All posts by Mike Gross, VP, Applied Fraud Research & Analytics

Mike Gross, VP of Applied Fraud Research & Analytics, takes a look at the seven top global fraud predictions for 2022. A new wave of deep fake synthetic identity fraud Fraud-as-a-Service is just a click away Real-time payments = faster fraud Fintech growth comes at a cost The two-fold reality of ransomware attacks Supply chain issues expand marketplace scams Digital identity’s convergence of identity verification and fraud detection Digital acceleration is transforming the way financial services providers connect with consumers. The rise of Fintechs, cryptocurrency, and embedded finance options from alternative lenders has changed the face of the financial services industry, and a secure but seamless customer experience has become the gold standard for businesses. Driving this demand is consumers, led firstly by a natural shift towards digital encouraged by disrupter technology providers and their easy-to-use products, and secondly by the pandemic-induced online boom. But with these changes come opportunities. And not always positive ones. As businesses grapple with how to keep up with digital demand from consumers, they are also dealing with an evolving fraud landscape, with online payment fraud losses alone set to exceed $206 billion between 2021 and 2025*. Fortunately, advancements in fraud detection and prevention methods have also accelerated, with machine learning and AI enabling businesses to keep pace with rapidly evolving fraudsters. But how have such rapid changes in the industry impacted criminal activity in this space? We look at seven key global fraud predictions for 2022. A new wave of deep fake synthetic identity fraud 2021 has seen a surge in deep fake identity fraud, and that looks set to continue. The development of AI to impersonate consumers’ voices and faces is becoming more prevalent, making it challenging for businesses to verify and authenticate identities. With recent advances in deep fake technology, fraudsters can leverage compromised identity data to bypass verification controls, and then either create new synthetic profiles with documents, facial images, and voice cloning to bypass identity authentication requirements for secure exchanges like government benefits sign ups. These deep fake tactics can impact businesses’ ability to recognize consumers across the entire lifecycle, but particularly at the point of enrolment and authentication. Detection and prevention of deep fake identity fraud involves applying a layered strategy of technical defenses along with a vigilant approach. Requiring identity data or documents in isolation is not sufficient. Organizations need to fight fire with fire by capturing digital and behavioral data to complement identity controls, then using AI and machine learning to analyze interactions and spot fraud. Fraud-as-a-Service is just a click away The use of automated bots by fraudsters to impersonate businesses and socially engineer their customers is also growing rapidly. As fraud controls become even more effective at thwarting traditional attacks, fraudsters see an opportunity to evolve their tactics and capitalize on advances in voice bots. In 2022 and beyond, a large portion of fraudulent transactions will be submitted by legitimate consumers who are being socially engineered to not only provide data, but to use their own devices to submit what they believe are legitimate transactions. Banks globally are already witnessing the start of this trend, as fraudsters can now purchase bots to contact consumers, impersonate their banks, retrieve one-time passwords, and forward those codes to fraudsters to complete fraudulent transactions. Historically, fraudsters couldn’t scale this type of attack to manage thousands of calls to consumer victims, but now they can just hire a bot that sounds and acts just like a bank reaching out to their customers. As a result of this success and the cost effectiveness of bots, fraudsters are expanding operations to impersonate every type of business, from retailers to government organizations. Real-time payments = faster fraud Faster money often means faster fraud. Real-time payments (RTP) increased by 41% between 2019 and 2020 and are set to rise again by 23% between 2020 and 2025*. From mobile payments all the way to Buy Now Pay Later, RTPs have provided ample opportunity for fraudsters to quickly monetize and cash-out – converting money to other forms of currency like crypto and then laundering the funds through multiple fraudulently-established accounts. The lack of regulation in cryptocurrency makes it an especially attractive target for fraudulent activity because attackers can more easily remain anonymous and funnel funds across currencies in mere seconds. Crypto exchange platforms have profited from the unregulated environment but are starting to pay the price when it comes to fraud losses. The speed of real-time payments presents unique challenges to businesses because they often can’t be revoked or easily traced, so detection can be more difficult. But the demand for RTP is only increasing, so consistent regulations need to be in place and organizations must be able to accurately verify and authenticate identities and transactions across channels in seconds to