Fraud Predictions 2024
December 12th, 2023
Payments innovation and big regulatory recommendations marked 2023, and fraudsters are changing tactics and leveraging technology to test for weaknesses in fraud controls. This year’s fraud predictions for Enterprise Fraud Management follow three core themes:
- Uniting to overcome industry obstacles
- Growing concern about scam growth and losses
- Focusing on money mule activities
These factors may be prime motivators for financial institutions (FIs) and banks to embrace the long-held promise of FRAML (fraud + anti-money laundering), or the integration of responsibilities once siloed to address fraud prevention, anti-money laundering (AML) compliance, and investigations.
Vulnerable Consumers and Liability Shift
As scam losses and consumer complaints mount, operational processes must account for inevitable changes in claims management and investigation that follows, especially when identifying scams-vulnerable consumers. While scams underpin the first two areas of predictions focus, other concerns will also challenge fraud strategies and operations into 2024, including scams within the context of the speed of execution of faster payments and new regulatory requirements. Particular to the speed of execution of payments, while Faster Payments certainly impacts fraud prevention for digital payments, there’s another traditionally irrevocable payment to consider: international transactions.
The NICE Actimize PSR Fraud Liability Shift eBook delves deep into the U.K.’s Payment Systems Regulator (PSR) requirements. The PSR is looking to enforce a 50-50 split of cost of consumer losses for authorized payments or authorized push payment (APP) fraud over Faster Payments between sending and receiving institutions. In the U.S., the Zelle™ peer-to-peer (P2P) payments service has already instituted a requirement for reimbursing consumers for qualifying imposter scams, where banks receiving the scam payment cover the cost of consumer losses. In Europe, the new ‘Payment Services Directive 3’ or PSD3 will ultimately usher in a new IBAN name check for all credit transfers, as well as consumer protections for losses occurring from imposter scams. In Singapore, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) issued joint plans to clarify the responsibilities of banks and FIs for reimbursement to consumers for unauthorized payments fraud (ATO), and in a novel shift of loss sharing, banks will first share in the cost of reimbursement, with a succeeding and novel ‘waterfall approach’ to recoup these losses from Telcos for smishing and vishing scams.
Case Management and Investigations
As banks and FIs diligently navigate the regulatory landscape governing liability shifts, the implementation of these mechanisms bears a striking resemblance to the comprehensive and integrated nature of ‘FRAML.’ This is particularly evident in the planned PSR liability shift for the Faster Payments system in the United Kingdom.
According to the PSR, the identification of consumer vulnerability to scams is paramount. This serves a dual purpose: first, to ensure timely warnings and interventions to prevent scams, and second, to assess vulnerability for determining whether a fee or ‘claim excess’ should be deducted from the consumer’s scam reimbursement. The intricate task of identifying and addressing consumer vulnerability, along with managing the incidence of scam exposure and claims experience, necessitates a robust case management system. This system should seamlessly unify both the operational claims resolution processes and the upstream fraud prevention modules.
In the assessment of reimbursement responsibility, sending and receiving banks will be more transparent with each other to assess responsibility for a claim or losses. We predict this type of collaboration and determining consumers’ scams vulnerability combined with a receiving institution sharing information needed for authorized payment fraud claims resolution will naturally bring together fraud and AML functions, internally and external to the payor and payee bank. Fraud liability shifts for authorized payment fraud, as they have manifested in the U.S. and U.K., presently place a strong emphasis on receiving bank responsibility, or the money mule accounts that allow fraudsters to monetize their ill-gotten criminal gains.
Money Mules in the Spotlight
In the past, addressing money mule accounts was traditionally a reporting concern, with AML leading the charge at FIs to identify this illicit activity and especially to meet regulatory requirements. When FIs are receiving funds from authorized payment scam victims, they must react in real time to these threats—meeting a regulatory filing requirement will not be enough to avoid a shift in liability to the receiving FI. With the speed of scams and payments, operational and claims management processes will have to accelerate to prevent fraud, whether in-flight, or after the fact. Fraud prevention teams miss an opportunity to effectively prevent fraud if they don’t leverage the experience of AML teams in fighting money mule activities. The expected synergies, cooperation, and adoption of common tools to fight money mules supports and serves FRAML methodologies.
Scams are not just a concern for faster and P2P payments, and while the losses over these channels have gained widespread industry attention, scams have and will grow in importance and concern as well with international payments. In NICE Actimize’s latest research outlined in the report “Delving Deeper: 2023 Fraud Insights, Second Edition”, international payments experienced the largest growth globally in attempted fraud volume at 19 percent. The attempted fraud rate for international payments correspondingly increased 31 percent in H1 2023. For international transactions, fraud using money mules outpaces what was observed in real-time and P2P transactions. Applying the lessons of fighting money mules over faster payments will be leveraged similarly in identifying money mules in international transactions. Money muling activities are a significant portion of new account fraud for international transactions, with four percent growth from H1 2022 to H1 2023, and now accounting for 95 percent of the total. It’s hard to imagine the fight against mules over both P2P and international transactions won’t naturally bring together fraud prevention and AML. Considering muling risk is 2.6 times greater in the first 30 days of account opening, onboarding processes will be completely ineffective if fraud prevention does not raise to the same level of know your customer (KYC) compliance. And where fraud has a greater voice at onboarding, it’s a winning strategy that also points to FRAML efforts growing in 2024.
