While there is no shortage of new things in the world to get used to these days, cybercrime and fraud are, unfortunately, not among them. Long before we started using the terms “social distancing” or “flattening the curve,” cybercriminals were spinning up bot armies, hijacking consumer accounts, constructing synthetic identities, using stolen credit cards, preying on elderly and disabled consumers, and launching phishing schemes and phone scams to siphon bits of personally identifiable information (PII).
The advent of COVID-19, Fiserv’s Vice President of Risk Analytics and Strategy Kannan Srinivasan and Vice President of Fraud and Financial Crimes Management Gasan Awad told PYMNTS, didn’t introduce these things – but it did create a perfect storm of factors that is now pushing these fraudsters into overdrive. With workers having clocked out at their offices and clocked back in from their homes, commerce has taken a dramatic left turn from digital-first to digital-only practically overnight – and fraudsters are finding themselves in a uniquely target-rich environment for all kinds of cybercrimes.
“What we see now is more scams, particularly those attacking the PII needed to facilitate these kinds of digital crimes,” Awad noted. “We’re seeing cures being promoted, fraudulent offers to expedite government relief funds being made, and fake charities looking to exploit people’s goodwill in this time.”
At best, he said, these scams are looking to separate customers from some of their money — something few can afford these days. At worst, and more likely, they are collecting card numbers, addresses, phone numbers, DDA, ACH and wire account data, and all kinds of important bits of information to apply to the expanded universe of fraudulent activity.
The good news, both Srinivasan and Awad told PYMNTS, is that while fraud attempts are up among U.S. consumers, fraud losses are not, yet. That indicates a solid start for American consumers, particularly compared to a market like Great Britain, where fraudsters have already scammed more than 1.6 million pounds out of the unwitting.
But, Srinivasan noted, early success is not the same as final victory — and many of the changes that are happening now “are going to be permanent, at least for some parts of the economy.” Banks are adapting to the risk management realities and complexities, while also evolving in real time toward a demanding future.
Powering A Fast Pivot
For some consumers, the closure of bank branches may not feel like a terribly big deal, because they’d already converted so much of their activity to mobile. But as Srinivasan pointed out, Fiserv research shows that even with the rise of the internet and mobile phones, 70 percent of banking consumers visit a bank or credit union branch at least once a month. Now, the full-scale relocation of all banking activity to digital channels creates the dual challenge of providing accessible, enjoyable user experiences that are also secure.
“We are seeing the biggest difficulties for institutions that haven’t adequately prepared with the layered controls necessary to prevent online fraud,” he said. “Fraudsters feed on fear and greed, and all kinds of fraud attempts are now more likely.”
And, both Srinivasan and Awad noted, fraudsters aren’t merely proactive — they’re creative when it comes to varying their tactics and technologies to expand the scale of attacks. Older users are less familiar with banking online, so they are being increasingly targeted in account takeover attacks. Call centers are much busier than normal, while employees working from home are under much more frequent assault. It’s essential to protect consumers and institutions from fraudsters – but that must be done with an eye toward an experience that is still fast and enjoyable.
“You still need to have the ability to keep the business moving in a non-physical environment,” Awad said. “You have to put in the controls, processes and programs to allow things to move uninterrupted, because at the end of the day, you can’t just think about the 1 percent of the bad actors, but also the 99 percent of good actors.”
Good actors, and good customers, who want and need their connected financial and commerce systems to function smoothly — not only today, in the grip of the crisis, but also tomorrow, when it has hopefully passed.
It will be a future, they both noted, where risk management paradigms must be designed to behave more flexibly and holistically.
The New Normal
Fraud is a high-tech enterprise that has become much more sophisticated in recent years — cybercriminals aren’t just boosting card numbers, they are stealing the entire digital lives of good customers, or committing fraud with synthetic identities created from some good user data and a bit of creativity. They’re sending bot armies against log-in pages to brute-force passwords out of them. And while all of that was true before COVID-19, being truly digitally enabled and secure is no longer something anyone can afford to wait on, because so much activity has migrated online and is going to stay there, even when this is over.
From P2P transactions via Zelle to gift card purchases to bank interactions, the exponential growth in digital interactions may slow a bit when the current crisis is over, but it won’t disappear. Digital-only consumers will step back into the physical world — but their expectations for secure and seamless interactions will remain heightened.
“How we work and engage is permanently going to change, and things that were once secondary considerations, such as workforce mobility or agility, will be primary from here going forward,” said Awad.