From the theft of the Mona Lisa to the OneCoin crypto currency scam, criminals have consistently tapped into societal shifts and cultural moments. This has been hammered home in 2020–21 as fraudsters exploited changes in consumer behaviour — at the cost of billions of pounds.
In this article, we look at how the past and present can inform the fight against future cyber threats, and the role fraud solutions can play.
A return to the Roaring 20s in more ways than one?
Back in the 1920s, newspapers featured stories about fraudster Charles Ponzi who infamously spotted a weakness in the US postal system and tempted investors with the tantalising opportunity to make easy money. Ponzi was arrested in Aug. 1920 for mail fraud when his scam — which relied on a constant flow of new investments that provided returns to older investors — collapsed.
Interestingly, while working at Banco Zarossi (1907), Ponzi was described as charming, and during his time in prison for people smuggling (1912), reportedly befriended a mob boss. Then consider the wider societal upheaval of the time: The convulsions of the First World War; the economic seesaw of the 1920s; and the Great Depression of the 1930s, the European experience brought to life in George Orwell’s memoir, Down and Out in Paris and London.
Ponzi was a product of his time — an archetypal fraudster — and as economies today rebound from the pandemic, there are echoes of the 1920s. Today’s fraudsters have much the same vision — to exploit weak points in technology, human nature and societal change.
How fraudsters socially engineered the pandemic and made everyone pay
Since March 2020, furlough and lockdown restrictions have created a seismic shift in behaviour as consumers turned to digital channels to bank, make payments and purchase goods. And fraudsters have taken full advantage — TransUnion consumer research indicates three out of four UK consumers have been targeted by fraud.
Our Device Risk Database provides insight into how banks and consumers have been affected (Jan. 2020 to March 2021) — as interpreted in the following three phases.
- Phase 1: Fraudsters ran amok, praying on consumer fear and panic while banks struggled to adapt to new demands.
- Phase 2: Banks answered by tightening risk protocols and restricting lending, deterring criminals who moved elsewhere.
- Phase 3: Lockdown eases and an appetite for consumer lending creates new opportunity.
Some fraud types, such as phishing, smishing and vishing techniques used to obtain personally identifiable information peaked during the pandemic. As the pandemic’s true financial impact becomes apparent as payment holidays and government support schemes end, we’ve seen high incidences of Authorised Push Payment (APP) driven by a surge in:
- Money mules activity — individuals who allow their personal accounts to be used to move proceeds of crime and make money appear clean.
- First-party fraud.
The cost is staggering — gaps in the policing of online fraud and scams resulted in record numbers of UK citizens being conned out of £8.5 billion according to ONS figures, or £1,149 on average per victim — more than doubling from £551 a year ago. Whilst the number falling victim to fraud has only marginally increased (from 12% in May 2020 to 14% in May 2021), the sheer scale and variety of scams is leaving people vulnerable.
Ecommerce habits prove popular with fraudsters
With more businesses moving online and a large percentage of the population staying home, ordering consumer goods online has skyrocketed. According to ONS research, the proportion of online retail has reached a record level of 35.2% in January 2021, up from 29.6% in December 2020 and dwarfing January 2020’s 19.5%.
Royal Mail outlines phishing scams being conducted via text or email and the familiar cues they use to seem authentic like personalisation, branding and urgent copy. These are direct scams, but they allow fraudsters to gather personal information for more sophisticated and costly APP, phone-based scams.
Fraudsters reacted by bombarding consumers with messages about delivery charges or redelivery options. Then they doubled down by tapping into confusion over customs charges for goods bought from Europe as Brexit kicked in.
Social media and gaming communities are gold mines for fraud
The UK’s third national risk assessment of money laundering, reported in December 2020, identified fraud and tax evasion as dominant crime types, with cybercrime a prominent generator of criminal proceeds. One way criminals launder cash is through money mules, who clean the cash which is then withdrawn and funneled back into organised crime.
Financial services products that facilitate electronic transactions and quick fund distribution — such as bank accounts, electronic currency and payment platforms — are vehicles for mule activity. But with improved controls relating to account takeover and device/location-based risk assessment, criminals have gravitated to social media and gaming platforms to recruit mules.
On social media platforms, criminals promise targets quick money-making opportunities. TransUnion’s work with Cifas in 2019 highlighted young people are the perfect targets, as youth, peer pressure and naivete may give credence to the fact they don’t understand the illegality of their actions.
Video game platforms are another less regulated and secure environment that has boomed during lockdown. Games like Fortnite (V-bucks) and Animal Crossing (Bells) have their own currencies (bought with real money) which are used to trade digital goods, either within the game or on third-party marketplaces. This makes it an attractive space for criminals to recruit money mules and clean cash.
What’s next? Super-apps, digital wallets and future threats
It’s clear fraud prevention strategies need to continually adjust to threats embedded within emerging consumer trends. Working with the Economist Intelligence Unit, TransUnion identified two disruptive technologies, super-apps and digital wallets, likely to present challenges.
Super-apps, such as WeChat, are a single digital portal (predominantly accessed via smartphones) through which customers access and pay for third-party products and services. They’re disrupting the relationship between businesses and consumers and driving digital payments, bypassing traditional methods like credit cards. For businesses, they require less infrastructure and offer lower transaction fees whilst consumers enjoy convenience and personalisation.
Digital wallet popularity has increased through strong growth in mobile usage, the adoption of super-apps, and via retailers and service providers diversifying payment options.
Concerns regarding these technologies revolve around security, privacy and fraud. Super-apps are a risk as they store personal information in one place, whilst digital wallets are tied to bank accounts and credit cards.
In the past year, using TransUnion TruValidate consortium data we’ve seen a 15% increase in account takeover (ATO) reports, and with personal data available on the dark web, it’s likely to continue to rise. To help mitigate ATO, device-level checks should be deployed to stop fraudsters even if they have the correct login credentials.
How to strengthen fraud solutions against new threats
APP fraud is an ongoing challenge all banks have to tackle. The pandemic drove more customers online, including those less technically savvy, providing fraudsters with a wider pool of targets.
The banking industry has taken positive steps to mitigate the risk of customers being coerced into making payments by implementing Confirmation of Payee (CoP) and warning notifications, as well as friction-right controls requiring customer action before making new payments, and education programmes.
While many banks are signed up for CoP, it can only be truly effective with wider participation, as fraudsters will continue to target weaknesses. Furthermore, a less than 100% name only match using CoP presents an opportunity for false positives, potentially leading to payments being turned down unnecessarily. The absence of enough intel on beneficiaries to assess those accounts also presents an ongoing challenge. Payments can still be made to seemingly ‘genuine’ accounts that actually belong to money mules.
Being able to identify money mules earlier, say at application stage rather than following transaction monitoring, is something banks could look at through predictive modelling. Similarly, identifying vulnerable customers at risk of APP fraud is another area where banks can ensure the right levels of friction and controls are deployed within their customer journeys.
As the 2020s progress, TransUnion’s fraud solutions can help secure and optimise the entire customer lifecycle with a layered approach to identity proofing, authentication and fraud control. Contact us to discuss how we can help your business whilst deterring criminals who, like Charles Ponzi, seek to target weak points in human nature and technology.