Cyber crime is an ever-present threat propelled by moments of opportunity. Kannan Srinivasan, Vice President of Risk Analytics and Strategy, and Gasan Awad, Vice President of Fraud and Financial Crime Product Management, at Fiserv, write
For cyber criminals, the Covid-19 pandemic has proven to be a golden moment as bad actors have sought to exploit the crisis to their advantage, deploying commonly used tactics such as phishing and smishing while using Covid-19 as a new hook. Financial institutions can counter this threat by enhancing current fraud and risk management practices, being mindful to balance security and the user experience.
Go deeper with GlobalData
From the beginning of 2020, there has been a significant increase in the number of cyber attack attempts relying on the theme of Covid-19. These attacks spread across the globe along with the spread of the virus itself, with the crisis making a large population of people susceptible to criminal exploits.
The UK’s National Cyber Security Centre said it has removed more than 2,000 online coronavirus scams in the last month, that included fake online shops selling virus-related items that never arrived and more traditional malware and phishing operations. Google has reported blocking 18 million coronavirus scam emails a day. Still, the UK’s fraud reporting centre has recorded total losses of approximately £2 million due to Covid-19 fraud since the start of February.
Different Disguises, Same Villains
During this crisis, we have seen cyber criminals turn to their tried-and-true playbooks, including account takeover, synthetic identity fraud, and card not present fraud. Phishing and smishing have been favoured means of obtaining consumer information. Examples of lures include Covid-19 cures, offers to expedite government or other support funds, and charitable giving scams, all seeking personal information such as account numbers and email addresses, which can be used to facilitate fraudulent activity.
Because criminals are using known methods, the best way to detect and prevent Covid-19 related cybercrime is by fine tuning and enhancing current practices. New account and account take over fraud in particular may rise as a result of increased online activity if financial institutions do not have adequate layered controls in place, which should include:
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData- Upgrade new account opening processes to use a “waterfall approach” from multiple data sources, internal and external. Simple tactics can be used to prevent bots from getting a foot in the door.
- Review user provided information in totality and compare it against internal and external data to validate the truthfulness of the data. Bad actors often manipulate user information to pass verification checks. Most often the email address or phone number of the victim will be different from those of the fraudster. Machine learning can play a significant role here, as machine learning models are able to ingest a large quantity of data to improve fraud detection rates.
- Use robust identity verification process to authenticate users. Out of wallet questions on their own are generally not sufficient to confirm identity. Mobile network operator data along with device fingerprinting can be very potent in detecting ID theft.
- Apply continuous authentication and monitoring of consumer transactions and profile changes to detect anomalous activity and money movement transactions. Identifying any mismatch in personally identifiable information (PII) is one way this approach can help detect fraud activity.
Balancing Risk and Experience
In the current environment, controls and processes should be reviewed on a more frequent than usual basis. A review every six or 12 months is not adequate when things are changing daily and even hourly. Delivering intelligent insights that balance fraud mitigation and customer experience is the goal, and we are seeing financial institutions take this to heart.
While financial institutions are ensuring they have the right risk mitigation efforts in place, they are also balancing customer experience factors such as enabling faster access to funds, adjusting limits on transactions, increasing ATM withdrawal amounts, and making other changes that support customers while maintaining acceptable risk and loss levels. A perfect example is the increase of payment scheme tap limits from $100 to $250 to facilitate easier and smoother transactions without the need to touch point of sale terminals.
An interesting observation to date is that while there has been a spike in fraud attempts, scams, and attack vectors, there has not been a proportional increase in monetary losses. While this could change, these early results could be due to the fact that while the angles were new, the types of fraud were not, so financial institutions could leverage the controls already in place, which only needed to be adjusted rather than built from the ground up.
Although challenging, this unprecedented event has continued to underscore the resilience of the risk management practice and the ability of fraud and risk management teams to be nimble to meet a fluid environment, constantly evolving to meet new challenges to protect their business, clients, and communities.
