Fraud is no longer just a nuisance, but a significant economic threat estimated to escalate to over $250 billion by 2031. The need for a revolutionary approach in fraud prevention is clear.
Rapid development of generative AI technologies promises immense potential, but also poses new risks, catalyzing a shift in the strategies we must deploy.
As fraud transforms and expands, it's important to understand the various typologies and methods used by fraudsters. Without this, you can't identify your own vulnerabilities or know how to get the most return on investment for your fraud-fighting efforts.
Fraud is not a single action that can be described in one term (ACH fraud, synthetic identity fraud, etc.) but rather a timeline of separate actions that the fraudster meticulously invests time (and sometimes money) into in order to eventually steal money. To properly define any instance of fraud, you must first clarify the payment rail (ACH, card, etc.), what tactics the fraudster used (phishing, stolen identity), and the method of stealing the money (chargebacks, authorized push payment, etc.).
Once you have these typologies, now each fraud incident becomes a story of several actions that together allowed the fraudulent transaction to occur, and fraud professionals can better communicate about various types. For example, you can talk about what portion of fraud was
executed on ACH vs credit card vs check. Or you can talk about what portion of fraud was enabled with synthetic IDs, phishing, deep fakes, etc. However, this may add up to more than 100% since fraudsters can use more than one method.
Which brings us to our next point — our current understanding of fraud is often too narrow to effectively capture the multifaceted tactics employed by modern fraudsters. A more granular approach can provide clearer insights:
● Integrated fraud typologies: Breaking down fraud into specific actions, payment methods and execution strategies can help in understanding the entire lifecycle of fraudulent activities.
● Examples and case studies: Detailed case studies can illustrate how different types of fraud, such as synthetic identity fraud or first-party fraud, are interconnected across various payment rails and actions.
Fraud needs to be tackled in a holistic fashion. If someone leverages phishing to steal another person's identity, opens a checking account, and then executes a bunch of transactions with insufficient funds, is that ACH fraud, phishing or stolen identity? It's all three! You can have synthetic identity used to execute fraud on ACH or on credit cards. In reality, something can be both first party fraud and card fraud; or both synthetic identity fraud and ACH fraud. And of course, money mules are not their own unique type of fraud — but just one of the tactics fraudsters use, often in combination with other fraud tactics to get the illicit funds out of the system.
Next, we should be working on the advancements in each of these areas, as well as looking at possible vendors to help combat the specific fraud stories that are being executed, instead of just going for a "payment fraud" solution and hoping for the best. Examples of the advancements are:
● Hyper-personalized phishing: AI technologies are now able to craft phishing emails that are incredibly personalized, making them difficult to distinguish from legitimate communications.
● Advanced document forgery: The use of deep learning in creating forged documents and IDs is alarming, as these can often bypass conventional detection systems.
● Synthetic media threats: AI-generated audio and video clips can impersonate public figures or loved ones to manipulate victims, presenting a formidable challenge to existing security measures.
Fraud detection and building a resilient framework
Cyber and fraud may differ in business considerations, but are similar in how cyber criminals and financial criminals are looking for holes in defense layers. It's more than leveraging the same technology, it's putting yourself in the same perspective.
On a practical level, a deep understanding of the technology stack of fraudsters, from devices and emulators up to accounts and identities, puts you in a better position to find the right fraud signals and potentially reduce fraud efficiently.
These strategies and tools can range from big data sources with real-time monitoring as well as adaptive and predictive analytics techniques.
Adopting a multilayered security approach is essential to defend against the dynamic nature of fraud and can help you in a variety of instances:
● Comprehensive onboarding checks: Enhanced due diligence during the customer onboarding process to prevent synthetic identity fraud.
● Advanced authentication measures: Implementing multi-factor authentication and biometric verification to fortify access controls.
● Continuous learning and adaptation: Systems must continually learn and adapt from new fraud patterns to stay ahead of fraudsters.
Advances in technology will make fraudsters more brazen, persistent and, unfortunately, probably more successful unless technology steps to the plate. The fintech industry has the power to deliver a new generation of fraud tools that can evolve and keep pace just as quickly. While the fraud space already feels very crowded today, I believe these forces create opportunities for the next batch of future unicorns in fraud tech to be launched in the coming years. A more robust language around fraud typology will only help them and their future customers cut through all the noise.
