Fraudsters Cook Up Slicker Recipes as More Transactions Move Online

Financial fraud remains a persistent challenge across industries, and its threat is further sharpened by technological complexity and the growing sophistication of bad actors. 

“Fraud is growing and the recipes are getting slicker,” Gerhard Oosthuizen, CTO at Entersekt, told PYMNTS. “It is dovetailing nicely with generative AI [artificial intelligence].”

Oosthuizen acknowledged the transformative impact of generative AI, especially in areas like call center support and chatbots. However, he pointed out that while generative AI has proven effective in certain applications, it has simultaneously become a tool for perpetrating fraud.

“Generative AI has shown the way, but I don’t think it will be the way in which fraud is prevented — rather, its impact will be felt where fraud is perpetrated via manipulation and social engineering attacks,” Oosthuizen said.

“At this stage, the technology has led to more challenges in the fraud space than potential wins,” he added. 

Many companies have relied on AI for years to prevent fraud. As fraud becomes more sophisticated and evolves against new defenses, companies must adapt. By feeding the AI with examples of both good and fraudulent transactions, firms can shore up their defenses against new attacks. 

Besides the use of generative and traditional AI, Oosthuizen listed a range of trends that organizations should keep an eye on going into 2024:

  • the ongoing evolution of social engineering tactics;
  • the new security frontiers of digital identity initiatives and passwordless authentication;
  • the emergence of consortiums and other collaborative ventures aimed at collectively combating fraud; and
  • the risks inherent to escalating geopolitical tensions, and the resulting impact of regulatory frameworks.

Today’s Actions Can Protect Against Tomorrow’s Threats

Social engineering, in particular, has emerged as a formidable force for fraud, continually evolving and growing more sophisticated, Oosthuizen said, shedding light on the persistent trends of romance scams, investment scams and fear-based banking impersonation.

Notably, AI is now being used to curate prolonged relationships with potential victims, reducing the effort required to manipulate targets.

New attack vectors, such as SMS phishing or bank impersonations, are on the rise, he explained, emphasizing the dynamic nature of social engineering techniques.

But, while technology is a double-edged sword in the world of fraud, it isn’t just the bad actors who get to swing it.

Technological advancements around digital identity and passwordless authentications are helping forge a new security frontier.

Digital identity, epitomized by Apple’s and Google’s foray into digital wallets for driver’s licenses in the U.S. and Europe’s EIDAS2 project, is poised to revolutionize online interactions by providing a secure means of proving who you are, Oosthuizen said.

One other such method is passwordless authentication, which major tech players like Google and Microsoft have adopted.While Oosthuizen lauded the tactic’s phishing-resistant qualities, he highlighted the need for further enhancements to ensure that consumer experiences match the high security and privacy offered by these solutions.

The technological foundations are laid, but the next steps involve refining and securing these innovations for broader applications. 

A Unified Front Against Fraud

Oosthuizen stressed the importance of adopting a holistic approach to fraud prevention, transcending individual silos within organizations. Recognizing the entire customer journey and implementing advanced rules across diverse banking services has emerged as a critical strategy.

“We’re not looking holistically at the customer. In a lot of banks, the card system is sitting over here on the left, the digital banking system is sitting on the right, and new, faster payments are sitting somewhere in the middle. We’ve spoken a number of times to banks that say, well, the fraud’s not in my area. There’s no fraud happening here,” he said. “But they’re the middle step in the fraud being perpetrated on the other side.”

That’s why, Oosthuizen added, consortiums and other collaborative ventures aimed at collectively combating fraud are gaining prominence as institutions unite to address evolving threats and ensure a more robust defense against fraudulent activities.

“I’m not sure we are at an equilibrium state where we’re all willing to participate and share equally, but that’ll come,” he said. 

But organizations aren’t alone in the battle against fraud. Regulatory frameworks, evolving to keep pace with technological advancements, can help drive greater incentives around fraud protection.

“Governments are realizing they can enact legislation for the greater good,” Oosthuizen said. “Sometimes [governments] do help lift the tides for everyone.” 

However, Oosthuizen noted that regulation can be a double-edged sword, with over-regulation possibly stifling innovation and allowing fraudsters to continue working. 

Looking ahead to the new year, one thing is clear: Fraud prevention is full of intricate trends, and the interplay between technological innovations, geopolitical dynamics and regulatory frameworks will continue to shape fraud prevention strategies in the years to come.