Authorized fraud, myth or reality?
By Namrata Jolly, General Manager for Asia Pacific, Callsign
Around the globe, we are seeing the rise of a new type of fraud, that of authorized fraud. Unauthorized fraud is easy to spot, account take over and third party fraud is rife, with frequent news coverage about fraudsters utilising OTPs to help them successfully execute their plans
But authorized fraud is quite different and looks like a legitimate transaction made by the genuine user, but is, in reality, someone who has been tricked or coerced into action by social engineering tactics deployed by fraudsters.
As an indication of how bad the problem is in the Asia Pacific, Malaysians reported 51,631 online fraud cases. In the Philippines, Globe Telecom blocked over 30 million suspected spam or scam SMS messages in just a two week period; and phone scams in Hong Kong shot up 60 percent in the first seven months of 2022.
Authorized fraud relies on impersonation, a legitimate sounding request for money, payment for fake goods or services, unpaid tax, or even that the victims bank account has been compromised and they need to move their money to a safe account. By using social engineering techniques designed to cause victims stress and panic, the fraudster strikes.
Forrester, a global research company, says that in the last 18 months authorized fraud or authorized push payments (APP) were considered a major problem by 66 percent of financial services and consumer banking organizations in the Asia Pacific region. These same organizations agree that a combination of behavioral biometrics, dynamic fraud warning messaging and threat detection will go a long way in solving this issue.
Traditional warnings ignored
We have reached a point now where authorized fraud is so pervasive, warning messages issued by banks and other digital providers are routinely ignored..
Yet the approach to online fraud has rested on using outdated practices and processes in the belief the consumer can identify and understand what a scam or fraud looks like. But this approach doesn’t work, and does not address authorized fraud or even reduce fraudsters’ attacks.
Trend in anti-fraud legislation
From a global regulation perspective, we’re seeing a move to protect consumers through the introduction of legislation and regulation requiring banks, for example, to reimburse consumers when they have fallen victim to such scams.
Take Malaysia’s national bank who told financial institutions to migrate from SMS one-time passwords to more secure authentication methods, and to tighten fraud detection rules and triggers for blocking suspected scam transactions. Customers will be asked to confirm suspected scam measures are genuine before they are unblocked and restricted to one mobile or secure device for online banking authentications.
Meanwhile, the Monetary Authority of Singapore is updating the equitable shared losses framework for consultation this year (although an authorized fraud provision is yet to be included).
Although the moves being made by these and other governments in the region and around the world are positive, new regulations will take a while to pass into law and there is another important factor to consider in that these laws will be country specific. This situation allows fraudsters to carry out their trade until the laws are passed and then switch to countries with weaker regulation.
Knowing scammers are highly experienced and trained to manipulate their victims’ thought process in a short space of time, a new antidote is required because nothing banks or any digital provider has now to counter authorized fraud, works.
Real time Dynamic Intervention required
Banks are heavy investors in their own security whereas Joe and Jane Public are left—literally—to their own devices and believe they are not solely responsible for preventing fraud.
A Callsign survey supports this by saying 53 percent of Asia Pacific consumers expect governments to create a more secure digital world and 79 percent want a digital security system deployed with a further 39 percent expecting this to be rolled out in the next 12 months.
The authorized fraud antidote has to centre on shifting the belief by banks and other digital providers that consumers know how to spot and prevent fraud even if they are up against technical-savvy fraudsters who use 21st century technologies and social engineering techniques to defraud victims.
The only way to combat authorized fraud is by personalizing the approach with the ability to see and hear every transaction being made by every single customer in real time. All without impacting privacy.
Dynamically block the unwanted fraudster
Authorized fraud occurs when the customer is placed in an unusual situation between themselves and the fraudster. When stressed, the way a consumer behaves changes, including the way they use their phone changes, including typing more slowly, the angle that they hold their phone, or swiping the screen.
While both parties still believe the other is wholly or partially responsible for combating fraud and protecting sensitive data, fraud will continue. The solution is to move away from the traditional ideas of security and use modern technologies such as Dynamic Interventions to help by intervene when abnormal behavior is digitally identified.
How Dynamic Interventions work
Dynamic Interventions interrupts the user journey with a dynamic contextual messages the moment a customer might be in danger. The solution delivers intelligent and contextual fraud warnings, perhaps asking for more details about the transaction they are about to make.
Critically different to other blanket fraud messages which consumers are shown to ignore, dynamic interventions are personalized and occur when the suspicious activity is identified rather than before or after the event. Leaving fraudsters unable to coach victims through fraud warnings because they don’t know when they will appear.
When we are all entrusting more of our personal information online, it is incumbent on digital product and service providers to do everything they can to protect consumers. Dynamic Interventions offer a way to do just that without adding a burden to the customer journey.
The situation now, with fraud rife across all platforms, means dramatic changes need to be made in how security is approached and Dynamic Interventions will be an important step in mitigating authorized fraud.
About the author
Namrata Jolly is General Manager for Asia Pacific at Callsign.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.
behavioral biometrics | biometric authentication | biometrics | Callsign | financial services | fraud prevention | secure transactions