2020 In Review: Top 5 U.S. Trends in Fraud and Authentication Management
November 19th, 2020
As we reach the end of 2020, it’s good to take a step back and take stock. We can see how COVID-19 significantly altered and accelerated the trajectory of FIs’ adoption of digitalization and with that the potential of increasing instances of fraud.
I’ll start with the top five fraud areas we’ve seen this year and review how that compares to my predictions from last year. Clearly, these were written before we’d ever heard of COVID and it’s clear that this had a profound effect on how consumers, businesses and fraudsters transact. So has this made a difference to the predictions? Let’s find out.
2020 Trend: Card Not Present Fraud
As we are seeing multiple years’ worth of growth in digital banking and e-commerce, it isn’t a surprise to see increasing Cardholder Not Present (CNP) fraud as predicted. Actimize Consortium Intelligence shows that the CNP fraud rate has more than doubled, with e-commerce fraud making up a larger percentage of the overall fraud.
CNP is driven by two main facets that have both been influenced by COVID-19. First, the need for speed and low friction in e-commerce, which can mean weak fraud controls. Second, the level of data compromise, whether from merchants or through social engineering and malware. Throughout 2020, we’ve seen the need for merchants and issuers to scale up at speed to support the increased volumes, all while keeping customers happy. This has allowed for more Magecart malware to be installed on e-commerce sites to siphon card data, along with customers falling for COVID scams and giving their data away.
Not only do these compromises cost issuers from a loss perspective, they also mean that cards need to be replaced more often and impact that card being top of wallet, reducing income.
This means it’s increasingly important for issuers to monitor and detect compromises, as well as bring in external intelligence to make fast and accurate decisions on when to decline and when to re-issue, while minimising impact on genuine card holders.
CNP fraud is also likely to grow further in the U.S. as the EMV rollout takes hold reducing counterfeit opportunities, so we will see the percentage of CNP fraud rise from c61 percent to 90 percent as in other markets.
2020 Trend: Authorized Fraud
COVID has turbocharged authorised fraud and scams across the globe, from Business Email Compromise (BEC) and purchase scams for PPE to investment scams for vaccines. In the U.S., the numbers of scams reported to the FBI in 2020 is already double that in 2018. The same is the case in the UK, Nordics and elsewhere as fraudsters changed the messaging to play on the COVID theme.
There are two key trends here to look out for. The first is the shear level of attack against consumers and business large and small. The second is the level of sophistication in these attempts. With BEC we’ve seen the use of Deep Fake voices to defraud business and surely it won’t be long before we see Deep Fake videos in the wild to do the same.
This is also the case with investment scams, where the customer phones the fraudster, rather than the usual cold call. Customers are recently turning to fraudulent websites as they try to find returns in a low interest environment.
2020 Trend: Fraud & AML Convergence
This leads neatly onto a related theme we’ve seen more of in 2020 across the globe: fraud and AML convergence. With the rise in fraud and scams, one of the common denominators is the use of mule accounts to receive the funds. These may be opened legitimately, but then sold on or the owner coerced into being a mule. Accounts could also have been opened purposely via ID theft or synthetic identities. COVID has also increased mule activity as many more people have been sucked into being mules through recenteconomic impacts and scams on social media purporting to be jobs.
This poses a problem, particularly with RTP and Fed Now bringing real-time payments into play. With the need to balance reducing fraud and AML, along with bringing in more customers, faster and quicker. A key plank in this is Customer Life Cycle Risk Management. It’s vital to undertake fraud risk assessments on customers not just when they open their account or send funds, but also by providing real-time analysis on inbound transactions.
The Estonian regulator has mandated real-time transaction monitoring and many banks particularly in the UK are working on real-time inbound fraud profiling. This comes as liability starts to shift to beneficiary banks as the Contingent Reimbursement Model (CRM) kicks in.
2020 Trend: New Account Fraud
New account fraud has become a major fraud issue. All too often, it’s been hidden from view as the losses may look like bad credit. At its heart is identity and verification. The main types of new account fraud are Identity Theft, Synthetic Identity and various forms of Misrepresentation. The rise of identity theft and synthetic identities is fuelled by the rise in data compromises, the desire for low friction at onboarding and improved account takeover prevention by FIs.
Identity theft works by fraudsters applying in someone’s else name and address, whereas Synthetic is creating a new identity from some genuine data and some new or fictitious data. Fraudulent misrepresentation is a type of first party fraud where the applicant lies, for example about income or expenditure, to get facility they would not otherwise have been approved for.
2020 Trend: Stimulus Abuse
We can’t talk about fraud in 2020 without mentioning the Payment Protection Program and other stimulus packages, with fraud estimate at circa $50 billion. Within this is again a mixture of first-party fraud (FPF), ID Theft and Synthetic IDs to obtain loans or stimulus checks from the government.
In a similar vein, we’ve also seen unemployment fraud spike close to $25 billion in 2020. Look for an upcoming blog from me on this big issue.
Moving Forward
While there have been improvements in addressing these frauds, there is clearly more work to do, especially around authorised fraud and scams.
FIs need to work with other stakeholders to help prevent fraud and protect consumers and businesses. They can take the fight to the fraudsters in several ways. Layers are key as these problems cannot be solved by education or detection alone.
Improving authentication but using advanced analytics to add the right amount of friction at the right time is important to stay top of wallet. To do this, building a strategy to an enterprise fraud management platform is key, as well as bringing in the data to cater to multiple fraud types, with models for each. 2020 has shown that adaptability is key with the ability to quickly change rules and models as both consumer and fraudster behaviour changes.
This time last year pre-COVID-19, I made a few predictions, and if you’re interested, you can see how they panned out. I’ll be back in a few weeks with my 2021 predictions – stay tuned!