As we know, modern fraudsters are technologically savvy and agile. With the advent of Generative AI, the barriers to entry for fraudsters to breach financial systems or to carry out social engineering efforts against company customers (or employees) are lower than ever.
Through a recent customer roundtable and in-depth interviews with Fraud leaders, we compiled some insights about the biggest Fraud trends seen in 2023 and how 2024 is shaping up for these organizations. Five trends emerged.
- Checks aren’t going anywhere.
- Phishing is a multi-pronged problem
- Elder exploitation is rampant in crypto
- Regulations will move mountains
- Data shared is money saved
Let’s go deep into each of these areas
Checks aren’t going anywhere in Fraud
The data and research point to Checks being obsolete and no longer an instrument we use daily. However, a closer look at the data around Check Fraud tells a different story.
In 2023, around 16 billion checks were processed in the United States, down 5% annually from an initial 40 billion in 2003. Interestingly enough, banks reported 680,000 reports of check fraud in 2023, nearly double that in 2021.
Neobanking participants on our roundtable spoke in depth about Remote Deposit fraud resulting from stolen checks.
“As a neobank, we are seen as the solution for customers to stop relying on older financial instruments like checks. However, the reduction in law enforcement around the postal service has created a large repository of stolen checks which even make their way into our services.”
To make things even more challenging, fraudsters are also legitimately acquiring customers’ accounts by paying them nominal sums of money. This results in a set of ‘clean’ credentials, which in turn are used to defraud companies for several thousand dollars.
Furthermore, regulatory frameworks such as provisional credit can really hurt online neobanks and fintechs because their systems are primarily designed for customers to move money quickly. By the time a check transaction has been settled, a fraudster can take off with the provisional credit prior to settlement, resulting in a negative balance on their neobank accounts.
Phishing is a multi-pronged problem
Social scams are a tale as old as time. As fraud mitigation techniques and technology systems continue to evolve, so do the scams' natures. At our roundtable, we heard a lot about emergent areas of fraud powered by new-age technology like Generative AI, which makes social engineering easier, allowing fraudsters to do more with less.
Phishing - a way of defrauding victims into sharing sensitive information (most commonly seen in emails) is steadily rising, up 61% since 2022. Fraudsters can spin up legitimate-looking websites and hoodwink customers into sharing sensitive information such as account credentials. Some fraudsters also perform phishing by buying ad space on search platforms such as Google or on social media platforms like Twitter or Instagram, where they pose as support agents and obtain account credentials, in most cases resulting in Account Takeover by fraudsters, eventually culminating in fraud loss for the financial service provider (an FI or a Fintech).
Other forms of phishing and manipulation discussed at the roundtable centered around AI. Primarily, several of our customers are concerned by the advent and proliferation of deepfake phishing. A fraudster typically poses as a customer support agent via AI-generated Interactive Voice Response (IVR). It redirects customer escalations to their devices, eventually manipulating customer(s) into performing transactions or taking over their account under the guise of customer support tickets. After all, if the Securities Exchange Commission (SEC) themselves can fall prey to account takeover, anyone can.
Finally, the much-debated Reddit post about Stable Diffusion (By Stability AI, a popular Generative AI image generation platform) was discussed from a technology innovation and a fraud standpoint. Simply put, even non-tech-savvy fraudsters' ability to clone human images and videos using AI promises to be an operational nightmare for financial services providers in the foreseeable future.
Regulatory frameworks can impact fraud strategies
Much of our discussion's focus was on upcoming regulations, modernization, and changes in existing regulations. The most recent change that has been announced that could have ramifications as it pertains to ACH fraud is the NACHA ruling from Mar 18, 2024.
According to this ruling, even the receiving financial institution (RDFI) is liable to screen and monitor incoming ACH payments to prevent fraudulent transactions in the network. Our view - shared by our panel of industry experts, is that several changes to the regulatory structure are imminent. Some that were discussed were:
- Data Furnisher Regulations: Section 623 of the Fair Credit Reporting Act states that a furnisher must not provide inaccurate consumer information to a credit reporting agency and must investigate all consumer disputes.
