Fraud trends and fighting back

Digital payment fraud losses are expected to surpass $343 billion globally between 2023 and 2027. Community banks, credit unions and regional banks face particular pressure to overhaul risk solutions to sustain customer loyalty and competitiveness in a broadening digital landscape.

The latest iterations of fraud are exposing gaps and vulnerabilities in existing fraud controls and rules-based fraud prevention systems, and midmarket financial institutions must prepare their fraud prevention program.

Synthetic fraud is the epicenter of numerous fraud threats, such as account takeover, new-account fraud and authorized push payment fraud. Losses from synthetic identity fraud surpass $6 billion annually, with the loss per account averaging $10,000. Financial institutions must anticipate the proliferation of synthetic-driven fraud alongside the ubiquity of AI-generated visual and auditory content, such as text-to-image generators.

• Job applications: The future-of-work model offers enticing opportunities for bad actors to penetrate organizations by posing as qualified candidates for remote roles.
• SMB lending fraud: Synthetic business credentials, created from stolen business and consumer data, make it challenging for banks and credit unions to distinguish authentic loan requests from fraudulent ones.
• Business identity theft: Fraudsters use synthetic media to impersonate business profiles and resources on social media to misrepresent employees, execute scams against the company or other victims, or create replica websites to obtain sensitive data.

Scammers use numerous multifaceted social-engineering techniques to enhance their schemes, including phishing, spear phishing, baiting, scareware, whaling attacks and pretexting.

• Insider recruitment: Large-scale criminal networks, such as LAPSUS$, compensate employees for providing an opening for scammers to infiltrate the target organization and gain control over cloud assets and authentication systems.

• Social media scams: Fake-merchandise scams, charity scams, fake-job scams, romance scams and investment scams typically start on social media. These scams result in authorized push payment (APP) fraud, account takeover, money mule activity, identity theft and credit card fraud.

• Fake invoice scams: Invoice fraud typically involves spoofing the email address of a supplier, attorney, vendor or other business partner. These scams are also linked to APP fraud and other forms of digital payment fraud.

• Google voice scams: Over a third of the scam reports received by the Identity Theft Resource Center in the first half of 2022 were about Google Voice scams. A Google Voice account isn’t even necessary for a scammer to perpetrate account takeover or identity theft.

• Fake bank alerts: “How to send a fake bank alert” has over 13.5 million views on TikTok alone. Fraudsters impersonate FIs via automated SMS messages alerting victims of unusual account activity. Once the victim responds, the bad actor spoofs the bank’s 1-800 number when calling the victim back and pretends to work in the bank’s fraud department.

• Social media cloning: Fraudulent social media profiles are being leveraged to spread misinformation and illicit links, sell products, or solicit personal and banking information. The profile impersonators take advantage of limited reporting mechanisms on social media platforms to indiscriminately target individuals and businesses, resulting in reputational harm and monetary losses.

• Check fraud and mail theft: An uptick in mail theft is marked by fraudsters boasting of and attempting to sell stolen checks and mailbox keys on platforms such as Telegram and on the dark web. Check fraud schemes are also enhanced with fake job offers that lead to APP fraud, ATO, synthetic identity fraud and wire fraud.

Mid-market financial institutions face unique challenges and risks in preventing fraud. Advanced AI and machine learning-powered solutions can help orchestrate a holistic approach to fraud management. Simultaneously, these solutions can support the growing technological and operational convergence of fraud and AML to improve efficiency, reduce costs and enhance analytics insights:

• Machine learning and behavioral biometrics: FIs can detect attacks at early stages and automatically discover unusual patterns across channels.
• Smart AML investigations: AML teams can access machine learning risk scoring, integrated customer risk ratings and continuous due diligence to stay ahead of fraud threats.
• Fast, efficient investigations: Relationships and linkages are automatically discovered to streamline alert and case investigation, and investigation teams benefit from real-time Know Your Customer and customer due diligence analysis.

High-quality data, automation, a contextual view of risk and the ability to continuously adapt to new fraud threats are no longer “nice-to-have” extras but essential components in any modern fraud prevention program. To protect their organizations and assets, midmarket FIs must set the bar higher with iron-clad fraud prevention that doesn’t alienate legitimate customers.

Eric Tran-Le is head of Actimize Premier at NICE Actimize

For more on the trends we see playing out this year, we encourage you to download the BAI Executive Report, Addressing banking’s key business challenges in 2023.