The battle against fraud and identity theft has taken on new dimensions and complexities in today’s increasingly digital world.
2024 promises to be crucial in the ongoing struggle against financial cybercrime. As the financial industry continues to evolve, so do the tactics fraudsters employ.
This article will delve into the key trends shaping the fraud and identity landscape 2024, drawing insights from various sources, including SumSub, LexisNexis Risk Solution, Feedzai and Jumio.
Sophisticated scams dominate the fraud landscape
BioCatch’s report uncovers a startling surge in financial cybercrime in Asia-Pacific. With scams accounting for 54 percent of all cases, there’s a 200 percent increase in voice scams from the previous year.
These crimes are becoming increasingly sophisticated, leveraging human-centric coercion and remote access tools, indicating a grim reality for digital banking security.
The digital economy in Southeast Asia, projected to hit US$100 billion, is a double-edged sword. It brings prosperity but also makes the region a cyberattack hotspot.
Companies in the region report a 28 percent rise in cyber threats, highlighting the urgent need for robust cybersecurity measures. Tackling such sophisticated identity fraud will be a priority across APAC in 2024.
APAC nations face unique fraud challenges
In the Jumio report, a concerning picture emerges for the Asia-Pacific (APAC) region, where significant challenges related to fraud and identity issues are on the rise.
APAC boasts the highest fraud rate among all regions, at a worrisome 3.27 percent. What’s even more alarming is the stark increase in this fraud rate, which surged by 24 percent from 2022 to 2023.
According to Feedzai, the phenomenon of scams APAC has evolved into a significant concern, mirroring the spread and complexity of a global pandemic. This trend is alarming given the region’s cultural disposition towards trust, which scammers exploit with impunity.
Further underscoring the vulnerability within specific APAC region countries, SumSub data highlights that Hong Kong, Pakistan, and Bangladesh have emerged as nations particularly susceptible to identity fraud. Their identity fraud rates range from 3.33 percent to a substantial 5.44 percent.
On another front, LexisNexis Risk Solutions reports proactive efforts by the Hong Kong Monetary Authority to bolster online banking security and combat digital fraud.
These measures encompass additional customer authentication, cross-border transfer limit reviews, session management controls, and establishing a bank-to-bank information-sharing platform to safeguard the financial sector from evolving threats.
Meanwhile, in a separate incident in Singapore, the cybersecurity landscape saw a significant surge in phishing attempts targeting local entities in 2022. Reports indicate around 8,500 instances, marking a substantial 175 percent increase from the year prior.
Over 80 percent of these phishing campaigns mimicked banks or financial services, including institutions based in China, as well as local services like Singpass and SingPost.
In parallel, India grapples with its unique cybersecurity challenges, including the rising popularity of micro-loan apps and the advent of planned smart city projects, which have raised concerns about vulnerabilities in Internet of Things (IoT) infrastructure.
In 2021, over 60 percent of India’s 53,000 reported cybercrime cases were fraud-related, with criminals exploiting weaknesses in digital banking and e-commerce.
To address these issues, the Reserve Bank of India (RBI) took action in 2023 by mandating stricter IT governance and risk controls. Furthermore, combating synthetic identity fraud, involving both real and fake data, is set to become a top priority in India for 2024.
Synthetic identity fraud on the rise
The emergence of AI generative models like DALL-E, ChatGPT, and others rapidly generate fake but credible identities, enabling criminals to create synthetic identities at scale.
By combining real personal data leaked from breaches with AI-fabricated information, fraudsters can rapidly generate fake but credible identities.
According to research by LexisNexis Risk Solutions, APAC will likely see significant increases in synthetic identity fraud in 2024.
As banks transition to digital-first models, criminals exploit online vulnerabilities to open fraudulent accounts using synthetic IDs.
Banks need advanced identity verification and authentication techniques to counter synthetic fraud, including document verification, identity graph analysis, and behavioural biometrics.
Collaborative data-sharing initiatives can also help uncover synthetic identity patterns across institutions.
