In today’s increasingly digital financial service industry, fraud trends are constantly changing and evolving. New schemes are introduced regularly, and it can be very challenging for organizations to keep up.
‍
Modern fraudsters are more well-funded, technologically savvy, and agile than they've ever been before. It is imperative for organizations must remain vigilant in the fight against financial crime.
‍
So, in this expert round-up, we interviewed several industry-leading voices from companies like Chainalysis, Bates Group, Chartwell Compliance, and Helix, who shared their insights about the biggest fraud trends in crypto and Fintech for 2022 and their predictions for where fraud is headed in 2023 and beyond.
‍
To help organizations prepare (and protect themselves), we cover the most likely threats that FIs will likely face in the coming year.
‍
‍
Let’s get right to it and explore each threat in detail.
‍
‍
‍
Simply put, the actual volume of fraud is steadily increasing.
‍
This is exacerbated by the fact that digital financial services like Fintechs and Neobanks are more commonplace. This digital landscape offers criminals an added layer of anonymity, drawing more people towards these illegal activities.
‍
According to Edel Gonzalez and John Ashley of Bates Group, the expectation is to see even more fraud as countries opt for virtual and digital services across the globe.
‍
“The global economy is shifting towards more eCommerce and e-services which attracts scammers and fraudsters. The aforementioned fraud and scam trends will thus be exacerbated this coming 2023.” - Edel Gonzalez and John Ashley of Bates Group
‍
Previously, fraud was highly challenging, requiring extremely adept schemes. With virtual marketplaces, banks, and more, committing fraud is growing more commonplace, and the barrier to entry is loosening. On top of this, there are a variety of tools that can easily be accessed online, even by people unversed in fraud schemes and practices. Average people can download software that helps them perform fraud easily, with little expertise or understanding of the banking system.
‍
To compound this, criminals are constantly finding new ways of conducting commonly used fraud schemes. Martin Patterson of Chartwell Compliance notes that the most common forms of fraud seen by their teams in 2022 were actually new twists on well-known fraud strategies.
‍
“We saw regular attempts to open new accounts with BaaS, P2P payments, and gaming platforms utilizing synthetic IDs.
We saw account takeover (“ATO”) activity where fraudsters move to link the victims’ legitimate bank accounts to new services opened by the fraudster and then siphoning funds via ACH.
We saw promotion or referral abuse fraud; first-party fraud wherein our client offers a promotion at account creation, or per transaction, or a reward based on a referral to open accounts.
Lastly, we’ve noted an increase in fraudsters’ use of malware; keyloggers, stealers, ransomware and other forms which expose user information that without multi-factor authentication tend to lead to account takeover." - Martin Patterson, Chartwell Compliance
‍
As fraud schemes become easier to execute, more people are drawn to it, drastically increasing the overall volume of fraud.
‍
The main thing to watch for here is simple types of fraud, such as ACH fraud, check washing, and bust-out fraud, as they are easy for amateur fraudsters to perform. Companies should establish protections against these types of fraud, rooting them out.
‍
‍
The popularity and growth of digital financial services has made it objectively easier for criminals to falsify identities.
‍
As mentioned by Patterson, fraudsters can even exploit this system using synthetic IDs, which are entirely fake identities, often using a mixture of both legitimate and falsified credentials. The result is a completely fabricated ID, that can then be used without fear of prosecution, as it’s much harder to identify the true criminal.
‍
“Typically, several attempts by the same person or group of people to pass KYC measures using multiple combinations of legitimate and fictitious data.” - Martin Patterson, Chartwell Compliance
‍
Synthetic IDs are often associated with money muling, as it gives criminals a seemingly covert way of transferring money through the legal system. In many cases, these users are very hard to detect because they appear to be legitimate, good users. They have regular transactions, with money going in and out of their account, but in reality, they are simply moving funds through the system.
‍
The rise of Fintechs, online exchanges, and more have only increased the use of synthetic IDs, which are extremely hard to track and trace. In fact, most identity verification services struggle to root out synthetic IDs. To really prevent this, organizations need to rely on a high-quality identity verification vendor that can detect synthetic IDs.
