Fraud Protection & Compliance
Few things change faster in the financial services space than fraud trends. As criminals seek new paths to vulnerable customers and safeguards, fraud professionals are constantly alert to new patterns and always responding with new technology. Here are the five most-viewed posts from 2022 on the FICO Blog related to fraud.
1. Fraud Trends for 2022: Top 5 Includes "Scamdemic" and Bad Bots
Adam Davies reported from our annual FICO World conference on the latest trends. These included:
1. Synthetic Identities and Application Fraud
Despite the launch of industry initiatives in the USA such as the Electronic Consent Based Verification Service (eCBSV), it seems that this problem has not diminished. Many delegates were concerned that the acceleration of digital transformation created by the pandemic has made application fraud at scale even more attractive.
Criminals are playing a numbers game to see how many accounts they can open. For that they need two things – automation and an unlimited supply of fake consumer identities. We’ll come to the automation later, but the creation of synthetic identities allows for almost unlimited variations by subtly altering a name or address or other attribute many, many times.
FICO colleagues Andy Procter and Supriti Singh were on hand with their presentation Application Fraud – Rules, Models and Humans. They helped delegates understand how FICO’s social network analytics can be deployed to find the hidden links between entities, visualize the networks of criminal behavior and facilitate the prioritization and investigation of cases.
2. The Rise of the Bots
As mentioned above, criminals are making use of automation in order to industrialize their fraudulent attacks. This is not only the case for application fraud — where automation is used to create and submit hundreds if not thousands of applications — but also for card fraud. We heard how some customers had found that bots were being used to gain data, for example attempts to make a payment to a charity website were in fact criminals testing card details to uncover the right 3 digits for the CVV.
One of our customers told how they had been able to deploy user defined variables in FICO Falcon Fraud Manager in order to track and understand payment velocities. They were able to identify attempts to uncover CVVs on the cards they had issued and could therefore have those cards blocked and reissued.
3. Innovative Customer Communications for Fraud
Detecting possible fraud is important, but what you do with that suspicion may matter even more. Taking the most strident fraud prevention actions might seem the intuitive answer but suspicion is often unfounded, and most customers are not fraudsters. Removing friction from legitimate customer interactions and getting disputed transactions back on track is important and this is where customer communications that are integrated with fraud detection come to the fore.
One US customer spoke about the importance of customer communications that were two-way and built into a fraud workflow to automate more of the process and bring cases to a fast resolution - particularly for legitimate customers. We also heard from two Brazilian financial institutions about how they were leading the way in deploying WhatsApp as an integrated channel for customer communications and were seeing customer response rates of over 70%. For them, this meant that they could rapidly close fraud cases over two-thirds of the time and so reduce operational costs and customer frustration.
4. The “Scamdemic”
Many delegates used the term ‘scamdemic’ when speaking about the many ways in which their customers were being tricked.
We heard about taxi and fast-food scams where customers were distracted as large sums were being entered into card machines prior to PIN entry, as well as many variations on authorized push payment fraud. Scams that took place in the online environment were particularly prevalent, with people particularly at risk when they pushed to use digital channels that they weren’t used to. This was coupled with the rise in real-time payments that has occurred in the past few years with the fast transfer of funds helping criminals to take the money and run.
FICO Colleague Tanya Baker was on hand with her presentation Fraud Analytics Innovation – Sophisticated Tools for Challenging Times to talk customers through FICO’s analytical innovations that tackle scams, including the FICO machine learning model for scam detection.
2. Contactless Payments Fraud – A Sleeping Lion in a Trillion-Pound Market
Matt Cox reported that the rapid growth of contactless payments has attracted the attention of fraudsters who are always seeking out new methods to steal money. While the amount of this kind of fraud is fairly low — for example, in the UK, data from UK Finance revealed that in 2020 there was a total of £574 million lost through card fraud, of which only £16 million represented contactless payment fraud — fraudsters will keep evolving their techniques to find new ways to steal people’s money. It may only be a matter of time before fraud related to contactless payment becomes more sophisticated.
