Are You Ready for the Fraud Ring Menace of 2024?
In the NeuroID customer ecosystem, we’re seeing financial institutions (FIs) of all sizes and types be increasingly targeted by sophisticated fraud rings. For fintechs, these attacks often exploit vulnerabilities where the FI hasn’t yet scaled fraud prevention to match their fast-paced growth. For established banks, fraud rings often probe until they find the weak spot where friction-fears win out over fraud prevention. And there are a million techniques in-between, all supported by high-tech and the Dark Web.
The Impact of Advanced Technologies on Fraud Ring Tactics
From genAI to quantum computing, 2023 was a year of explosive technology. As rapid advancements make it easier to commit digital fraud, those fraud losses can no longer be considered a business cost. For one thing, it’s not just the fraud that drains revenue: digital fraud victims are 3x more likely to leave the FI that they hold responsible. For another, fraud rings are now alarmingly sophisticated at targeting vulnerabilities and timing strikes to maximum effectiveness. It could be a bot blitz or a sleeper fraud attack: the fraud style varies by the target. But one thing we know for sure is that if the front door is locked those fraud rings will climb in the window.
They find those unlocked windows because fraud rings target specific vulnerabilities. Case in point: for one credit card issuer we work with, fraud rings broke in through their prequalification (prequal) process. This started with a fraud ring testing probe, where the attackers noted the control mechanisms and shifted to more unobservable tactics. Despite this issuer having robust digital identity and verification systems in place, NeuroID behavioral analytics were the only solution that identified these attacks as coordinated and of considerable scale. One-third of the fraud ring users were flagged only by NeuroID in real-time (and would have passed through their other verification systems without NeuroID in place). While this is a feather in our cap, it’s also a mind-boggling measurement of the fraud ring’s sophistication: they were extremely adept at avoiding obvious linkage. Conventional methods that look at PII tracing, credit reports, address verification, device fingerprint, etc. were all fooled.
This is not to say those tools aren’t useful: they are great at what they do. But fraud rings continuously evolve and evade. They have compromised personal identifying information (PII) and Dark Web technology that was built specifically to fool fraud prevention systems. Banks, fintechs, and any other business where money moves online, are all at risk if they depend solely on any of the multiple forms of PII-data capturing systems for identity verification and fraud detection.
In this case, the credit card issuer enhanced security measures in their prequal process due to the growing fraud ring target on their back. This will continue to be an important tactic for anyone fighting fraud rings in 2024: continuously evaluating anti-fraud strategies to combat the diversity and sophistication of fraud rings.
With this specific issuer, we were also reminded of how the need for adaptive fraud prevention strategies is nothing new. This issuer has a direct mail population who receives old school printed letters delivered with their personal information directly attached to a QR code. And the issuer has had masses of that paper mail get stolen, by criminals who sell that information to fraud rings, who then enter it in the applicant information and go through pre-fill. This method is as old as the Pony Express, and yet is still being used in today’s age of self-driving cars. A reminder that everything old is new again, and there’s truly no vector that fraudsters won’t use.
Adapting Anti-Fraud Strategies for 2024 & Beyond
Old school mail used by high-tech fraud rings is far from the only hybrid instance of fraud. We’ve also been seeing a trend in how humans and bots work together in new, nefarious ways. Automated fraud ramped up during COVID lockdowns, as illicit account creation for government aid became attractive to cybercriminals stuck at home with time on their hands. Banks enhanced their fraud prevention measures in turn, which pushed fraudsters to evolve their tactics further: a cat-and-mouse game that continues today with bot attacks on the rise, often with humans laying the groundwork ahead of time.
This combination of scripted automation, aggressive fraudsters, and sophisticated fraud farms should have any FI on high-alert coming into 2024. And this isn’t even taking into account the shifts in fraudster tactics to more complex authorized payments fraud and the looming shadow of FedNow and real-time payments.
As fraud rings become more sophisticated, incorporating a mix of old and new tactics, FIs must respond with equally advanced and adaptive strategies, especially as we face the challenges of inflation and recession potentially still looming in 2024. Keeping costs down is more vital than ever, and fraud costs are a bottom-line figure that can actively be improved with the right tools. By analyzing subtle patterns in user behavior, behavioral analytics detects and prevents sophisticated fraud schemes in ways no other solution can. This is particularly important as fraud rings increasingly employ tactics that avoid obvious linkage, making traditional detection methods less effective.
Want to learn more about the strategies of fraud ring attacks? Download our The Anatomy of a Fraud Ring report to get a breakdown of five unique fraud attacks, the damage they caused, and how they were detected.