detect criminals preying on these faster payment methods. Fintech growth comes at a cost Buy Now Pay Later has exploded over the last year. Alternative lenders now dominate the retail landscape, embedding themselves in customer journeys, offering consumers fast and easy credit, and minimizing fraud liability for merchants. But these disruptive businesses offering tailored financial products based on vast amounts of customer data have the potential to leave the door wide open to criminals. A frictionless customer experience and easy-to-use technology has allowed these nimble businesses to attract millions of customers, and with it, huge volumes of fraud. According to Aite-Novarica Group, Fintechs have an average fraud rate of around 0.30%, which is double that of credit cards that average 0.15-0.20%. 2022 is likely the year that Fintechs put risk at the forefront of strategy. Without the right identity and fraud protections in place across their websites and apps, they not only risk fraud losses, but they could also damage brand reputation. And without quick, comprehensive fraud reporting back to the businesses they serve, they also risk enabling even more downstream fraud attacks. The two-fold reality of ransomware attacks As businesses experience extortion in the form of weaponized malware, the sophisticated nature of AI used in ransomware attacks is rapidly evolving, allowing attackers to be even more successful at extracting data and wreaking havoc. A business’s data is the primary commodity that the fraudsters use to negotiate ransom payments, but the stolen data of that business’s customers is often forgotten, which can be an even greater concern. This growth in ransomware and the availability of sensitive consumer and business data will not only drive attacks in 2022. It will likely change the nature and depth of those frauds using newly-available data such as business financials or consumer medical conditions or employment details in more pervasive attacks. Organizations falling victim to ransomware must understand all of the data that has been compromised and should notify its customers so they can take steps to prevent future identity or other fraud attacks. Supply chain issues expand marketplace scams We expect to see more issues with marketplace fraud as supply chain issues and inflation persist through 2022. Where there are supply gaps, fraudsters will meet the pent-up demand with products that don’t exist, scamming customers to part with money for nothing in return. In the current marketplace environment, it’s easy to set up a fake business with positive reviews. And because consumers have no way to verify the authenticity of a business, they roll the dice on what seems too-good-to-be-true, lose money, and then try to recoup funds from their financial provider. This is another area where BNPL providers will end up bearing responsibility for a lot of retail fraud in 2022, as they take on liability for the fraud and credit losses that fueled their rapid growth. Digital identity’s convergence of identity verification and fraud detection Password-free experiences led by the ubiquitous smartphone and the ability to make real-time payments has resulted in a demand for a seamless, uninterrupted customer journey. But central to all of this is identity authentication. As identity verification and fraud detection continue to converge, the big question is, how can a secure, consumer-friendly approach to digital identity be adopted and regulated, and by whom? The announcement of the European Digital Identity scheme shows that governments are beginning to move in this direction, but there is still a long way to go. As authentication and onboarding systems continue to be targeted by fraudsters, the bid to create secure, reusable digital identities to enable more seamless commerce and to mitigate fraud and criminal activity becomes more critical. This is a concept that is dominating the conversation and one that we expect to play a big role in fraud prevention in 2022 and beyond. *Juniper Research Stay in the know with our latest research and insights:

“Password Incorrect"Are businesses making progress identifying customers online, or are they continuing to frustrate those customers with archaic identification and authentication methods? Businesses engaging with their customers online walk a precarious tightrope between offering a frictionless experience and securing user accounts against fraud. But with ever-evolving technology, we look at how businesses can get a grip on the changing world of fraud while offering a great customer experience. While easy digital experiences matter to end-users, especially now that any physical customer interaction is temporarily on hold, make no mistake about it: security is the most important factor when it comes to building trust with your customers. In fact, our annual Global Identity & Fraud report, published in February 2020, found that 74% of consumers consider security the most important factor related to their willingness to conduct business online. Moreover, ease of access to their accounts was a close second, with 72% of respondents saying they want less friction and more user-friendly solutions. But keeping track of multiple, complex passwords across hundreds of digital accounts