Table of Contents
Intro
February 01, 2024
Welcome to Part 1 of a two-part series examining the intricate landscape of financial fraud. In this first installment, we explore emerging fraud trends to watch for in 2024, along with insights on these trends from industry experts. In Part 2, we will explore the greatest challenges facing fraud teams in the upcoming year, as well as key technologies to keep an eye on from an anti-fraud perspective.
In 2023, the financial landscape suffered significant losses due to fraud, with over $485 billion in losses globally, according to Nasdaq’s 2024 Global Financial Crime Report. This emphasizes the magnitude of the challenge we face. As we step into 2024, it’s clear: combating fraud requires a proactive strategy, not just a reaction.
I consulted with seven leading fraud experts from various industries, all grappling with their own daily fraud challenges. They shared their predictions for the next wave of fraud schemes, key challenges for anti-fraud teams, and emerging technologies set to reshape our defense strategies.
Join me as we explore these expert insights, preparing ourselves to meet and overcome the challenges of fraud prevention in the coming year. I hope it will be as enlightening for you as it was for me.
What is the next big fraud scheme to look out for?
Let’s begin by saying this: there will not be just one new fraud scheme to watch out for. Criminals have diversified their methods, honing their skills and specializing in specific types of attacks. The common trend among these is as follows: we are likely to witness evolutions and new attack vectors in various types of fraud, targeting multiple industries
Identity crimes will reach new levels
To grasp the complexities of modern financial crimes, I first consulted Dominic Hurtubise and Éric Lachapelle, Partners at KPMG as well as experts in Regulatory Compliance and Financial Crime.
In parallel, I also wanted to reach out to Eva Velasquez, CEO of the Identity Theft Resource Center (ITRC), to provide a perspective with a focus on fraud victims. The ITRC plays a pivotal role in educating about fraud and assisting victims, which is essential for a comprehensive understanding of these crimes. Too often, discussions about fraud are limited to its financial impact, overlooking the fundamental social implications that affect us all. Velasquez highlights this best: “[…] the emotional toll of identity crimes continues to increase, as evidenced in our latest Consumer Impact Report, which reported that 16 percent of respondents contemplated suicide as a result of identity crime victimization.”
Our experts at KPMG, along with those at the ITRC, agree. 2024 will witness an increase in identity-related crimes involving both stolen and synthetic identities.
“The ITRC believes 2024 will see new levels of identity crimes (particularly impersonation and synthetic identity fraud) due to a record number of data breaches in 2023 by financially motivated and Nation/State threat actors.
– Eva Velasquez, CEO, Identity Theft Resource Center
This follows a record year in 2023 with over 8.2 billion records compromised, as reported by IT Governance’s risk management and IT governance subject matter expert, Neil Ford. This sets the stage for an influx in identity crimes. Such crimes have steadily risen over the past 20 years, with a significant acceleration since 2020, and we don’t expect this trend to slow down. It has become more lucrative and easier than ever for fraudsters. However, this doesn’t mean that fraud methods aren’t evolving. We are already witnessing the emergence of the next generation of threats, with far more sophisticated methods.
AI-driven identity fraud and AI-enabled scams will rise
All the experts we spoke to expressed their concerns regarding the use of artificial intelligence to enhance and transform existing fraud schemes. From the creation of better fake IDs to the use of generative AI in online conversations, as well as the application of deepfakes targeting vulnerable victims, they all mentioned that AI would play an increasingly significant role in fraud activities in 2024.
KPMG’s Dominic Hurtubise and Éric Lachapelle raised concerns about the increasing prevalence of AI-enabled scams, predicting a rise in sophisticated methods such as deepfakes and trojanized AI apps.
We have indeed started to see AI being used by fraudsters, but not necessarily in the ways we might have anticipated. The schemes themselves haven’t evolved much, however, as Hurtubise and Lachapelle have pointed out, AI enables more targeted and personalized attacks. Deepfakes or generative AI allow fraudsters to create more believable stories, whether it’s for a CEO fraud attempt or a romance scam.
Velasquez highlights the often-underestimated threat of targeted attacks. Such scams are evolving, using generative AI to craft more sophisticated phishing lures. Misinformation and disinformation are generative AI’s most significant risks.
Additionally, we’re observing an increased use of LLMs by criminal groups seeking to automate their online attacks while interacting with victims or employees of target organizations.
To further understand the impact of these emerging technologies, I reached out to Bell Canada’s corporate security and fraud experts, known for their expertise in communication technologies and security. Alexandre Girard, Senior Manager of Artificial Intelligence for the Corporate Security’s Fraud Control Center, highlighted a key point:
“I would pay close attention to the type of fraud we feel is most familiar and under control […], especially anything related to phishing [due to the risks posed by] the use of different techniques that are becoming increasingly sophisticated […]. A good example is the creation of very realistic web portals using image and content generation capabilities from generative AI tools to then capture credentials of legitimate users.
