Saeed Ahmad, Managing Director, Middle East and North Africa, Callsign, explains the five most prevalent fraud vectors as identified by the 2021 MRC fraud survey to be aware of along with some insights into what makes them particularly challenging.
With new scams happening almost every day, companies are struggling to adapt and take action. Moreover, if one attack vector is blocked, the malicious attacker will switch to another.
The Abu Dhabi authorities have returned Dh21 million to victims of financial fraud, including phone scams and other cybercrimes during the past seven months. Police officials have urged residents to be vigilant regarding their personal details and not share passwords or Emirates ID to unknown persons.
Here are the five most prevalent fraud vectors as identified by the 2021 MRC fraud survey to be aware of along with some insights into what makes them particularly challenging :
Friendly fraud
Fraudsters and scammers are usually portrayed as highly organised and sophisticated, but increased numbers of customers are crossing the line and initiating fraudulent chargebacks. It’s easy for those same customers to then change addresses and cards and repeat the process – not a recurrent activity that merchants want to experience.
This is further facilitated by the reliance on third parties for the final stage of the delivery or fulfilment journey, which takes matters out of a merchant’s hands. The same applies to disputes, with decisions generally going in the customers’ favour.
Card testing
Acquisition of card credentials is easier than ever, resulting in an increase in card testing fraud. The micro-transactions that bad actors use to test a card’s validity may not be quickly picked up by the legitimate cardholder, allowing the fraudster to build up a successful payment history with the card, paving the way for larger transactions. Again, disputes will usually be resolved in the customer’s favour.
Even soft declines can be beneficial to a fraudster if they return enough information about why a decline happened and what information is missing. For the merchant, the opposite is true – too many declines could raise the merchant’s fraud level, which in turn can result in increased fees.
Phishing, pharming, and whaling
The pandemic has forced more and more people to do business online. Many were unfamiliar with the world of online transactions and the threats associated with it. In addition to phishing attacks, pharming and whaling scams have increased significantly, some of which are certainly very convincing and even experienced users have been caught out.
This is not surprising given that many businesses still rely on SMS OTPs for authentication – the very same channel that the scammers are using.
The resulting reputational damage becomes an issue here – if a business’ name is used in a scam, 45% of people will lose trust in that company.
Identity theft and ATO
Fraudsters are quick to make use of any valid credentials that they can get to steal identities or take over accounts, whether from phishing or data leaks on the dark web, or from trojans and malware. The estimated cost of Account Takeover (ATO) fraud for 2020 alone was around USD 26 billion. So, it’s no surprise that the industry conversation has switched from raising awareness to asking why it’s still an issue.
A key reason is that accounts are frequently secured by authentication methods that aren’t very secure at all. A reliance on passwords is all too common, and where second-factor authentication is used, it usually depends on equally insecure methods such as SMS OTPs.
Discount and promo abuse
Both customers and professional fraudsters are recurrently taking advantage of weak authentication that allows them to create multiple accounts to get repeated access to offers and promos, or to create a network of accounts to exploit referral schemes respectively.
Loyalty programs are also affected by ATO. With the estimated value of cumulative and unused points at hundreds of billions of dollars, malicious individuals have not hesitated to recognize the enormous economic potential of fraud in this area.
From reactive to proactive
Fraud is probably the world’s biggest unreduced cost centre. And, with the constant evolution of the digital technologies landscape and the continuous adaptation on a fraudsters’ part, a reliance on outdated anti-fraud technologies such as SMS OTPs and backlists isn’t going to change things. Treating the symptoms isn’t the way to find a cure.
Instead, a digital-first approach based on technologies including device fingerprinting and behavioural biometrics allows businesses to establish that a customer really is who they claim to be from the outset, stepping up authentication only when needed – reducing friction and improving UX – and helping move fraud prevention from a cost centre to a value-added function.
Organizations need to strive to mature and evolve towards a solid identification approach. Therefore, applying tailored solutions and technologies has to be implemented at the right time for each of these businesses.
Of course, each company has their own tailored set of needs, but as fraud rates increase, businesses should innovate and find appropriate solutions that work for them in order to stay ahead of the curve & ultimately safe.
