Sun Tzu himself pointed out that if you know the enemy and know yourself, you need not fear the result of a hundred battles. So in this series on the Anatomy of the Fraudster we zoom in on how the fraudster works. Because when we know how fraudsters operate and where our (organisations’) behaviour enables them, we can protect ourselves.
So let’s take a look at the ‘fraud-trends’ in 2021.
When we focus on online fraud, we might think about huge organisations and systems under attack. But human beings are so much more vulnerable to fraud and hackers than governments or businesses. One deceiving story, or a Business Email Compromise (BEC), and people are tricked into transferring money to criminal bank accounts.
Even now, during a global health crisis, social engineering is the weapon of choice for many fraudsters. Interpol Orange Notice warns, for example, against the falsification, theft and illegal advertising of fake COVID-19 and flu vaccines.
These are just a few examples of large-scale, cross-border fraud schemes where social engineering was involved.
Even though social engineering schemes are popular, card fraud remains the most common type of fraud in countries where card penetration is high.
The card fraudster buys credit card data on the so-called darknet using cryptocurrency. These data are mostly stolen through phishing or hacking. Card-not-present (CNP) fraud and card-present (CP) fraud are the two main types of card fraud that require different detection and prevention strategies.
Even though a friendly fraudster sounds nice, their actions aren’t and still cause a lot of damage.
Friendly fraud happens when a customer tries to get money back from a legitimate transaction by filing a chargeback. The cardholder received the product but lies to their bank, claiming they didn’t authorise the purchase or they never received the product. The merchant loses the delivered product, the amount paid for the product, and the merchant has to pay a chargeback fee for the disputed transaction.
According to the FBI, friendly fraud is one of the top 3 threats to e-commerce. It is the most common and costly chargeback fraud scheme. The majority of chargebacks consist of friendly fraud.
A variation on this friendly approach by a fraudster is the first party application fraud. When fraudsters apply for loans or credit cards by using their own identity, this is called first-party application fraud. After the approval, they cash the loan and disappear below the radar. 40% of application fraud involves using fake IDs or combining stolen data of several victims.
Skimming or copying is the new counterfeiting. Fraudsters add stolen card data to a fake plastic card to take over the accounts of their victims. The skimming devices can be found everywhere that transactions are done: at gas stations, restaurants, movie theatres or ATMs. A hidden micro-camera may film the PIN code that is being entered. Also, fraudsters can ‘fish’ an individual’s private or financial data through emails, SMS or VM messages (SMS’ing or vishing).
Skimming isn’t easy to detect. Though, in regions where merchants massively accepted EMV chip-enabled card payments, counterfeit fraud was reduced by 75%. (VISA, 2019).
Fraudsters follow their (potential) victims anywhere. And one of the most popular places on the internet is social media. Especially in times where we cannot meet up in person as much as we used to.
Reports of social media fraud scams where victims were tricked into spending vast amounts of money tripled in 2019, with a sharp increase after the worldwide lockdowns increased social media activity. The US Federal Trade Commission announced that reported losses through social media fraud scams climbed to nearly $117M during the first half of 2020. Reported scams often are related to online shopping, romance scams, and fake income opportunities. Many reports involved web shops that didn’t deliver sold products and nearly one-quarter of the victims were ‘seduced’ to buy products or services promoted through deceptive advertisements.
A remarkable shift is seen in the numbers of Identity (ID) Theft; the people targeted by these fraudsters are getting younger.
Identity (ID) theft happens when someone steals personal information to commit fraud.The identity thief may use your information to apply for credit, file taxes, or get medical services. These acts can damage your credit status, and cost you time and money to restore your good name.
Using stolen or lost cards is named lost/stolen fraud a in payment scheme. A couple of recent cases show the damage caused by this type of fraud. Operation Carding Action 2020 disrupted criminal trade in stolen credit card data on the dark web. Together with law enforcement in Italy, Hungary and the UK, Interpol analysed 90.000 pieces of credit card data and prevented around US$48 million in losses for both consumers and financial organisations.
While fraudsters used to target the elderly, more younger victims are reported now:
Account takeover occurs when a criminal takes over another person’s genuine account. Based on the customers’ personal information obtained through data breaches, fraudsters can impersonate the actual cardholder and request a replacement card by falsely reporting theft or loss.
If customers do not actively monitor their transaction history, account takeover can go unnoticed for quite some time.
Although the takeover is sometimes hard to detect, tools to prevent it are available. Automated transaction monitoring tools can detect this type of fraud in time - and save a lot of damage.
More and more transactions take place in the digital world and fraudsters follow the money. To prevent and detect fraudsters, the online detective needs digital support. BPC’s Fraud Management solution helps issuers, acquirers and others detect and prevent fraud across all payment channels, in real-time. The SmartVista Fraud Management solution covers real-time transaction monitoring and allows performing statistics profiling on any level – customer, account, card, terminal, merchant or device.
Do you need better fraud protection for your financial institution? Talk to our team, we can help from ideation to go live and share invaluable experience.