Matt recommended that lenders:
- Mitigate the risks now. Banks and financial institutions will have to refund unauthorised payments, unless their customers have broken the rules or been ‘grossly negligent.’ It’s a grey area, and with the increased limit and, therefore, increased value of a person’s wallet, it’s important that banks and financial institutions start putting measures in place to mitigate any risk of contactless payment fraud.
- Implement AI and machine learning. Investment in AI and machine learning to predict customer behaviour and spot signals of fraudulent behaviour will prove invaluable in identifying potentially fraudulent transactions. Sophisticated solutions like FICO’s Falcon Fraud Manager can investigate transactions from alternative perspectives, and provide a highly predictive view on the likelihood of fraud.
- Use the right communication. If fraud is suspected, then providers can choose to alert their customers by SMS with a ‘was this you?’ text or notifications in a phone app. The crucial point here is that any response to an ‘indication of potential fraud’ will need to be timely and proportionate. If suspicion of fraud is regularly stopping legitimate transactions, customers will be deterred from using that specific card or even choose to move to a new provider.
- Enable customers to be more proactive. Providers should consider factoring in the ability for customers to use their banking and card apps to ‘turn on’ and ‘turn off’ the ‘contactless’ feature on their card. It gives them control at times when they know they will not need to use their card for a period, rendering it valueless to a thief if stolen. It will also enable customers to be more proactive in stopping transactions the moment they realise their card has been lost or stolen.
3. U.S. Card Skimming Fraud Grows 700+% in First Half of 2022
As Debbie Cobb explained, card skimming is big business; the FBI estimates that “skimming costs financial institutions and consumers more than $1 billion each year.” In 2022, we saw an alarming increase in the number of compromised cards, as monitored by the FICO’s Card Alert Service
For the first half of 2022, we found a year-over-year increase in compromise events of 759%, up from 548% in the first quarter. That also represents a 501% increase in the overall number of compromised cards detected, indicating that thieves are back to their old tactics of skimming card and PIN information.
There are concrete steps that both banks and consumers can take to fight back against skimming fraud. For consumers, one of the easiest ways to thwart a skimmer is to simply cover up the keypad while typing in a PIN. Without the PIN to unlock the card data, the fraudster can’t use the card details to make charges.
Consumers can also look for things that seem “off” or “fishy” about a particular terminal. In Oakland, one convenience store customer recently found a card skimmer. He noticed that a card reader had buttons that didn’t match others in the store, and he pulled up and lifted off a skimmer that had been placed on the reader. Noticing small differences in a POS terminal or at an ATM can mean the difference between a safe card and a compromised card.
For banks, knowledge is power. Using information from Card Compromise Reports (CCRs) and Suspect Reports – both of which are available through FICO’s Card Alert Service – banks and other financial institutions can quickly act on known compromised cards for block and reissue, or monitor cards more closely for signs of fraudulent activity.
Banks can also pay close attention to things like balance inquiries. In the first half of 2022, we’ve found that approximately 65% of transactions that led to identifying a compromise were balance inquiries, so setting up flagging or further investigations around balance inquiries can be a powerful tool in fighting compromised cards.
Finally, banks can use geographically based rules to help combat skimming fraud. Since skimming incidents tend to be concentrated in specific geographies, strategies like setting lower limits for out-of-area transactions are useful ways to minimize potential fraud impacts.
4. How Can Banks Stop Authorised Push Payment Fraud?
Authorised Push Payment or APP fraud is one of the biggest challenges in fraud today. As Sarah Rutherford explained, a cross-party Treasury Select Committee has called on the UK government to do more to ensure that the victims of authorised push payment scams are reimbursed.
Whether voluntary or regulated, whether the banks lose out or the customers do, one thing is clear: the contingent reimbursement model shuts the stable door long after the horse has bolted. So, what can banks do to prevent APP fraud?