and running a gauntlet of authentication hurdles is the antithesis of what customers want. The Evolution of Identification Businesses that are truly committed to providing customers with a secure and frictionless experience online are moving beyond traditional fraud mitigation methods when it comes to customer identity. They're adding multiple intelligent layers, many of which are completely invisible to end users, to add security and enable the fast, easy access customers expect. Traditional analogue measures, like signature cards and face-to-face interactions with customers by a bank employee, are nearly extinct. Now, like those dinosaurs of the pre-internet world, many digital fraud protection measures are also being rendered obsolete because they just aren't robust enough to confidently identify customers. But technology can help businesses address this disparity. More sophisticated strategies, such as the development of machine learning and artificial intelligence, can provide faster and more accurate authentication – while being less intrusive user experiences. Technology for Trust Thanks in large part to the rapid growth of smartphones and mobile devices, we've seen more sophisticated methods of authentication. One of the most common forms of two-factor authentication today are the nearly ubiquitous one-time passcodes that are sent by email or text. This second layer of authentication ensures that the user is in possession of the hardware being used for access and has access to a confirmed email account or mobile device. A downside of using these codes for verification, however, is that the user has to access email or messaging, which adds friction to the process, and is still not (on its own) immune to fraudsters. There is no one-size-fits-all solution The white knight of trust is a dynamic approach to both identity verification and authentication. To accomplish this, businesses need to layer solutions that provide insight into devices and behaviors on top of traditional two-factor options. Then apply advanced analytics to stop fraud while allowing 99% of customers to breeze through sign-up and ongoing account access. Many of the latest identity authentication controls are 'passive', so customers won't even notice that they are happening, making the customer experience both secure and smooth. Passive authentication can include behavioral risk assessments that compare the device against historical activities from the customer as well as evaluate how the customer is inputting information or navigating the page. This, paired with other measures such as enrolling customers' biometrics and using them for ongoing account accesses, can help ensure a seamless online experience. Looking for the right signals across data sources can quickly flag risk and move the customer through the digital enrolment or login without unnecessary friction. Related articles: Covid-19 as a Gateway to Fraud: Top 5 Global Fraud Trends to Watch Out for in 2020

The year 2020 will go down in history. That much is certain. Businesses are acting quickly to revise strategic and operational plans that seemed perfectly valid in January – now almost impossible to imagine, just a few months later.   However, predictions around fraud trends still stand. The opportunistic nature of hackers means that a global crisis can create the perfect breeding ground for fraudulent activity, and with users increasingly seeking solace and communication via digital means, businesses and consumers need to be even more vigilant.       Here’s what we found earlier in the year. Investment in fraud prevention is on the rise. According to our 2020 Global Identity & Fraud report, 84% of businesses say they are either investing more or maintaining the same budgets when it comes to identity-related fraud prevention. But with a complex digital landscape, rapid changes in consumer behavior, and customer experience playing a central role, how can businesses be sure that they are investing in the right place? We identified the top 5 global fraud trends to watch out for in 2020: 1. Authorized push (or wire transfer) payment fraud In the past 12 months, the most common fraud attack encountered by businesses were authorized push or wire transfer payment fraud (41%). Set to continue into 2020, authorized push payment fraud (or APP) is where victims are tricked into authorizing a payment from their own account to another account which is being controlled by a criminal. Fraudsters can socially engineer consumers or intercept communications, changing key information such as account details, leaving victims believing that they are authorizing a legitimate transaction when in fact they are making a payment into a criminal's account. Validation is crucial in tackling APP fraud Push payment fraud can be prevented with a validation exercise which carries out real-time checks, dramatically reducing the chances of payment fraud and error. It can be used to confirm that the beneficiary of a payment owns the bank account to which a payment needs to be sent to. As with many fraud prevention methods, one layer of verification is rarely enough so it's important that techniques like real-time validation sit within a wider fraud prevention and authentication strategy. 