From growing cybersecurity breaches to cyber-crime-as-a-service, organisations are faced with growing fraud risks and financial crime in an age of remote working, rising online transactions, and cloud computing migrations.
We explore the top ten fraud risk trends to watch out for in 2023 and how you can effectively mitigate this ever-changing landscape, especially in the financial industry.
What’s in this article?
- Top 10 fraud risk trends to watch out for in 2023
- How to mitigate the ever-evolving fraud risk landscape
- How FDM’s KYC Pods solution can help
Top 10 fraud risk trends to watch out for in 2023
- Cybersecurity breaches are on the rise
- Deepfake technology fuelled by AI advancements
- Synthetic identity theft is increasingly difficult to detect
- Account takeover fraud has grown by 350% YOY
- Businesses are more susceptible to card-not-present (CNP) fraud risk liability
- Insider threats pose a high fraud risk
- Social engineering attacks in an age of remote working
- Cryptocurrency scams are part of a wider epidemic of fraud
- Development of cyber-crime-as-a-service (CaaS)
- Cybersecurity skills shortages exacerbate cyber threats
1. Cybersecurity breaches are on the rise
The Cyber Security Breaches Survey reveals that a total of 11% of businesses have experienced cyber crime in the last 10 months, which includes 26% of medium businesses and 37% of large businesses. It is estimated that there have been 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime within this time period. With each instance of cyber crime estimated to cost a business £15,300 per victim per year, the cost of cybersecurity breaches can be hefty. The rising frequency of cyberattacks means that tackling cyber threats should be a high priority for medium and large businesses in particular.
Cloud computing, while offering numerous benefits to businesses, can also increase fraud risks due to factors such as shared infrastructure vulnerabilities, data breaches, unauthorised access, reliance on third-party providers, and potential misconfigurations or lack of proper security controls. This requires businesses to implement robust security measures and closely monitor their cloud environments to prevent breaches.
2. Deepfake technology fuelled by AI advancements
Deepfake technology derives from the terms ‘deep learning’ and ‘fake’, referring to the use of AI to create realistic fake audio, video, or images. It can be used to impersonate people and aid malicious individuals in identity theft. Deepfake technology can even simulate speech, actions, and emotions, and can be quite convincing!
While deepfakes are becoming increasingly prevalent across social media apps, deepfake technology can also be used to defraud businesses by convincing an employee to compromise sensitive information, release funds, or engage in fraudulent transactions. It has been reported that the number of deepfakes has been doubling every six months since 2018, showing no signs of slowing down, especially with the recent advancements in AI technology.
3. Synthetic identity theft is increasingly difficult to detect
According to research by GDG, over 8.6 million people in the UK have used a fake identity or someone else’s identity, either in-person or online, to access goods, services, or credit. Synthetic identity theft typically combines both legitimate components, such as real addresses, and fabricated information, which can make it extremely challenging to detect and prevent. Moreover, since the fraudulent identities have no prior credit history or suspicious activities associated with them, they can evade traditional fraud detection systems that rely on historical data patterns.
4. Account takeover fraud has grown by 350% YOY
An account takeover (ATO) refers to when a criminal gains access to a real consumer account, such as a social media, email, or bank account, which will typically be done using stolen information. Account takeover fraud increased by 250% year-on-year in 2020, with financial services firms witnessing 72% of all these attacks. Similarly, in 2021, 20% of data breaches were attributed to account takeovers, totalling over $5.1 billion for consumers and businesses. This emphasises the importance for financial institutions to take proactive measures to protect their customers, and serves as a reminder to other industries that account takeovers are a serious threat they may encounter and must be wary of.
5. Businesses are more susceptible to card-not-present (CNP) fraud risk liability
Card-not-present fraud (CNP) occurs when consumers pay for goods and services online, by telephone or by mail, where a card is not presented to the merchant physically for verification. When a cardholder’s billing information is compromised or stolen, an unauthorised individual may use their card to make purchases. Unfortunately, with the rise of e-commerce and consumers still demanding quick ways to purchase products, fraudsters are provided with ample opportunities to exploit vulnerabilities in online payment systems, manipulate checkout processes, or use stolen card information to make fraudulent purchases.
