6 key fraud, KYC and AML predictions for 2024

One of the fastest-growing types of fraud is Application Push Payment (APP) fraud, where fraudsters trick victims into making fraudulent payments. Other types of phishing and social engineering fraud are also on the rise, and particularly ‘romance fraud’, which has increased in value by 50% over the last year^[1].

Experian data reflects a shift from ‘fraud of greed’ to ‘fraud of need’, with a corresponding increase in first party fraud. This type of fraud, where consumers give false or misleading information about themselves to obtain credit or services, now represents 31% of all fraud – up 10% compared to this time last year.

Explore our infographic: Fraud, KYC & AML Predictions for 2024 Let's go

Whilst our rich data and analytics tools show some clear trends in terms of how the landscape is evolving – the challenges presented ahead into 2024 are wide-ranging and complex. Let’s delve into what lies ahead for fraud, KYC and financial crime.

1. The convergence of fraud and money laundering defences

In 2024, we will see more institutions combining their fraud and AML defences to form a new paradigm called ‘FRAML’. By understanding the inherent links between money laundering and fraud, institutions can reduce false positives, improve the speed and experience of customer onboarding, and better identify potential risk.

Currently, many institutions still manage AML and fraud detection and prevention as separate functions. But with financial crime costing the UK economy an estimated £290 billion a year^[2], and with billions of pounds being laundered through the UK finance system every week^[3], the inherent link between fraud and money laundering can no longer be denied.

To implement more holistic solutions, Experian is seeing an emerging trend towards integrated Fraud and Anti-Money Laundering (FRAML) operations. In this new paradigm, teams have access to the same fraud and AML data and customer views, allowing them to make far more accurate risk assessments.

In this way, we will see customer risk assessments expand beyond traditional AML metrics to include identity and fraud risks. Over time, additional risk factors, such as credit risk, can also be built into assessments to provide an even more comprehensive customer view.

As the FRAML concept matures, shared AML and fraud risk data will become a core data asset for organisations and the key to maintaining accurate and up-to-date customer views. Shared data will drive customer and risk decisions that benefit both the top and bottom line, protect customers, and close loopholes that criminals are currently using to perpetrate fraud, including the ability to identify money mules and their accounts.

Finally, shared systems and data may eventually help institutions to consolidate teams, infrastructure and operations to achieve significant IT cost savings.

2. The shift to plastic ‘money mules’

In 2023, ‘money muling’ increased as the high cost of living impacted consumers. For 2024, we predict a similar increase in money muling across other products such as plastic, where customers allow accomplices to overpay their credit card balance, and then transfer the positive balance to the fraudster.

Banks and payment providers are investing heavily to both identify money mules in their existing portfolio, and to prevent them from setting up new accounts. But as defences are tightened around current accounts in particular, fraudsters are expanding their focus to alternative products and industries where loopholes and weak points still exist.

For example, a wide range of products and services exist where money or ‘value’ can be easily transferred from one account or customer to another, opening the door for fraudsters and money mules. Such products include credit cards, retail store cards or gift cards, telecoms companies that finance handsets or sell phone credit.

One example of ‘plastic money mule’ fraud that Experian has seen relates to credit cards. The customer, who is struggling to make ends meet, allows a fraudster to ‘overpay’ the outstanding debt on their credit card, resulting in a positive balance of many thousands of pounds. This positive balance is then transferred to the fraudster’s account, effectively laundering the funds.

In the case of credit card providers, very few have transaction monitoring that would prevent this type of fraud. In the same way, service providers in other industries rarely have the systems in processes in place to detect this kind of activity.

3. Financial crime data sharing

The Economic Crime and Corporate Transparency Bill^[4] was passed in 2023, laying the foundation for improved financial crime data sharing between institutions. In 2024, early-stage standards and frameworks will be established that allow institutions to share data on customers to understand financial crime trends and risks, and to identify and prevent fraud.

For fraudsters, data sharing is part of the daily modus operandi. Working in teams and mining the dark web, individuals and criminal gangs hone their capabilities and find new ways to exploit loopholes in the financial system. However, until recently, institutions have only had visibility of their own customer data in relation to money laundering, with no way to see if customers have committed financial crime with other institutions, and no way to integrate multi-institution KYC data, money laundering investigation data, and other insights into their workflows.

This means, effectively, that criminals have had an unfair advantage up to now. However, the Economic Crime and Corporate Transparency Bill, which was passed in 2023, is set to redress the balance. Specifically, articles 188 and 189 of the Bill open the possibility for direct and indirect information exchange between institutions for the purpose of tackling financial crime.