‍
However, even if these accounts or users can be found, it’s still challenging to clearly determine if an ID is synthetic, and it’s even harder to restrict - or entirely ban - services to users without concrete proof that an ID is, in fact, fake. Companies risk unfairly shutting down legitimate users accounts, which could negatively impact an organization’s relationship with existing customers.
‍
With the use of synthetic IDs on the rise, it’s vital that financial service companies - specifically in the Fintech space - invest in a strong identity verification solution that can root out fake users.
‍
They will also need adequate training for investigators and analysts, so they know when they should and shouldn’t restrict or ban user accounts.
‍
‍
Malware, short for malicious software, has a variety of uses, but it is commonly associated with fraud. These tools are used by criminals to collect information on electronic devices, such as personally identifying and private information, such as social security numbers, passwords, and more. They can even be used to take control of electronic devices, resulting in blackmail.
‍
While these aren’t new, they have become increasingly easy to acquire by average people, and are more readily available for download. They also have a low barrier to entry, as modern solutions are easy to install and operate, making this type of fraud more accessible to average people than it has been in the past. There is no shortage of marketplaces where these types of software can be purchased and exploited by criminals.
‍
Most commonly, these tools allow criminals to collect personal information - without the infected user ever becoming aware of this breach. The fraudster can then use that information to gain access to the victim’s accounts, and they can even use that information to open accounts and services of their own under that victim’s name, without the victim ever being aware.
‍
Patterson of Chartwell Compliance has noticed “an increase in fraudsters' use of malware,” specifically with the end aim of conducting account takeover. Without proper protection methods like multi-factor authentication, it’s difficult to prevent this from occurring.
‍
Organizations that have robust KYC procedures will make it extremely difficult for this to occur, as these users will struggle to have all the information needed to open accounts. However, fraudsters that are adept at this may have enough information to beat KYC processes.
‍
Another layer of protection is transaction monitoring, which can be used to detect anomalies in user behavior, potentially rooting out cases where account behavior doesn’t match the user’s previous behavior.
‍
‍
In the modern climate of digital banking, customers want convenient, expedient service. Because of this, Fintechs like neobanks are constantly competing to offer users the best service possible.
‍
The problem that these organizations face is that being able to offer more expedient services often comes at the cost of less substantial fraud checks. For example, banks often put holds on funds when they enter an account to ensure that the check clears before giving the user access to the funds.
‍
This is intended to prevent fraud. However, for legitimate users, this hinders their service experience, as they have to wait for the funds. The bank, in an effort to offer the best service possible, wants to reduce this wait time as short as possible. In general, wait times allow financial institutions a chance to review transactions for legitimacy, and root out fraud.
‍
Since the 1970s, the United States has used the Automated Clearing House (ACH) as a payment processing network that is used for transferring money between banks. This system allows for debits and credits to be carried out automatically and verified in the process. But this is about to change.
‍
FedNow has proposed a real-time payment rail that is expected to launch in mid-2023. This would enable real-time payment processing for financial services that adopt these solutions. It’s likely that traditional banks will be slow to adopt (and fully switch to) this method until it can be trusted and properly protected against.
‍
However, Fintechs like neobanks and digital currency exchanges will likely adopt this solution quickly, as it will allow them to offer faster, more expedient service to users. Credit unions are also likely to leverage this to set themselves apart from leading banks. No matter which FIs adopt the new FedNow real-time payment system, fraudsters are sure to be right there with them, looking to exploit the system.
‍
The fact is, fast payments can lead to fast fraud, as criminals look to exploit a new system. Organizations that adopt this system early on will need to protect against fraud adequately, and have adequate checks to mitigate the fraud losses that stem from criminals exploiting the real-time payments system.
‍
‍
Fraudsters are constantly looking for ways to not only exploit FIs, but also their customers. As seen with COVID-19, criminals will take advantage of opportunities and vulnerabilities of certain consumers to commit fraud.
‍
Unfortunately, regulation is often slow to keep pace with the speed at which fraudsters develop new strategies. For FIs to protect users - and their organization - it’s important to take immediate prevention efforts when new patterns emerge rather than waiting on regulators to establish consumer protection measures.
