Dawn Of The ShapeShifter – 10 Fraud Predictions for 2023
The world we live in is changing before our eyes. ? Things are never quite what they seem. Nothing can be taken at face value, and strangers making promises cannot be trusted. ?
Sadly, everyone we know has been victimized by fraud or a scam and lost their hard-earned money.
Fraudsters no longer look like the bad guys we expect. They are young crypto exchange founders in T-Shirts ? claiming they are philanthropists. They are social media influencers. They are elderly “mules” that have been hired to pass bad checks. ? They are teens just trying a new side hustle they learned on Telegram. They can be anyone, really.
Such is the world we live in. A world where anyone can fake anything or hide behind the anonymity of the internet. And so fraud grows while the consequences for those committing it rarely materialize.
And that leads to more fraud.
A New Wave Of ShapeShifters Has Changed The Face of Fraud
In mythology, ShapeShifters have the ability to transform themselves through superhuman powers physically.
Shapeshifters are now a reality in fraud. They leverage accessible artificial intelligence – in some cases, far better than banks and merchants use. They communicate and collaborate with each other in real-time. They shift their attack vector on a dime. And they could care less about any consequences. They can overcome any obstacle or rule because they dynamically adapt.
Welcome to 2023 – The Dawn Of The Fraud Shape Shifter. It will be a year marked by accelerated use of AI and advanced attack vectors that we have never seen before. And it will only be the beginning of this era.
This year, banks and merchants must question whether they have the right people and technology to compete with this new beast of fraud perpetrators. You could become their primary target if you fail to innovate as they do.
Are you ready for it?
First, Let’s Look Back On 2022 – We Have Never Seen Anything Quite Like It
Fraud is never boring. Just when we think we have it figured out, it morphs into something completely different.
And for fraud junkies, 2022 did not disappoint. It was a year of massive frauds, brutal scams, and a year that will set the stage for shifting regulations for many years.
And here is what we saw.
#1- Check Fraud Re-Emerged As The Fastest-Growing Fraud
The end of the pandemic and all those stimulus programs created new wrinkles in check fraud as fraudsters returned to target bank accounts. Banks reported that check fraud doubled in 2022 -something no one could have predicted. Lured in by big and easy money, fraudsters returned to stealing checks out of the mail, changing the payees and dollar amounts, and selling them on the dark market or using mules and walkers to deposit those checks into bank accounts.
#2 – Zelle Fraud And Scams Took Center Stage
Zelle fraud and scams became a political livewire in 2022 ?⚡??. In September, CEOs from 7 of the largest banks in the country appeared on Capitol Hill to get grilled on the impact of Zelle fraud. It didn’t go well. Senator Warren blasted the banks, claiming they had created the perfect weapon for their customers to be defrauded.
# 3 – New Horrible Scams Emerged With Horrifying Names
Pig Butchering. ? It sounds brutal because it is brutal. But it’s a sign of the times and an indication of how inhuman scammers treat their victims. The scam called “Sha Zhu Pan”, which means pig slaughter in Chinese involves “fattening up” a victim by progressively luring them into a too-good-to-be-true investment and then slaughtering them by stealing all of their money. To add insult to injury, many scams are perpetrated by women trafficked into slavery from countries like Cambodia.
The FBI reports victims lost close to half a billion dollars in this scam, and it’s becoming increasingly popular and devastating.
#4 – We Realized That Fake Accounts and Bots Might Have Fueled Much Of The Growth
In February, PayPal chief financial officer John Rainey said the company identified 4.5 million accounts that it believes “were illegitimately created.” Their stock tanked 23% on the news. In August, Elon Musk claimed that up to 20% of Twitter’s accounts were fake and created by Bots making the stock massively overvalued. These two revelations give many of us a sick feeling that perhaps a lot of the growth in fintech might be fueled by fakes and ghosts.
#5 – The Bubbles All Burst Exposing Massive Frauds
The boom days of 2021 ended, and 2022 was a rude awakening back to reality for many. Everything seemed to pop at once. Tech stocks, the bond market, real estate, NFTs, and the crypto market bubbles all burst one after another, exposing massive frauds that lurked in the shadows. In 2021, investors lost an astounding $621 million to crypto scams and fraud. In 2022, that number is expected to balloon to over $4.3 Billion.
Looking back, 2022 was an eventful year. Fraud, as always is the case, is in a constant state of change, but this year more than any other, the pace of change accelerated beyond what I could have imagined.
What Can We Expect In 2023? I Called Mary Ann Miller And Karisse Hendrick To Ponder That Question.
In 2022, we joined forces with legendary Karisse Hendrick to tap into even more fraud-fighting mind power, and I believe it was our best prediction blog yet.
So we’re doing it again for 2023. So I picked up the phone and called Mary Ann and Karisse to ponder the future of fraud.
We hope you enjoy our musings on what we expect will happen over the next 12 months and beyond.
Prediction 1 – Check Fraud Will Hit $24 Billion Or More And Push Banks To Breaking Point
Mail theft and violence against mail carriers to get their keys is an epidemic. Check fraud has doubled. And there is no end in sight.
Banks aging check fraud technologies (many of which were implemented in the 1990s) can’t stop the fraud, and the US Postal Service appears ready to do little to protect mail carriers.
Something has to give, and something will. In 2023, we estimate that check fraud will result in $24 billion in damages, which will force a change – a breaking point for banks. This estimate is based on a conservative 50% increase over the ABA’s last estimate published in 2020.
And still, others will implement new projects to eliminate the mules and “walkers” that have infiltrated the banking system to pass through these fraudulent checks.
Prediction 2 – Scam Reimbursement Will Bring New Pain And New Investment In Fraud Control
It’s here. We knew it was coming. But now it has arrived. Like their counterparts in the UK, banks in the US have now set in motion a plan to reimburse scam victims.
This is certainly a win for consumer protection advocates and will likely ensure the long-term success of payment options like Zelle. But it will also create growing pains for fraud departments and analysts tasked with making the hard decisions.
First-party fraud and claims from fake accounts will likely flourish with Zelle payments.
If credit cards are any indication of the level of first-party fraud, up to 40% of claims could be bogus. This would likely be even higher since bogus claims will include claims originating from fake accounts set up by mules and identity thieves infiltrating bank deposit accounts.
And banks are going to be on the hook to be very transparent about their reimbursement statistics which will undoubtedly lead to benchmarking the best and worst banks, as seen in the UK.
We predict scam reimbursement will considerably change banks’ investigation and recovery processes and will mean that many banks will increase their fraud budgets to invest in proactive detection software to prevent scams.
Prediction 3 – High Attack Rates Will Force Some Banks To Turn Off Digital Acquisition
The attack rate on digital channels is soaring. It’s being driven by an unprecedented level of sophisticated bots completing the entire account-opening process without any human intervention. It is fraud on an industrial scale where fraud rates can exceed over 70%.
In 2023, some banks may incur so much fraud that they will suspend their digital acquisition. In fact, we saw this was the case late in 2022 when Discover suspended a new debit card product that was overrun by online fraud rings. Digital Identity proofing will become a staple for any product that has an online application form.
Prediction 4 – Massive Coordinated Cyber and Fraud Attacks Will Emerge As Standard Method
2023 will usher in new massive coordinated fraud attacks designed to exploit a company’s fraud defenses from all angles. The new method, first reported by Karisse Hendrick, erupted during the peak holiday shopping – Black Friday 2022.
Fraudsters and hackers figured out the best way to steal was by disabling the technology the company relies on to prevent it. Multiple attacks on PII fraud solution vendors occurred, causing those systems to become temporarily unavailable, resulting in risky transactions getting approved. Once those systems became disabled, the fraud rings worked closely to exploit any remaining holes they could find in the merchant’s processing systems – shape-shifting their attacks minute by minute until they were successful.
Companies need backup plans and good disaster recovery to protect them from these new shapeshifting fraud attacks.
Prediction 5 – Merchant Fraud Losses Will Spike After New Compelling Evidence Rules Go Into Effect
In April of 2023, Visa will implement new “compelling evidence” rules that greatly restrict a merchant’s ability to dispute cardholder/issuing bank claims of card fraud.
In the original rule, merchants were allowed to provide circumstantial proof that the cardholder was involved in the transaction or that they knew the person involved in the transaction. With the new compelling evidence rule, the bar will be raised considerably. Now merchants can only “win” a fraud chargeback claim if they can prove that the same credit card, cardholder, and either the same IP or device was used at LEAST twice within the last 120 days at the same merchant.
The fact is, the new rule will stack the odds against the merchant for a variety of reasons.
- Most online companies never see the same online customers three times within a 120-day period.
- New customers, not existing customers, make most “friendly fraud” chargebacks.
- Subscription merchants only collect IP/device on the 1st transaction.
- IP addresses for the same consumer can fluctuate between transactions.
In 2023, we predict that these new rules will cause merchant fraud losses to spike this year. This will likely result in more merchants becoming much more restrictive in what they perceive could be “first-party fraud”. This dynamic will likely impact credit card call centers too, since customers will likely call their card issuer to inquire why certain transactions are declined.
Prediction 6 – Insider Fraud Will Drive Up Sim Swaps, Account Takeover, and Refund Fraud
According to GlassDoor, the average base salary of a retail sales associate at a phone store like T-Mobile is $14 an hour. However, if they get a side gig fraudulently swapping 2-3 sim cards for scammers as an insider, they can make more than $1,000 each day. Insider fraud is booming since many retail associates can make money at their otherwise low-paying job.
There are now over 100,000 Telegram Channels dedicated to fraud, with some channels boasting over 10,000 members. With so much competition, many sellers of fraud services are turning to insiders to help differentiate their offerings. Access to insiders, or “Innys,” as they are referred to, can run up to $2,000, and you can openly purchase their services from big companies like Walmart, T-Mobile, AT&T, Verizon, and other major retailers.
In 2023, we predict an increase in insider fraud due to heightened demand for their services. This insider fraud will result in more sim-swapping fraud, more account takeover, more selling of sensitive customer PII, and more exploitation of organizations’ internal fraud and credit policies.
Prediction 7 – New Era In Fraud Fighting Will Pit Machine Against Machine
In 1990, HNC Software launched the first commercially successful AI to fight fraud called Falcon. It marked a huge win for businesses by enlisting machines to fight fraud. For the last 30 years, AI has become a mainstay for businesses proving to be an ultimate weapon for responding to ever-changing fraud attacks.
But in 2022, that all changed. And, unless you have been living under a rock for the last month, you’ve seen firsthand the power of tools like OpenAI’s ChatGPT, which puts state-of-the-art AI right into everyone’s hands.
This year will introduce a new era in fraud-fighting, one which pits good machines against evil machines.
- Scammers will use ChatGPT to send near-perfect phishing emails.
- Fraudsters will leverage AI to create better deep-fake images and videos that can fool anyone.
- Fraudsters will use AI to create their own powerful bots, which will penetrate business defenses.
This is not just the future; it’s already happening right now. Some suspect a group out of Southeast Asia is already using machine learning techniques to attack online retailers. The group, which has been dubbed “The Master Manipulators” by 40+ online retailers, leverages feedback loops of both successful and failed fraud attempts in their attack vectors. They manipulate order details, including IP addresses, Emails, and Physical locations, to improve their odds of success with each order they place.
We predict that 2023 is the year that will pit good machines against evil machines.
Prediction 8 – Regulators Will Push For More Identity Regulations Based SAR Findings
As fraud grows, so do the SAR reports filed by institutions to the government. SAR filings are hitting record numbers, and FinCEN staff are scrutinizing them carefully. As they look closer, they find that almost all SAR filings point to a single problem – Identity Verification.
In 2022 they analyzed over 3 million Suspicious Activity Reports that financial institutions filed in 2021. Their analyses showed that most filings point to breakdowns in the identity verification process—verification, impersonation, and compromise – across all types of SAR filings.
In 2023, regulators will scrutinize SAR filings for identity irregularities even further. SAR’s filings for mules (first-party fraud) and identity theft (third-party fraud) are being intermingled, and innocent people could be implicated. The focus on identity as the key problem that needs to get fixed industry-wide will lead to more regulations that force institutions to resolve identities up-front before fraud is allowed to occur.
Prediction 9 – Recession and Inflation Could Push Fraud-Related Defaults Up As Much As 50%
Face it; we are in an economic downturn. Even the Federal Reserve believes that we are likely headed into a recession in 2023. And inflation only compounds the problems that lenders will face next year.
