01/19/2022 | News release | Distributed by Public on 01/19/2022 07:40
From TBML to BNPL to NFTs, 2021 found fraud and financial crime professionals dealing with a plethora of new challenges and criminal schemes. Our five most popular posts of the year dealt with trade-based money laundering, non-fungible tokens, buy now pay later scams, courier scams and good old credit card fraud. Here are excerpts.
Trade-based money laundering (TBML) is a growing risk, as seemingly legitimate transactions are exploited by criminal groups to launder funds and finance terrorist activity. In its simplest definition, trade-based money laundering is the process of disguising the proceeds of crime and moving value (i.e., movement of money) using trade transactions to legitimize their illicit origins. TBML involves the exploitation of the international trade system for the purpose of transferring value and obscuring the true origins of illicit wealth. TBML schemes vary in complexity but typically involve misrepresentation of the price, quantity, or quality of imports or exports.
Typical TBML common techniques include:
Read the full post: TBML: What Is Trade-Based Money Laundering?
Erik Stretz wrote: I think NFTs are even better for illicit purposes than traditional art, simply because the hurdles are lower. When we move to the world of digital art and NFTs, the provenance and authorship of the works of art are obscure to say the least. And yet they are exchanging hands for huge sums, making them a great vehicle for money launderers. So, how do criminals go about using NFTs to launder money?
Four steps to using NFTs for money laundering:
These four steps may seem a hypothetical scenario, but it is relatively simple and a tempting proposition for anyone looking to launder money. With art that is purely digital and can be created anywhere, there is no need for shipping, and nobody needs to put their hands on it. We have artists that might only be active via digital channels and thus have a purely digital identity. If there is nothing to show physically, you have even less reason to be anywhere in person. Such art is primarily traded on digital platforms using crypto currency, making tracking and controlling the trade and the vast sums of money behind it even more opaque.
Read the full post: NFTs and Money Laundering - Are Fraudsters Becoming Artists?
Darryl Knopp wrote: For banks with their own BNPL offering, a multi-layered approach to risk management and fraud protection is critical. The first step is to address BNPL fraud strategically by establishing an explicit understanding of the bank's risk appetite for this offering-what is the tolerance level for customer offer/acceptance versus fraud risk? Going a layer deeper, that includes clear differentiation between BNPL bad debt and first-party or synthetic fraud and abuse. This extends to an operational level, at which account-based operations are segmented from transaction-based monitoring; if first-party fraud is suspected, it must be addressed separately from standard third-party suspicious fraud transaction verification queues.
BNPL fraud presents yet another powerful incentive to implement enterprise fraud defenses. As my colleague Matt Cox recently blogged, an enterprise fraud approach delivers a composite view of a customer's inflow and outflow activity by breaking down traditional silos of credit, debit, deposits and payments (person-to-person, mobile, wire transfers, ACH and more), adding application fraud detection to that view. In this way, banks can assess the totality of customer behaviors to better flag potentially fraudulent BNPL loans applications at the point of sale, denying the credit request before the fraudster walks off with the merchandise. Furthermore, link analysis plays an important role in the application process, ensuring there are no ties or known correlation between applicants and organized fraud rings or prior fraud cases.
Banks can deploy additional sophisticated technology measures to reduce card fraud. They can implement well thought-out customer journeys that include robust identity proofing and verification during customer account onboarding, especially through digital channels. In the absence of a hard credit inquiry, smart orchestration of external intelligence is necessary - device telemetry, behavioral analytics, telephony and contact intelligence all can indicate the likelihood of fraud without creating undue friction. Machine learning models provide the analytic horsepower to assess all purchases/transactions in real-time, correlate that data with the ID proofing, authentication and customer behavior data.
In sum, BNPL fraud presents a new fraud challenge for banks- in certain instances it's essentially an instant loan application, at the point of sale, without the benefit of a credit check.
Read the full post: BNPL Fraud - When "Buy Now, Pay Later" Backfires
Toby Carlin wrote: The attack is simple - an SMS or email comes out of the blue from an unknown number or address, notifying the target that they have missed a delivery and that it will need to be re-arranged. These typically reference the largest of the local delivery companies or even the central mailing services within the attack region. When the victim follows the link to re-arrange their fake delivery, they are asked for a host of information along with a fee for redelivery. These scams are very successful - here's how they work:
1. A fraudster will always imitate a company to generate maximum potential to find a victim. This is why tax entities and home utilities are always a popular target for fraudsters, but during COVID-19 lockdowns, our lives were forced to be remote - which brought with it an increase in the use of courier services to meet the exploding demand of customers purchasing from e-commerce channels. Mix this increase in consumer demand with the fact that most customers purchase from a vendor they know, but they do not know who will be delivering the item, and you have a rich and varied target set for the fraudster.
