PYMNTS Intelligence Banner June 2024

Attack Vectors 2024: Identity Theft and Digital Banking 

cybersecurity

In the payments and financial landscape, staying still often means falling behind. 

And falling behind in today’s rapidly digitizing environment can be dangerous. 

That’s because traditional security systems are proving to be increasingly vulnerable to attacks from 21st century cyber fraudsters using sophisticated tactics and tools that have been democratized by the rise of novel technologies like generative artificial intelligence (AI).

As fraudsters grow more emboldened and scale their attacks using new tools, eCommerce sites and financial institutions trying to meet a digitally native cohort of end users must assess the ways in which they can stay ahead with their own fraud defenses. 

The proliferation of online banking in particular has provided scammers with fresh opportunities, from setting up fake home pages to steal identities, to then using those identities, criminals are getting better at exploiting vulnerabilities in digital systems to carry out their fraudulent activities. 

And that means that organizations — financial institutions (FIs) among them — need to implement a combination of different approaches to thwart bad actors’ efforts.

That’s why, for the “Attack Vectors 2024” series, we unpack how being educated, proactive and prepared is more important than ever for cyber defense strategies when it comes to combatting the rise of identity theft in digital banking. 

Read moreAttack Vectors 2024: Protecting Against What’s Next in Deepfake Fraud 

Moving Faster Than Fraud

As face-to-face interactions decrease, criminals are exploiting vulnerabilities in digital systems to carry out their fraudulent activities. The integration of AI in scams not only increases their volume but also enhances their customization, making them harder to detect and prevent.

“Technological advances are often slow and complex, but the new types of fraud that come with those technological advances can be the opposite of that — fast and simple,” Elly Aiala, chief compliance officer (CCO) at Boost Payment Solutions, told PYMNTS in March.

Identity fraud — when cybercriminals create new identities with stolen or fabricated data — is becoming an increasingly urgent financial crime that organizations need to address.

PYMNTS reported on how during the Silicon Valley Bank (SVB) failure, organizations were inundated with phishing attempts using fake accounts and site pages to attempt to steal information and spur illicit transfers. 

A substantial number of Americans can expect to experience digital fraud at least once in their lifetime. A recent study found that bad actors have stolen or compromised the personal information of four in 10 individuals in the past year. Fifty-one percent of these victims lost personal funds when fraudsters compromised their accounts, and half said these bad actors had targeted them more than once.

“Scale is important for fraudsters,” Ido Lustig, head of risk and fraud at Checkout.com, told PYMNTS in an interview, adding that “back in the days you had to take a physical credit card and go do some fraud in person somewhere. Nowadays, you can run … high numbers of credit cards electronically.”

“It took me 12 minutes of prompting, but I was able to coax an AI tool into developing a software code that could generate hundreds of thousands of fake credit card numbers in an instant, as well as have a bot write me a script that could validate whether a credit number was real or not. With this information, I could hypothetically break my way into a system,” Doriel Abrahams, head of risk in the U.S. at fraud prevention provider Forter, told PYMNTS in May.

Learn more: Preventing Identity Fraud Comes Down to Effective Use of Data

Data Sharing Can Help Stop Fraudsters

With fraud schemes mutating alongside, and enabled by, technology, FinTech fraud is on the rise, having grown 13% in the last year, according to “The Path to FinTech Profitability Must Be Fraud-Proof,” a PYMNTS and Sezzle collaboration.

Overall, FIs face various challenges when combating fraud, including data breaches, increased payment speed and complex regulatory requirements. 

Per PYMNTS Intelligence, the share of FIs citing data breaches and the increased speed of payments as their top challenges rose significantly in 2023 compared to 2022, with misuse of account information remaining the leading source of fraud, accounting for 38% of fraudulent transactions. 

But the marketplace isn’t standing still. Plaid has launched a collaborative network designed to stop “the chain reaction of identity fraud.”

In the “Digital Identity Tracker®,” a PYMNTS Intelligence collaboration with Prove, Lisa Zeimetz of First National Bank and Trust explained why information sharing among banks and employing modern digital authentication throughout the customer life cycle are the keys to identifying and stopping fraud.