What Lazio’s €2 Million Transfer Payment Scam Teaches us About Modern Payment Fraud

  • Matthew Attwell, Risk & Client Service Director at ai corporation

  • 04.04.2018 08:00 am
  • undisclosed

Own goal?

Last week saw Lazio (the Italian football club) fall victim to a brazen online scam, resulting in the club paying the final €2million instalment for the transfer of a player, Stefan de Vrij, to fraudsters using fake Feyenoord FC email account. Lazio received an email that appeared to be from the Dutch team asking for the €2million, along with their ‘supposed’ bank account details, and duly sent the money.

The trouble is Feyenoord never received the payment and claim to have no knowledge of the email. Painful, but it is a great example of how modern fraudsters are evolving their ability to detect vulnerabilities in systems and shifting their targets to those weak links. Lazio officials were apparently fooled because the scam email had an official Feyenoord logo on it – easily available on the internet.

According to the UK Trade body, UK Finance, a total of £236 million was lost last year as individuals and businesses were tricked into transferring money to a fraudulent account, via authorised push payment (APP) scams. Authorised push payment (APP) scams were the subject of a "super-complaint" made by Which? in September 2016 to regulators, which called on banks to take more responsibility of the wide spread issue.

  • UK Finance's figures show there were 43,875 reported cases of APP scams in 2017
  • Nearly nine in 10 (88%) of this total were consumers, losing an average of £2,784
  • The remainder were businesses who lost on average of £24,355 per case
  • Financial providers were able to return £60.8 million (26%) of the authorised push payment scam losses in 2017

The complex process of trying to claw money back can be made even more difficult when there is more than one scammed person, a football transfer fee involved or the funds in the scammer's account are insufficient or comprise of both ‘clean’ and the ‘scammed’ money. Of course, scammers will often immediately transfer funds out upon receipt, through a chain of additional accounts.

So, whether you are a multi-million-pound football club, an individual or a business, it is crucial to verify any new payment or changed payment details. My team and I would always recommend two-factor checking on any payment; verifying the original request via an alternative communication method. A simple verification phone call would have saved Lazio FC from a costly own-goal.

Unfortunately, this type of fraud is a rapidly increasing occurrence in other business areas. Also known as ‘CEO’ fraud, as fraudsters often impersonate high ranking employees to increase the importance of the payment, the FBI estimates the cost to business is more than $500m a year. There is pressure on banks to do more on this fraud type. Either by compensating victims or implementing further checks on wire transfers and corporate payments, as they do with consumer accounts.

How Artificial Intelligence can help

Developments in machine learning and artificial intelligence in the past few years has facilitated the decrease of payment fraud. Artificial Intelligence (A.I.) can be a valuable tool for banks in detecting anomalies in payment details or fraudulent receiving accounts. A.I., more specifically machine learning, is already helping organisations combat fraud in ways that just weren’t possible previously. It is an exciting time for businesses, with disruptive opportunities in virtually every market sector.

Organisations that want to defend themselves against these risks and thwart modern fraud attacks must be able to react in real time. To do this, they need powerful solutions that are responsive and dynamic, yet still easy to use and integrate into their existing systems.

Traditional rules-based fraud management engines are breaking down at this level of sophistication, speed and scale. What is needed is a paradigm shift in the tools used to fight multichannel commerce and banking fraud. A.I. solutions can replace high-maintenance, rules-based fraud management tools with self-learning algorithms, reducing ‘false positives’ by using big data to identify new fraud patterns. Ultimately, these capabilities enable managers to make better decisions related to fraud, and so significantly reduce fraud loss.

Even the data collected by fraud platforms is being used for more than just identifying fraud. The data from fraud platforms can be utilised in many ways, for ‘good’, as well as ‘bad’. For example, in analysing spending patterns amongst customer data and helping marketing teams to develop targeted marketing campaigns. Purchasing data can also help a brand to identify customer segments and establish target markets for advertising.

Expecting fraud teams to work through thousands of pieces of data and be spot on every time, is simply not practical. Machines need to be allowed to lead some stages of the tedious, repetitive processes – releasing human creativity. Utilising best of breed machine learning technology, our customers have significantly reduced the amount of time it takes to analyse data and have provided increased accuracy in fraud detection and a reduction in false:positives rates, meaning less declines and more transactions.    

There are many factors driving the requirements need for effective A.I. solutions for payments and transaction processing. Firstly, as technology evolves, online fraud is becoming more prevalent and damaging, with financial services and e-commerce companies especially vulnerable to attacks.

Modern fraudsters have evolved their ability to detect vulnerabilities in systems and are shifting their targets to those weak links. They are using new tactics too – using distributed networks, big data and the dark web to locate vulnerabilities and maximise the associated risk. Fraudsters are also devising multidimensional tactics that inflict damage by sequentially compromising more than one point of vulnerability.

Other Blogs