– Alexandre Girard, Senior Manager of AI – Fraud Control Center, Bell Canada
His colleague, Ian St-Cyr, Senior Manager of Fraud Control & Detection, offers further insights from his extensive experience in tackling such cases. St-Cyr highlights the rapid evolution of voice synthesis technology, emphasizing the need for financial institutions to prepare for future attacks that leverage these new technologies.
“In 2024, watch for more sophisticated phishing attacks and deepfake-related fraud, a trend observed in 2023. Existing scams such as impersonation (false representatives, bank investigators, etc.) will continue to gain in momentum and will become harder for the general population to detect.
– Ian St-Cyr, Senior Manager, Fraud Control & Detection, Bell Canada
Former RCMP organized crime and money laundering investigator, Henry Tso, stated that organized crime makes the most money in fraud and drug trafficking. Even ten years ago, Tso noticed crime cartels increasingly moving into fraud. In his words, “Organized crime knows fraud is the way to go.“ Especially since the reward-to-penalty ratio is much more attractive in fraud, relative to other crimes.
“The vulnerabilities in human psychology have allowed scams to flourish for a long time. But in recent years (and years to come), scams have evolved into large-scale organized crime. Scams are a societal crisis that consumers will expect to be protected from better, whether it’s education or tools and tech at the businesses they interact with. You add in Gen AI and the roadmap for scammers is bright and profitable.
– PJ Rohall, Co-Founder, About-fraud.com
We have been discussing these emerging technologies for a while now. When first asked to comment on the risks of deepfakes for financial institutions in 2019, I predicted they would not become a large-scale issue for another five years. While there hasn’t yet been a significant shift towards these sophisticated attacks, we are now at a point where the technology has become accessible enough that its use is deemed worthwhile by fraudsters.
Consequently, large organizations must recognize the risks and bolster their defenses today to prepare for the imminent surge of AI-powered fraud attacks. There is no silver bullet for fraud prevention technology. Relying too heavily on any one method can lead to significant problems. That’s why a comprehensive anti-fraud strategy includes a diverse and modern toolkit, equipped with tools to verify who you are, your location, and how you are interacting with an organization.
Stolen identities will expedite the return of check fraud
I’ve consistently found the Fraud Strategy Consultant Alexander Hall’s point of view enlightening when it comes to understanding the evolving landscape of financial fraud. He offers a unique perspective on how criminals operate. One interesting point he made caught my attention: the resurgence of stolen checks and check fraud in general. This type of fraud seemed relegated to the past. 15 years ago, it appeared to be fading into a mere chapter in the fraud history books. However, in recent months, criminals have revived it, orchestrating their attacks in conjunction with stolen identities. Over the past 6-12 months, there has been an increase in the visibility of fraudsters flaunting stolen checks and mail keys, with financial institutions struggling to manage this crisis. Far from diminishing, this trend shows no sign of slowing down – quite the opposite.
Hall foresees that in 2024, the most significant fraud scheme will involve using compromised identities and stolen checks, exploiting the digital banking sector’s growing vulnerabilities. In his words:
“The vulnerabilities in human psychology have allowed scams to flourish for a long time. But in recent years (and years to come), scams have evolved into large-scale organized crime. Scams are a societal crisis that consumers will expect to be protected from better, whether it’s education or tools and tech at the businesses they interact with. You add in Gen AI and the roadmap for scammers is bright and profitable.
– Alexander Hall, Fraud Prevention Strategy Consultant, Dispute Defense Consulting
Detecting these mule accounts before they can be used by criminals will require innovative fraud prevention strategies. This task is made more challenging and urgent by the increasing pressure on financial institutions to digitize interactions, reduce friction and accelerate access to funds.
Mid-sized financial institutions’ efforts to enhance digital check processes may inadvertently benefit fraudsters. The evolution of Fraud-as-a-Service (FaaS), powered by generative AI, is expected to elevate the scale and sophistication of such scams, posing a significant challenge for banks in differentiating between legitimate and fraudulent activities.
This trend highlights the critical need for banks to implement advanced fraud detection and prevention strategies, such as real-time monitoring and behavioral biometrics. These measures should also focus on accurately pinpointing the origin of account openings (to prevent mule accounts) and the sources of transactions. The adoption of split scam liability models, such as in the UK, reflects a shift towards a more proactive fraud prevention approach, requiring shared responsibility for scam detection and mitigation.
