Banking fraud is constantly shifting as criminals find new ways to get past their victims’ defences, raising queries on who is liable for the resultant losses.
NetGuardians Regional Director for Middle East and Africa Jonathan Somers says banks must upgrade their physical and cybersecurity or risk losing trust with their customers. NetGuardians is a software company recognised for its innovative solutions to keep operational risk under control. It helps financial institutions in over 30 countries to fight fraud.
The explosion of home delivery for retail purchases has created new opportunities for phishing scams involving email or text alerts, as well as the general increase in communications via digital channels that can be faked and exploited for phishing purposes. Another type of banking fraud is the “man in the middle/pharming scams”, where a hacker obtains sensitive information transmitted between two other parties online.
With the technical support scam, fake staff call the victim, who is told that there is a problem with their software. The victim is duped into giving the caller control of their computer remotely, sometimes with the help of personal information about them gathered via social engineering. The mobile Sim-swap is common in the developing world, where the primary way most people access mobile banking is via their mobile phone. There is also the account takeover resulting from social engineering and telephone scams.
Watch out for the following top banking frauds:
Authorised push payment fraud: Social engineering and simple telephone impersonation techniques can also be used to dupe victims into making payments to accounts controlled by the fraudsters themselves.
For example, victims may be told that their account has been compromised and they must transfer their money to a new account to prevent it from being stolen.
According to the UK banking industry trade body UK Finance, £479 million was lost to authorised push payment fraud in 2020, up five per cent in 2019. The number of fraud incidents rose 22 per cent year-on-year.
Romance scams: The victim is approached via text message, email or social media and convinced to begin a long-distance relationship. Once the victim is drawn in, the fraudster requests money transfers to allow them to come to the victim’s country, clear debts or unlock a frozen bank account.
According to the US Federal Trade Commission, romance fraud has mushroomed in recent years. In 2017, 17,000 victims reported losing $87 million, but by 2021 the number of victims had grown to 56,000 and losses totalled $547 million.
The New York Times cited the example of a 76-year-old widow who transferred more than $660,000 to bank accounts she thought belonged to a US Army general in Afghanistan.
Business email compromise: Fraudsters frequently target companies by impersonating a senior executive. An email is sent to an employee, either from the victim’s own email account, which has been hacked, or from a spoofed address.
The email is often followed by a call apparently from the CEO, a senior executive, or from a bogus law firm or consultant, telling the employee who received the email to respond immediately. Deep fakes are increasingly used for video or voice calls. The email usually requests a large payment to a fake account in connection with an urgent or sensitive issue such as an acquisition.
The US Federal Bureau of Investigation says that, between June 2016 and July 2019, it received more than 166,000 reports of email compromise, with total losses of more than $26.2 billion.
Invoice frauds: Invoices purporting to come from a genuine supplier are emailed to the company, along with fake account details for payment. This type of fraud can cause major problems for smaller companies that lack the controls to prevent them and rely on non-specialist, junior staff to make payments.
Investment scams: The number of people investing online has grown strongly during the pandemic, partly due to home working. In response, gangs have set up fake investment websites to fool people looking to invest in stocks, commodities, and cryptocurrencies. The sites are marketed to victims using phishing emails and online adverts on social media sites.
In January last year, the UK’s Financial Conduct Authority warned that more than £78 million had been stolen from investors during 2020 through “clone firm” scams involving fake websites and documents that imitated legitimate companies.
Reports of these clone firm scams rose by 29 per cent between March and April 2020, when the UK went into its first lockdown. The average loss reported was more than £45,000.
Mr Bernard Rono, a senior business analyst and security expert, said that, although a wide variety of banking frauds are commonly attempted, there is only one reliable way to detect and prevent them.
“This is by comparing the fraudulent transaction against the historical pattern of behaviour associated with the account holder or system user. This is why in creating solutions it is critical to focus not on the different types of fraud but on the usual behaviour of the account holders, so that anomalies can be detected and flagged,” he said.
His sentiments were echoed by Mr Somers, who urged banks to invest in AI-based anti-fraud software that monitors all account transactions and evaluates them against the established behavioural profile linked to the account holder or his or her peers.
With the invention of AI algorithms, banks systems can carry out checks on transactions across multiple axes.
It tracks unusual access to the bank’s internal systems and monitors internal users’ actions where these are linked to suspect transactions. NetGuardians uses a software that employs AI algorithms to identify unusual activity on customers’ accounts that may indicate account takeover.