Rethinking financial fraud

When consumers fall victim to fraud, businesses act quickly, securing accounts, communicating clearly, and determining liability. If fraud is found, businesses refund the customer, cover any associated fees, and set up new accounts. The Payments Systems Regulator reports 84% of consumers are reimbursed within five days.

 

Yet when businesses fall victim to instances of fraud, nobody acts quickly. Friendly fraud, return fraud, chargeback abuse, wardrobing, synthetic identity, and receipt manipulation; the result is always a net negative for a business.

 

Some see insurers, card acquirers, networks, or banks cover losses. Yet, as it is a steep process compared to the relatively small loss of individual acts, businesses usually chalk fraud up as ‘acceptable’ losses. According to the National Crime Agency, 86% of fraud goes unreported. Today, at a global level, it’s considered a part of everyday operations. However, one successful fraud after another quickly results in a deficit that damages whole economies. UK Finance’s 2024 report stated businesses lost £1.14 billion to fraud in 2024.

 

 

Step 1: Understanding Innovations in financial crime

Cifas, the UK’s leading fraud prevention service, revealed a staggering 421,000 cases filed to the National Fraud Database (NFD) in 2024. It’s a 13% Y-on-Y increase and the highest number on record.

 

With powerful, easily accessible technology in the hands of nefarious actors, methods are evolving. It’s a key reason why we must act now.

 

An extreme, yet relevant example lies in AI deepfakes, which fall under Authorised Push Payment (APP) fraud, whereby a criminal tricks an individual, usually by posing as somebody familiar or authorised to request payment. Businesses have created specific training, identification systems, and adopted Multi-Factor-Authentication (MFA) to defend against AI-based attacks looking to con employees or bypass biometric recognition tests. But that is not not enough on its own.

 

The Arup HK incident is most famous - a finance employee sent in excess of +20million to a fraudster’s bank account after joining a virtual call of senior advisors. The advisors were, in reality, clever fraudsters using deepfake video technology.

 

It’s not the only way fraudsters are diversifying. Across cyber, financial, and retail fraud, the list of emerging threats grows each day. Current collaboration in the payments and financial crime prevention fields leaves much to be desired, and it starts with ineffective data.

 

 

Step 2: Moving data from siloes to synergy

The Economic Crime Survey of 2024 reports over one in four (27%) UK businesses - almost 400,000 - reported an incident of fraud in the last 12 months. Systems might be in place to prevent fraud, but siloes and little collaboration means we don’t know where attempts are coming from or how they’re going to work.

 

The truth is, business data is underutilised and fragmented. Identifying fraudster patterns when operations are siloed with no centralised fraud detection protocol is near impossible. Payment data goes into one system. Returns to another. Customer loyalty has its own place. And support information does, too. How can a business accurately identify when fraud is taking place, let alone defend against it?

 

Let’s look at a decentralised franchise falling victim to receipt fraud as an example. What’s to stop a fraudster from visiting as many franchised shops as possible in a day’s travel, and receiving refunds at all of them? Separate systems won’t flag to other stores that a threat before it’s too late.

 

This is a micro example. Now imagine the dynamic on a scale that covers whole sectors and entire continents. This is our current approach to prevention. Not just internationally, but nationally, regionally, even in the same building. We are not working together to combat fraud.

 

 

Step 3: The wider focus

A business can strive for 360-degree protection, but without combined might, fraud will persist.

 

Every business has neglected pools of data they rarely share with partners and competitors. Back to Arup HK. It’s fair to assume the deepfake scam was not successful on the first attempt. What if a separate business caught and defended against the scam and flagged its presence via a centralised database? Would the attack still have been successful?

 

With the right approach to data sharing, there’s a higher chance of mitigating fraud before it occurs. Historical data can predict when and how fraud will be attempted and to whom. There’s also the opportunity to flag fraud attempts to entire networks in real-time, enabling routes to faster preventative action. Through this transparency, the sector adopts a proactive approach.

 

It also enables authorities to gather more evidence to pursue appropriate punishment, and allow businesses and financial operators with more accurate grounds to sanction criminals.

 

Industry agreement and effort will be a step by step process. We’ll need to ensure that customer protection and data security remain an absolute priority. But I’m here to say it is not impossible. It’s time we think about how the sheep can start hunting the wolves.

 

---

 

Hugo Remi is CEO at Cardaq

 

Main image courtesy of iStockPhoto.com and Duncan_Andison