digital fraud trends to watch including ATO, APP, and payment network attacks

The COVID-19 pandemic forced nearly everyone to adjust to some kind of new routine. While some folks struggled with pandemic-related changes, others embraced it. Fraudsters certainly fall into the latter bucket. Bad actors have been eagerly taking advantage of the pandemic to defraud individuals, businesses, banks, and other major players during a time of unprecedented disruption. Here are the notable fraud trends that are already gaining prominence in the COVID era.

Account Opening Risks

The report, Leveraging the Digital Banking Shift, a collaboration between Feedzai and PYMNTS, highlights how significantly the COVID pandemic has impacted consumers’ typical banking habits. Many consumers shifted their banking habits to online and mobile channels when the pandemic began. Roughly 30 percent of survey respondents said they had opened a new account in the past three months.

The rapid shift to online banking means many customers are in for a crash course in online fraud. This creates several challenges for banks and other financial institutions (FIs) as they confront new account opening risks.

The first challenge is that many FIs’ existing sandboxes and risk engines can’t sufficiently access or analyze data associated with a customer and therefore can’t flag important events during the onboarding process. Reviewing third-party data such as associated devices, email addresses, and phone numbers when someone attempts to open a new bank account, can help banks assess whether the applicant poses a synthetic identity fraud risk.

Account opening risks do not stop once the customer is onboarded. Banks also need to ensure that newly opened accounts behave properly and do not engage in suspicious activity. Customers’ early activities should be reviewed to ensure that there are no risks associated with their account funding. But the review can’t stop there. All transactions should be reviewed during the first 60 days of the account opening to help banks set a benchmark for what normal activity looks like and assess whether the new account’s activities appear legitimate. This review period can also determine whether customers – many of whom are still learning the ropes of digital banking – have fallen victim to account takeover fraud (ATO).

Account Takeover Fraud

Last year, losses from ATO fraud reached approximately $6.8 billion in the United States alone. This figure reflects a 72 percent increase from the previous year.

The rapid shift to digital banking creates an opening for fraudsters to commit even more ATO fraud. Meanwhile, the availability of instant transfers means funds can move from one account to another in a matter of minutes, leaving banks and customers little time to review or stop the transaction before the funds are lost for good.

Years of high-profile data breaches through malware or phishing attacks that use fraudulent emails, SMS, and phone calls have also provided fraudsters with the ammunition they need to commit ATO attacks. Even if the breaches occurred several years earlier, fraudsters might only now be ready to monetize stolen personal information they acquired on the dark web – like social security numbers or bank account information – by social engineering fake accounts. Other relevant data can also be acquired through sources like a target’s social media profiles. Fraudsters realized they have a short window of opportunity to use the stolen data before banks and businesses grow wise to their activities. The pandemic created just the opening they needed to make quick gains from identity theft activities.

Put together, the expansion of digital banking, the rise of real-time payments infrastructure, and several years’ worth of stolen personal data mean one thing: fraudsters have more means and opportunities than ever to commit ATO fraud. While prevalent in the U.S. market, this type of activity is likely to increase in LATAM regions where many consumers use smartphones to conduct their digital banking business. Android devices are more commonly used in LATAM which are unfortunately more vulnerable to malware and ATO attacks.

Payment Networks Become Targets

Fraudsters know the best way to make ill-gotten gains is to attack their target’s weakest point. That goal has become at least slightly more challenging for criminals as banks have stepped up their security measures and customers’ awareness of fraud threats has improved.

Despite these developments, fraudsters are undeterred. They continue to view their activities through the lens of expenditure of effort versus reward gained. Since banks and customers are harder to defraud, they simply turn their attention to other financial institutions (FIs) – namely, payment networks and processors.

The reason fraudsters have their sights set on these particular targets is simple. Payment networks and processors have not endured the same level of fraud attacks as many other FIs have over the years. While this might seem like a positive, it can come back to haunt these networks because they have less experience detecting and responding to such threats. This provides an opening for fraudsters to make quick gains before their efforts can be detected and shut down.

