By Gemma Staite, Lead Threat Analyst, Biocatch
Our daily routines are shifting online, and managing our finances is no exception. The days of visiting a branch for basic banking requirements are long gone, thanks to the prevalence of cashless and contactless payments, internet banking, and buy now, pay later (BNPL) services. Last year alone, 93% of customers used one or more digital payment methods and BNPL services accounted for $100 billion in purchases.
Although the popularity of online banking may make clients’ lives easier, it also increases their vulnerability to be affected by fraud. The concept of the traditional “vulnerable customer” has changed as a result of significant global events and the evolution of scamming tactics. Scammers now have a much wider range of potential victims, finding new victims and taking advantage of the weaknesses of various demographics.
When fraud occurs, it’s one thing to cover a customer’s financial costs, but once consumer trust is broken and they feel that their data is not sufficiently protected, reputational damage can be nearly impossible to mend. Adding yet more layers of security online and to applications can have the unintended consequence of undermining experience and cause users to turn to other providers.
Financial institutions, both established and new, are looking to new methods to protect those vulnerable to attacks, with solutions like behavioural biometrics poised to play a major role in building digital trust and safety.
Cybercriminals: covering all bases
The methods used by online criminals are always evolving. Although the rollout of two-factor authentication is an important step for online banking on a global level, scammers are beginning to evade these security measures, degrade them, and develop more cunning methods of contacting their intended victims.
Fraud methods vary depending on the intended victim. For instance, social engineering scams, where victims are emotionally and psychologically manipulated to obtain money or confidential information, have evolved to understand human inclinations and tendencies. These schemes have increased by 57% in 2021 with an average loss of $1,029 per victim, targeting consumers at the exact right moment when they are most vulnerable with the tempt of romance or friendship.
The threats do not stop here, with scammers moving to a multi-layer hybrid model to defraud unsuspecting victims. Often using a mix of smishing or SMS phishing, voice scams, and remote access scams, fraudsters reach thousands of victims in minutes, use bots to intercept one-time passcodes from the victim’s device and slip past bank security controls.
How the ‘vulnerable customer’ has evolved
In the current economic landscape, cybercriminals are taking advantage of vulnerable and traditionally non-vulnerable individuals. This is driven by four factors – health, life events, resilience, and capability. All factors can shift suddenly and dramatically, and never in our lifetime has this been so apparent as during the pandemic.
Elderly customers remain a primary demographic for fraud, scammed out of an estimated $3 billion a year thanks to their better credit scores, plentiful funds, trusting nature, and lack of tech knowhow. Methods most prevalent in this age group include romance scams, imposter scams, and lottery and sweepstake scams, with 40% of identity theft fraud victims being over 60.
However, Gen Z have become a new target for financial crimes, primarily through social media. Younger customers who value convenience over privacy are increasingly falling prey to so-called ‘mule herders’ that slide into their direct messages, recruiting them into laundering schemes with the lure of quick and easy cash. This method can be very challenging to detect since the scammer does not interact directly with the banking platform and instead convinces the user to perform an action. Mobile malware is also a key feature in Gen Z fraud, with multi-factor authentication intercepted by scammers, hijacking their operating system through fake apps.
Security is paramount for all customers
As Gartner says, don’t treat your customer like a criminal. Customers want convenience, and financial providers should be able to provide the security they need. If you keep putting the onus on the customer to jump through hoops, they’re going to move to a provider that takes the burden of security out of their hands.
Thanks to the dynamic nature of cybercrime, managing fraud risk is a considerable and ever-evolving challenge. As scammers have got smarter, authentication methods have remained stagnant, leaving customers vulnerable to attack. To provide robust protection, financial institutions must recognise the vulnerability of one-time passcodes and knowledge-based authentication and look for solutions that go beyond the device, IP, and network-based attitudes. They must look to user behaviour to catch criminals before they strike.
Behavioural biometrics technology seeks out scammers through how they interact with online platforms, whilst ensuring that customers still have the frictionless banking experience they desire. Working passively in the background of a user web or mobile session, this technology monitors thousands of parameters such as pressure used when typing, how online forms are navigated and whether multiple fields are copied and pasted. For instance, in practice, behavioural biometrics can look for anomalies in digital interactions to reduce the risk of account takeover and identify ‘mule personas’ on social media to seek out potential mule herders. It can also detect potential social engineering scams, looking to typing hesitation and session length as indicators of foul play.
Scammers frequently change their strategies and targets. It has become clear that new solutions are required to protect susceptible customers as hackers are equipped with the technology to trick financial institutions and overcome two-step authentication. The best approach to capture fraudsters is to watch and recognise their online behaviour, whether it’s Gen Z falling for mule herders in their DMs or elderly victims of social engineering scams. Financial institutions can defend their clients from evolving dangers by using behavioural biometric technology to provide seamless yet safe banking.