saudi Arabia, digital payments have moved from optional to mainstream, with electronic payments now making up most retail transactions. More commerce now runs through online checkouts, wallets, APIs, and real time payment flows.

This growth reflects real progress, but at the same time, higher transaction volumes require stronger fraud controls, as even small gaps can become meaningful at scale.

This expansion reflects progress. Faster checkout. Broader access. Real-time infrastructure. But at this scale, even a small fraud rate becomes commercially meaningful.

The Economics of Fraud

Fraud persists because modern payment systems make repetition profitable.

Digital payments changed the economics of fraud. When transactions happen at high volume, at a distance, at speed, and with the possibility of reversal, even small weaknesses can turn into significant reputational and commercial losses.

Volume and Predictable Returns

In Saudi Arabia, the Saudi Central Bank reported that electronic payments accounted for 85% of total retail payments in 2025, with 14.6 billion electronic transactions processed.

At this scale, fraud does not require a dramatic breach. The lesson from earlier large-scale compromises still applies. A small success rate, repeated across millions of transactions, becomes commercially viable.

Why Remote Payments Became the Weakest Link

Remote payments rely on data, not presence. This made card-not-present fraud the dominant form of card crime. The European Central Bank found that around 83% of card fraud comes from remote transactions, even though in-store payments still account for most legitimate card use.

The Hidden Cost of Consumer Protection

Chargeback systems protect customers, but they also shape attacker behavior. Criminals exploit the fact that:

• The merchant ships the product before the dispute appears.
• The payment can be reversed weeks later.
• The merchant pays both the refund and a dispute fee.

In many central bank–regulated dispute frameworks, extended reversal windows help build a fair and trusted payment environment by giving customers time to raise valid disputes. For merchants, this also means staying prepared, as fraud losses may appear weeks after the original transaction.

The Cost of Instant Payment Systems

Digital payments became a target because how money moves changed.

Payments now flow instantly through APIs, wallets, SDKs, plugins, and real-time rails. Transactions jump across multiple systems in seconds, leaving almost no time to detect or stop errors. Speed improves checkout, but it also turns small weaknesses into immediate losses.

Four conditions made this change unavoidable:

• High volume: billions of transactions create profit through repetition.
• Distance: online payments replace physical checks with data alone.
• Speed: instant processing removes the buffer that once absorbed mistakes.
• Reversibility: chargebacks and disputes can reverse revenue long after the original transaction.

Fraud no longer needs to break systems. It exploits tiny gaps, repeated at scale, across connected flows. Each integration becomes both an enabler and a point of risk.

The Bank for International Settlements warns that faster and more connected payment systems increase operational and security pressure because failures spread quickly across participants. At the same time, the IMF reports that global cyberattacks have nearly doubled since before the pandemic, raising the risk of extreme losses.

What Digital Fraud Really Costs Your Business

If your business accepts digital payments, fraud is not a distant technical issue. It is a commercial risk.

When fraud occurs, the impact is immediate. A sale is lost. A product may be shipped and later disputed. A chargeback follows, along with fees and operational time spent resolving a problem a customer never expected to have.

As more revenue moves online, these issues scale with it. What was once occasional becomes operational. Fraud starts to influence refund policies, data protection practices, and how much trust customers place in your brand.

This is why payment security matters. It affects revenue, customer trust, and regulatory exposure. The real issue is not criminals, but where your business is exposed by design.

For marketplaces and platforms, this risk is amplified. You are not only exposed to buyer fraud, but also seller abuse, refund manipulation, and payout misuse. Security failures compound across participants.

Four Ways to Reduce Payment Risk

The risks are real, but they can be managed. Start with four basics:

1- Understand your payment flow 

Know how transactions move across your checkout, integrations, providers, and internal teams.

2- Monitor activity in real time

Fast payments need fast detection. Unusual patterns should be identified before they become larger losses.

3- Strengthen decision points

Authentication, fraud checks, and approval rules should sit where payment decisions happen, not after the damage is done.

4- Work with the right standards and partners

Compliance, secure infrastructure, and trusted payment partners help reduce exposure as your business grows.

How Modern Payment Systems Reduce Risk

Fraud is not a side issue in digital payments. It is part of the operating environment. The question is not whether risk exists, but whether your payment setup is built to catch it early and reduce the cost when it happens.

In this article, we explored how digital payments became a prime target and why fraud now behaves the way it does. 

In the next article in this series, we will break down the controls that matter most, including authentication, transaction monitoring, dispute handling, and regulatory safeguards.

Subscribe to be notified when the next article is published.

Ready to Accept Payments Securely?

Talk to our team about building payment infrastructure that manages risk across markets, methods, and regulators in MENA. Visit our website to get started.