The growth in online activity that we’ve witnessed over the last few years have delivered a variety of methods for fraudsters to commit fraud and, for fraud to succeed it requires volume to hide behind, which the online world delivers in spades. Fraudsters are making use of every available attack vector to target consumers, from cryptocurrency exchanges to romance scams, according to Saeed Ahmad, Managing Director, Middle East and North Africa, Callsign.
In 2021, scams were the most common type of cybercrime. The number of brand-impersonating scam each a month increased dramatically. In the Middle East alone, there was an increase of 150%. Let’s dig deeper to understand the nature of the fast-evolving fraud we are experiencing.
APP is on the rise
Recently, we’ve seen fraudsters change their attention to methods like APP – Authorised Push Payment – fraud. Bad actors will pose as trusted agents, such as bank personnel or police officers, with the goal of manipulating their victims to make significant money transfers.
These transactions are hard to detect as fraud because they are initiated by legitimate customers following the fraudster’s coercion. The transaction occurs from the legitimate user’s own device and location, there is no need for the fraudster to resort to other fraud tactics, such as malware or Remote Access Tools (RATs).
The figures are enough to make anyone nervous: APP fraud increased by 71% in the first half of 2021 alone.
The key to this is social engineering: when it comes to scamming their victims, unscrupulous actors will spend time gaining their trust, sometimes spending days or weeks doing so until the consumer finally transfers money. Despite the time and effort required, the scammers’ return on investment (ROI) can be very substantial.
When the fraud in question is APP, time is one of the deciding factors. While bad actors will spend a considerable amount of time and effort coercing and coaching their victims, once the fraud is underway, the bank may only have minutes or seconds to intervene.
The roles of detection, intervention, and prevention
An alert message is sometimes the only line of defense for many banks. However, because these static warning messages appear at the same points in every customer journey and have the same content, fraudsters are often able to predict them and talk their victims around them.
The scam breaks apart though when the fraudsters encounter an element in the journey that they can’t anticipate – one that’s very difficult for the fraudster to talk their way around. Instead of a static warning, a dynamic intervention is a highly effective way to give the user a cognitive jolt, and some valuable breathing room to reconsider and terminate the transaction.
Scammers can be stopped in their tracks with solutions that combine behavioral biometrics with device intelligence. This system can detect deviations from the norm by passively analyzing a customer’s behavior, such as that customer taking longer than usual to navigate familiar menu options while their phone line is engaged.
This combination of anomalies would indicate a high probability that they’re speaking to a scammer who’s trying to talk them into making a transfer. If that customer then suddenly sets up a new beneficiary and attempts to transfer a large sum of money to it, this would be instantly flagged as unusual behavior.
The user can be presented with a dynamic warning message that is contextual to their circumstances if these risk signs are recognized in real time.
A warning message could pose questions such as ‘are you on the phone to your bank?’ or are you expecting to make this payment today?’ Depending on the customer’s response they may be notified that they are being targeted by a scammer and that the transaction should be terminated.
The fraudster is taken off guard; this isn’t something they expected, and it’s not in their script. They’re unable to coach their potential victim past the message because it clearly spells out exactly what’s going on.
Taking the seconds back
App fraud and scams rely on bad actors balancing the time they spend studying their targets and working on their victims versus the critical few moments when the customer is most susceptible and ready to make that transaction.
Although APP fraud is on the rise right now, this is a threat that can be remedied. Technologies like dynamic interventions can help prevent it by giving banks back those precious moments that can make the difference between a successful fraud and keeping customers secure.