2017 Global Fraud Risk Index, Heightened Pressures Ahead
December 15th, 2016
December is always the time of year fraud executives and their teams never sleep. They are typically engaged in back-to-back planning for budgets and strategy sessions to address the New Year ahead, all while dealing with peak season fraud spikes and escalations that come with those events. Whew.
Looking back, 2016 will be noted as a “tipping point year” in the fraud environment with a few examples of this including rapidly rising ACH and wire fraud; person-to-person payments on faster payments’ rails as a prime attraction for fraudsters; treasury and correspondent payments becoming a “bull’s eye” for fraudsters after the big heist, and 1st party fraud on the rise as lending begins to ease in the marketplace.
More than any time in recent history, 2017’s Fraud Risk Index is expected to see heightened pressure. We will see more cyber punks and nation state attacks; new banking channels like self- service “Siri like” banking; and new open, disruptive banking models. We will also see speed and more speed of payments all bringing new dimensions and complications to the state of fraud that will require new and necessary countermeasures in the coming year.
Here are a few examples of fraud trend forecasting to bring up at your financial institution’s next executive roundtable that should ensure that you are fully addressing any expanded protections which might be necessary to add to your operational framework to ensure a an enhanced fraud risk platform “2017 style”.
- Chat bot takeover as a new fraud vector – As a consumer, I am very excited about the convenience and personal service offered by personal bot assistants, but as a fraud executive advisor I know that bot takeover will be a new “fraud type” to which losses will be attributed in the coming year. Ensure that your security, authentication and fraud plan for this new technology are tightly coupled and well thought out.
- Open API fraud ramps up – Open banking in many forms, with API’s connecting to bank systems and ultimately bank accounts, is gaining global traction. Ensuring consumers and businesses are protected in this new interconnected world is not as simple as determining fraud liability. Third party providers and banks need to work together to share information and data so that all parties are working toward the same goal to protect the payments system’s mutual trust ecosystem. We can expect more complex fraud that spans across the open networks in the coming year as this area grows.
- Wire Fraud moving to ACH – Now that Same Day ACH has rolled out, we are beginning to see a shift in losses from wire fraud to ACH. This makes sense. After all, why would a fraudster pay for a wire when ACH is cheaper and easier. This trend will continue in 2017, with others aspects of Same Day ACH soon to roll out in the US payments market. Ensuring you have the same protection of real-time transaction monitoring on ACH, as you do with wires, is critical.
- Mule account creation and identify fraud increases – As we all know, fraudsters send the proceeds of their fraudulent actions to a “mule” account to “cash out”. As faster payments increases these attacks, the fraudsters will be in the business of setting up “speedy” mule accounts as well. Consumers are often “duped” into becoming mules, by way of social engineering of vulnerable consumers who fall for “work from home” scams or “romance” scams.
- 1st Party Fraud rises – Lending is easing in the market a bit, interest rates remain low and consumers and banks will want to take advantage of this climate. When lending tightens, “sleeper fraud,” which is fraudsters sitting on the books quietly, begins to ramp up, but when leading eases more “bust out” or new account or loan default fraud occurs. All types of bank products can be affected by 1st Party Fraud, so it is good to include ongoing fraud risk scoring of accounts, not just evaluation, at application or on boarding.
- Cyber hacking continues – Perimeter vulnerabilities will continue to affect banking and other operational systems. The convergence of cyber and fraud is no longer a future prediction, but needs to be inclusive of an intentional security strategy.
As you can see, fraud risks are becoming more complex, and strategic thinking around these issues should be woven into regular briefings and discussions. If your risk board has not added a “2017 Fraud Preparedness” agenda item, I suggest that they do and to include a discussion of these issues at your first meeting in January.