In this blog, we look at five key trends seen across Fraud and Identity which have either caused a greater risk, or influenced risk. From the threats of digital exposure through to internal fraud. We have seen through our recent UK&I fraud report, of which this is an extract from, how fraud detection has increased. The challenge however, is that the risk of fraud overall has increased. Businesses across the globe acknowledge this rising threat and many have recorded more than 20% increase in fraud rates in the past year. What is certain is that fraud needs to be understood. By understanding it you can better equip your business to reduce the burden of fraud and better protect, and serve, your customers.
1. Fraud and the Digital economy
With more people using mobile, internet and tablet devices as a means to interact and transact, we see more digital exposure to fraud. It’s therefore perhaps not surprising that cybercrime is starting to dominate fraud – and is now accounting for a large proportion of all committed fraud and identity theft. Those who are the most tech-savvy are also experiencing most of the identity fraud cases.
There is now more personally identifiable data being transmitted on the internet, leaving the owner much more vulnerable. The days of imitating someone in person is starting to dwindle. Today, businesses and people need to grapple with proving and validating identities that are hidden behind a computer; virtual identities.
What is important to note is that while cybercrime in some respects is relatively new, in some cases, the acts of fraud committed from cybercrime aren’t that sophisticated or pioneering. We see fraudsters impersonate companies, plant viruses as well as data hacking and account cloning. The more we conduct our lives online, the more vigilant we need to be and the smarter you need to be at prevention and detection.
2. Younger people increasingly targeted as fraudulent applications against over 50s drop
Fraudulent credit applications against people in their twenties have soared in the last three years. The proportion of frauds against those aged under 30 has risen by 6% since 2014, while those aged 50 and up have experienced a decrease of 8.4% over the same period. Young people are increasingly falling foul of fraudsters who see them as a more accessible target to open an account. They are more interested in getting an account open so they can use it for money laundering, or to establish a footprint at the bank for further fraudulent activity.
Young people are more likely to live their lives online, so there is a good chance they will not be monitoring their post for statements as they most likely choose not to receive physical statements (only three in ten do). They are more likely to live in accommodation with shared mail areas, which provides an opportunity for fraudsters to intercept their post when the new plastic arrives.
The 60-plus cohort has experienced the sharpest decline in fraud attacks, down 5.8%, suggesting they have heeded advice to monitor their statements for suspicious activity, and given scam emails a wide berth. We can see this translate throughout research where they evidently used a range of passwords online as a means of protection (Those 55+ have on average 11 passwords, with Millennials having just 3).
3. UK’s online identity habits revealed: Have we reached ‘peak password’?
Experian research has revealed a growing divide across generations. This split is particularly evident in the way the UK population manages its online identities.
The younger generation appears to be more driven by convenience and rarely has more than five unique passwords. They are also far more likely to log in to multiple accounts using a single social media online ID. As we have heard, this digital exposure is making them more vulnerable.
With paper identities now becoming mostly obsolete when it comes to digital verification. It is much easier to pretend to be another person when you are hidden behind a screen. It has become much rarer for fraudsters to imitate their victims in person and this shift requires new tools that are fit for this purpose.
It’s perhaps no surprise that a high proportion of over 55s state that most of their accounts are paper-based. This is a result of concerns about remembering passwords and concerns over the security of online accounts.
Over the past 60 years, we have witnessed a huge transformation in the tools criminals use to commit fraud. But the use of a password to protect has remained largely stagnant. This exposure can mean fraudsters can access even more data that is much more sensitive and valuable information than ever before. We’re not looking just at financial losses from bank account withdrawals but right across to accessing social accounts which can be equally costly and detrimental to people.
4. Protecting payments from fraud: the PSD2 and the PSR’s response to Bank Transfer Fraud
The Second Payments Directive
The PSD2 (Second Payments Services Directive) will enforce, and transform, the way security is applied to payments. The aim is, from a customer point of view, to make the transaction process much more secure to prevent fraud. We will also most likely see strong customer authentication start to shift application fraud – with Current Accounts being even more targeted as other methods become harder to target or commit fraud against. For example, online payment fraud.
Today, in many cases, to transact online you will need to supply a password as a form of validating your payment is legitimate. Tomorrow you may need something more sophisticated like a token or biometric information to prove it is you.
Transaction Risk Assesment
In addition to this, there is a new regime around what is called transaction risk assessment (TRA). The TRA defines how you need to assess each transaction in real-time to determine the fraud risk. If there is any hint of fraud risk then stronger authentication must be used in that case; if the fraud risk is lower, then it could be exempted.
PSR responds to push payments
Also affecting payments is the Payment Services Regulator’s (PSR) response to bank transfer fraud and payment errors as a result of the Which? super complaint. Recently the PSR has requested both banks and industry do more to protect customers when it comes to bank transfer payments. It would, therefore, be vigilant to check all bank accounts within the payment process to help protect customers against any identifiable, or unnecessary risks.
5. The threat of internal and employee fraud
According to research from Cifas, there has been a 60% increase in account fraud where unauthorised activity was made by staff on a customer’s account without permission.
Other types of fraud include CV fraud. 12% of candidates put false grades on their application, and 38% of those 25-32 have concerning discrepancies on their CV (according to the Risk Advisory). You need to weigh up the risk of having no-one in the role while the necessary checks are done, and someone potentially risky in it. To me, this is an obvious decision. And, with the right recruitment strategy, you won’t need to be without an employee either – or at very least, not for long.
By the very nature of your business, your employees have access to sensitive and valuable information – both financially valuable and personally valuable. You, therefore, need to be vigilant and put in place the appropriate controls and checks across all your business areas as a means of protecting such information.