‍
Fraud and AML teams need to continuously update their prevention solutions and training practices to improve detection, investigation, and mitigation to stay ahead of new fraud schemes.
‍
‍
Fraudsters always flock to new technologies, exploiting a lack of regulations, inadequate protection measures, and consumer naivety. In 2021, scams were the biggest illicit activity on cryptocurrency platforms, with criminals drawn specifically because of the quasi-anonymous nature of the technology.
‍
While the rate of fraud schemes has dwindled, according to Eric Jardine of Chanalysis, they found that fraud scams diminished from $8.03 billion in November of 2021 to only $5.4 billion in November of 2022. He went on to explain that this could have been due to market conditions and increased regulation.
‍
“We suspect that a large part of this decline is due to a combination of the bear market conditions dissuading the entrance of new users to the cryptomarket who might be more susceptible to scams, to the increasing understanding of crypto from regulators, and by the evolution of product solutions that help exchanges keep users safe from scams, and growing user awareness of some of the telltale signs of scams, such as outsized rewards for little-to-no risk.
However, in September, we observed an interesting scam activity during the Ethereum Merge, during which, scammers made $1.2 million USD, with $905k on September 15th alone. These scams quickly receded after the event, but were, on average, significantly more successful than non-merge scams during this period.
This pattern suggests that major technical changes to blockchains can act as focal points for scammer activity.” - Eric Jardine, Chainalysis
‍
Despite this decrease, the problem remains serious, with FIs losing billions of dollars, not counting the costs of anti-fraud efforts. Fintechs have also grown more adept at identifying and rooting out crypto fraud.
‍
Most notably, large spikes in cryptocurrency fraud occur during major industry events. As Jardine alluded to, a good example of this is the Ethereum Merge in September of 2022. Moving forward, crypto platforms should expect (and prepare for) fraud stemming from significant changes made to a specific blockchain.
‍
Ultimately, fraud trends within the crypto industry seem very tied to the demand for crypto and how the markets are performing.
‍
When asked about what we can expect in 2023, Jardine added, “If global macro conditions continue to deteriorate and the crypto bear market continues, then 2023 is likely to be quite similar to 2022 – scamming activity will probably be well off of 2021 levels. However, if the bear market ends, then scammers might take advantage of this euphoria to target new unsuspecting users who might enter the space.”
‍
It’s particularly important for crypto platforms to be on high alert in relation to major technical changes to specific cryptocurrencies and the market as a whole, as fraudsters will look to exploit these vulnerabilities.
‍
‍
‍
‍
How to Protect Against the Latest Fraud Trends
As we can see, the impending fraud trends look to leverage the digital banking system, largely due to the expediency of service and the perceived anonymity that comes with online transactions. This is only compounded by fraudsters’ ability to craft fake accounts and identities to exploit these systems.
‍
To protect against these threats, FIs need to have robust KYC procedures that ensure all users are who they claim to be, high-performance transaction monitoring that can detect anomalies in payment patterns, and overall behavior monitoring that can identify suspicious behavior.
‍
Ahon Sarkar from Helix (by Q2) emphasizes, one of the main keys to success is a carefully considered approach to managing fraud.
‍
“Fraud became a critical battleground for profitability in 2022. As macro headwinds caused many Fintechs to focus inwards and push to make their embedded finance businesses sustainable, they found a thoughtful and multi-layered approach to fraud management to be one of the most important keys to success.” - Ahon Sarkar, Helix
‍
He went on to explain that Fintechs should expect to see fraud personalization rising to the forefront in 2023 and that a generalized approach will not be effective in combatting the bad actors of tomorrow.
‍
“As Fintechs seek to increase engagement amongst their best users while curbing fraud amongst their bad actors, differentiating fraud strategies by the individual user will be critical. A one-size-fits all fraud approach just won’t cut it anymore.” - Ahon Sarkar, Helix
‍
FIs should leverage a variety of fraud detection and prevention tools at their disposal, and personalize efforts based on their users (and the unique threats the organization faces).
‍
‍
Subscribe to our Blog!
Please fill out the form below:
