Adam Davies | Vice President | Fraud, Compliance and Authentication Solutions | FICO | mail me |
Being nimble and awake to the rapid changes occurring to bank fraud will be essential. History tells us that things like natural disasters, times of economic instability, and fears of recession or unemployment provide the perfect environment for increased fraud and financial crime.
Criminals also run their own businesses, and fear is an opportunity to exploit. So, I thought I would outline fraud manager considerations during COVID-19.
The scale of those affected during this pandemic, not necessarily by the virus but by the critical physical distancing measures is breathtaking. I don’t think anyone really envisaged a scenario quite like what we’re currently experiencing.
So what must we consider when it comes to our customers, the fraudsters and our anti-fraud teams?
We owe customers protection during these unusual times
It’s imperative that we do our best to protect our customers from fraud during this vulnerable time, especially when record numbers of people are losing their jobs, unable to work, and facing adversity with their health.
We need to ensure that they have access to their funds and aren’t faced with inabilities to pay for essential items.
Blocked cards and frozen funds that are under investigation are a major headache to consumers and nimble organisations will be doing all they can to minimise these and to look at how they might make their policies more flexible.
We need to be proactive in our communications to customers around scams. They need to know how to avoid them, what to look for and what to do if they think they see something unusual.
Banks need to ensure that any suspicious activities on their accounts can be confirmed with them quickly and efficiently and that if they do fall victims, that the situation is managed quickly to minimise the impact on their lives.
Scams are now tailored, so we need to modify our strategies
A few weeks ago, the US Justice Department brought its first fraud case related to COVID-19 forward. They issued a restraining order to block a website claiming to be distributing vaccines that was facilitating a wire-fraud scheme and ‘intentionally making false statements’ about the vaccines – which do not exist.
We will certainly see an increase in fraud during this time. Scams will use COVID-19 to drive an emotional response to get people to click on links resulting in malware and ransomware attacks.
Examples include fake emails from CDC, WHO, and FEMA. Phishing emails for airfare refunds, charitable contributions, fake cures and vaccines, financial relief, federal emergency funds, and more will proliferate.
This will result in more cases of account takeover during this time and for months ahead. A number of articles have already been published showing this is already happening.
As anti-fraud professionals, we should:
- Be aware of increased account takeover and customers susceptible to scams and help by educating our customers (here is some recent advice and tips for consumers).
- Link our authentication, non-monetary and high-risk transactional decisioning to guard against application and takeover fraud.
- Improve our defences, and refresh our operations handbook, to handle the increase in mule accounts for money laundering.
- Be aware that internal fraud and employee abuse may also be on the rise during these times.
Increase collaboration between anti-fraud and financial crimes teams
This current situation is also impacting everyone’s ability to work in a business as usual mode. We have less staff in the office. And there may well be challenges accessing critical systems including fraud management tools remotely.
It’s important to maintain channels of communication to ensure that new threats and trends are communicated quickly.
Also, with reduced staff in the office, it’s important to consider other operational changes such as an increase in the volume of cases that go to auto-resolution to assist with operational capacity.
Behavioural shifts necessitate fraud control shifts
Card fraud
Due to stay-at-home directives worldwide, the card transactional mix for many clients is going to change.
For example, grocery and other merchant category codes (MCCs) will shift in pattern and volume. We will also see the number of card-not-present (CNP) transactions increasing, it’s not the client’s usual transaction mix.
Fraud managers should consider:
- How this consumer shift may affect your current fraud strategies
- The customer experience impact of declines at this time
- How an increased amount of point-of-sale (POS) based transactions compared with the customer’s normal could look out of pattern
- An elevated amount of CNP transactions from the usual frequency/spend. Again, consider the impact of declines when for some people this is perhaps their only way of staying safe.
- Equally, expect to see an increase in CNP fraud and ‘Friendly Fraud’ across gaming, media and subscription-based services, during this time
Retail banking channels
We are also seeing a shift in the channel mix for customers overall. There will, of course, be less use of the branch, more use of online/mobile banking. That will include an increase in the people registering for those channels that previous didn’t have mobile/online banking. There will also be an increase in the potential account takeover risks.
Fraud managers should consider:
- That it’s important to be able to make cross-channel decisions during this time.
- That we need to increase authentication frequencies over and above the norm.
- Customer’s regular geo-locations are going to change, in fact, they should be at their house more! This should make It easier to see when it’s really the customer accessing their account versus fraudsters who are often attacking from other geo-locations.
A rise in application fraud and identity theft
As people consider getting additional credit to get them through this period (loans, credit cards), we may see an increase in synthetic, first party bust-out fraud and identity theft.
We have seen a lot of data has been compromised, so we are going to have to be on guard for identity theft and account takeover that look to exploit faster payment systems.
A recent graph by Krebs Security showed that thousands of illicit or nefarious websites with a link to COVID-19 have been published to try to farm or steal data or inject malicious code.
Hopefully, these five areas have given you something to think about as a fraud manager. There are plenty of ‘new normals’ for banking fraud prevention in a world impacted by COVID-19.
Being nimble and awake to the rapid changes occurring will be essential. Having AI-powered fraud and financial crime platforms will be a close second. Now is the time to use technology to detect trends and out-of-pattern changes so that fraud loses and company reputations can be managed during this trying time.