It doesn’t take too long to find examples of identity fraud. In South Carolina, a hacker ported a victim’s phone, conning the victim's mobile phone company into believing the request was from the authorized account holder, before accessing his iCloud account and cloning the phone 1. In Ohio, a suspect withdrew money from victims’ accounts using a fake driver’s license 2. These types of crimes are becoming so prevalent that the Federal Trade Commission (FTC) has launched a National Identity Theft Awareness Week 3. Identity fraud isn’t the only type of fraud being committed. Account takeovers, money mules, injection attacks, and authorized push payment (APP) fraud highlight how dynamic the fraud landscape is today.
These attempts targeted individuals, but businesses must also remain vigilant. It is their duty to implement anti-fraud and anti-money laundering safeguards to prevent the sorts of attacks that make so many headlines. Organizations that stay abreast of the following fraud trends will better equip themselves to thwart malicious actors before they have a chance to do real damage.
Hear more from industry experts on how fraud is evolving
Fraud prevention efforts will modernize to meet evolving threats
In 2020, many businesses switched to digital operations almost overnight. And though much of the world has returned to normal, the new way of transacting and interacting with brands remains. While the always-connected paradigm has proved convenient for many, it has also led to an uptick in fraudulent activity, thanks to criminals’ increased access to personal information.
Generative AI is a microcosm of this shift. Suddenly, powerful AI tools are accessible to everyone with internet access, including fraudsters, who use AI to scale their operations. Luckily, however, organizations and agencies are also building intelligent platforms to fight back.
It is already possible to leverage AI to detect liveness. Liveness detection tools ensure a person is actually present at that moment. This form of fraud prevention ensures bad actors cannot use tools like deepfakes to commit fraud. AI is enhancing platforms’ ability to identify fraud attacks and mitigate threats in real time.
In 2024 and in the future, it is likely that technology innovation will continue faster than humans’ ability to regulate its use. We will see more private/public partnerships as both sides work to tackle emerging threats with transparent, privacy-centric approaches to technology regulation.
Synthetic identity fraud will become a major anti-fraud focal point
Long before nearly everyone had multiple social media accounts and a myriad of other online profiles, con man Matthew Cox created synthetic identities, analog style 4. By fabricating recent births or using homeless persons’ social security numbers, he cobbled together dozens of fake people for use in his mortgage fraud scheme. Today, the digital creation of synthetic identities is now one of the top fraud trends.
It is estimated that lenders are exposed to nearly $3 billion in synthetic identity fraud, from credit cards, auto loans, and unsecured loan activity 5. It’s likely that increasing rates of digital transactions and democratized artificial intelligence tools are also enabling wide-scale fraud losses.
Synthetic identity theft will be aided by AI. It only takes a few moments for an AI platform to generate synthetic customer information to tie to existing SSNs. Moreover, AI can aid in applying for credit online, as banks and other entities only require so much proof of identity when establishing a digital presence.
The use of AI for synthetic identities differs slightly from that of AI-generated fraud, where bad actors are often creating deepfakes or mimicking biometrics to impersonate an actual person’s likeness. Moving forward, organizations and agencies will work in earnest on fighting synthetic fraud by investing in solutions like behavioral biometrics, which look for abnormal patterns in someone’s use of social media platforms or credit activity over the past few years as a way to slow down the use of forged identities.
Financial institutions must watch for willing money mules
Money mules themselves aren’t new to the financial industry or other industries, but the latest evolution is inducing higher fraud rates.
Often, money mules are unwitting scam participants. In one example, a woman conducted transactions for a man she was dating, thinking she was helping with his charity 6. Unfortunately, she was really helping defraud people who thought they were donating to his cause. One of the top fraud trends now is willing money mules.
Barclay’s Bank warned that “cases of student money mules rose by 23 per cent last October [2023].”7 The bank also found that more than one-quarter of 18-21YOs would “be happy to move money around under someone else’s direction,” provided it meant they got a cut in the action.
With more willing fraud participants, institutions now face a cohort that may pose an even higher fraud risk.
The regulatory environment will continue to evolve
Already there are many regulations dedicated to fraud prevention. Most attempt to establish identification and data privacy safeguards. Some of the more well-known anti-fraud guidelines include:
- Electronic Identification, Authentication and Trust Services (eIDAS)
- Financial Action Task Force (FATF) Recommendations
- Electronic Signatures in Global and National Commerce Act (ESIGN)
- Consumer Financial Protection Bureau (CFPB) appropriate proof of identity
- The Privacy Act
The regulatory landscape will only continue to evolve. And as rules change so, too, will the expectations of organizations attempting to protect their customer and employee base from fraudsters.
Customers will keep driving the authentication revolution
The customer is always right, especially when it comes to privacy preferences. The demands of all-digital generations are becoming louder. What they’ve told organizations so far is that simple authentication methods are outdated. While single-password authentication is simple, consumers know they need more to protect their accounts.
