Digital acceleration has transformed the way consumers spend and has had a major impact on how credit unions engage with their members. Digital is also serving as the primary catalyst for an evolving payments fraud landscape.
The major fraud trends we’re watching in 2022 started out as predictions, but they are rapidly becoming reality in the first quarter of the year. Without further ado, let’s dive into our Top 5 Fraud Trends for 2022.
1. Beware the “Scampocalypse”
A variety of new methods of scamming cardholders has emerged on the scene, partly due to pent-up demand and supply chain bottlenecks. These macro-economic issues have led to a new trend in which fraudsters create scams preying on consumers’ desires for products and services that don’t even exist. The “scampocalypse” ranked as the #1 concern among attendees of Co-op’s February Fraud Buzz webinar.
AARP has warned about the alarming rise of these new scams and the impact they are having on consumers. AARP has published a scam tracking map to keep the public aware and abreast of the latest scams.
Additionally, ransomware, social engineering and romance scams are on the rise. According to the Federal Trade Commission (FTC), $547 million in losses were attributed to romance scams in 2021, with a median loss per incident globally of around $2,400 and rising.
The FTC advises that a quarter of fraud claims in 2021 came from social media. In 2017, the agency received 50,000 reports of consumer fraud claims. By 2021, that number had risen to 95,000.
This past year has also seen numerous scams related to the pandemic and financial distress, particularly as inflation reached 7.5% on an annualized basis, the highest rate seen in the U.S. in 40 years. These financial pressures are driving a raft of scams, such as those targeting stimulus funds, unemployment filings and tax return refunds. With tax time getting into full swing, it’s important for credit unions to monitor tax refund scams right through the April deadline and beyond.
2. Real-Time Payments Result in Faster Fraud
“Real-time payments” is a broad term that refers to a number of evolving payment methods from same day ACH to mobile payments and P2P transactions, including those processed by Co-op’s partners such as Zelle, Venmo and PayPal. Use of these convenient and fast payment services are rising rapidly.
While it’s important for credit unions to offer their members the most innovative tools and digitalized products available on the market today, this growth in digital payment usage also brings some increased risk from faster fraud.
Faster fraud provides ample opportunity for fraudsters to exploit small businesses and cardholder security weaknesses to get away with quick, lucrative wins. For example, on the P2P payments front, Cash App fraud alone grew 300% in 2021.
Members do understand there is some additional risk involved in the use of real-time payments, P2P and mobile wallets, so they are looking to credit unions for both added protection and sound guidance.
3. Changing Fraud Landscape
Card fraud has experienced rapid growth over the past few years, and is projected to hit $400 billion over the next decade. With the introduction of new payment methods and offerings like buy now/pay later (BNPL) and cryptocurrency, credit unions will need to deploy new and enhanced security measures to mitigate potential fraud schemes.
With cryptocurrency in particular, credit unions should learn how to identify these coin-based transactions to determine whether they are legitimate, and then establish protocols to mitigate potential risks. Right now, Co-op is seeing a high number of false positives and disputes, indicating situations where members are having second thoughts about a particular crypto transaction. With few regulatory controls or oversight in this area, it is a situation ripe for fraud schemes, so credit unions should watch developments in this space very carefully throughout the year.
Lastly, the member journey is becoming much more complex, as consumers become more comfortable engaging with digital wallets, social media, P2P and other channels to make purchases. These multiple third party and fintech players add many more member touchpoints into the payment authorization process, leaving financial institutions in some cases one step behind.
That is why it is essential for credit unions to integrate closely with their core processors, and learn how to identify or make decisions off of the different types of authorization values coming in.
4. Deep Fakes are Targeting Both Cardholders and Businesses
So-called “deep fakes,” which employ the use of synthetic IDs, have been around for a while. But these schemes are becoming more sophisticated, and often combine both real and fake identifying data to form an entirely new composite “person.”
What we’re seeing now is that fraudsters are playing the long game, and are comfortable using a synthetic ID profile for up to 24 months before activating the fraud to make it appear more legitimate. They are also employing authentic-looking documents and unused social security numbers to enhance validity.
Co-op is also seeing a rise in the use of biometrics and AI in fraud, enabling fraudsters to fool voice and even facial recognition software. On the commercial side, criminals are setting up shell companies or using the profiles of previously legitimate businesses that have gone dormant to activate fraud.
As a result of these synthetic ID and deep fake schemes, U.S. companies reported losses
of $20 billion in 2021, compared with just $6 billion in 2016.
5. The Brute Force of BIN Attacks
Rounding out the Top 5, we are watching enumeration or BIN attacks, also known as brute force attacks. Like the other fraud trends we are watching, BIN attacks have proliferated with the shift toward digital payments. We are seeing a massive increase in bot-initiated attacks due to the growing ease, cost-effectiveness and efficiency of this nefarious technique. There were more than 2 million bot attacks between October and December 2020 alone.
Whereas in the past, techniques like gas station card skimmers and ATM skimmers were very popular, more sophisticated tools like emulators, auto clickers and app cloners have enabled fraudsters to initiate BIN attacks at a much faster speed and larger scale. Instead of sitting in a van outside of an ATM location, fraudsters can be staring at a computer screen half a world away from the targeted institution.
Some key indicators that a credit union may have fallen victim to a brute force attack include:
- Many card authorization failures due to invalid CVV codes and expiration dates for cards not on file
- Many purchases within a short amount of time
- Small dollar transactions
Today, randomization of account number sequences as well as expiration date generation are must-haves to limit the impact of these brute force attacks.
What Your Credit Union Should Do Now to Prevent and Mitigate Fraud
In response to the rising tide of fraud, credit unions have several methods at their disposal to help protect their members and the institution.
First and foremost, ensure members are educated on the latest scam and fraud trends. Regular, frequent communication through channels like email, website banners, online and mobile banking, and in member newsletters is among the best ways to condition members to keep a watchful eye and do the little things to lessen the likelihood of becoming a victim.
It’s also important to offer members the latest tools to prevent fraud, such as self-service card controls like CardNav, that empower members to set their own risk and security parameters to put control into their own hands.
Co-op Fraud Buzz webinars feature panels of experts from across industry discussing the latest fraud trends, how they’re affecting members and offer valuable tips for preventing fraud to protect credit unions. Visit insights.co-opfs.org/upcoming-events for more information and to register.