- The Frank-Dodd Act: This legislation restricts banks from trading with their own funds (the “Volcker Rule”), heightened monitoring of systemic risk, tightened regulation of financial products, and introduced consumer protection initiatives.
- Liability shifts: As evidenced on two occasions here, several regulations are being updated or new ones are being formulated to increase liability for FIs or Fintechs and further protect consumers from fraud losses.
- Real-time payments: There is a general wariness among the industry that faster payment methods will result in more fraud schemes, oftentimes making it impossible to block or reverse transactions until after the fact, resulting in either the originating (ODFI) or receiving (RDFI) institution requiring to make the customers whole. This is somewhat akin to scams (Ex, Pig Butchering) in crypto, wherein a transaction that is initiated by the sender cannot be reversed.
With all these and more on the horizon, financial institutions and fintechs are already looking ahead to fraud mitigation strategies that can help them stay ahead of the curve and ensure that the regulatory changes that are taken in the interest of consumers do not adversely affect their business lines.
Elder exploitation is rampant
The evolution of payment rails over time has continued to create pathways for fraudsters to evolve and develop new schemes. By design, crypto transactions are not reversible - coupled with the fact that regulatory oversight in the space is still limited. This creates a loophole that fraudsters are ruthlessly exploiting, and people over 60 are their victims of choice. For example, since February 2024, the Unit21 Fraud Consortium has seen over two thousand elder exploitation cases through crypto rails.
The typical pathway that fraudsters elect to use is to pose as law enforcement officials (supposedly belonging to organizations such as the IRS and public utilities) and eventually convince these users to send their ‘outstanding’ payments to crypto wallets controlled by the fraudster, leaving the victims in losses and their service providers unable to provide assistance or process refunds and/or reverse their payments. As these customers are likely quite experienced in dealing with traditional banking rails, they have come to expect the same degree of protection they can avail through banks even at non-traditional FIs. Scams of this nature create reputational damage for these organizations, on top of the fraud losses that the consumer directly absorbs.
Collaboration can create a safety net
Collaboration among financial providers has long been discussed as a potential solution to fraud loss mitigation. Be it sharing fraud labels and insights, creating industry forums, or lobbying to help affect regulatory changes that benefit the industry, cross-industry collaboration is the way to go. In this vein, consortium data (a core part of Unit21’s product offerings) was discussed as a way to share fraud insights and a community that can be built to foster the sharing of fraud trends and prevention of fraud proliferation. The attendees learned more about the Unit21 Fraud Consortium, from the product to its application in day-to-day operations. Since its launch in February 2023, the Fraud Consortium has added 45 participants to its network, sharing insights about thousands of fraudulent accounts on a weekly basis.
Two problems in the industry were discussed when it comes to the implementation of consortium data in workflows:
- Scarce availability of technological resources for fraud teams
- An absence of unified labels for known fraud patterns results in an industry-wide lack of transparency and clarity.
As a solution, the Unit21 Fraud Consortium was discussed. The product is fully integrated into Unit21’s rules engine, meaning that customers can use the consortium data services natively within their existing Unit21 environment. Further, it is free of charge, meaning that such customers can skip straight ahead and find value through the data without justifying dollars spent on fraud solutions. Finally, the product requires no engineering effort to integrate with, instead relying on the rule engine and Unit21’s workflow buttons for members to populate a unified list of fraud labels with a single click.
We also demonstrated our patent-pending hashing algorithm, which allows customers to leverage the Fraud Consortium without sharing sensitive PII. This means that all participants can focus on deriving value from the data without being concerned about reputational, financial, or regulatory risk from sharing data with the system.
How you can join our community
To gain insights directly from Unit21’s Fraud Fighters network and to leverage our Fraud Consortium, schedule a demo.
Subscribe to our Blog!
Please fill out the form below: