Long reads

FinCrime outlook 2023: ChatGPT, deepfakes and the same old scams

Níamh Curran

Níamh Curran

Senior Reporter, Finextra

2022 saw a number of scams hit the top of Finextra’s headlines.  Research found that 8% of consumers were ignoring confirmation of payee warnings and celebrities like Joe Lycett even waded in on the issues,.

As the cost-of-living crisis continues to make people feel more financially vulnerable, the importance of education around scams and fraud is increasingly essential.

While we are likely to see some of the leading scams from 2022 continue into 2023, technology developments and other macro-factors may result in further developments on the same activities. We asked a number of experts to share their predictions around scams and fraud throughout 2023.

Same old scams: What can we learn from financial crime in 2022?

2022 was the year of social engineering scams, and this shows no sign of slowing down. Research from ACI Worldwide anticipates Authorised Push Payment (APP) scams to continue to grow,  doubling by 2026. UK finance reported in their 2022 Half Year Fraud Update that romance scams increased by 31% in the first half of 2022.

APP remains a serious area of concern to many. Sandy Lavorel, team leader and practice lead business analyst at NetGuardians confirms that  APP “skyrocketed in 2022, and we expect them to proliferate further in 2023.”

He continues that NetGuardians “foresee that investment scams, romance scams, tech support scams and delivery scams will remain in the top five. The trend will persist as criminals stick with tried-and-tested fraud types. It usually starts with social engineering and phishing for personal information that is then used to trick the customer into sending funds to an account controlled by the fraudsters.”

Shamir Karkal, co-founder and chief strategy officer at Sila, shares the view that we are going to see many of the same scams reappear in 2023: “While they sometimes take advantage of the excitement around the next new thing, as various scams around crypto currencies and NFTs have shown, they [criminals] are not abandoning phone scams, gift card scams, romance scams, synthetic identities, and other tried and proven methods to separate people from their money. These will continue to be the bulk of fraud losses till we as an industry collectively implement more effective ways of preventing them.”

Lavorel notes that technology developments generally have made it somewhat easier to commit fraud as they “reduce barriers to entry.”

He also warned against “crime-as-a-service” which he saw throughout 2022. He states: “fraudulent organisations can recruit from a growing pool of low-skilled labour via the dark web and well-known messaging platforms. Combined with the development of easy-to-use systems this potent blend empowers a larger workforce to become fraudsters in just a few quick clicks. We also learned that stopping these scams is becoming increasingly difficult. The reason is that the duly authorised person is deceived into completing the transaction on behalf of the  fraudster, creating an appearance of legitimacy.”

Robert Prigge, CEO at Jumio, notes that, “on top of the growing fraud threat, compliance departments are also navigating evolving anti-money laundering (AML) and know your customer (KYC) regulations. In 2021, AML fines were up to $672 million in the UK, more than tripling from $206 million in 2020. As global regulatory requirements and competition tighten, it is imperative to have a robust compliance program in place that does not sacrifice the user experience.”

These observations suggest that we are unlikely to see a change in many of the kinds of scams we were seeing in 2022, but we may be able to see some differences in how these scams are carried out as fraudsters change their methods to fight against advancing technology.

How is updated technology affecting financial crime?

Criminals will always evolve and find new ways to commit the same crimes. This is something which Jodie Wilkinson, head of strategic partnerships at takepayments warns of: “Scammers are constantly updating their technology and techniques, and it’s likely that fraud will continue to become more sophisticated, meaning consumers and businesses need to be more alert than ever. This is especially important as more and more of us go cashless, with 83% of UK consumers now using contactless payments and ecommerce continuing to grow.”

We are seeing an increasing number of online payments, something which Prigge predicts will continue to grow: “It’s likely we’ll see the number of transactions completed with digital identities surpass those of credit cards as more consumers leverage biometric authentication to access their saved credit card information, banking apps and digital payment methods, like Apple Pay.”

However, this leaves consumers open to new types of attack. UK finance finds that losses from card ID theft alone increased by 86% in the first six months of 2022, compared to the same period in 2021 (from £11.5 million to £21.4 million). Prigge argues this shows that “despite large investments in security and prevention tools, bad actors will continue to advance their techniques and hone in on a growing variety of digital fraud strategies such as synthetic identities and deepfakes.”

