Jul 31, 2022

Written by Gemma Staite, lead threat analyst, BioCatch 1st August 2022 The surge in online banking has opened customers up to more opportunities to be defrauded Long gone are the days of going into a branch for our everyday banking needs, with everything from online banking and buy now, pay later (BNPL) services to cashless and contactless payments soaring in popularity. Last year alone, 93% of customers used one or more digital payment methods and BNPL services accounted for $100 billion in purchases. This surge in online banking may make customers’ lives more convenient. However, it also opens them up to more opportunities to be defrauded. Major world events combined with the advancement of scamming techniques have shifted the idea of the typical ‘vulnerable customer’. Scammers now have a much broader range of targets, identifying new victims and exploiting different demographics’ weaknesses. When fraud occurs, it’s one thing to cover a customer’s financial costs, but once consumer trust is broken and they feel that their data is not sufficiently protected, reputational damage can be nearly impossible to mend. Adding yet more layers of security online and to applications can have the unintended consequence of undermining experience and cause users to turn to other providers. Financial institutions, both established and new, are looking to new methods to protect those vulnerable to attacks, with solutions like behavioural biometrics poised to play a major role in building digital trust and safety. Cybercriminals are around every digital corner The way that online criminals operate is continuously evolving. Although the rollout of two-factor authentication is a significant step for online banking on a global scale, scammers are starting to infiltrate and undermine these security efforts and are finding more devious ways to reach their targets. Fraud methods vary depending on the intended victim. For instance, social engineering scams, where victims are emotionally and psychologically manipulated to obtain money or confidential information, have evolved to understand human inclinations and tendencies. Our research shows these schemes have increased by 57% in 2021 with an average loss of $1,029 per victim, targeting consumers at the exact right moment when they are most vulnerable with the tempt of romance or friendship. The threats do not stop here, with scammers moving to a multi-layer hybrid model to defraud unsuspecting victims. Often using a mix of smishing or SMS phishing, voice scams, and remote access scams, fraudsters reach thousands of victims in minutes, use bots to intercept one-time passcodes from the victim’s device and slip past bank security controls. The evolution of the ‘vulnerable customer’ In the current economic landscape, cybercriminals are taking advantage of vulnerable and traditionally non-vulnerable individuals. This is driven by four factors – health, life events, resilience, and capability. All factors can shift suddenly and dramatically, and never in our lifetime has this been so apparent as during the pandemic. Elderly customers remain a primary demographic for fraud, scammed out of an estimated $3 billion a year thanks to their better credit scores, plentiful funds, trusting nature, and lack of tech know-how. Methods most prevalent in this age group include romance scams, imposter scams, and lottery and sweepstake scams, with 40% of identity theft fraud victims being over 60. However, Gen Z have become a new target for financial crimes, primarily through social media. Younger customers who value convenience over privacy are increasingly falling prey to so-called ‘mule herders’ that slide into their direct messages, recruiting them into laundering schemes with the lure of quick and easy cash. This method can be very challenging to detect since the scammer does not interact directly with the banking platform and instead convinces the user to perform an action. Mobile malware is also a key feature in Gen Z fraud, with multi-factor authentication intercepted by scammers, hijacking their operating system through fake apps. All customers need protection Customers want convenience, and financial providers should be able to provide the security they need. If you keep putting the onus on the customer to jump through hoops, they’re going to move to a provider that takes the burden of security out of their hands. Thanks to the dynamic nature of cybercrime, managing fraud risk is a considerable and ever-evolving challenge. As scammers have got smarter, authentication methods have remained stagnant, leaving customers vulnerable to attack. To provide robust protection, financial institutions must recognise the vulnerability of one-time passcodes and knowledge-based authentication and look for solutions that go beyond the device, IP, and network-based attitudes. They must look to user behaviour to catch criminals before they strike. Behavioural biometrics technology seeks out scammers through how they interact with online platforms, while ensuring that customers still have the frictionless banking experience they desire. Working passively in the background of a user web or mobile session, this technology monitors thousands of parameters such as pressure used when typing, how online forms are navigated, and whether multiple fields are copied and pasted. For instance, in practice, behavioural biometrics can look for anomalies in digital interactions to reduce the risk of account takeover and identify ‘mule personas’ on social media to seek out potential mule herders. It can also detect potential social engineering scams, looking at typing hesitation and session length as indicators of foul play. Scammers are constantly altering their tactics and targets. Equipped with the technology to hoodwink financial institutions and infiltrate two-step authentication, it has become clear that new solutions are needed to protect vulnerable customers. Whether it’s elderly victims of social engineering scams, or Gen Z falling prey to mule herders in their DMs, the most effective way to catch fraudsters is to monitor and detect their behaviour online. Armed with behavioural biometrics technology, financial institutions can protect their customers from ever-increasing threats, delivering frictionless, yet secure, banking.