• Matt Cox, General Manager EMEA at FICO


• 11.12.2023 11:00 am
#fraud #security

2023 kicked off the beginning of some major changes set to impact the fraud landscape, both from the regulators and industry in terms of approaches to fraud prevention itself, and I expect them to gather speed in the coming year.

A holistic approach to APP fraud prevention

Much has happened since scams, or authorised push payment (APP) fraud, hit our radar back in 2020.

The industry pivoted its primary focus on detecting unauthorised payment activity to the detection of scams. Innovative organisations like FICO developed sophisticated scam detection software to help financial institutions spot when a scam was in progress. There has also been an intense drive to educate consumers about the techniques used by scammers, particularly in the UK, reinforced by significant media attention.

But the scams industry has continued to boom, supercharged by the rapid rise of alternative payment methods — such as digital wallets, digital payments, bank transfers and cryptocurrency — enabling instant payments. Relatively new to the payments world, these cashless, cardless methods are already the most popular payment methods both online and in person.

Several countries are now rolling out new regulatory rules around data sharing to tackle APP fraud. Some countries, however, have focused on liability and reimbursement.

The UK, for example, has announced its new APP scam reimbursement requirements. The Monetary Authority of Singapore has published its proposal for a Shared Responsibility Framework. Both place a spotlight firmly on the organisations inadvertently receiving the stolen money into “mule” accounts set up by fraudsters for money laundering purposes.

These mule accounts have been growing, thanks to soaring levels of identity theft, synthetic identity fraud and first-party fraud. This has highlighted the need for strong application fraud controls and capabilities that can spot networks of mule accounts, not just detect scams.

I believe it’s only a matter of time before other countries start moving in the same direction as the UK and Singapore. This will drive a more holistic approach to scam prevention in 2024, with organisations tackling it from all angles, including both inbound and outbound payments.

A key consideration in this approach is the role consumers must play. While consumer education is crucial, it can only go so far. With fraudsters constantly refining their scams, they’re harder to spot. We must not underestimate how sophisticated and powerful the tactics used by fraudsters are. Consumers become so emotionally manipulated that they refuse to believe they have been duped.

With this in mind, I believe scam victims need to be treated differently to other victims of fraud at the point that a scam is taking place.

Currently, when an unauthorised payment is detected, it becomes the remit of the fraud team. The customer goes into a process for third-party fraud victims, but this process does not work when customers are in the midst of a scam.

Fraud cases need to be directed to separate specialist teams — one for authorised payments and the other for unauthorised payments — and dealt with differently. Absolutely crucial to this is the integration of highly personalised customer communications into the workflow. The goal is to influence what steps the customer takes next. Communication must reach the customer at the right point, in the right way and contain the right messages. Otherwise, the scam detection capabilities that have been put in place become futile.

We work with organisations where we’ve inserted a series of multiple, highly personalised questions into the workflow at the point a scam is detected, delivered through the customer’s preferred channels. This approach has delivered extremely positive results with high engagement levels continuing through to the fourth message, enabling organisations to then transfer those customers to the specialist teams.

Breaking a siloed way of working – bringing fraud and originations together

Globally, synthetic fraud has become the fastest growing form of fraud, most popularly used in the creation of mule accounts. Fraudsters have found a hole in existing onboarding processes of financial institutions, created by a siloed way of working. Credit risks, fraud risks and adherence to regulatory requirements all go through extensive checks by different teams with separate systems and processes, with little communication or collaboration between them.

As a result, around 95% of synthetic identities are not being detected during the onboarding process and 95% of influential leaders in the field of fraud prevention are very concerned about application fraud. Internal pressure is mounting to ensure verification systems are strong so that synthetic identity fraudsters are rooted out before they strike.

Alongside the elevated risks and costs, this siloed way of working negatively impacts the customer experience. They are contacted multiple times for the same or similar information. Communication channels and authentication methods vary, and the overall experience is disjointed. The risks of abandonment and customer frustration are increased.

More organisations are beginning to see the integration of technology supporting real-time fraud detection with credit originations as a high priority (85%). Aside from enabling better detection of synthetic fraud, there are other significant benefits to breaking these silos – enhanced efficiency and a more cost-effective and customer-centric onboarding process. 2024 will see greater integration of these functions.

Tackling the eco-system of upstream polluters  

Regulators have expressed a desire to address the wider eco-system, outside of financial institutions, that is enabling fraud. Known as ‘upstream polluters’, these are organisations unwittingly playing a crucial role in enabling fraud to exist.

Social media platforms, for example, will be a key target. Recent data from the UK suggests that 9 out of 10 purchase scams begin on social media platforms. They are enabling online shopping scams to grow, by allowing criminals to advertise fake online stores. Last year in the UK alone, £59.6 million was lost through these frauds.

Meanwhile companies that operate as domain registrars are enabling fraudsters to obtain URLs and set up fake websites, as well as payment portal services that enable fraudsters to take payments by card or by using real-time payment mechanisms. But in most countries there is currently no responsibility on these companies to check that they are dealing with legitimate businesses.

Telecoms will also come under the spotlight. Phone calls and text messages are key social engineering tactics used by criminals. People are tricked into believing their calls are coming from reputable organisations or known individuals, and giving away personal details.

While there is growing awareness of the role these organisations are playing in the soaring levels of fraud, Australia is the only country making progress with its imminent development of a co-regulatory code by the Australian Competition and Consumer Commission. This will force financial institutions, social media firms and telecoms to work together to combat fraud.

We may see greater regulatory focus on wider accountability in 2024.

From fraud losses to prevention tools and headcounts costs, the total cost of fraud across the globe has been estimated at $5.4 trillion. It’s a considerable challenge for the financial institutions that are subject to regulatory requirements, ethical considerations around AI and often complex legacy systems. The key to moving in time with the fraudsters is understanding what is on the horizon and 2024 looks set to bring some significant developments.