Card fraud risks — already soaring prior to the coronavirus outbreak — are changing rapidly as the pandemic deepens, forcing issuers and merchants to rethink protective measures.
It’s too early to gauge the scope of potential losses, but a perfect storm for bank account and payment card fraud is gathering as threat vectors increase exponentially from rising numbers of unemployed, anxious consumers and fraudsters poised to take advantage of them, experts say.
TransUnion reported global e-commerce transactions were up 23% in mid-March compared with typical weekly volume, while fraud attempts are rising at correspondingly higher rates.
In a survey of 1,068 U.S. adults, TransUnion found 22% have been targeted by digital fraud related to coronavirus.
Phishing attempts connected to coronavirus are surging. The number of active phishing sites Google registers each month skyrocketed from 149,000 in January to more than 500,000 in mid-March, according to a new report from Atlas VPN analyzing Google’s safe-browsing data.
The number of suspicious websites containing COVID-19 and related keywords soared to 67,000 on March 21, Google’s data suggests.
As surging e-commerce volume and fraud attempts loosen controls, banks and merchants are racing to adjust fraud filters to match changing consumer behavior, according to Dena Hamilton, fraud and financial crime expert at Featurespace, which provides fraud monitoring tools for banks and merchants.
Financial institutions and retailers must prepare to constantly adjust fraud controls against changing consumer behavior, which will be tricky as baselines rapidly shift, she said.
By incentivizing businesses to rehire employees laid off or furloughed due to COVID-19, states will generate a faster economic recovery and provide valuable assistance for companies to get back on their feet.
The Internal Revenue Service and the Treasury Department provided guidance to employers requiring them to report the amount of qualified sick and family leave wages they have paid to their employees under the Families First Coronavirus Response Act on Form W-2.
The Financial Accounting Standards Board released a proposed accounting standards update to help insurance companies adversely affected by the COVID-19 pandemic by giving them an extra year to implement the long-duration insurance accounting standard.
“This is new territory for financial institutions because they're balancing the need to maintain access while new patterns are emerging," Hamilton said. "Banks and merchants must step up customer ID verification and investigate suspicious activity at a time when online shopping and loans will be critical for consumers and businesses.”
Extreme health and financial fears mean anxious consumers are primed to fall for rampant phishing scams leveraging a vast cache of consumer information available on the dark web from years of data breaches, she said.
The promised influx of government checks also presages a rise in first-party and third-party fraud, plus money-laundering abuses, according to Hamilton.
“News about government funds becoming available soon will drive more fraud,” Hamilton said, noting that the expansion of available new business loans backed by the U.S. government within the recently passed stimulus package will likely trigger an uptick in bogus loan applications leveraging synthetic fraud tricks, she said.
“We’re about to see a big rise in account application fraud and in abuses of anti-money laundering controls,” Hamilton said, adding: “You will see consumers turn to fraud to steal from banks, and fraudsters who’ve got sensitive consumer data will use that information for account takeover and synthetic fraud to apply for loans and take funds illicitly.”
Account takeover fraud — affecting deposit accounts and credit card accounts — already was a top concern for banks, surging 347% in 2019 over the previous year, according to a recently released TransUnion survey.
In account takeover, fraudsters gain access to accounts using credential stuffing, phishing, hacking and social engineering.
To prepare for these attacks, financial institutions must recalculate threat levels from prior to the coronavirus outbreak, hardening fraud monitoring and filters to spot account takeover attempts and bogus loan applications through a strategic balance of risk monitoring, Hamilton said.
“It requires balancing your workforce to make funds available for legitimate customers while being alert to a higher level of fraud risk,” Hamilton said.
Featurespace’s platform, used by financial institutions, is based on adaptive behavioral analytics. It’s adjusting to a “new normal” of higher-than-usual fraud attacks and increased online spending, she said.
“The platform has already adapted to significant changes in the fraud environment from coronavirus, including consumers shifting to more online transactions, and fraudsters attacking in new ways either by taking data from different channels, applying for loans or doing transactional fraud,” Hamilton said.
Corporations also can expect to see a sharp increase in new types of fraud, according to a new report from Aite Group.
Remote workforces are vulnerable to a surge in business email compromises, and fraudsters submitting fictitious invoices to banks and other corporations claiming to have provided emergency or cleaning services at physical locations and ATMs, Aite said.
Internal fraud also is on the rise with the expansion of remote working, according to Aite.
As criminal opportunities shift in the face of coronavirus, some types of fraud may actually fall off.
For example, scams leveraging promotions and loyalty programs actually declined last year, according to data from TransUnion’s survey. The number of instances of cybercriminals accessing accounts to drain loyalty points or using the same promotion over and over by creating multiple new accounts declined 42% in 2019 compared to the previous year.
