Criminals tricking everyday people to authorizing scams on their behalf

As fraud grew more rampant and more sophisticated, financial institutions enhanced their fraud prevention operations. Unfortunately, as Feedzai’s Andy Renshaw points out, this only means that fraudsters have shifted their focus to the next most vulnerable point in the system: customers. With funds able to move in a matter of seconds, authorized push payments enable bad actors to quickly profit from scams. Learn how bad actors shift tactics based on “the narrative of the time” to push a variety of scams.

A transcript of Andy Renshaw’s guide to the scams landscape follows. 

Why Fraudsters Turn to Scams 

Andy Renshaw: We’re almost in this kind of the third phase of a very long-term generational shift from a digital standpoint. 

When digital first started and pretty much most banking moved online, what we saw was this phase of cyber-attacks – fraudsters trying to destabilize the service. And it’s not that we don’t see those today, but they’re far less common in terms of cyber attacks for financial gain. 

After that, there was a very clear arms race – things like behavioral biometrics, device ID, malware prevention, sharing of data, and real-time capabilities. And I think ultimately what happened is the fraudsters kind of got to this very clear tipping point, which is: if I can’t pretend to be you, then I’ll quite simply – I will involve you in the fraud

And unfortunately, that’s what we’re now seeing. The fraudsters know that any large organization or any organization that takes risk management seriously probably has anywhere between six and 10 layers there to prevent fraud from occurring. So if you can get the customer to participate in the fraud, that materially changes the game, because even if you alert that fraud, you’re probably going to be speaking to the customer who will probably validate that that fraud is OK to continue. 

How Scam Tactics are Shifting

So I would say right now that trend continues to be authorized fraud. Get the customer involved in the fraud. What we then see within that is evolutions of what those scams are based on the trends we’re seeing. And that might be playing on things like the pandemic, changes in technology, or changes in legal obligations such as PSD2 and SCA and what that requires for authentication. So they tend to target the narrative of the time. 

But fundamentally, if you strip it back, they are getting the customer involved in completing the fraud because they know that impersonation is far more complex and far less rewarding.