Fraud Protection & Compliance
A lot has changed since the last pre-pandemic FICO World conference, held in November 2019 in New York City. This year at FICO World 2022 there was ample opportunity to analyze just how much the pandemic has changed the fraud and financial crime landscape. (Check out my post “The Role of Data in Managing Fraud and Financial Crime Today,” a recap of one of my FICO World breakout sessions.)
Even though I had my hands full hosting sessions at the event (and spending some quality time at the Universal Studios theme park), I was also excited for the session “Fraud Trends – How Have Fraud Departments Responded to Unprecedented Times, and What’s Next?” The discussion was chaired by Debbie Cobb, Sr. Director, Product Management at FICO, and included panelists:
- Julie Conroy, Head of Risk Insights and Advisory at Aite-Novarica Group (US).
- Ulisses Okamoto, Fraud Risk Management Superintendent at Itaú Unibanco (Brazil)
- Kerem Özdamar, Fraud Risk Analysis & System Development Manager at Garanti BBVA (Turkey)
This diverse group of professionals examined major global fraud trends and the innovations that are helping them respond to and control the threats. From the impacts of COVID-19 to the role of regulation and new technology, the discussion touched on themes that all fraud fighters care about.
Welcome to the ‘Scampocalypse’
During the pandemic a slew of big changes happened in a very short time. People stayed (and worked) at home. We began transacting on our mobile phones like never before. And we all became a little more jumpy, I’d say, especially upon hearing anecdotes like this: When Debbie kicked off the session by asking panelists to identify the most “interesting” fraud development they’d seen during the pandemic, Ulisses said that in Brazil, it was “the fake moto boy scam.”
Here, the fraudster places a voice call to the victim, pretending to be the bank, and tells them there’s a fraudulent transaction on their card. The fraudster instructs the victim to cut the plastic in half – a symbolic touch, I’ve got to say – and tells the victim they are coming by to pick up the destroyed card as a courtesy. When the “moto boy” rolls up on his scooter, the customer hands them the halved card, and the fraudster asks for the customer’s online banking login and password to “verify” that the customer’s account is safe.
With that information, the fraudster is already set to inflict maximum damage. But, Ulisses said, “There have been several cases in which the fraudster asks for the victim’s cell phone and laptop, under the pretext that the bank wants to do some ‘forensic analysis’ on these devices to ‘support the investigation.’” Victims have additionally handed over these items, clearly rattled by the prospect of being, well, victimized.
Julie Conroy agreed that examples like the moto boy scam show how “creative and personal” fraudsters can get with social engineering. She said it’s indicative of “the ’scampocalypse’ (also known as the ‘scamdemic’) we’re seeing now in the wake of the pandemic. There are so many ways for fraudsters to get into the digital channels, and they are preying on some of society’s most susceptible.”
Julie cited Aite-Novarica research that illustrated how much traction mobile transactions had gotten during the pandemic. “A lot of the folks who are digital newbies are engaging more with online banking,” she said. “At the end of 2020, of those who had tried digital channel, 39 percent had tried P2P [person-to-person] payments. This gives banks more engagement opportunities but also vastly increases the attack surface.”
How Did the Pandemic Change Fraud?
Large numbers of mobile transaction adopters during the pandemic encouraged financial criminals to up their game. “Fraud attacks tend to be high intensity and for short periods; we have less time to react or we miss the fraudsters,” Ulisses said. “The challenge is how to find, react and stop fraud quickly despite the fact that you are not able to tell, with group-level certainty, if the real customer performed that transaction or not.”
In fighting back, he said that one of the techniques banks have successfully used is behavioral preferences. On their mobile banking apps customers can specify how much they plan to spend on a day, in particular categories, and set limits. “This gets customers involved in fighting fraud, and is a good control measure for us,” he said.
Kerem added, “When money leaves the bank [after a fraudster has been successful] that’s another challenge.”
A Silver Lining
“Fraud is a journey without a destination,” Julie agreed. But she said the good news is that “as we saw digital channels surge during pandemic, a lot of institutions reprioritized their technology investments. Things that had been wish lists for mobile channels – new analytic models and protections against application fraud for example – from that perspective I think we’re coming out much more fortified.”
“Fraudsters shift to go after the path of least resistance,” Julie continued. She cited deposit fraud as having “gone through the roof” in 2022, particularly in North America where losses are skyrocketing.
Looking Back and Moving Forward
Wrapping up the session, Debbie asked the panelists what they wished they knew two years ago that they know now. Julie again offered her broad perspective: “One of the things we’re seeing a lot of Monday morning quarterbacking around is first-line, second-line and third-line types of operational responses, particularly around disputes.”
She explained that as the world entered lockdown in early 2020, many financial institutions had their first-line dispute resolution call centers located in a different part of the world. These centers often handle all manner of disputes, from fraudulent charges to vendor complaints.
“When lockdowns started rolling across the world, customers were having to cancel travel plans, and a horrible imbalance resulted as disputes were skyrocketing and dispute centers were shutting down entirely,” Julie said. Although banks put work-from-home technologies into place remarkably fast, “the lesson learned is that not all eggs should be put in one dispute center basket. Fraud-related disputes should be part of the fraud call center.”
Kerem noted that cybersecurity is another crucial area of concern. “If there’s a breach, that’s a problem. We need to keep existing measures to protect customers and put new ones in place,” he said.
“There were so many breaches that occurred during the pandemic, it’s hard to find the right balance between risk management and customer friction,” Ulisses echoed. “It’s always hard to achieve that, but if we can be assertive that will generate a lot of benefits.”
Julie added, “There’s a convergence of fraud and cyber functions at some institutions; with the industrialization of fraud and the pace at which attacks are evolving, it’s hard to speed up the process and get more nimble, far more quickly. We need to figure out how to move faster.”
It was a wishful moment that Deb took advantage of. “Looking ahead, if you had a magic wand, what would you implement tomorrow?” she asked. All of the panelists agreed that the ability for institutions to get a true holistic view of the customer would help, and the ability to deploy fraud-fighting tools faster. “Fraud happens so quick and then it’s gone,” Ulisses said, summing up one of the biggest challenges every fraud professional faces, wherever they are in this post-pandemic world.
How FICO’s Fraud Solutions Can Help to Detect Fraud and Protect Customers Faster
- For more info on the “scamdemic” and how to fight it, check out Adam Davies’ FICO World wrap-up blog “Fraud Trends for 2022: Top 5 Includes ‘Scamdemic’ and Bad Bots.”
- Listen to the recent FICO Fraud Matters Podcasts “Around the World in Scams”; Episode 5 focuses on scams in the EMEA and APAC regions, while Episode 6 focuses on scams in NORAM and LAC.
- Read this post to learn more about the role of data in managing fraud and financial crime today
Thanks again to all of those who attended FICO World 2022. Follow my latest thoughts on fraud, financial crime and FICO’s entire family of software solutions on Twitter @FraudBird.