First-party and friendly fraud will continue to grow
There tends to be an increase in friendly fraud and first-party fraud in periods of social and economic disruption. With the current economic situation not looking to improve for 2024, we will see more otherwise honest individuals seize opportunities to go for “smaller” scams.
It will be increasingly difficult to detect such attacks, as the information on how to commit these attacks can be found within minutes on the web (and not just on the dark web). The socialization of fraud and the emergence of fraud-as-a-service offerings make it easier for anyone to engage in small scams. With detailed ebooks offering step-by-step instructions for return fraud or refund policy abuse, mentorship programs and more, fraud teams will be overwhelmed with alerts to review and low-value cases to investigate.
The implementation of Real-Time Rail (RTR) for instant payments places companies and financial institutions at a heightened risk due to reduced response times for establishing controls.
The UK’s Payment Systems Regulator (PSR), set to be enforced in October 2024, mandates that both sending and receiving institutions refund reported scams and share customer-incurred losses. In the US, a similar trend is observed, with major banks agreeing to refund victims of Zelle scams. This signifies a broader movement towards holding financial institutions more accountable for their customers’ losses when they fall victim to scams.
“The UK has announced a new liability scheme that will come into force in October 2024 that requires the sending & receiving institutions to refund reported scams & share any losses reported by consumers 50/50. Similarly in the US, the top banks have decided to begin refunding Zelle scam victims. We may anticipate more friendly scams, where someone falsely claims they didn’t make a payment to try and get reimbursed from the banks.
– Dominic Hurtubise & Éric Lachapelle, Partners, KPMG Canada Risk Consulting, Regulatory Compliance and Financial Crimes
This movement towards regulations favoring victims, holding financial institutions liable and responsible, should prompt a reevaluation of fraud prevention strategies. The question arises: will the right tools be in place when it’s time to do more, or will financial institutions be in a reactive, catch-up mode, compelled to implement stronger fraud prevention solutions only when mandated? Additionally, how will we improve the detection of friendly fraud attempts, which are likely to increase as the socio-economic situation remains challenging for many in 2024?
Cryptocurrency fraud will not slow down
The interest in cryptocurrencies hasn’t lost traction since Bitcoin’s historical summit in 2021. There is no reason to anticipate this to change, as consumers look for new ways to diversify their investments, sometimes being caught by promises of high gains without considering the significant risks. Fraudsters are well aware that not all cryptocurrency wallets are equal in terms of security, and they are often only a SIM swap away from seizing a victim’s entire life savings. Additionally, as cryptocurrencies become more newsworthy, fraudulent activities involving crypto wallets and exchanges are expected to increase.
According to Hurtubise and Lachapelle:
“[…] people may be interested to seek refuge in cryptocurrencies; however, the fraud trends related to crypto-wallets and crypto-exchanges notably will continue to rise as crypto hits the headlines.
Furthermore, crypto’s inherent anonymity still makes it a primary target for criminals facilitating their activities and laundering funds. Therefore, any platform aiming to build legitimacy and credibility needs to recognize the risks its activity poses and implement controls that go beyond the strict minimum of regulations. The 2023 Crypto Crime Report by Chainalysis reported an all-time high in illicit crypto transactions, reaching $20.6 billion, a figure believed to be a lower-bound estimate. This volume is predicted to grow with the discovery of new crypto scams, as well as the increase in money laundering and illicit fund transfers, particularly due to economic sanctions.
It becomes a risky cocktail for cryptocurrency platforms: managing more assets from increasingly vulnerable victims who might lack the resources or IT literacy to protect themselves, and being a preferred platform for fraudsters who may also target their customer base. Decision-makers in the crypto world will have to listen carefully to their fraud teams and bolster their defenses.
A continued economic downturn, combined with the proliferation of AI and various other threats, presents an extensive set of challenges for anti-fraud teams. It is more crucial than ever for businesses to stay two steps ahead of the status quo. Instead of merely tackling threats as they occur, businesses should prioritize having the appropriate measures in place to safeguard themselves against future threats. Doing so will protect your business from hefty penalties and fines and also build integrity and customer trust.
Fraud fighters certainly won’t see 2024 as a calm year; there is a lot to monitor, and we all know the landscape will change and evolve in the coming months. But we shouldn’t lose hope. As general awareness of fraud issues grows, decision-makers are investing more in fraud prevention and providing fraud fighters with the tools they desperately need and request.
Don’t miss the second part of this series, where I will specifically cover new technologies to watch for and what our experts have to say about them.
If you want to learn how our geolocation technology can protect your business from the evolving threats of fraud, book a personalized one-on-one meeting with one of our solutions experts.