NICE Actimize fraud subject matter experts expect overall cooperation, organizational, and solution alignment between fraud prevention and AML to grow in the coming year through the cross-channel fight against scams. For more information on fraud and scam trends and insights, download this fraud insights report.
More NICE Actimize Expert Insights
Jake Emry, Fraud Prevention Subject Matter Expert: Real-time payment rails like FedNow should and can be leveraged in the fight against check fraud IF the U.S. chooses not to phase out checks in the next five to ten years. I believe it’s safe to say we would not be like Australia, where they will wind down the use of checks by 2028, and phase it out completely by 2030. In Canada, they have made this connection explicitly, and it’s a leadership matter in the sense that if you are going to keep checks alive, you must use real-time rails to narrow the window of settlement (or in-clearing.) This would be a huge improvement in the fight against check fraud.
Yuval Marco, General Manager, Enterprise Fraud Management: We’ll see more of the deep fake-driven scams, as these technologies will become mainstream. Fraudsters will leverage this tech to scam people and banks at scale, making it more difficult for humans to identify what’s real or not real.
Rob Rendell, Global Head of Fraud Market Strategy & Fraud Prevention SME: Economic uncertainty will keep fraud practitioners on the edge of their seats, as they’ll be watching for signals that economic pressures that are causing previously good customers to turn bad; economic downturns fuel first-party fraud. Normal first-party scenarios include credit card fraud bust-out, retail banking deposit fraud, and false report on fraud claims. Fraud practitioners should act now to ensure adequate controls are in place for these challenging loss areas, because it’s true customers are intently defrauding the bank.
Nate Schneemann, Fraud Strategy Leader, Subject Matter Expert: I predict all types of fraud attacks rates will go up. Focusing in on two areas:
- Given the exploitable nature of the check ecosystem, FIs that make their ‘final investment’ in future-proofing checks by integrating image analytics to their enterprise fraud platform will yield substantial financial and operational benefits.
- Many push/pull factors continue to converge to increase first-party fraud and scams rates. The FIs that invest in advancing controls around identity, funding/money-in and around consumer protection will save money, understand ‘customer trust’ better, be positioned to navigate global changes around consumer protection better and be well positioned to capitalize on open-banking innovations.
Freddy Arthur, EMEA Fraud Strategy Leader: Fraudsters will continue relentless scams and social engineering attacks. However, I expect these to become yet more sophisticated and targeted with Gen AI. As banks bolster detection for fraud across faster payments, I’d expect the trajectory for APP fraud on the Cards channels to grow. In the U.K., I foresee more friction being introduced into customer journeys, from certain payment types to opening an account for banking products, as FIs double down on scams and mule detection controls in the wake of the looming PSR APP fraud liability changes.
Across Europe, whilst PSD3 is coming on the radar with the extension of SCA to wider participants, introduction of IBAN name checking and bank impersonation scams in focus, I fully expect some local jurisdictions will mandate some degree on liability or additional controls on banks before well before PSD3 comes into effect—this is in light of surging proliferation of scams in certain markets, alongside a backdrop of increasing public and media attention.
Chen Kirsch, Global Manager, Consulting and Fraud Advisory: I think that the major new theme for 2024 is twofold: rise of the (AI) machines coupled and delivered with Fraud-As-A-Service.
The usages of AI to perpetrate fraud, whether by creating better phishing/spear phishing mails, faking voice calls, and even video calls to resemble a trusted individual or CEO’s voice over the phone or video chats will probably increase. In the extreme, this tech could also be used to automate fraudulent call centers. I Instead of human fraud operators scamming the vulnerable, AI would do most of the scamming, while the humans would be the managers and second line to handle the difficult cases to defraud.
The mechanisms to deliver these new frauds would be more by the sale of Fraud-As-A-Service by fraudsters to fraudsters. This would, in effect, reduce the technological barrier to commit fraud by enabling fraudsters who previously didn’t have the knowledge can now expand into new fraud types at a relatively low cost and maintenance.
Jon Page, Account Executive, Strategic Accounts: Australia perspective: Scams Fatigue. Everybody gets so many calls, SMS, Email, and DMs daily that are scams. It will become increasingly complex for banks to be able to securely reach their customers when they actually do need to contact them. Banks are diverting more things to be “in App”, so how do you convince a suspicious customer to trust the “in-App” communication? I think this will cause more customers to want to talk to a teller or person in a branch. At the same time, branch closure rates are increasing.
Tsafrir Marom, Manager, Data Science, R&D: I think we will see scams emerging that are using large language models (LLMs) to create smarter and more human robocalls. AI will play a huge role, where fraudsters will leverage it in a variety of creative ways, such as circumventing selfie verifications by using AI generated selfies in fake IDs, creating realistic fake documents, such as bank statements, utility bills, or government letters to give frauds legitimacy, engage in phishing schemes that clone a trusted person’s voice to blackmail or defraud family members, and deepfake videos to defraud many victims simultaneously.
Anurag Mohapatra, Senior Fraud Product Manager, PM infrastructure: Though it’s not as trending as scams, I think Check Fraud in the U.S. will continue to be a problem in 2024. Why? In 2023, Check Fraud numbers haven’t shown a dip, the SARs filed are on track to beat 2022 numbers. Data gathered by Evidence-based Cyber Security Group suggests that the average balance of stolen checks deposited has gone up by 30% in the second and third quarters of 2023—Add to this the number of drop/mule accounts that are active and created. This indicates that Check Fraud is here to stay.