USE THE TABLE OF CONTENTS BELOW TO NAVIGATE THROUGH THE PAGE:
- Why banking fraud has accelerated
- The 2022 Fraud Landscape
- Fraudulent Payments Initiated by Unauthorized Parties
- Fraudulent Payments Initiated by Authorized Parties
Banking fraud is constantly evolving as conditions change, creating new vulnerabilities for banks and opportunities for fraudsters. Staying abreast of this moving target is essential if banks are to find solutions that can spot and prevent such scams, especially given the effects of the pandemic on the banking fraud landscape.
In its report Fraud in the Wake of Covid-19, published in December 2020, the Association of Certified Fraud Examiners found that 79 percent of respondents had seen rising fraud levels in the final months of 2020. Some 90 percent expected a further increase during 2021. The most serious areas of concern were cyberfraud, including business email compromise, where 85 percent of respondents reported an increase, and payment frauds, where 72 percent saw an increase.
Our review of Top Banking Fraud Types to Watch in 2022 highlights the common methods criminals use to defraud banks and their customers – something everyone should know about going forward. We classify the different types of frauds according to whether the payment is initiated by unauthorized or authorized parties. In our view this is the most relevant classification system to use, since this distinction directly affects the level of liability that banks face.
We also present recent case studies for the different fraud types, based on cases that have been detected and prevented by NetGuardians software in deployments with banks around
Over the past year, the Covid-19 pandemic has created ideal conditions for many types of payment fraud to proliferate. Millions of people have been forced to change their everyday behavior, especially the way they work, shop and communicate, turbo-charging fraud in the following ways:
Most bank frauds target banks’ customers. But Covid-19 has also allowed internal banking fraud to grow.
- The shift to remote working among many office staff, including bank employees, has required people to access corporate systems remotely – often with limited security measures in place. Some internal controls and confidentiality requirements have also become harder to enforce in the home-working environment.
- A sudden, further shift of banking transactions onto digital channels as branches and stores close has meant banks have switched to digital and telephone channels to keep services open. This is especially the case in the developing world, where banks have moved fast to embrace digital innovation, but in some cases have neglected the security element. Transaction limits on digital channels have been increased, for example, meaning account takeover can now result in bigger thefts.
- The explosion of home delivery for retail purchases has created new opportunities for phishing scams involving email or text alerts, as well as the general increase in communications via digital channels that can be faked and exploited for phishing purposes.
- The huge increase in retail participation in financial markets during lockdowns has created scope for online investment.
Although the pandemic has boosted the number of opportunities open to fraudsters, the way they operate has not changed nearly as much. Although criminal gangs that hire skilled staff on the dark web to deploy hi-tech tools are responsible for some frauds, many others remain extremely low-tech. Many frauds are successfully executed using familiar tools such as email, phone calls and messages over social media. They rely on little more than social engineering and well-known psychological tricks to manipulate and dupe their victims.
Most bank frauds target banks’ customers. But Covid-19 has also allowed internal banking fraud and corporate fraud to grow. The conditions that support internal fraud, as set out in the Fraud Triangle devised by Donald Cressey, are all in place in the current environment:
Many employees may be facing redundancy or a salary freeze as their company attempts to weather the effects of the pandemic on their business.
Remote working may create gaps in internal controls that make it easier for insiders who know the system’s weaknesses to execute their plans.
Employees tempted to defraud their employer may convince themselves that their actions are justified because they are working hard in difficult circumstances but receiving little or no reward or recognition.
In the developing world, the introduction of improved security for transactions via digital channels, such as one-time passwords for mobile banking, has prompted criminal gangs to seek alternative routes. This has led to greater recruitment of insiders to facilitate fraud as their access to the bank’s back-end systems opens a new avenue for fraud attacks. While these are low volume, they typically attempt
to steal sizeable sums.
Our survey of the 2022 payment fraud landscape classifies frauds according to who initiates the payment – an authorized or unauthorized party. Both types tend to involve a combination of technology tools and efforts to manipulate and dupe the victim.
However, in almost all cases, the fraud is executed by initiating payments or withdrawals from victims’ accounts that are not consistent with their normal patterns of behavior. This is the weakness in such fraud attempts that enables NetGuardians’ AI software to identify and prevent them.