With this new foundation in place, institutions are beginning to develop early data risk and compliance standards that will enable new data sharing schemes to come forth. With the potential ability to access AML data, KYC and credit risk data from multiple organisations, it will be possible to identify bad actors and emerging fraud trends more quickly, and to reduce fraud and AML risks overall.

4. Increased use of Open Banking for identify verification

The UK has over 7 million Open Banking users, a quarter of whom are using it to improve their credit score and speed up access to financing. In 2024, we anticipate that the identity verification capabilities of Open Banking will become more widely used, especially in tandem with other ID and authentication methods.

Since it was launched in 2017, Open Banking has been making slow, but exponential, progress. According to Open Banking Limited (OBL)^[5], the organisation responsible for UK-wide implementation, more than seven million adults in the UK now use Open Banking, which is a twofold increase since last year.

The growth in Open Banking users is not just good news in terms of giving institutions more visibility of customers’ real financial status and better ways to reduce risk in their portfolios. It also opens the possibility to use Open Banking data to identify customers online, helping to reduce fraud risks.

Of course, it remains unlikely that Open Banking data will be used as a sole means of customer identification, especially for high-value financial products and services, such as mortgages. However, it is very likely to be used alongside other identification approaches to reduce fraud and AML risks in the coming months and years.

5. New forms of fraud and “scamming” related to new APP fraud legislation in the UK

In 2023, the Payment Systems Regulator (PSR) announced the much-needed Authorised Push Payment (APP) reimbursement legislation, enabling scammed consumers to reclaim 100% of their funds lost to this type of fraud. But while this is key for protecting consumers, it also provides new fraud opportunities for criminals, and we are expecting to see a significant spike in financial impacts for institutions in 2024.

New PSR legislation in the UK makes both the paying bank and the payee bank responsible for losses related to APP fraud, a kind of fraud where scammers convince victims to make fraudulent payments willingly. Even more importantly, victims of APP fraud must be reimbursed with 100% of the fraudulent payment within just five working days.

While this legislation is excellent news for consumers, it also creates new fraud risks, particularly as many consumers continue to struggle with high living costs. Friends or accomplices, for example, may decide to work together to defraud institutions. In such a case, person A might send a payment of £500 to person B, and then report the payment as fraudulent to their bank. Person A is reimbursed for the full £500 within five days, and person B keeps the funds transferred to them by person A. The scale of this kind of crime expands exponentially when larger gangs or groups of people collaborate in such activities.

The stringent PSR reimbursement rules may also lead to a scamming ‘spiral’ in the coming 12 months, especially if vulnerable victims are involved. This is because fraudsters know that funds will be returned to the victims’ accounts within five days, allowing them to repeat their fraud attempts frequently and repeatedly.

New technology solutions are needed to implement the checks and balances needed to address and prevent these emerging fraud risks. One approach is to implement systems that provide information about both payer and payee accounts for each transaction. Strong and ongoing customer education is also needed to increase awareness of the different types of APP fraud, from false ecommerce to romance scams, cryptocurrency and investment scams and others, and to reduce fraud risks and losses.

6. Growth in AI-driven fraud

2023 was a breakthrough year for AI, characterised by open-source innovation and the emergence of advanced generative AI algorithms. In the coming 12 months, we will see fraudsters using the latest generation of AI capabilities to the maximum to create false identities at scale, and to overlay images, identity documents, voice and video messages, online profiles and more to create hyper-realistic customer profiles that outwit institutions’ traditional defences.

New, generative AI tools make it far easier to create facial images and identification documents that are able to trick institution’s identity solutions and checks. These kinds of technologies can also create fake social media accounts and other online ‘footprints’ that some institutions use as a second-line evaluation of identity risk.

Generative AI also increases fraud risks by enabling fraudsters to scale their attacks rapidly. Where creating false images and identity documents previously took days or even weeks, these kinds of customer identities can be created at scale using simple ‘cut and paste’ commands. What’s more, fraudsters can use AI tools to perpetrate romance scams and other APP fraud based on highly realistic voice recordings, instant messages and/or video footage.

To address these risks, security focused institutions are implementing advanced AI-driven solutions to fight AI-driven fraud risks. As well as recognising AI-generated images and documents, these kinds of solutions can look at device biometrics and other factors that could indicate fraud risk.