With every passing year, there are new threat attacks and innovative variations of old fraud schemes that still reign successful. And criminals continue to do their possible best to gain financial benefit, by unearthing schemes designed to dupe consumers into providing their sensitive, personal details that allow access to their banking, card accounts, and mobile devices for authentication.
The ever-shifting landscape of cyber threats can be confusing for consumers and overwhelming for fraud fighters. Mix in the human factors of our “hurriedness” and sometimes over-trusting nature, sprinkled with our poorly created and lackluster password protections, and fraud prevention becomes increasingly challenging.
Banks have been forced into a position of combining payments innovations with a more proactive and layered approach to fraud prevention. “The scale of fraud attacks along with new mandatory regulatory requirements has forced FIs to expand fraud prevention into other areas for improvement,” says Yuval Marco, General Manager, Enterprise Fraud Management, NICE Actimize. “Financial institutions that embrace a modernized strategy incorporating machine learning and AI will not only bolster their defenses, but also enhance customer retention. This ensures a stronger and more resilient position in the face of these evolving threats,” continues Marco.
Sophisticated fraudsters are exercising widespread tactics via myriad communication channels (including text messages, phone calls, emails, and social media interactions) aimed at all ages, with the intent of gathering data useful for criminal intent. Below, let us explore a few of today’s more prevailing fraud schemes and the ways consumers can participate in protecting themselves and your bank from underhanded practices.
P2P Fraud
P2P (Peer-to-Peer) fraud schemes can show themselves in many different methods, and consumers tend to believe that they have protections because these transactions are tied to their bank accounts.
However, it is important to understand that there are no current regulated protections for P2P fraud. Schemes such as overpayment scams, charity scams, and marketplace scams are very popular within P2P transactions, and once the customer hits send there is no means to get the money back.
With today’s heightened use of AI (Artificial Intelligence), the criminals are implementing genius ways to trick consumers to release funds to the benefit of their financial gain. This is even more prevalent via the international channels.
PROTECTION: Check and double authenticate that funds are being sent to the intended person(s) or business. It is virtually impossible to retrieve monies once sent.
Ransomware & Data Breaches
According to the Verizon 2024 Data Breach Investigations Report, “roughly one-third of all breaches involved ransomware or some other extortion,” and direct extortion attempts, whereby accounts and/or devices are held hostage, have increased to over 9 percent. But many confuse the difference between a ransomware attack and elements involving a data breach.
While both cyber threats depend on speed and can be very damaging, a ransomware attack is normally tied to a threat towards targeted and/or specific individual(s) and is designed to infiltrate accounts with encryption, which is then not unseized until demands have been met.
A data breach is usually centered on a phishing attack that is aimed at many individuals, in attempts to capture personal details such as social security numbers, passwords, credit card information, and phone numbers.
PROTECTION: Ensure that data protection software is always current and maintain strong oversight into the who’s and the why’s of data access. Ongoing education is key to protection against these threats.
Provisioning Fraud
Provisioning fraud, also known as tokenization fraud, involves the algorithmic replacement of sensitive information through unique codes that safeguard personal data. Provisioning is one of the top practices in use today as protection from fraudsters trying to gain access to data, but the increase in ATO (Account Takeover) fraud has made fraud detections challenging.
“While tokenization is one of the most secure ways to transact, we’re seeing fraudsters use social engineering and other scams to illegitimately provision tokens,” said James Mirfin, SVP and Global Head of Risk and Identity Solutions at Visa. Fraudsters are accessing and provisioning tokens by way of social engineering and other scams that lure issuers to grant the tokens.
PROTECTION: Train against social engineering and acts of phishing. Issuers should decline any requests with a CVC 2 mismatch, and decline any suspicious activity, and/or request additional authentication by way of independent or segregated devices.
Costs associated with payments fraud can be sizable, and Machine Learning/AI will continue to make the battles within the payments space a bit more taxing. Combating new fraud threats takes a multi-layered and global approach, with the requirement of cross-industry collaborations. For organizations to make a dent in fighting fraud, getting employees, cardholders, and merchants on board and engaged is a must.