Another area which is likely to cause increased concern as technology develops throughout 2023, is that of deepfakes. Andy Renshaw, senior vice president and product manager at Feedzai raises that this kind of technology could be used in social engineering scams: “Over the past year there has been a huge rise in the use of deepfakes for fraud, and 2023 is likely to see the next evolution of this trend. While deepfake technology can be used to create convincing visuals of real-life people, it relies completely on visual deception. Over the next 12 months,  we expect this type of social engineering to be enhanced with the help of generative AI technology that can replicate a person’s conversational and typing styles.”

This type of AI technology can be seen in the recently released ChatGPT. This AI technology was launched in November 2022, and has already been identified for its possible abuse for the purposes of financial crime. Shamir Karkal, co-founder and chief strategy officer at Sila, adds: “With advances in technology, scams are becoming more sophisticated. I expect more scams that use artificial intelligence to alter pictures or create fake videos with the goal to trick someone into doing something. The arrival of ChatGPT may also make romance scams and other types of online scams more common.”

How are criminals taking advantage of victims’ circumstances?

While we might see some of those more advanced technologies being used to convince people of a scams’ reliability, criminals will always rely on circumstances where they can take advantage of their victims.  The cost of living crisis became a significant vulnerability for large portions of the population in 2022, presenting a sinister opportunity for criminals to deploy scams and target financially desperate people.

Renshaw spots some of the areas which criminals are taking advantage of: “As old and reliable fraud tactics like account takeover attacks have become harder to pull off, fraudsters are increasingly turning to scams and they currently have two distinct advantages working in their favour - economic uncertainty and the rise of faster payment systems. When people are uncertain or desperate about their financial lives, they are more likely to fall for scams. This includes fake job offers, unemployment fraud, or even romance scams. In other words, scams evolve quickly to reflect the current environment.”

Wilkinson notes: “One of the most common phishing scams of 2022 involved criminals posing as Ofgem, capitalising on the cost-of-living crisis by offering energy bill support and stealing card details.”

Renshaw adds that this is not a new trend: “Every economic downturn, we see a rise in first-party fraud, for instance, buying goods, claiming the purchase never arrived and demanding a refund. And while we expect this trend to continue if a recession hits again, we also expect cases of second-party fraud to accelerate.”

He continues that: “As economic uncertainty rises, we also expect to see a rise in ‘friendly’ fraud - this can range from family members exploiting a relative’s trust to access their cash, to one family member allowing another to use their personal information to access a loan or get a new credit card.”

How can financial institutions improve scam prevention and mitigation?

When it comes to scams and fraud the reality is that criminals will always find a way. Banks and financial institutions are often left feeling like they’re playing a game of catch up, while individuals are left afraid. However, there are some ways which the experts believe will help to provide support to customers and to themselves.

One key point is to continue to educate consumers of the risks and what a suspicious interaction looks like. Lavorel uses the example of APP scams, which require the consumers authorisation to work and can be harder for banks to spot and stop. He argues that ”static rules alone are not effective anymore. It is now essential to educate customers on such scams and to raise fraud awareness. This should not be ignored.”

Karkal argues a similar point, states: “Unwavering vigilance is the only solution. Individuals and businesses alike have to realise that fighting fraud is a marathon, not a sprint. There will be no quick end for either side, but an ongoing fight that will ebb and flow for the foreseeable future. We need to “stay frosty” - stay cool, stay alert, and stay on your toes. If you get contacted, take extra care about validating the source and ensuring that someone is who they say they are. If something seems too good to be true, then it very likely is a scam of some sort.”

Lavorel recommends “intelligent AI-based systems built for banks that search for anomalies are essential for preventing fraud.” He furthers that “using data and insights from the community of fraud fighters composed of banks, fintechs, and other sources, will enable us to enhance automated risk scoring systems. It is now a must. Criminals are sharing information; we must do the same.”

Prigge recommends a more data rich approach: “In order to reduce the risk of identity fraud, companies must ensure that an online user is who they say they are. This is true for all businesses, but especially true for organisations dealing with high-risk transactions and data such as financial institutions.”

He continues: “Financial organisations should turn to document-centric identity proofing to verify online users. This method simply requires a user to upload a picture of their government-issued ID (e.g. driver’s license) and a corroborating selfie, from which a biometric template is created. The selfie is compared to the photo on the ID to reliably establish the user’s identity.”

Renshaw argues that the advances in fraud techniques should serve as a “wake-up call” that identity solutions aren’t enough to stop scams. However, he concludes on the more positive note that, “the heightened threat of scams also presents opportunities for banks. Liability is shifting for financial institutions to cover losses to scams. If banks proactively offer to protect their customers, they can offer an attractive market differentiator.”

 

Comments: (0)