How much fraud exists in the financial services industry today? The numbers are sobering:
- U.S. payment card losses are expected to top $13.73 billion by 2024.
- Every $1 stolen by fraud costs U.S. financial services firms $4.23. For banks, it’s even higher—$4.36.
- Information security is a top concern for more than 70% of fintech companies.
- Fraud grew by 57% for U.S. investment firms and 64% for U.S. credit lenders in 2022.
Responding to the threats
account takeover fraud losses increased 90% from 2020 to 2021
of organizations experienced insider attacks in the past 12 months
of organizations feel vulnerable to insider attacks
#1: Identity theft and account takeover
Account takeover losses rose 90% from 2020 to 2021, making this a critical focus area for antifraud efforts.
Attempts at identity theft often involve phishing, with the goal of using customers’ data for criminal activities. If the scammers succeed, they can open bank accounts in the customer’s name, spend credit balances, take out loans with no intention of repayment, and launder money without linking transactions to their true identity. Cybersecurity failures or human errors leading to data breaches fuel most of this type of fraud.
Smartphones have given hackers yet more ways to access customers’ banking details. For instance, in SIM-swap frauds, fraudsters cancel a customer’s old SIM after answering basic security questions like name and address, then request a new SIM and use it to intercept or initiate calls and texts as if they were the victim.
In another example of smartphone-enabled fraud, cybercriminals drained a U.K. man’s bank account by using a stolen phone number to create a new Apple Pay account.
#2: Internal threats: Malicious or accidental
Fraudsters aren’t always hooded masterminds in dark rooms. Sometimes, your most dangerous threat is a disgruntled or careless employee. One report found that 53% of organizations experienced insider attacks in the past 12 months, and 90% feel vulnerable to such attacks.
Employee theft can happen for many reasons. Maybe the employer overly silos responsibility to the point that workers feel alienated. Maybe workload doesn’t match up with compensation. Or perhaps the company has weak internal controls or has simply allowed too much access to business credit cards.
Even in the most secure environments, a single oversight can have catastrophic effects. In April 2022, a multinational fintech revealed that an employee had downloaded reports detailing customer information without permission. The result? Information from 8.2 million customers was compromised, including:
- Full names
- Brokerage account numbers
- Brokerage portfolio values and holdings
- Stock trading activity for one trading day
This breach was from an employee leaving the company who still had access to company credentials. Because permission escalation wasn’t required, the standard insider threat monitoring procedures didn’t detect anything suspicious.
#3: Social engineering attacks
Social engineering, the most common cyberattack method, is another effective way to scam businesses out of sensitive, private information. It can involve phishing, as mentioned above, but often involves voice phishing, or vishing. Fraudsters call businesses impersonating customer support agents, tax agency representatives, or even security specialists claiming to have detected fraud in the business’s IT system.
They can also use spoofed mobile numbers that mask their numbers with legitimate ones, like a government tax department. In an attempt to provide helpful service, even smart employees can be taken in.
A trusted partner for fraud prevention
Fraudsters are continually innovating, which means you must remain vigilant and adaptive. A business outsourcing expert can be one of your most powerful sources of customer protection.
At Ubiquity, our team members undergo regular data security training and testing, and we continually share tips on evolving threats. We embed agents into your culture and train them to recognize telltale signs of fraud and customer malpractice.