We only need to look back over history to know that first-party fraud and defaults in credit cards, personal loans, auto loans, and mortgage loans will likely take a big hit this next year. If the recession gets very bad, those lending and credit products could see a 50% increase in first and early payment defaults. In 2009, fraud-related defaults in rose at or above these levels in lending. We could be headed there again.
Recession and inflation are gasoline triggers to First Party Fraud schemes because so many consumers are pushed to the brink and resort to fabrications and fraud to get loans. Since first-party fraud is not categorized or tracked industry-wide, the only way to estimate them is by tracking early defaults or excessive over-limits – both of which spike during recessionary times.
Prediction 10 – Passwordless Authentication Becomes A Reality Finally
Who hates passwords? Raise your hand. ✋. We do too. According to a 2019 Verizon Breach Investigations Report, more than 80% of all data breaches involve the theft of usernames and passwords. And billions of credentials are now freely available on the dark web. A recent survey shows over 15 billion of them, to be exact.
What if we lived in a world where 80% of the data breaches went away? A world where the billions of credential-stuffing attempts were neutralized? A world free of password resets?
The answer to the password fiasco is a new wave of technology that will become mainstream in 2023 – Passwordless Authentication. Ori Eisen, the founder of Trusona and trailblazer of the concept, believes this year is the tipping point for a seismic shift. Over 150 million users now have access to their passwordless authentication option and Gartner says that 30% to 40% of customers have projects to implement passwordless authentication this year. The Trusona solution covers the complete range of passwordless use cases – it works for both workforce (employees) and customers (consumers).
From his perspective, Apple’s release of Passkey in September makes it all possible. Passkey is the company’s implementation of an industry standard designed to remove passwords for online authentication. Earlier this year, Apple, Google and Microsoft joined hands with the FIDO Alliance and the World Wide Web Consortium to remove passwords across the platforms. Now it’s just a matter of getting users to change their behavior.
And Prove is blazing new ground in the passwordless frontier as well. In October, they released Prove Auth, a solution that lets businesses ditch passwords. Prove Auth enables companies to reduce reliance on passwords and one-time passcodes (OTPs) and empowers consumers to frictionlessly authenticate in all channels, including phones, desktops, and call centers, with a solution that is simple and cost-effective.
We predict 2023 will be a groundbreaking year in going passwordless authentication.
What Do You Think? Did We Miss Anything Important?
Predicting what will happen this year is tough. We really do live in a world where things can change on a dime. And who knows, they probably will!
There are a thousand things that will happen that we could have never guessed. I guess that is what makes our jobs as fraud fighters exciting and why we love doing what we do.
Let us know if you have any predictions you think we got wrong. We’d love to hear your perspective. If you think we missed anything, let us know about that too!
Some Parting Thoughts For All You Fraud Fighters As We Head in 2023
As we head into 2023, Maryann, Karisse, and I will leave all of you fraud fighters with some parting thoughts.
Frank – Keep ShapeShifting Yourself And Adapt – Be Open And Don’t Filter Too Much
If fraudsters can shapeshift on a dime, we must do the same as fraud fighters. Don’t get caught in a rut. Don’t assume you know it all – because you don’t anymore. This new era of fraudsters is highly technical and collaborative, and they probably have more resources than you. In 2023, challenge yourself to change how you think about fraud. Move faster. Learn more. Don’t filter too much. Turn over every rock to find the truth.
Mary Ann – Reframe Your Conversations About Fraud This Year
Many organizations create their fraud strategy by asking, “What is our risk appetite”? I don’t think that is a good starting point in today’s world. Rather the organization should ask, “Are we doing all we can to detect and prevent fraud?” Fraud creates headlines every single day. It impacts citizens, governments, businesses, customers, and consumers directly. The only way to win this war is to push back hard on fraud and scams.
Karisse – Don’t Put Your Fraud Strategy on Auto Pilot This Year
With the increasing complexity, organization, & sophistication of online fraudsters, it’s more important than ever not to have your fraud prevention strategy on auto-pilot. Continually measuring new impacts, working closely with & holding accountable all solution provider partners, and communicating the risks and impacts to leadership, are all necessary components of a holistic fraud prevention strategy.
As Gil Rosenthal recently said on a recent episode of the Fraudology podcast, “Mediocre is not an option when the opposition is continually innovating”.
Thank you, everyone! We hope you have an amazing 2023. Thank you for all you do fighting fraud each and every day.