Mike Gross, VP of Applied Fraud Research & Analytics, takes a look at the seven top global fraud predictions for 2022.
- A new wave of deep fake synthetic identity fraud
- Fraud-as-a-Service is just a click away
- Real-time payments = faster fraud
- Fintech growth comes at a cost
- The two-fold reality of ransomware attacks
- Supply chain issues expand marketplace scams
- Digital identity’s convergence of identity verification and fraud detection
Digital acceleration is transforming the way financial services providers connect with consumers. The rise of Fintechs, cryptocurrency, and embedded finance options from alternative lenders has changed the face of the financial services industry, and a secure but seamless customer experience has become the gold standard for businesses.
Driving this demand is consumers, led firstly by a natural shift towards digital encouraged by disrupter technology providers and their easy-to-use products, and secondly by the pandemic-induced online boom. But with these changes come opportunities. And not always positive ones.
As businesses grapple with how to keep up with digital demand from consumers, they are also dealing with an evolving fraud landscape, with online payment fraud losses alone set to exceed $206 billion between 2021 and 2025*. Fortunately, advancements in fraud detection and prevention methods have also accelerated, with machine learning and AI enabling businesses to keep pace with rapidly evolving fraudsters.
But how have such rapid changes in the industry impacted criminal activity in this space? We look at seven key global fraud predictions for 2022.
A new wave of deep fake synthetic identity fraud
2021 has seen a surge in deep fake identity fraud, and that looks set to continue. The development of AI to impersonate consumers’ voices and faces is becoming more prevalent, making it challenging for businesses to verify and authenticate identities.
With recent advances in deep fake technology, fraudsters can leverage compromised identity data to bypass verification controls, and then either create new synthetic profiles with documents, facial images, and voice cloning to bypass identity authentication requirements for secure exchanges like government benefits sign ups. These deep fake tactics can impact businesses’ ability to recognize consumers across the entire lifecycle, but particularly at the point of enrolment and authentication.
Detection and prevention of deep fake identity fraud involves applying a layered strategy of technical defenses along with a vigilant approach. Requiring identity data or documents in isolation is not sufficient. Organizations need to fight fire with fire by capturing digital and behavioral data to complement identity controls, then using AI and machine learning to analyze interactions and spot fraud.
Fraud-as-a-Service is just a click away
The use of automated bots by fraudsters to impersonate businesses and socially engineer their customers is also growing rapidly. As fraud controls become even more effective at thwarting traditional attacks, fraudsters see an opportunity to evolve their tactics and capitalize on advances in voice bots.
In 2022 and beyond, a large portion of fraudulent transactions will be submitted by legitimate consumers who are being socially engineered to not only provide data, but to use their own devices to submit what they believe are legitimate transactions. Banks globally are already witnessing the start of this trend, as fraudsters can now purchase bots to contact consumers, impersonate their banks, retrieve one-time passwords, and forward those codes to fraudsters to complete fraudulent transactions.
Historically, fraudsters couldn’t scale this type of attack to manage thousands of calls to consumer victims, but now they can just hire a bot that sounds and acts just like a bank reaching out to their customers. As a result of this success and the cost effectiveness of bots, fraudsters are expanding operations to impersonate every type of business, from retailers to government organizations.
Real-time payments = faster fraud
Faster money often means faster fraud. Real-time payments (RTP) increased by 41% between 2019 and 2020 and are set to rise again by 23% between 2020 and 2025*. From mobile payments all the way to Buy Now Pay Later, RTPs have provided ample opportunity for fraudsters to quickly monetize and cash-out – converting money to other forms of currency like crypto and then laundering the funds through multiple fraudulently-established accounts.
The lack of regulation in cryptocurrency makes it an especially attractive target for fraudulent activity because attackers can more easily remain anonymous and funnel funds across currencies in mere seconds. Crypto exchange platforms have profited from the unregulated environment but are starting to pay the price when it comes to fraud losses.
The speed of real-time payments presents unique challenges to businesses because they often can’t be revoked or easily traced, so detection can be more difficult. But the demand for RTP is only increasing, so consistent regulations need to be in place and organizations must be able to accurately verify and authenticate identities and transactions across channels in seconds to detect criminals preying on these faster payment methods.
Fintech growth comes at a cost
Buy Now Pay Later has exploded over the last year. Alternative lenders now dominate the retail landscape, embedding themselves in customer journeys, offering consumers fast and easy credit, and minimizing fraud liability for merchants. But these disruptive businesses offering tailored financial products based on vast amounts of customer data have the potential to leave the door wide open to criminals.
A frictionless customer experience and easy-to-use technology has allowed these nimble businesses to attract millions of customers, and with it, huge volumes of fraud. According to Aite-Novarica Group, Fintechs have an average fraud rate of around 0.30%, which is double that of credit cards that average 0.15-0.20%.
2022 is likely the year that Fintechs put risk at the forefront of strategy. Without the right identity and fraud protections in place across their websites and apps, they not only risk fraud losses, but they could also damage brand reputation. And without quick, comprehensive fraud reporting back to the businesses they serve, they also risk enabling even more downstream fraud attacks.
The two-fold reality of ransomware attacks
As businesses experience extortion in the form of weaponized malware, the sophisticated nature of AI used in ransomware attacks is rapidly evolving, allowing attackers to be even more successful at extracting data and wreaking havoc. A business’s data is the primary commodity that the fraudsters use to negotiate ransom payments, but the stolen data of that business’s customers is often forgotten, which can be an even greater concern.
This growth in ransomware and the availability of sensitive consumer and business data will not only drive attacks in 2022. It will likely change the nature and depth of those frauds using newly-available data such as business financials or consumer medical conditions or employment details in more pervasive attacks. Organizations falling victim to ransomware must understand all of the data that has been compromised and should notify its customers so they can take steps to prevent future identity or other fraud attacks.
Supply chain issues expand marketplace scams
We expect to see more issues with marketplace fraud as supply chain issues and inflation persist through 2022. Where there are supply gaps, fraudsters will meet the pent-up demand with products that don’t exist, scamming customers to part with money for nothing in return.
In the current marketplace environment, it’s easy to set up a fake business with positive reviews. And because consumers have no way to verify the authenticity of a business, they roll the dice on what seems too-good-to-be-true, lose money, and then try to recoup funds from their financial provider. This is another area where BNPL providers will end up bearing responsibility for a lot of retail fraud in 2022, as they take on liability for the fraud and credit losses that fueled their rapid growth.
Digital identity’s convergence of identity verification and fraud detection
Password-free experiences led by the ubiquitous smartphone and the ability to make real-time payments has resulted in a demand for a seamless, uninterrupted customer journey. But central to all of this is identity authentication. As identity verification and fraud detection continue to converge, the big question is, how can a secure, consumer-friendly approach to digital identity be adopted and regulated, and by whom?
The announcement of the European Digital Identity scheme shows that governments are beginning to move in this direction, but there is still a long way to go. As authentication and onboarding systems continue to be targeted by fraudsters, the bid to create secure, reusable digital identities to enable more seamless commerce and to mitigate fraud and criminal activity becomes more critical. This is a concept that is dominating the conversation and one that we expect to play a big role in fraud prevention in 2022 and beyond.
Stay in the know with our latest research and insights:Recently Published Research