As we turn the page on 2022, losses from fraud remain a significant threat for credit unions, their members and businesses.
Consider that U.S. consumers lost a record $3.56 billion to online fraud in the first half of 2022 only. And credit card fraud is projected to increase at a 6.2% compounded annual growth rate through 2024.
In our recent conversations with industry experts, Co-op’s payment network partners, and credit union professionals, three fraud trends rose to the top. These trends inform Co-op’s top 3 fraud predictions for 2023:
1. All Digital, All the Time
According to Juniper Research, global e-commerce fraud loss is projected to reach over $41 billion by the end of 2022, more than doubling the $20 billion posted in 2021.
Why is fraud exploding within the digital channel? There has been a profound change in consumer purchasing habits that accelerated during the pandemic. With more people buying goods and services online, via mobile devices, using digital wallets and other contactless methods of payment, opportunistic fraudsters have migrated to the digital realm. Also, swift adoption of these mediums by retailers in many cases put the implementation before security and offered some security loopholes fraudsters took advantage of (such as credentials on file)
One result of this relentless shift in consumer spending habits has been the rise in card not present (CNP) fraud. Whereas card-present fraud is projected to remain flat over the next few years, due to the ubiquity of chip and PIN readers at the point of sale, CNP fraud is expected to account for 90% of the $1.57 billion overall growth in total U.S. card fraud losses from 2022 to 2024.
2. Phishing, Smishing and Vishing
Phishing has been around for decades and involves scammers using email to coerce victims into providing their personal or financial information for purposes of account takeover. More recently, criminals have begun using other popular channels of engagement. One such approach known as “smishing” entails the use of SMS text messaging. Unwitting victims are enticed to call an 800 number or click on a hyperlink, where they are directed to a scam site and asked to provide confidential information. ”Vishing” takes a similar tack using voice communication (most commonly Voice over Internet Protocol or VoIP). For example, 37% of scams reported by ITRC in the first half of 2022 were employed using Google Voice.
Phishers and smishers will often spoof popular brand names to encourage their victims to click through. The top organizations impersonated by phishers worldwide included Microsoft (13% of attacks), Google (11), Facebook (10%), Apple (10%) and PayPal (6%).
3. Account Takeover Continues to Grow
According to estimates from the Aite Group, identity theft losses will reach $635.4 billion by 2023.
Account takeover (ATO) fraud is a type of identity theft that involves a series of seemingly innocuous steps. The fraudster first gains access to a victim’s account through phishing or other means, and then makes changes to the accountholder’s personally identifiable information and contact info, resulting eventually in a complete takeover—often without the victim realizing what has occurred.
More than one in five U.S. adults have been a victim of an ATO attack. And the losses can be significant, averaging $12,000 per victim. A 2021 study by the European Payments Council tracking COVID-related fraud spikes showed ATO attacks with the highest surge (282%), followed by phishing websites (250%).
ATO fraud will continue to grow as digital use increases and consumers continue to employ sloppy password hygiene, such as using the same passwords across multiple sites and accounts. Moreover, ATO fraudsters are using ever-more sophisticated tactics, such as “deep fake” attacks, which employ synthetic IDs and combine both real and fake identifying data to form an entirely new, composite “person.” Fraudsters show remarkable patience, holding onto a synthetic ID profile for up to two years before activating the fraud. We expect synthetic IDs and fake accounts to continue to evolve and adapt to emerging authentication practices.
How Your Credit Union Can Help Limit Fraud Losses
Fraud will continue to be a challenge for credit unions and their members in 2023. To combat this rising tide, credit unions should employ a multi-pronged, preventative approach.
Member education is one of the best tools available to reduce fraud losses. Keep your members informed by providing alerts and updates on the latest scams through email, website banners, and in your member newsletters.
You should also share examples of common “red flags” that are seen in phishing emails and smishing texts. These include email addresses that don’t match the sender’s organization, the use of generic, versus personalized language (such as “Dear member”), the use of urgent and hyperbolic language to create urgency, grammatical mistakes, and embedded hyperlinks to suspicious websites.
It's important to offer your members a variety of fraud-prevention tools, such as self-service card controls and alerts like CardNav and multi-factor authentication through one-time passcode (OTP) and other means.
Lastly, make sure your credit union employs the latest, most rigorous fraud detection solutions available, including Co-op’s Cooper Fraud Score — a dynamic, integrated, real-time machine learning score that helps your credit union react more quickly to fraud trends.
To get help with enhancing a multi-layered fraud defense strategy, reach out to Co-op’s Fraud Prevention Consultants.
Co-op’s quarterly Fraud Buzz webinars feature a panel of experts from across the credit union industry discussing the latest fraud trends, how they’re affecting members, and offer valuable tips for how you can prevent fraud and protect your credit union. Visit insights.co-opfs.org/upcoming-events for more information and to register for the next webinar.