In many cases of CNP fraud, the liability for financial losses often falls on the merchant rather than the card issuer or cardholder. This places the burden of preventing and absorbing losses associated with CNP fraud on the businesses themselves, increasing their susceptibility to financial harm.
6. Insider threats pose a high fraud risk
While organisations must be vigilant of external threats, insider threats have also risen by 44% in the past few years. Insider threats can occur from the actions of either current employees, former employees, customers, or suppliers - either through malicious intent or negligence. Employees with privileged access typically pose the highest fraud risk for your business.
In many cases, insider threats are motivated by money, competitive advantages, and revenge. For example, 45% of employees download, save, or send work documents to their personal accounts after leaving a job in order to impress their new employers. The sharing of company contracts, spreadsheets, or customer information can pose a serious risk for all parties involved.
With employee turnover on the rise across the UK, it is imperative that employees take the appropriate measures to mitigate these risks. To minimise the risk of insider threats, you must have internal controls, strict work policies, conduct periodic audits, and foster a strong ethical culture. And when it comes to third-party threats, businesses should conduct thorough due diligence, monitor third-party activities, and establish contractual obligations to mitigate the risk of fraud through external partners.
7. Social engineering attacks in an age of remote working
Social engineering is not a direct cyber attack but, instead, involves using human psychology to persuade individuals to put their guard down and partake in unsafe activities, such as handing over sensitive information or clicking a malicious website link. Phishing is one of the most common forms of social engineering where fraudsters impersonate legitimate entities, such as banks, government agencies, or trusted organisations, to trick individuals into providing their personal information, such as passwords or credit card details.
Living in an age of remote working, social engineering attacks are increasing. A study shows that 9 out of 10 respondents state that the threat landscape has worsened, and 75% say remote working has contributed to this. Social engineering attackers have been capitalising on the frequent online communication with online messaging and emails being the primary form of organisational comms.
Working from home, employees are often more inclined to respond to requests or click on links without proper scrutiny, especially if the communication appears to come from colleagues or superiors during non-working hours. Insufficient security awareness and education can make remote workers more susceptible to falling for social engineering tactics.
8. Cryptocurrency scams are part of a wider epidemic of fraud
The popularity of cryptocurrencies has led to an increase in cryptocurrency-related frauds. In fact, in the past four years, there has been a significant increase in the number of crypto fraud incidents, with a total of $4.6 billion in losses in 2021 alone. The most stolen coins include Binance Smart Chain (BSC), Ethereum (ETH), and Bitcoin (BTC). The Financial Times has described cryptocurrency scams as ‘part of a wider epidemic of fraud’ with losses from crypto fraud increasing to 41% year-on-year to £306 million in the 12 months leading up to March 2023.
In order to minimise cryptocurrency fraud risks, businesses can implement strong authentication measures, conduct in-depth due diligence, and use reputable wallets and exchanges. They should also look to educate employees about common fraud schemes to reduce internal threats.
9. Development of cyber-crime-as-a-service (CaaS)
Cyber-crime-as-a-service (CaaS) refers to the commercialisation of cybercriminal tools, techniques, and services that are readily available for purchase on the dark web. This enables individuals with limited technical ability to engage in cybercriminal activity. The accessibility and affordability of CaaS enable a larger pool of cybercriminals to target businesses. Malicious services include malware distribution, ransomware-as-a-service, or stolen data marketplaces.
10. Cybersecurity skills shortages exacerbate cyber threats
According to Forbes, the cybersecurity skills shortage is a major contributing factor to the evolving fraud risks. The current skills shortage is estimated at 3.5 million globally, which will become a growing concern for countless organisations if they fail to outsource, train and retain the top cybersecurity talent. Now’s the time to build a future-proof solution to mitigate the ever-changing financial crime risk landscape!
