Is Protecting Against Fraud More Challenging Than Ever?

Needless to say, the fraud landscape is changing at an alarming rate.

In this increasingly digital age, cybercriminals are utilising the very latest technological capabilities to target both companies and consumers with astonishingly sophisticated scams, from fraudulent data generation to social engineering and phishing.

Generative AI (Gen AI) has, inevitably, become a crucial weapon in the modern-day fraudster’s armoury, making it far simpler to create fake identities, clone voices and carry out illicit activities at a faster pace than ever before.

As one might expect, all this means fraud is growing at a relentless rate.

In 2022, the Association of Certified Fraud Examiners (ACFE) discovered around 5% of corporate revenue is being lost to fraud across the globe every year. That equates to an eye-watering US$4.7tn.

Meanwhile, in Kroll’s 2023 Fraud and Financial Crime Report, seven in 10 surveyed executives and risk professionals expect financial crime risks to increase in the coming months with cybersecurity and data breaches being the primary drivers, followed by financial pressures on organisations.

“AI is intensifying challenges around fraud mitigation,” comments Andy Cease, Director of Product Marketing at Entrust. “Bad actors can now leverage deep fakes and synthetic identities to impersonate people and bypass verification checks to open fraudulent accounts or break into existing ones. The sophistication of today’s AI system means average hackers can now execute attacks once only possible for highly-skilled cyber criminals.

“The scalability of AI also expands the number of potential targets making it more difficult than ever for businesses and financial institutions to protect against fraud.”

Gen AI: Enabling the fight against fraud

Gen AI might be assisting scammers, but, on the flip side, it is also arming organisations with more intelligent tools to assist them in detecting and combatting fraud.

Thanks to Gen AI’s ability to continuously learn and evolve, enterprises large and small will find themselves in a position where their approach to fraud prevention can be far more proactive than reactive.

“It’s vital those in the insurance, banking and fintech industries work together to stay one step ahead of fraudsters,” says Sara Costantini, Regional Director for the UK and Ireland at CRIF, a leading provider of digital transformation solutions to the financial industry.

“In many instances, this will mean utilising the latest innovations in AI against those attempting to use it for criminal activity.”

One leader enthused by the wealth of options seemingly available to cybersecurity and fraud prevention specialists is Omri Kletter, VP, Risk Solutions at Bottomline.

“It would be easy to say protecting against fraud has become harder, and there are certainly more sophisticated fraudsters and scams emerging every day,” he says, “but actually there are also much more sophisticated prevention tools available, too.

“We can really take advantage of what innovation offers us. We can build much more sophisticated profiles for payments and act when we see something abnormal; we can use more automation, bring in elements of AI that enable us to step in and we can push updates more quickly.”

What must be emphasised, however, is that to really protect against fraud and manage risk sufficiently, organisations also need the right people – and the right mindset – to go alongside the technology.

Fraudsters’ growing repertoire

So, from a fraud perspective, what exactly are financial services firms and their customers having to contend with in today’s ever-changing business landscape?

Significant losses continue to be seen across payment card fraud and authorised push payment (APP) fraud, where customers are tricked into transferring money to an account controlled by a fraudster.

“Banks are continuing to grapple with managing the volume of these scams, and the level of sophistication is increasing,” says Ignatius Adjei, Partner at KPMG’s Fraud and Financial Crime Practice.

“For example, in card cracking schemes, scammers use social media to offer other users a strategy to make money that seems to be above board, but is actually a way for the criminal to steal card details.”

In fact, “good old-fashioned phishing”, as Cease puts it, remains responsible for a large proportion of cyber attacks in the finance industry.

The widespread expectation is that case numbers and impact will continue to grow thanks to AI, which is set to vastly outperform human phishing in the not-too-distant future, if not already, as Gen AI systems improve.

Elsewhere, Adjei is seeing Gen AI used for various kinds of forgery, including creating false bank accounts, invoices and bills. This is especially prevalent in the US, where billions of dollars have been lost to identity-related synthetic fraud.

Cease continues: “Looking beyond phishing, other major fraud vectors include more effective form stuffing attacks, increased use of fictitious synthetic identities pieced together from real user data and a proliferation of hard-to-detect deep fakes.”

These deep fakes are becoming ever more sophisticated, with services to create these false identities rife on the dark web.

Taking shared responsibility

Companies in the fintech sector are at the forefront of innovation, making lives easier and increasing convenience by providing the best customer experience using the most advanced solutions.

Protecting customers is, of course, paramount to the user experience, meaning fintech firms have a significant role to play when it comes to fraud prevention – but they can’t do it alone.

“The main pillars of any anti-fraud strategy should be prevention, detection, deterrence and response,” Costantini explains.

“As such, fintech firms, industry players and regulative bodies – like the government and the (UK regulator) FCA – must all work together to identify fraud at the root and prevent it from happening, discourage it and punish those who perpetrate it.”

Adjei, whose practice at KPMG is helping clients navigate the complex and evolving landscape of fraud, agrees, stating financial institutions should not be taking sole responsibility for preventing fraud.

Social media, technology and telecommunications companies are just some of the other “active players” in the ecosystem, he adds.

“Really effective fraud prevention takes collaboration and accountability across every player in the ecosystem,” concludes Kletter. “That includes fintech firms alongside big tech, traditional banks and, of course, payments providers – and I do think that responsibility is imbalanced right now.

“I’d like to see regulators focusing on different types of fraud prevention to help drive momentum in the areas where we see growing risks.”