In 2020, our research found that consumer trust in passwords had fallen by 10 percentage points. Just two years later, nearly half of surveyed businesses have implemented biometric authentication training tools 8. Consumers are in the driver’s seat and will continue to force organizations to shift their approach to fraud prevention and identity preservation.
Today’s consumer demands better account protection. Multimodal (biometric) authentication, wherein account-holders must present multiple forms of verification that only they possess, is the answer to that demand. Organizations that implement more stringent authentication measures also have to balance those tactics with the customer experience.
Because, while identity verification practices can help agencies and organizations alike streamline processes, improve the customer experience and build or regain trust, authentication workflows that are cumbersome will cause customers to leave for competitors 9.
Cybersecurity and anti-fraud efforts will begin to merge
Organizations generally see security risk and fraud risk as two separate considerations. The use of multimodal authentication to unlock a mobile phone, for example, corroborates ownership but doesn’t necessarily make that device more or less secure.
But, as fraudsters continue to optimize their attacks with tools like AI and machine learning, organizations will have to adopt more proactive measures that marry security with anti-fraud efforts.
Modern cybersecurity platforms do things like continuously monitor endpoints (mobile phones) for anomalies then automatically respond to a perceived attack. As more organizations turn to continuous identity authentication, there will likely be a convergence of security and anti-fraud based on continuous user activity monitoring.
Emerging fraud vectors like account takeover fraud will become more popular
Lesser-used but effective forms of fraud like account takeover (ATO) fraud, injection attacks, authorized push payments (APPs), and other sophisticated fraud ring attacks, will become more common as fraudsters look for ways to escape current anti-fraud measures.
Account takeover fraud is, as it sounds, when criminals gain unpermitted access to someone’s account. Account takeover fraud happens when fraudsters take advantage of lax password practices or even purchase sensitive information from data breaches on the dark web.
Injection attacks tend to require a bit more technical know-how. Fraudsters carry out these approaches by injecting some form of biometrics into an authentication stream. For example, a fraudster might recreate fingerprints using gel and use that spoofed biometric to gain unauthorized access to someone’s device.
Authorized push payment fraud is another fairly self-explanatory con. In this case, fraudsters convince someone to send what they think is an authorized payment to an account that actually belongs to the bad actor 10.
In a newer type of sophisticated fraud ring attack, fraudsters use high-quality fake identity documents to quickly submit fictitious identities in rapid succession for the purpose of creating new accounts on a company’s platform. Without a modern solution in-place that implements face velocity checks, these criminals perpetrate large scale attacks using both identity templates and synthetic identities.
Another burgeoning form of fraud is card not present (CNP) fraud. Here, fraudsters are able to conduct transactions despite not having the physical credit card. CNP fraud is expected to comprise three-quarters of credit card fraud in 2024.
Bridging the generation gap will become a major priority for organizations
The FBI’s Internet Crimes Department warned that “scammers [are] targeting senior citizen victims in grandparent scams and demanding funds by wire, mail, or couriers.” The public service announcement includes tips for how elderly individuals can protect themselves against these types of scams, like by not releasing personally identifiable information or financial information like credit card details to the caller.
While these tips are for individuals, scammers that take advantage of elderly individuals may be able to leverage the information they gain to extract money from bank accounts. As a result, financial institutions must also help bridge generational gaps.
Millennials are less likely to be victims of fraud but are more likely to fall victim to phishing scams, while Baby Boomers have more trust that brands will protect their data. Organizations will start to emphasize closing these gaps, wherever they exist, moving forward.
In mitigating fraud, organizations cannot neglect the customer experience
The financial crime landscape is changing as fraudsters seek new ways to deceive victims and outwit preventative measures. And while fraudsters send phishing emails and other attempts to individuals, they’re often after larger targets. Companies that wish to reduce fraud to protect their and their clients’ sensitive information must do so without compromising the customer experience. Doing so will require paying careful attention to fraud trends to stay ahead of fraudsters, while simultaneously meeting customers where they are.
The next era of fraud is emerging, and companies must adopt the next generation of fraud detection and mitigation tools to maintain customer trust.
Click here to learn more about Mitek's anti-fraud solutions
Sources:
2. https://www.wlwt.com/article/cincinnati-police-identity-theft-suspect/46541473#
3. https://consumer.ftc.gov/features/identity-theft-awareness-week
4. https://www.tampabay.com/archive/2004/04/04/intricate-deception-used-in-loan-scam-investigators-say/
6. https://1stsecurity.bank/how-to-avoid-becoming-an-unwitting-money-mule.html
8. https://www.statista.com/topics/4989/biometric-technologies/#topicOverview
10. https://www.fico.com/blogs/what-authorised-push-payment-fraud#