Fraud-as-a-Service allows automation of attacks
The advent of AI generative models also enables new Fraud-as-a-Service offerings. Criminal groups can use these automated services to learn bank processes quickly and generate tailored social engineering scripts.
By reducing barriers traditional call centres face, Fraud-as-a-Service allows large-scale attacks targeting specific banks. New account fraud and application fraud are particularly vulnerable, as criminals quickly fabricate identities that appear credible.
Banks must implement robust identity proofing and validation at onboarding to counter these automated threats. Ongoing behavioural monitoring post-onboarding also helps spot fraudulent accounts created using synthetic identities.
Regulations bring liability changes
Regulators across APAC are updating regulations to protect consumers from evolving scam tactics. These updates aim to make banks and financial institutions more accountable for fraud management.
In 2023, the UK’s Payment System Regulator (PSR) introduced a 50-50 liability model requiring sending and receiving banks to share responsibility for scam losses equally.
This precedent will likely spur more APAC regulators to implement similar accountability frameworks.
The liability changes motivate banks to prioritise preventive real-time scam monitoring over-reactive fraud management. Banks can use behavioural biometrics and other techniques to gain visibility into scam victims’ behaviour and thwart attacks before completion.
Increased collaboration in financial services
With 57 percent of global fraud in financial services originating from international channels, as reported by LexisNexis, the rise in coordinated cybercrime across borders and institutions is evident. Digital mule networks exploit this, testing stolen credentials across various banks.
A united approach among banks, fintechs, and regtechs is essential to counteract these sophisticated schemes. Sharing data and insights is vital to fortifying defences against these complex fraud patterns.
Regulatory changes are expected to support and clarify data-sharing processes, overcoming hurdles posed by regulations like the General Data Protection Regulation (GDPR). This collaboration, while essential, requires careful navigation of legal frameworks to ensure effective and compliant information exchange.
The menace of deepfakes and disinformation
The exponential growth of APAC’s digital economy also enables new disinformation threats. According to Sumsub, advanced deepfake technologies allow easy manipulation of audio, video, and images to spread fake news or defame individuals.
As deepfakes become more accessible and more challenging to detect, organisations may struggle to combat forged content. Criminals can leverage deepfakes for extortion, brand sabotage, fraud, and other illicit schemes.
In APAC, there has been a 1530 percent increase in deepfake incidents, with Vietnam and Japan leading in the number of attacks.
Japan’s prevalent use of deepfakes in the entertainment industry potentially allows fraudsters to misuse this technology in other sectors. Meanwhile, Vietnam’s booming digital economy and substantial online population present a lucrative target for cybercriminals.
Countering disinformation will require consumer education and collaboration between governments, tech platforms, and other stakeholders. Developing advanced deepfake detection techniques is crucial to restoring online content trust.
Adapting authentication in the era of data breaches
In an environment rife with data breaches and privacy concerns, traditional authentication methods like SMS-based two-factor authentication (2FA) and knowledge-based authentication (KBA) are losing effectiveness.
Jumio highlights how cybercriminals increasingly compromised these methods using information from social media, data breaches, and phishing attacks.
As a response, consumers are demanding more secure and privacy-focused authentication techniques that utilise their digital footprint—a more complex and individualised set of data that is harder for fraudsters to replicate.
Concurrently, major technology firms are entering the identity management arena, leading to a potential rise in federated identities from companies like Google, Apple, and Amazon for banking login and authentication. This shift offers convenience but raises questions about data privacy and control.
To counter these challenges, banks are exploring advanced techniques like behavioural biometrics, which provide a robust and seamless user experience by analysing unique user behaviour patterns.
However, adapting to these new methods requires banks to navigate the changing identity landscape, balancing innovation with the disruption caused by big tech firms.
Key takeaways
As APAC progresses with digital transformation, cybercriminals respond with more sophisticated and destructive threats.
However, APAC organisations can tackle emerging challenges by sharing intelligence, embracing new technologies, and collaborating across the ecosystem.
Regulators also have a crucial role in implementing more balanced liability frameworks. With shared accountability and collective vigilance, APAC can combat fraud while continuing its digital growth trajectory.
Featured image credit: Edited from Freepik