Deploy AI and Machine Learning – the Scams Model
PSD2 and Strong Customer Authentication have made life a lot more difficult for fraudsters. Extra identity checks on payment transactions make it difficult for them to use stolen credentials to make payments. They have therefore turned their attention to crime where identity authentication is of limited use.
When a scammer has tricked someone in to making a payment from an account they own, then authenticating the victim is not a protection. However, just because it is the legitimate customer making a payment does not mean that their behavior has not been altered by the fraudster, and sophisticated machine learning models can detect this.
In his blog FICO Integrates Fraud and Scam Detection in FICO Falcon Retail Banking 3.0 Model FICO’s Chief Analytics Officer, Dr Scott Zoldi, describes the use of behavior-sorted lists and additional analytic features to detect likely APP fraud, before any payment to a fraudster is made. The results speak for themselves; using targeted profiling of customer behavior to spot scams, 50% more scam transactions are detected.
Look Out for APP Fraud Signals – Develop the Rules
The decisions made in fraud detection directly correlate to the depth and quality of data available. In many instances banks have a limited number of variables that they can consider in a fraud risk assessment. These may be restricted to the specific customer and transaction under consideration. Widening the scope and introducing more contextual data to the decision significantly improves detection accuracy.
Communicate with Customers About APP Scams
Consumer education is an important tool that banks can leverage to help customers protect themselves. The continuing rates of APP fraud and the fact that some banks hold the customer to be wholly or significantly at fault in up to 90% of cases suggests that education isn’t working often enough. Blaming the customer for not understanding the risk ultimately doesn’t help, but communication can be expanded far beyond generic warnings on the payments screen.
Customers can be asked about the transactions they wish to make in real time, with details pertinent to the specific transaction and using the customer’s channel of choice. Offering customers a ‘cooling off’ period during which the payment is held, providing them with friendly advice and asking relevant questions can help them think again, or make further checks.
5. The Rise of Money Mules in the Philippines
Timothy Choon reported that during the peak of the pandemic, unemployment rates in the Philippines hit a 30-year record high. While things have since improved, this ongoing economic stress will likely make more people susceptible to the siren song of money muling, especially with movement restrictions that severely limit work opportunities.
A money mule is someone who transfers or moves illegally acquired money on behalf of, or at the direction of another. Money mules are inherently dangerous as they add layers to the money trail from a victim to a criminal actor, which complicate and hinder the ability of regulators to accurately identify the source of these illegal funds. They are often moving chess pieces in a much larger, elaborate international criminal operation such as human and drug trafficking. To complicate things further, money mules are sometimes victims of scams themselves.
In this clip from ABS-CBN, he discusses the rise of money mules in the Philippines:
Transaction behaviors have also evolved during the pandemic. Consumers are increasingly using their phones for almost everything, from mobile deposits, to contactless payments and person-to-person payments, a trend that will likely remain as the “new normal” even after the pandemic. While these real-time payment transfers make it much more convenient for people to move money around, they also create opportunities for criminals looking to introduce ill-gotten funds into the legitimate banking system through money muling. Real-time payments allow money to be moved across multiple accounts nearly instantaneously, into the control of the criminals and out of the reach of law enforcement, making the funds more difficult to trace.
Kicking Back Against Mules
To fight money mules — a likely fixture in the post-pandemic world of financial crime — it is important for banks to continuously improve their detection capabilities to reduce fraud losses and keep their reputations intact.
One method is to leverage network analytics to identify behaviors typical of mule activity, such as when several customer accounts are sending money to the same account. Network analytics can also identify cases where a customer's account is receiving money from an unusually large number of people or for atypical transaction amounts.
Banks with an enterprise-wide customer view can monitor all inflows, outflows, banking channels and devices down to the customer level. They can also use link analysis solutions to group and compare suspected mules with each other, and with entities suspected of money laundering.
How FICO Can Help You in the Fight Against Fraud and Scams
- Explore our solutions for fraud
- Review our blog posts on fraud
- See our fraud predictions for 2023