The fintech fraud epidemic: Banks aren’t getting worse, fraudsters are just getting better
Fintech fraud is growing rapidly. As society becomes increasingly reliant on technology, the unfortunate truth of the matter is it also becomes more vulnerable to cybercrime.
Borderless, sophisticated and nearly invisible, cybercrime is committed anonymously, at scale and remotely; sometimes, and even quite literally, a world away from its victims.
It's a challenge that FinTech and financial institutions, both large and small – just look at payment giant PayPal – can't seem to escape.
Fraud in the pandemic
It gets even more complicated when there's a global pandemic thrown into the mix. Since COVID-19 reared its ugly head in 2020, fintech fraud risk has exploded.
Thanks to government-imposed lockdowns and related movement restrictions that require more people to stay at home, online shopping has skyrocketed. This accelerated shift from in-store to online purchases has resulted in a decline in the use of more secure, in-person cash and card payments.
The pandemic also saw PayPal adding 120 million new customers. Or did it? With a new marketing campaign that incentivised new customers to sign up by depositing cash into their accounts, the company became a prime target for fraud. Bots (software created to visit websites and take actions automatically), posing as real people, started to cash in on those incentives by creating accounts.
It was a learning experience to the tune of a 25 per cent stock slump. As a result, Paypal has changed its customer acquisition strategy from incentive to engagement programs to help protect it from fraud.
The cost of fraud: A billion-dollar affair
In July 2021, the Australian Institute of Criminology, sponsored by the Australian Government, stated that the total economic impact of pure cybercrime in Australia in 2019 was $3.5 billion.
Let's take a closer look:
- $1.9 billion – money directly lost by victims
- $597 million – money spent dealing with the consequences of victimisation
- $1.4 billion – money spent on prevention costs
- $389 million – amount recovered by victims
On top of this, Australian Government statistics reveal that 50 per cent of the cost of cybercrime to Australian individuals relates to computer access crimes – hacking into a computer network or device to obtain information or data, including credit card details, photos and personal identity information, without permission.
These losses are believed to be conservatively estimated, as many victims could not quantify precisely how much had been lost or how much had been spent dealing with the consequences of the crime.
The unintended impact
Currently, there are limited options available to fintech businesses to reduce fraud in the current environment. The biggest challenge facing these companies is implementing fraud detection methods that don't unintentionally impact the customer.
This impact may be the inconvenience of compliance measures and other operational procedures designed to detect or prevent fraudulent activities that compromise ease-of-use and operational efficiency. Consumers tend to resist these service impediments and take their business to eCommerce sites that offer a path of least resistance to fraud control measures. This is exactly what cybercriminals want to see and is the most difficult challenge confronting FinTech businesses today.
Traditional fraud minimisation measures, such as real-time auditing and real-time reporting, are expensive and not always effective. Moreover, existing identity authentication measures, such as one-time SMS codes and knowledge-based authentication measures, can no longer outsmart digital criminals. For example, one-time SMS codes can be re-routed, and even the most novice hackers can easily identify the answer to your mother's maiden name.
While fraudsters will always find a way to beat the system, companies still have ways to protect themselves and their customers.
How to beat fraudsters at their own game:
- Stay agile: Financial institutions need to develop fraud-prevention strategies and tactics that enable them to respond quickly and evolve.
- Embrace innovation: Financial institutions and other fintech businesses need to invest in new digital security infrastructure that doesn't compromise operational efficiency and customer satisfaction. Options available include biometric identity authentication measures – think fingerprint, eye and facial identification or voice recognition. This technology is advancing rapidly and now extends to behavioural biometrics as well, like keystroke dynamics or the way objects are used.
- Decision with data: Compiling enough data to make a good decision takes more than payments data; companies also need to look at location ID data, digital identifier data, and unique customer data and cross-reference it to get the full picture and ultimately, stop fraudsters in their tracks. When financial institutions combine payments data with all known elements, it paints a more accurate picture of what's normal and what's fraudulent.
Bottom line: While cybercrime protection demands evolving solutions that require significant capital outlays, it's worth the investment. The more traditional fraud prevention solutions are no longer a match for the growing sophistication of cybercriminals.
Article by KOSEC - Kodari Securities CEO, Michael Kodari.