2. Like many modern card and e-commerce frauds, the scam itself contains a range of attack vectors in a single place. This includes phishing of personal and account-level information as well as compromising the PAN / CVV for use in a fast-following fraud attack. It is also becoming more common that these attacks are part of a unified scam whereby high-value fraudulent goods are being ordered in the background, with the customer then tricked into completing the authentication steps prompted by their 'redelivery'.
3. Creating a multi-layered and extremely convincing web page to mimic genuine services is easier than ever before. Mass communication methods by SMS or email are commonplace and often incredibly low cost - a service that is enjoyed by fraudsters and genuine companies alike. It is also quicker and easier than ever to purchase and design a high-quality web domain and even more troublesome is that in many instances, the design includes an offering for fraudulent mobile applications. All of these schemes are low-cost, but highly effective.
To get ahead of these attacks, we must encourage more reporting and better collaboration in the fight against such frauds along with continuing to strengthen controls around data compromise detection which forms the basis of targeting these threats. As with all types of fraud, combining intelligence and fraud prevention efforts will always win out against the fraudster. This approach has underpinned the best-in-class performance of FICO for over 30 years.
FICO is investing heavily in the global fight against fraud scams. This week we launched the first analytic models to profile and identify scams, built on the global community of Falcon Fraud Manager customers, the FICO Falcon Intelligence Network. This is the first model of its kind globally and represents an exciting development in beating back the ever-increasing threat of cross-channel scams.
Your customers must be warned and given the appropriate routes in which to easily report such scams to ensure enforcement activity happens quicker. Services such as Action Fraud in the UK, the Better Business Bureau (BBB) in the US and each individual delivery company are great example of such reporting.
But it is also incumbent on the banks to do more to remove silos and offer a more complete and holistic view of emerging fraud across their entire enterprise. Taking advantage of consortium data sets for all fraud types and scams is also essential to deal with this modern threat.
Read the full post: Courier Scams - How They Work And How To Fight Them
TJ Horan wrote: Exactly how big credit card fraud is depends on where you look. The U.S. Federal Trade Commission (FTC) is an important resource, taking in reports from consumers about problems they experience in the marketplace. The reports are stored in the Consumer Sentinel Network (Sentinel), a secure online database available only to law enforcement partners, which can use information in the database to spot trends, identify questionable business practices and targets, and enforce the law.
The graphs below show the top fraud types reported to the FTC in 2019 and corresponding dollar loss amounts.
Credit card fraud was the FTC's second most-reported fraud type in 2019. It's important to note that the numbers in the graph above reflect only the total 250,678 incidents reported to the FTC; a much higher number of credit card fraud incidents impact banks and issuers. The important point here is that's the second largest type of fraud reported to the FTC by consumers, indicating it's still a large problem and causing pain to the victims.
For example, in April 2020, early in the pandemic, The Wall Street Journal reported that fraud losses - including losses linked to credit and debit cards - cost banks, merchants and, in some cases, cardholders $16.9 billion in 2019, according to Javelin Research. Note the dramatically higher number here; $16.9 billion is more than 125 times greater than the $135 million, credit card-only figure from the Sentinel report.
Additionally, payment services provider FIS (a FICO Partner) said the dollar volume of attempted fraudulent transactions in April 2020 rose 35% over the prior year, a trend it expected to continue.
More recently, in December the Nilson Report quantified global card fraud losses at $28.65 billion. That's nearly 7 cents per every $100 in spending, representing significant losses across issuers, acquirers, and merchants.
So exactly how has credit card fraud morphed during the pandemic? As also reported in The Wall Street Journal, here's a quick look at some trends and tactics:
In times of rapidly changing fraud patterns, banks and card issuers that use FICO's fraud solutions are protected by numerous technologies that help detect more fraud, faster.
Read the full post: Credit Card Fraud: It's Still A Thing (And As Big As Ever)