Card fraud risks — already soaring prior to the coronavirus outbreak — are changing rapidly as the pandemic deepens, forcing issuers and merchants to rethink protective measures.
It’s too early to gauge the scope of potential losses, but a perfect storm for bank account and payment card fraud is gathering as threat vectors increase exponentially from rising numbers of unemployed, anxious consumers and fraudsters poised to take advantage of them, experts say.
TransUnion reported global e-commerce transactions were up 23% in mid-March compared with typical weekly volume, while fraud attempts are rising at correspondingly higher rates.
In a survey of 1,068 U.S. adults, TransUnion found 22% have been targeted by digital fraud related to coronavirus.
Phishing attempts connected to coronavirus are surging. The number of active phishing sites Google registers each month skyrocketed from 149,000 in January to more than 500,000 in mid-March, according to a new report from Atlas VPN analyzing Google’s safe-browsing data.
The number of suspicious websites containing COVID-19 and related keywords soared to 67,000 on March 21, Google’s data suggests.
As surging e-commerce volume and fraud attempts loosen controls, banks and merchants are racing to adjust fraud filters to match changing consumer behavior, according to Dena Hamilton, fraud and financial crime expert at Featurespace, which provides fraud monitoring tools for banks and merchants.
Financial institutions and retailers must prepare to constantly adjust fraud controls against changing consumer behavior, which will be tricky as baselines rapidly shift, she said.
In separate letters to Congress, the Fed asked for legislative action to ease Tier 1 capital minimums while the FDIC said it may use its own authority to address the market strain on banks.
S&P Global Ratings follows Moody's Investors Service in revising state’s credit outlook downward on revenue losses from COVID-19 pandemic.
It's time for agencies like the Small Business Administration to stop playing catch-up and invest in state-of-the art technology.
“This is new territory for financial institutions because they're balancing the need to maintain access while new patterns are emerging," Hamilton said. "Banks and merchants must step up customer ID verification and investigate suspicious activity at a time when online shopping and loans will be critical for consumers and businesses.”
Extreme health and financial fears mean anxious consumers are primed to fall for rampant phishing scams leveraging a vast cache of consumer information available on the dark web from years of data breaches, she said.
The promised influx of government checks also presages a rise in first-party and third-party fraud, plus money-laundering abuses, according to Hamilton.
“News about government funds becoming available soon will drive more fraud,” Hamilton said, noting that the expansion of available new business loans backed by the U.S. government within the recently passed stimulus package will likely trigger an uptick in bogus loan applications leveraging synthetic fraud tricks, she said.
“We’re about to see a big rise in account application fraud and in abuses of anti-money laundering controls,” Hamilton said, adding: “You will see consumers turn to fraud to steal from banks, and fraudsters who’ve got sensitive consumer data will use that information for account takeover and synthetic fraud to apply for loans and take funds illicitly.”
Account takeover fraud — affecting deposit accounts and credit card accounts — already was a top concern for banks, surging 347% in 2019 over the previous year, according to a recently released TransUnion survey.
In account takeover, fraudsters gain access to accounts using credential stuffing, phishing, hacking and social engineering.
To prepare for these attacks, financial institutions must recalculate threat levels from prior to the coronavirus outbreak, hardening fraud monitoring and filters to spot account takeover attempts and bogus loan applications through a strategic balance of risk monitoring, Hamilton said.
“It requires balancing your workforce to make funds available for legitimate customers while being alert to a higher level of fraud risk,” Hamilton said.
Featurespace’s platform, used by financial institutions, is based on adaptive behavioral analytics. It’s adjusting to a “new normal” of higher-than-usual fraud attacks and increased online spending, she said.
“The platform has already adapted to significant changes in the fraud environment from coronavirus, including consumers shifting to more online transactions, and fraudsters attacking in new ways either by taking data from different channels, applying for loans or doing transactional fraud,” Hamilton said.
Corporations also can expect to see a sharp increase in new types of fraud, according to a new report from Aite Group.
Remote workforces are vulnerable to a surge in business email compromises, and fraudsters submitting fictitious invoices to banks and other corporations claiming to have provided emergency or cleaning services at physical locations and ATMs, Aite said.
Internal fraud also is on the rise with the expansion of remote working, according to Aite.
As criminal opportunities shift in the face of coronavirus, some types of fraud may actually fall off.
For example, scams leveraging promotions and loyalty programs actually declined last year, according to data from TransUnion’s survey. The number of instances of cybercriminals accessing accounts to drain loyalty points or using the same promotion over and over by creating multiple new accounts declined 42% in 2019 compared to the previous year.
