Criminals are currently on a global digital crime spree. From identity theft and phony account openings to credit card fraud and P2P scams, nearly every sort of financial crime is on the rise. Experts say the rapid shift to digital channels since the pandemic has led fraudsters to seek new vulnerabilities and opportunities.
In this rapidly evolving environment, yesterday’s defenses and responses may no longer be sufficient.
Understanding the Scope of the Problem
Data indicates that fraud — banking’s age-old nemesis —has become worse and more complex since the start of the pandemic due to rapid digitization. Consumers are engaging in online shopping, mobile banking, and mobile payments at a far higher rate than they were pre-pandemic.
“Digitization has led people to pay in different ways,” Joe Gillespie, Founder and President of riskCanvas, told The Financial Brand. “You’re seeing payments through apps a lot more, payments through text messaging, and other ways. Fraudsters have gone after that, and we’re seeing new schemes.”
An SAS white paper on digital fraud notes that some of the most significant problem areas are in digital wallets, P2P payments, merchant QR code payments, and remittances.
Consumers have filed more than 2.1 million reports of fraud with the FTC in 2020, totaling more than $3.3 billion. The biggest growth was in identify theft, where cases nearly doubled between 2019 and 2020 to 1.4 million. In many of these attacks, criminals used stolen identities to apply for government benefits such as pandemic relief or unemployment compensation.
“There has been a pretty big money grab, with just about every type of fraud you can imagine.”
— Joe Gillespie, riskCanvas
Business fraud also continues to hit record highs. More than half of businesses experienced fraud in the past 24 months, including customer fraud, cybercrime, and accounting fraud, according to a PWC report. The top three types of fraud noted by the consultancy included customer fraud, cybercrime and accounting fraud.
Theft Becomes Rapid and Real-Time
Retail bankers should understand that today’s fraudsters are increasingly sophisticated and looking to things like social engineering, technology exploitation and data breaches. Many have now shifted strategies to coordinate and orchestrate attacks that can bypass traditional fraud mitigation strategies.
And in many ways, they’ve capitalized on pandemic-related trends and schemes. For example, many capitalized on the significant shift from in-person to online shopping causing card-not-present (CNP) fraud to spike. According to SAS, fraud rates are 3.1% for CNP transactions, compared to 1.2% for point-of-sale purchases.
Other “hybrid” fraud methods involve “buy online pickup in store” options. Instant payments and fulfillment enable criminals to more easily pay with phony information then get in and out with the goods with little risk before any red flags arise. “Criminals are leveraging these instant and real-time payment networks to rapidly steal and launder the funds,” says Gillespie, “making recovery more difficult and leaving consumers with the responsibility to pay.”
Spoofing, phishing, and other forms of social engineering are also being used to access consumer merchant accounts and bank accounts. In addition to using bank sites, they are also using P2P apps like Zelle, Venmo, and CashApp as an intermediary to commit fraud. In many cases, they use phony QR codes, redirects, or other scams to dupe users into paying wrong accounts.
The Looming Problem:
The FCC says criminals have preyed on Americans’ increasing acceptance of P2P apps since the start of the pandemic.
P2P payment apps often lack the same fraud protections as traditional debit and credit cards. “We’ve seen a lot of spoofed payments, where people will socially engineer giving something up for a one-time payment,” Gillespie states.
Increased Protection Impacts Customer Experience
While fraud mitigation has always been a critical function in financial services, the growing digitization of the banking industry has only made it more complex. Banks and credit unions now have to balance fraud prevention with customer experience by ensuring their security measures don’t impede a seamless experience. For many institutions, Gillespie observes, this takes the right mix of data analytics, monitoring tools, and a risk management strategy.
There are several other things banks can do to keep data fraud from sabotaging their digital banking CX. This includes empowering customers with the right tools, making data easily understandable, and working with vendors with high security standards.
Understanding the customer lifecycle is a prime component of reducing risk, says Gillespie. By doing due diligence on the front end and understanding how the customer performs and behaves in their traditional banking activities, they can use AI and machine learning to better identify red flags.
Using two-factor authentication can also add another layer of security beyond simple passwords. “There are easy ways to have one-time pins generated if you have everything set up correctly. It can greatly enhance security,” Gillespie maintains.
Many financial institutions have been proactive in warning their customers about the latest scams. One example is Bank of Blue Valley, which has a page warning customers about undelivered goods, fake charities, investments scams, and Social Security scams. There are also direct links to the bank’s fraud center and COVID-19 Communication Center.
Citizens Bank has also been proactive in helping consumers identify scams like spam links, phishing, impersonation calls, fake cures, vaccines, and testing kits. It includes a link to a COVID-19 Fraud Prevention Resource Center, which has further information on things like how to protect your data, small business schemes, and how to stay secure while working from home.