From rising numbers of data breaches to increasingly sophisticated and organized threats, managing fraud risk requires relentless effort. In the ever-evolving digital age, fraud risk and control take a very different turn than in years past. What are the major trends and predictions? This top 10 list – moving from trends seen as least to most impactful – shares views from several fraud prevention experts, including Frank McKenna and Mary Ann Miller.
10. Fraud departments will continue to use their powers to do good.
The systems and transactions that are scrutinized for fraud prevention and detection each day contain clues that individuals are being victimized. The opportunity is ripe for experts to use their “fraud superpowers” to come to the aid of people in need and help stop human suffering. Some anti-fraud organizations have had tremendous success at tackling big societal problems, such as elder abuse, human trafficking – even mass shootings. But this can happen on a small scale, too. Whether it’s broad injustice or a single fraud scheme, spotting and preventing fraud starts with an inquisitive mindset, good analytics and alertness to clues.
9: The US will join the UK in making regulatory shifts to protect scam victims.
Each year, 33 million Americans are scammed and lose their money. That often involves individuals sending or receiving money to or from their bank accounts. In some cases, scams cost people their entire life savings. Sadly, innocent people sometimes mistakenly authorize funds to be taken directly from their account.
Landmark legislation in the United Kingdom in 2019 proposed to give scam victims their money back, even if the customer was somehow at fault. Leading the pack in this “no-blame” law, some UK banks started refunding money to customers who were involved in authorized push payment scams. Similar legislation is moving to Australia and there’s evidence of such legislation gaining backing in the US, too.
Managing risk in the age of fraud
Frank McKenna and Mary Ann Miller met with SAS fraud experts to discuss the most pressing issues of today's digital environment. Find out which trends they feel will have the biggest impact in the age of fraud – and why.
8: Wire fraud grows and becomes much harder to detect.
Wire fraud probably keeps more certified fraud examiners and other anti-fraud professionals awake at night than anything else on this list. Because wire fraud crooks aren’t just going for gift cards, or even the credit line – these days, they’re looking for high-end luxury cars. The crime has even moved into the real estate market, where bogus entities have gotten involved in escrow closings and more.
Look at the losses – especially on the real estate side – and you’ll see that FBI data shows a 700% growth in this area over the last five years. One of the challenges with wire fraud is that institutions have a lot of information about the payers (who create the transactions) – but they know very little about the payees (who get the money). From the federal level to clearinghouses, fraud risk assessment experts are looking for better ways to see across entire payee ecosystems. That would help them understand payer/payee combinations and spot some of the mules and complicit-type accounts where these funds sometimes land.
7: Account takeover will increase – again.
Account takeover is essentially doubling each year1 as fraudulent approaches become more technically savvy and automated. Research by Javelin indicates that mobile account takeover through SIM swap fraud doubled from 360,000 cases to more than 680,000 cases in a year. And off the back of billions of records being leaked each year online, cybercriminals are using sophisticated bots to automate account takeover attempts. Clearly, these leaked credentials are very useful to the fraudsters.
6: Fraud makes its way into pop culture and social networks – creating more fraudsters and attacks.
Popular culture and social media are making fraudulent methods more common and easier to access, leading to more fraud attacks against banks, lenders and finance companies. For example, a popular scam rapper will send his fans a link to a file called “the fraud bible.” Thousands of people download it every day. The fraud bible contains fraud methods and tutorials describing how to commit forged identities and Social Security cards, and how to attack PayPal, Venmo, Amazon, etc. People who download this file are knowingly getting wrapped up in the fraud game, and they’re perpetrating attacks. The implications are huge.
5: Data breach paralysis will stifle bank innovation.
Banks are more terrified of breaches than they are of fraud risk. To address those fears, they’ll focus more on preventing breaches than managing fraud risk – and will funnel more funds into data security than anti-fraud controls. That means less – or, at least, slower – adoption of new anti-fraud tools. On the positive side, information security and fraud departments work together regularly these days, and they use many of the same tools. Banks should encourage more of this collaboration.
According to a Federal Reserve report, synthetic identity theft is the fastest-growing financial crime in the US.