How to mitigate the ever-evolving fraud risk landscape
When it comes to mitigating the ever-evolving fraud risk landscape, it requires you to take a proactive and comprehensive approach. Strategies to help address and minimise fraud risks for your business include the following:
- Conduct risk assessments
- Employee awareness and training
- Upgrade technology and security measures
- Fraud monitoring and detection
- Vendor and third-party due diligence
- Collaborate with other organisations
- Incident response and remediation processes
- Implement KYC procedures
1. Conduct risk assessments
The first port of call is to assess the unique risks facing your organisation. We recommend conducting regular and thorough risk assessments to identify potential vulnerabilities and understand the specific fraud risks that your organisation faces. This assessment should include evaluating internal controls, processes, systems, and external factors that can impact fraud risk.
2. Employee awareness and training
Employees are often an organisation’s biggest vulnerability. As such, you should focus on enhancing security awareness and training programmes for employees. Educate and train employees at all levels about the various fraud risks, prevention techniques, and the importance of reporting any suspicious activities. If you are predominantly a remote company, make sure to provide guidelines for secure remote work practices. Ultimately, foster a culture of ethics and integrity, encouraging employees to speak up about potential fraud or misconduct.
3. Upgrade technology and security measures
Organisations should also implement strong technical security measures, such as multi-factor authentication, encryption, firewalls, anti-malware and, of course, carry out regular software updates. Implementing strong technical security measures is crucial for organisations to meet regulatory compliance requirements for many reasons, such as to protect customer and company data and prevent breaches.
4. Fraud monitoring and detection
Establish effective fraud monitoring systems that can detect unusual or suspicious patterns and behaviours. Implement real-time transaction monitoring, anomaly detection, and data analytics to identify potential fraud risks promptly. For example, in the financial industry, artificial intelligence and machine learning are being used to automate illegal transactions, which means organisations must be able to detect these transactions quickly and deal with them swiftly in order to keep up.
5. Vendor and third-party due diligence
To prevent insider threats, conduct thorough due diligence when engaging with vendors or third-party partners. Assess their security practices, reputation, and compliance with relevant regulations. Establish clear contractual obligations and regularly monitor their activities to mitigate the risks associated with external parties.
6. Collaborate with other organisations
By fostering collaboration with other organisations, industry associations, law enforcement agencies, and fraud prevention networks, you can easily share information and insights about emerging fraud trends. This collective knowledge helps to stay ahead of evolving fraud techniques and make sure you have the appropriate measures to protect your organisation.
7. Incident response and remediation processes
It is crucial that you develop a robust incident response plan that outlines the steps to be taken in the vent of fraudulent activity taking place. Your plan should cover investigation, containment, recovery, and communication procedures. Remember to test and update your processes to reflect emerging threats, which, as you can see, is an ever-evolving issue!
8. Implement KYC procedures
Know Your Customer (KYC) processes are essential to helping your business detect and prevent financial fraud. It involves establishing the identity of your customers, assessing their risk profiles, detecting suspicious activity, and ensuring compliance with regulatory requirements. For higher-risk customers, you should conduct enhanced due diligence with additional background checks and source of funds investigations. Effective implementation of KYC can help businesses strengthen their defence against fraud and protect themselves and their customers from potential financial and reputational losses.
How FDM’s KYC PODs solution can help
The quick-changing fraud trends and rising risks make mitigating fraud extremely challenging. That’s why it is now more important than ever to hire the right people for the job and make sure your business is ahead of the game.
At FDM, Our AML-KYC PODs services are specifically designed to assist businesses in reducing financial crime risk and resolving their KYC resourcing challenges. Instead of hiring contractors, we provide a unique solution that allows financial organisations to maintain control over their KYC remediation while leveraging the expertise of our consultants. Our teams are flexible and responsive, working towards sustainable solutions and staying abreast of regulatory changes, industry advancements, and ongoing fraud trends.
For more information on how FDM can help your business mitigate growing fraud risks, get in touch with our team.