Growing financial services fraud threats to guard against in 2023

One of the great strengths of digital-first businesses is their ability to evolve and scale quickly. Sadly, fraudsters can innovate just as fast.

How much fraud exists in the financial services industry today? The numbers are sobering:

Here we’ll cover three types of fraud affecting financial services providers today.

Account takeover losses rose 90% from 2020 to 2021, making this a critical focus area for antifraud efforts.

Attempts at identity theft often involve phishing, with the goal of using customers’ data for criminal activities. If the scammers succeed, they can open bank accounts in the customer’s name, spend credit balances, take out loans with no intention of repayment, and launder money without linking transactions to their true identity. Cybersecurity failures or human errors leading to data breaches fuel most of this type of fraud.

Smartphones have given hackers yet more ways to access customers’ banking details. For instance, in SIM-swap frauds, fraudsters cancel a customer’s old SIM after answering basic security questions like name and address, then request a new SIM and use it to intercept or initiate calls and texts as if they were the victim.

In another example of smartphone-enabled fraud, cybercriminals drained a U.K. man’s bank account by using a stolen phone number to create a new Apple Pay account.

Fraudsters aren’t always hooded masterminds in dark rooms. Sometimes, your most dangerous threat is a disgruntled or careless employee. One report found that 53% of organizations experienced insider attacks in the past 12 months, and 90% feel vulnerable to such attacks.

Employee theft can happen for many reasons. Maybe the employer overly silos responsibility to the point that workers feel alienated. Maybe workload doesn’t match up with compensation. Or perhaps the company has weak internal controls or has simply allowed too much access to business credit cards.

Even in the most secure environments, a single oversight can have catastrophic effects. In April 2022, a multinational fintech revealed that an employee had downloaded reports detailing customer information without permission. The result? Information from 8.2 million customers was compromised, including:

This breach was from an employee leaving the company who still had access to company credentials. Because permission escalation wasn’t required, the standard insider threat monitoring procedures didn’t detect anything suspicious.

Social engineering, the most common cyberattack method, is another effective way to scam businesses out of sensitive, private information. It can involve phishing, as mentioned above, but often involves voice phishing, or vishing. Fraudsters call businesses impersonating customer support agents, tax agency representatives, or even security specialists claiming to have detected fraud in the business’s IT system.

They can also use spoofed mobile numbers that mask their numbers with legitimate ones, like a government tax department. In an attempt to provide helpful service, even smart employees can be taken in.

Fraudsters are continually innovating, which means you must remain vigilant and adaptive. A business outsourcing expert can be one of your most powerful sources of customer protection.

At Ubiquity, our team members undergo regular data security training and testing, and we continually share tips on evolving threats. We embed agents into your culture and train them to recognize telltale signs of fraud and customer malpractice.

When you take a process-driven approach and mindset to fraud prevention, security doesn’t become an impediment to great CX—it becomes an enabler for it.

Discover three fraud-fighting strategies in the next blog in our fraud series.