4: Card-not-present liability shift intensifies pain for issuers.
New liability challenges arose for smart card issuers with the advent of fraud protection methods such as EMV and 3D Secure. While these methods help slow down attacks, they shift liability for chargebacks to the card issuer. Compounding that challenge, fraudsters’ transactions now often deal with nonmonetary information – such as an address. Crooks frequently have enough information to manipulate and social engineer interactive voice response (IVR) systems or online systems.
Legitimate customers, of course, still expect to purchase the products they need quickly, without interruption or friction. Analytics methods like scoring models, neural networks, machine learning and clustering techniques do well in battling these challenges. But with one-and-done big ticket purchases, and small IP-type transactions where people download content, software, songs, etc., it’s tough to differentiate between a good and a bad transaction. To understand new behaviors and do better screening (prior to a card-not-present transaction), issuers will need to segment their strategies and build models that incorporate nonmonetary and digital information from customer interactions.
3: Application fraud will grow due to an increase in income misrepresentation.
First-party fraud is increasing due to the rising trend in income misrepresentation on applications. In fact, income misrepresentation on credit applications now occurs within one in 4 credit applications.2 As banks increase the speed at which they approve loans, we can expect to see an uptick in first-party fraud. There are innovative ways to counter this risk, of course. For example, banks can use:
- Digital identity tools.
- Email reputation tools.
- Phone reputation scores.
- Reputation tools around the device ID.
2: Credit washing will increase fraud defaults and credit losses.
Traditionally, lenders relied heavily on credit score reports to make decisions. But now it’s relatively easy to remove records from a credit bureau report. In some cases, credit bureau data may no longer exist – or it may have been manipulated. As a result, lenders are seeing spikes or abnormalities in their credit losses that are atypical for people in their credit score ranges. This feeds into “malicious identities”– that is, people who are intentionally trying to change their identities.
Historically, financial institutions struggled to balance fraud loss risk with credit functions – and the two departments rarely talked. Fortunately, credit departments are starting to use anti-fraud tools, and fraud experts are considering the impact of fraud on credit losses.
1: Synthetic identity will continue to rise.
According to a Federal Reserve report, synthetic identity theft is the fastest-growing financial crime in the US. By using the stolen Social Security number and manipulating personally identifiable information, fraudsters apply for credit through their new profile – hiding their identity. There are many reasons why cases of synthetic identity will continue to rise.
- Banks are reluctant to or simply can’t stop it from happening. Without the necessary internal controls at banks, the circle of success will grow until banks take a hard stance against the crime.
- Credit bureaus can’t necessarily prevent it from happening. By law, a credit bureau cannot choose which credit profiles they create or ignore. In other words, they aren’t allowed to decide who is synthetic and who is not. Fraudsters will continue to take advantage of this loophole.
- Consumers are convinced that creating a synthetic identity is legal – the main reason this crime continues to grow. Unfortunately, online credit repair companies – through hundreds of websites – have convinced consumers that buying a credit privacy number (CPN) and using it to apply for credit is legal. A CPN, though, might turn out to be a Social Security number that was issued years ago to a young child. The trend represents “piggybacking” – that is, using the banking system and the credit profile system to perpetrate fraud. This tactic will flourish until the industry takes a stand and finds an effective way to combat the problem.
- Unemployment fraud meets analytics: Battle lines are clearly drawnMany fraudsters seized opportunities presented by the COVID-19 pandemic. During the crisis, unemployment fraud became a battleground between international criminal networks and government agencies. Learn how analytics can save billions – and deliver benefits to those truly in need.
- Continuous monitoring: Stop procurement fraud, waste and abuse nowProcurement fraud, waste and abuse silently robs businesses an average of 5% of spend annually. And even when organizations invest in detection methods, they’re often let down by their techniques. Learn what continuous monitoring is and why this proven analytical method is key to fighting back.
- Detect and prevent banking application fraudSince credit fraud often starts with a falsified application, it makes sense to have analytics-driven tools in place to detect fraud from the earliest point and across the life of the account.