Exploits come at you fast in the world of online payments

By now, everyone has a good sense of the potential health implications of Covid-19. But if you’ve got any connection to the fraud-prevention business, you know that the Coronavirus is also making 2020 the golden age of fraud — specifically bank fraud. 

It’s not clear if this is because it’s a more fertile environment for fraud due to diminished face-to-face interactions, if it’s spiking unemployment leading part-time scammers into full-time crime, or if it’s just a more desperate global economic climate. No matter what the cause, fraud is way, way up. And nowhere is that more clear than in banking.

Take the chart below, pulled from proprietary, aggregate Fraud.net data, which shows the top 10 largest issuing banks in the world by online transactions.

 

We have to leave the names off to avoid embarrassing anyone, but even with the anonymous data, there are some valuable findings coming out of this chart which can improve your business… whether you’re one of these banks, a smaller financial institution, or just a company that is conducting business online.

1. Fraudsters are sharing information (so you should too). The old adage that there is no honor among thieves may be true but, in the digital age, thieves are, at least, a generous lot. Most people don’t realize that fraudsters will share exploits with colleagues — both through criminal consortiums, and through anonymous, online postings. True, this isn’t driven entirely by a desire to share the wealth or even to show off their criminal acumen; the greater the amount of traffic using a particular exploit, the easier it is for fraudsters to cover their tracks. (You can learn more about how criminals share information online in our recent podcast on travel fraud with Cathy Ross, President of Fraud.net.) 

Banks can’t predict where an exploit will come from but they can protect themselves from the same fraudsters hitting them over and over again by using the same tactics as the criminals, specifically, sharing information. The best fraud prevention platforms share anonymous fraud data across customers and partners, limiting the damage that a single fraudster can wreak, or a group of fraudsters using the same approach.

 

Key Insight: Rules only take you so far in fraud prevention; collective intelligence means that you recognize fraudsters before they ever reach your business.

 

2. Exploits can come at you fast. Fraudsters sharing their exploits can lead to criminals piling onto a vulnerability fast, and fraud spiking around an exploit in a rules-based system. This is clearly evident with the unfortunate Bank 4 — the grey line in the chart above — which saw most of its whopping 41-percent increase in fraud happening over the course of a day or two.

Because of the speed and ferocity with which fraud attacks can occur, detecting patterns of fraud can often challenge even the most experienced fraud prevention expert. To counter this, winners in this space have made use of sophisticated machine learning, which is able to detect fraud patterns that, at their early stages, are too subtle to be caught by the human eye. As you can see from Bank 7 in the chart above, even when fraud rises gradually, it can sometimes elude human detection, leading to long term losses for banks that don’t update their rules in time.

 

Key Insight: Machine learning and anomaly detection are essential in online fraud prevention, to quickly identify criminal patterns too new or too subtle for a human to catch it.

 

3. There are winners and (big) losers in online bank fraud. All of these banks are massive, publicly listed institutions with tens of thousands of employees, and a global presence. All have robust, rules-based fraud solutions in place. So, why are we seeing disparities, with some institutions seeing flat to slightly down levels of fraud, versus others that are seeing huge, double-digit increases in fraud since the Coronavirus stay-at-home orders were issued in the US? 

Clearly, rules-based systems are not enough. The modern fraudster is a sophisticated, creative, and, dare I say, hardworking individual who will perpetrate multiple, anonymous attacks on financial institutions until they find a vulnerability. Once they do, they will exploit it mercilessly — even sharing the bounty with colleagues — until the loophole has been closed. 

Every rules-based system has a weakness somewhere, so rules-based systems aren’t enough. Financial institutions need to be able to identify fraud quickly using collective intelligence, and respond quickly using machine learning, to harden themselves as targets of fraud. For the “winners” in this space, the results are somewhat anticlimactic – most, like banks 9 and 10, see nothing happen, or minor decreases in fraud. For the losers, life is much more exciting (and terrifying) with increases in fraud ranging from over 10 to over 40 percent.

 

Key Insight: Rules-based systems are the standard, but rules are made to be broken; AI and collective intelligence differentiate winners and losers.

 

This chart is a static capture of a real-time analytic in a comprehensive platform for bank fraud which Fraud.net offers clients.

Special Offer for Financial Institutions

During the Covid-19 pandemic, Fraud.net is offering 3 Free Months of service.

Contact us today to get started.