Online fraud risks to watch out for in 2024
UK finance reports that UK consumers lost a combined £1.2 billion across all fraud types last year. Although this figure may be alarming, some good news is hidden behind these figures, with the overall amount of fraud decreasing and scams reducing in number as well.?
This article aims to help you navigate the biggest, newest or most surprising online banking fraud risks to watch out for in 2024.
APP and Social Engineering
The largest individual fraud type that was reported in 2023 was Authorised Push Payment, APP in short, where an individual has been duped into sending their funds to an individual either pretending to be a genuine person or have been put into a position of needing to act quickly, by someone impersonating an employee of your bank, or another trusted authority.?
Because this has been a fruitful option for fraudsters, this will become a primary method in 2024. This is because it relies on the weakest point of a fraud process: the targeted individual.?
Social engineering has exploded in recent years, partly due to the requirements put in by banks with multi-factor authentication and partly due to the success of anti-fraud companies like Cleafy, affecting other parts of fraudsters' repertoire that they become less useful to the fraudster.?
Fake and Synthetic identities
Both fake and semi-synthetic identities have traditionally been the fear of KYC providers, but what happens at the point of the onboarding always has a possibility of filtering through and affecting every other part of the customer journey.?
Purely fabricated identities are just that, invented identities that are used to open accounts or gain access to credit facilities. They are easier to spot as all the data and information are invented and, as such, run the risk of failing semi-robust checks.?
Synthetic identities are harder to spot as they may use very small amounts of incorrect information merged with correct information, potentially of an individual who has died or one that is dormant to create a new identity. With these identities, they can create accounts that can channel money through APP fraud, as mentioned above, or work as money mules for moving funds through the banking system for money laundering purposes.
Money mules
We will see that money mules may evolve new tactics to bring money through accounts. Traditionally, fraudsters used to operate to either find an unused or available identity on the dark web and then use the data to open an account, allowing them to transact business through it.?
领英推荐
As the net tightened on these types of frauds, the criminals had to find other ways to access accounts. Their next move was to use social media to their advantage by promising earnings to account holders for pushing money through their accounts.?
The “easy money” route proved attractive, with formerly clean individuals happy to open new accounts, take £5000 into the account, £4500 out and keep the £500 as “commission”. This was then cracked down on, as the money launderers could be held liable and the money mules would also face up to 14-year prison terms if convicted in the UK.?
Because of this, in 2024, we are now seeing money mules look to use existing credit accounts rather than debit or current accounts. They will look for an individual who has a credit card and then offer money for them to overpay on this card and then the money is funnelled through a legitimate account and then off through the system, adding another layer of masking to the transaction history.?
This is only the next step, and we are sure that at some point, Artificial Intelligence will once again redefine how this is executed in ways we currently can’t imagine.
Artificial Intelligence
Although it has been around in one guise or another, I think everyone can remember the 20th of November 2022 when ChatGPT was gifted to the public and the world took a seismic shift away from how we used to create and consume information onto a new path where information can be sourced, and then generated automatically (Although this author knows this technology is the future, there is something enjoyable about crafting your content and having your voice).
What is true about the incredible impact this has had on the rest of the world is that AI is now getting to the point where criminals use it in more sophisticated and effective ways. Ranging from creating deep fake images and videos, documents, or malware that can be changed and morphed to suit the needs of the fraudster or to outwit defences in the perimeter of an organisation, there will not be separately linked together attack vectors chained into an assault, the attack itself will be amended on the fly across companies, borders, accounts and individuals. The output that could be trained through these models may be so effective and numerous that traditional fraud detection processes and policies could soon be deemed unfit for purpose.?
Due to the ongoing nature of improving these models, customers cannot rely on legislation to protect them. They will have to shore up their defences with either multiple vendors or those that can offer to give a view of all the traffic coming through their site, classify it and then let you decide on the next steps, doing what is best for both your customers and your revenue protection processes.?
To speak to us about how we can help you with this, please contact us.
Written by Matthew Hedges