2020 fraud trends: Are you prepared for what the future holds?

In an environment where fraud is evolving by the hour, Andy Renshaw, VP, Banking Solutions at Feedzai, offered his opinion on what the 2020 fraud trends are

If fraudsters’ new year’s resolution is to commit more frequent, more tech-savvy financial fraud, they could teach a class to many of us on how to stick to resolutions. According to KPMG’s inaugural Global Banking Fraud Survey, retail banks experienced increases in total fraud value and volume in 2019. Fraud scenarios that increased included identity theft, account takeover (ATO), card not present, and authorised push payment scams.

What’s more, fraudsters seem to gain ground every year by using the same cutting edge technology the payments industry uses to tackle fraud. In this one-step forward, one-step-back scenario, how can banks and payment processors thwart bad actors and reduce their continuous attacks? Here’s where the old axiom from Benjamin Franklin holds — an ounce of prevention is worth a pound of cure. To prevent fraud, you have to be prepared for it.

Here are seven fraud trends to prepare for in 2020.

1. Authorised push payment fraud (APP) – The Financial Conduct Authority implemented a rule that went into effect on 31 January 2019, which allows victims of APP fraud to complain to the receiving payment service provider (PSP), not just to the sending PSP. Unfortunately, this rule did little to slow the rate of fraud. In the first six months of 2019, fraudsters stole GBP 207.5 million from unsuspecting victims by manipulating them into authorising payments, up 40% from the same period in the previous year. Compounding the situation, refunds to victims decreased by 2%, from 21% in 2018 to 19% in 2019. Fighting real-time payment fraud authorised by the account holder may feel like a losing battle, but PSPs, who leverage data from across the organisation — from customer service to financial transactions to the fraud department — to gain a holistic view of the customer and then determine the best fraud layers to manage that data and leverage insights, can decrease incidents of APP fraud.
2. SMS spoofing – SMS spoofing is one tactic used to commit APP fraud. SMS spoofing uses technology to impersonate a trusted party such as a PSP as the sender of an SMS message. Victims receive messages that appear to be from their banks but are actually from fraudsters and act out instructions believing to be from their PSP.
3. Deepfakes and voice biometrics – Facial recognition to unlock cell phones or voice biometrics to command smart home devices generate Jetson-era excitement until criminals get their hands on them. Enter deepfakes, AI-created fake images, videos, or audio manipulations. Criminals recently made headlines in the US when they slowed down a deepfake video of Congresswoman Nancy Pelosi to make her appear drunk. In the EU, a CEO of a UK-based energy firm was defrauded of USD 243,000 when a deepfake voice, sounding exactly like his parent company’s CEO, instructed him to transfer the money to a Hungarian supplier. Expect criminals to increasingly utilise deepfakes to target the C-Suite and PSP’s authentication procedures to commit financial fraud.
4. Social and voice banking – Innovative banking channels, such as social and voice banking create new avenues for automated payments. While the convenience of these new channels is obvious, the registration processes for these services remain relatively weak with known loopholes. Financial criminals might be the unintentional winners in the race to create exceptional customer experiences.
5. Breaching 2FA – As the use of two-factor authentication (2FA) grows, due in no small part to PSD2 in Europe, so too do circumvention techniques like SIM swapping. SIM swapping exposes weaknesses in 2FA, particularly when criminals attempt account takeover fraud. Scammers might report a device as lost and ask mobile providers to activate a new SIM card with a customer’s phone number. If the customer service agent believes the criminal, the victim's phone number gets activated on the criminal’s device. Now they can circumvent 2FA because they’ll receive a text message or phone call with the verification code they need to log in. Authenticator apps are stronger as they do not have these vulnerabilities, but these are only as secure as their reset processes, which often have inherent weaknesses.
6. Institutional disruption – Fraudsters like nothing more than large scale campaigns that cause disruption. They can use events such as bank mergers or Brexit as reasons to ask the customer to revalidate credentials or update settings. This angle applies both to social engineering and collecting customer data for ATO attacks. As we see more mergers and government changes, expect a rise in linked fraud attacks as well.
7. Return of the ATM – In the digital transformation era, it almost seems absurd to think the ATM, a machine that requires physical travel to it, would make a comeback. Yet, two key trends could lead to a growth in ATM fraud. First, banks are increasing the services available at ATMs (cardless cash withdrawals, real-time payments), which means low tech fraud, such as card theft, could lead to raised fraudster access. Secondly, fewer ATMs are housed at banks and instead housed wherever is convenient for customers. As such, they may create less secure environments where theft, such as shoulder surfing and card skimming, are easier to carry out.

Perfect vision is 20/20. Let that inspire your 2020: realise a reduction in fraud from 2019’s numbers. Yes, it’s ambitious, but many organisations have the data to detect and prevent fraud. It’s time to connect the data across the entire organisation. Some of the most proactive stances against fraud you can take are: break down data silos; integrate teams, processes, and systems; and use the most advanced technology available. With a resolution like that, you won’t need hindsight to have 20/20 vision; you’ll have it in 2020.

About Andy Renshaw

Andy Renshaw has over fifteen years of experience in banking and the financial services industry, in which he has led large programmes and teams in fraud management and AML. Prior to joining Feedzai, Andy held roles in large financial institutions such as Lloyds Banking Group, Citibank, and Capital One, where he fought against the ever-evolving financial crime landscape as a technical expert, fraud prevention expert, and a lead product owner for fraud transformation.

About Feedzai

Feedzai is the market leader in fighting fraud with AI. We’re coding the future of commerce with today’s most advanced risk management platform powered by big data and machine learning. Founded and developed by data scientists and aerospace engineers, Feedzai has one mission: to make banking and commerce safe. The world’s largest banks, processors, and retailers use Feedzai’s fraud prevention and anti-money laundering products to manage risk while improving customer experience.