Authorized push payment fraud

Newly minted banking customers face more than just ATO attacks. The confusion and uncertainty caused by the pandemic also leave consumers vulnerable to coercion-related fraud like authorized push payments (APP) in which customers are tricked into transmitting funds to fraudsters and other scam artists. Losses related to APP scams reached approximately £455.8 million in the United Kingdom last year.

The influx of so many customers to digital banking channels raises the risks for APP fraud. Many digital banking newcomers are still unfamiliar with how these online channels work, which leaves them especially vulnerable to pandemic-related scams. Fraudsters can pretend to be representatives from a relief program, the customer’s bank, a government agency, or a non-profit organization and ask the customers to send them money. If the customer falls prey to the scam, the money can be sent immediately with little hope of recovery.

Pandemic-related social distancing has hampered banks’ ability to respond to APP fraud reports. The pandemic has forced many financial institutions to shutter branches or reduce the hours that staff is available in-person. This means many fraud analysts and call center personnel are working from home and unable to quickly share information that could flag or stop suspicious activities.

What banks can do to stop fraud

Here are some fraud prevention steps banks can take to not only protect consumers but also help FIs bolster their reputations and enhance customer relationships.

Sort good customer profiles from suspicious ones

Understanding fraud requires banks to understand what fraud looks like in action. In order to do this, banks need to understand what normal behavior looks like and where the fraudulent activity occurred. Using artificial intelligence and machine learning platforms can identify anomalies that would otherwise go unnoticed by the human eye. These technologies can detect when sensitive account details such as addresses, emails, phone numbers, or bank account information have changed frequently in a short period of time and whether this activity should raise suspicion.

Invest in Authentication

Like banks and other FIs, customers want to keep their money and data safe from fraudsters. Introducing authentication solutions that ultimately enhance the customer’s banking journey will not only help reduce the risk of fraud but can also boost confidence in a bank’s services and improve customer relationships. Solutions like two-factor authentication (2FA) and tokenized push notifications (which are more secure than SMS communications) can help to build digital trust with new banking customers without introducing a significant level of friction at the same time. Authentication solutions can consider data based on device identification and behavioral biometrics that can help banks understand what kind of behaviors are typically associated with customers and their devices.

Educate New Customers

Not long ago, banks did not want to discuss the threat of fraud because of the stigma associated with it. The financial services industry has come a long way and is now working to educate customers about how fraud and scams happen. This can help customers understand the risks and even pass along the lessons they have learned to their friends and family to help them stay vigilant as well. Investing in educational efforts can go a long way toward building digital trust and stopping different types of financial crime.

Break down internal silos

It can take traditional risk engines and rules-based engines a considerable amount of time to collect and ingest the relevant data and set up controls and rules to prevent such attacks. Banks can help address these shortcomings by breaking down internal divisions within their organizations. A fraud analysis team might look at data one way while a customer onboarding team might see things differently. These different teams need to find the synergy in their data to help them fight fraud more effectively. For example, merging fraud and anti-money laundering efforts (also known as FRAML) can help organizations gain more well-rounded insights and think of risk more constructively.

Key Takeaways

The COVID-19 pandemic forced many financial institutions and their customers to view banking differently. Fraudsters were eager to take advantage of the ensuing disruption for their own gains and will continue to get creative for both the current crisis and the ones that will inevitably emerge later. Banks – and other players in the financial services community – need to think differently about how they treat fraud in order to push back against it more effectively. Investing in tools that assess risk effectively can help FIs strengthen trust in their services during times of uncertainty.

Want to learn more about how banks are confronting fraud during a period of COVID-related disruption? Watch leaders from N26, Paysafe, Emailage, and Feedzai discuss how to build digital trust in our on-demand webinar Understanding The Role Of AI In A World Of New Consumer Behaviours.