2. Account takeover fraud Next in line is account takeover fraud (37%), which is expected to significantly increase in light of the recent global pandemic. This is when a fraudster gains access to an account that doesn't belong to them and makes unauthorized transactions, sometimes changing key credentials of the account such as the rightful account owner's personal information or log-in details. This type of attack often involves phishing attempts to compromise customer data is much more likely in light of various government assistance programs due to the crisis. In recent years, fraudsters have done a great job of taking over bank login credentials, getting access to a user's account, then calling that account holder to inform them a fraudulent transfer is being attempted from their account. Since customers know that banks typically send SMS one-time-passwords for customers to verify transactions, the attackers use that layer against the account holder. Know Your Customer (KYC), Customer Identification Program (CIP), use of passwords and physical biometrics make up the top solutions currently used by businesses to detect and protect against fraud based on regulatory requirements. Although businesses seem confident in the ability of their existing solutions used to detect and protect against fraud, they are reporting 57% higher losses associated with account takeover fraud, so what's going wrong? Businesses must confidently engage customers using holistic and advanced, risk-based identity and device authentication, as well as targeted, knowledge-based authentication that allows good customers to move throughout the process and frustrate fraudsters. 3. Account opening fraud The third key fraud trend to watch out for in 2020 is account opening fraud. This takes place when criminals use stolen personal information to open new accounts for fraudulent activity such as borrowing money in another person's name. Identity verification is often the easiest control to bypass because so much identity data is compromised. Averting account opening risk requires strong identity authentication, proving that the person applying for the account (often digitally) is indeed the legitimate consumer. Acquiring legitimate customers from the beginning, whilst balancing a seamless customer experience is the challenge businesses face when it comes to account opening fraud. By improving the application process and identity-based authentication measures, businesses can decrease customer acquisition costs, reduce false positive rates, and save manual reviews for when they're really needed. 4. Transaction payment fraud Transactional payment fraud is any unauthorized transaction using stolen payment details or data. Fraudsters involved in this kind of criminal activity can range from small-scale amateurs to large-scale cyber-criminal rings. Criminals access stolen details in many ways, including phishing emails, and even direct contact with the victim. The key to combatting transactional payment fraud is the ability for businesses to quickly detect irregular activity, and then distinguish between legitimate and fraudulent transactions in real-time. In transactional fraud, strong fraud machine learning models and pattern and anomaly detection logic are key passive controls, with step-up challenge layers requiring customers to provide additional identity authentication when trying to complete high-risk activities or anomalous transfers. 5. Synthetic identity fraud (also known as fictitious identity fraud) One of the newest types of fraud, synthetic identity fraud uses a blend of fake information and real data to create brand new fake identities that expert-level criminals use to establish and build up an online credit history. Businesses can invest time and money in chasing people that turn out to not even exist. Synthetic identity fraud is an insight into the evolving world of fraud, and a reflection of how the criminal world reacts to sophisticated fraud prevention by becoming ever more sophisticated themselves. The role of advanced analytics The deployment of robust link analysis that monitors over time the use of identity elements such as name and Social Security/National Insurance, plus many other forms of personal information is paramount in tackling fraud. The ability to detect when identity elements look to be used inconsistently or at high velocities can be an indication of larger identity compromises or synthetics. Businesses should also utilize device intelligence to monitor common access points through which more organized fraud schemes may be occurring. In some instances, synthetic identity detection scores can also make up identity verification and fraud prevention layers, providing businesses with a separate synthetic identity score with each account opening event. This is because synthetic identity is difficult to detect with traditional verification controls or risk models. The good news is that the strategy to protect your customers and your business from these different trending types of fraud is similar - organizations need a strong layered series of defenses to both to recognise legitimate customers and to quickly pinpoint attackers if they want to combat fraudsters. New research available: The global impact of Covid-19 on businesses and consumers - September/October 2020