Despite the great progress we have seen in the cybersecurity field in the last couple of years, hackers attempts to breach personal data through phishing and scams remains extremely high, with their success rates remaining at a concerning level.
Matt Cox is managing director, EMEA, Fraud, Cyber and Compliance at FICO. Cox is a well-rounded business leader and professional with 20 years global experience within the Financial Services industry, specialising in Fraud and Financial Crime across all products and services. Cox has successfully led large transformation programs across a variety of different products and geographies, ensuring the right people, process and technology is built up for the future. One of Cox’s many achievements include best in class recognition within several European countries.
Cox joined FICO from Barclays where he was global director of fraud. Prior to Barclays, he led the fraud team at EnterCard in the Nordics, worked in a second line role at ABSA and also worked at Santander where he played a critical role in transforming the fraud operating model following the acquisition of Abbey National.
Speaking to The Fintech Times, Cox gives his views on how scams are going to continue to develop in 2022 but how investment in AI can help prevent breaches:
2021 saw the world settling into a new normal with heightened expectations of digital experiences. But financial crime has continued to evolve. As we move forward into 2022, we are seeing the first signs of some interesting trends that will pick up pace across borders. Whether they are seen as challenges or opportunities, they are worth watching to avoid another disruptive year.
2022 will see a surge in vaccine certificate related scams and fake vaccine passports sales
Vaccine passports and certificates are now in use as proof of vaccination when travelling or attending certain events and venues. But we can’t ignore the backlash from anti-vaccination groups. Despite their views, many still want to travel and attend those events that require proof of vaccination. As such, we’ve seen a slow emergence of a black market for the sale of fake vaccine passports and it is on its way to becoming a lucrative industry in 2022.
Related scams have also been on the rise. In the UK, Action Fraud reported several hundreds of cases of people receiving emails claiming to be from the NHS, offering them a vaccine passport, prompting them to click on a link and input their personal and financial details. We believe this is one of the many scams that will consistently hit the headlines in 2022.
Accessibility of deep fake technologies
We’ve seen a steady rise in fake videos and audio with targeted content that manipulates and gains access to personal and finance data. As the technology becomes more sophisticated, it’s becoming the new favourite tool in financial crime. Take the most recent example of the bank manager in the United Arab Emirates who fell victim to a threat actor’s scam. Hackers used AI voice cloning to trick the bank manager into transferring $35million.
In 2022, we believe this will become a significant challenge for banks across the globe as they find themselves increasingly targeted in this way. A platform approach to managing the authentication of customers will be a strong starting point for any organisation, so that they can adapt, adopt and adjust as the market changes. As those deep fakes technologies develop, we will see more innovation and use of a wider variety of biometric technology thrown into the mix.
Significant investment in AI to combat scams
Significant investment was focused on improving authentication in the years leading up to the pandemic by banks (thanks to PSD2) to ‘strengthen the locks on their front door.’ And this spending rose during the pandemic when organisations across the globe were forced into rapid digitisation. Aware of this, fraudsters have sought more creative alternatives, and scams have hit the jackpot.
Last year we predicted that scams would become the leading fraud type in 2021, and the most recent research from UK Finance confirmed it. In the first half of 2021, APP fraud losses increased by 71 per cent, surpassing card fraud for the first time. 70 per cent of those scams originated on an online platform.
People have been tricked into willingly opening the ‘front doors’ to their finances and leaving them wide open. No traditional authentication process can stop that kind of fraud, no matter how robust.
And banks are footing the bill. In the UK, 75 per cent of customer complaints against banks that refuse to repay those losses are being supported. We are seeing signs of investment focus returning to the application of AI to predict customer behaviour and look for signals of fraudulent behaviour. Evidence of this can be seen in the uptake of our Falcon Fraud Manager which uses behaviour sorted lists to detect scams. Taking advantage of the fact that human beings are creatures of habit and monitoring their frequent, repeated payment behaviours, it helps distinguish between ‘in-pattern’ normal customer spending from ‘out-of-pattern’ suspicious transaction activity. Clients have seen a 50 per cent uplift in the identification of scam transactions, compared to using the fraud score alone.
This area will see major investment in 2022, with machine learning and AI playing a far greater role in helping banks to spot potential scams and stop them before it’s too late.
The light at the end of the GDPR tunnel – data breach reporting will become a vital source of information in 2022
When it came into effect in 2018, the GDPR put a spotlight on data protection and kickstarted a wave of global privacy laws. For most, GDPR compliance has been a costly, time consuming and complicated process. But we are now beginning to see some of the wider benefits of the toughest privacy and security law in the world.
Only last month, the electronics retail merchant MediaMarkt became the latest victim of a ransomware attack. Pre-GDPR, it could be six months before banks whose customers shopped there became aware of the attack. And, by that point, their customers’ personal details could have long been sold on the Dark Web.
Now with GDPR, these merchants must report a data breach to a supervisory authority within 72 hours. Already in the first three months of 2021 there were more publicly reported data breaches than in the whole of 2020. This is vital early insight for fraud teams and the perfect opportunity for banks and other organisations to be much more proactive.
2022 will be the year where we see this early insight, thanks to GDPR, becoming a key element in fraud prevention tools. Our Falcon Compromise Manager is already helping banks reduce fraud losses by proactively detecting compromised merchants and alerting fraud teams. This insight will help give organisations the advantage over criminals, enabling them to implement timely actions and better protect those customers who could be affected.
The potential loophole in Open Banking
The total number of users of Open Banking enabled products is expected to have doubled between 2019 and 2021 to 40 million users, with Europe driving this growth. The regulator led approach in this region means providers operate in a standardised market with low barriers to entry, opening up competition. But it may have also opened doors for a particular fraud trend, which could increase in 2022.
Before Open Banking, criminals applied for low-risk accounts using a fake identity in order to start building their credit file up. Eventually, over time, they would move into commerce and then onto higher-value targets, hitting them hard.
We believe this approach is finding its way into the Open Banking ecosystem as a faster route to higher value credit. Having secured low-risk bank accounts and passed the Know Your Customer requirements, criminals are attempting to access new services through Open Banking third-party providers, who offer loan approvals and various other financial and investment services. While they are still regulated, third party providers do not need to meet the same requirements as authorised, traditional banks. Keen to satisfy customer demand for access to services in real-time, many third-party providers trust and rely on the KYC bond already created from the existing accounts.
This demonstrates the importance of robust application fraud protection no matter what the circumstances. Open Banking is still a relatively new concept and this may change, but we see it as a risk in 2022.