Increased digitization, increased fraud risk
While digitization was already making strong progress in many sectors, the COVID-19 pandemic accelerated its adoption for every sector and each consumer out of necessity. While the mass acceptance enabled most of the world to continue business as usual in some form, it opened up the doors to much greater fraud risk as tech was hastily put together for function but security was left behind on the priority list. Today, while security is slowly catching up, it’s time that businesses help customers become fully aware of the risks and steps to reduce it that’s possible on their end.
Digitization show no signs of slowing down
We are firmly in the era of digital as more becomes available online; we’ve gone beyond shopping and into the realms of learning, work, entertainment, socialising and even well-being and health. While the pandemic pushed this into sixth gear, the world has remained with the foot on the pedal with no signs of slowing down as heavier focus is placed on the digital experience for better customer experience. We need only look at recent initial ventures across the world into central bank digital currencies (CBDCs) and the rise of blockchain and the metaverse to realise the reach and direction the digital space is all going in.
Much of the fuel behind digitization today lies in fintech and personal finance offerings as they serve as the critical connection between other apps - without money and personally identifiable information available online, other apps can’t be accessed nor items paid for or validated. In 2021, VCs invested $133bn into fintech startups worldwide while by end-2025, digital transformation spend is forecasted at $2.8tn - a 56% increase from 2022’s projection. The sector is indeed only increasing and becoming more prominent.
The inevitable fraud that follows
Sadly, whenever technology advances to create more accessibility, efficiency and productivity, security risks also advance. Bad actors and malicious attackers are always aware of the latest tech, the holes in its infrastructure and the best way to infiltrate to steal data, attack businesses and commit identity fraud for personal gain.
The year to September 2021 saw 5.1mn fraud offences in the UK, a 36% y-o-y increase. This included a large increase within consumer and retail fraud. (Source: ONS)
As the fintech sector has grown at exponential rates, fraud costs are hitting new records. The UK’s Justice Committee announced that consumers were scammed out of a record £1.3bn last year alone. One of the reasons for rising fraud comes down to the very benefits that new fintech offers - more efficient and seamless customer experiences, with faster decision making and payments. It would seem that as behaviours change, more blind spots are being created for the user.
Educating customers on fraud risk
While there are technological methods to help minimise the risk of fraud, fighting it must start with educating customers so that measures and necessary behaviour changes are fully understood and so well-practised they become second nature.
For the most part today, consumers are aware of dodgy email addresses and peculiar or unexpected messages requesting banking information but there is a lack of awareness on the newest trends in fraudulent behaviour. Educating customers on the new angles that bad actors are using today, and keeping them abreast of new methods as they are discovered, is key.
For example, as One-Time Passcodes (OTP) are commonplace via SMS for all financial institutions and Fintechs, they are therefore expected and considered safe in the user flow; however, this is fast becoming a high-risk method of authentication. Fraudulent activity like SIM swapping, which entails acquiring a user’s mobile number for OTPs, means the previously most secure method has fast become one of the least.
Another new activity is account pre-hijacking, which shows how far ahead fraudsters think and take action. By using a valid and live email address, hackers will use it to create accounts on a platform or with a company before the email’s true owner has. The account is only valuable once personal information and payment data is entered, however the hacker would be alerted once they’re added and can begin using them. There are continuously new and creative ways for fraud to take place, which customers need to be aware of so they can take extra precaution around their personal data and management of it.
Another element to educate customers on is that the more apps they use, the more risk they’re exposed to. As nearly everything in our day-to-day is digital, the reliance and even unconscious use of our apps is growing meaning that things can easily slip through the net. Having customers aware of this seemingly obvious fact will help them to question some out-of-the-ordinary steps or unfamiliar interfaces they come across, and it may also encourage them to engage with fewer apps so that tracking is made easier should there be any suspicious activity.
Best practices to help mitigate fraud risk
For fintechs, alongside ensuring a continuous educational journey for your customers, there are best practices you can implement to reduce the risk of fraud and its effects on your business and your customers.
Multi-Factor Authentication (MFA) is widely acknowledged as a basic requirement now, however it’s worth regularly questioning whether there are enough methods within your process and if they are the best ones available. Passwordless authentication is far stronger today than even the automatically and randomly created ones, whether this is through biometric authentication or a piece of hardware that authenticates.
Additional authentication can also look like adding challenge flows in other parts of the customer journey that step-up the authentication altogether.
Data enrichment for better behaviour analysis
Data should be utilised in its fullest in order to get the best idea of your customers, individually and collectively. Going beyond the standard data entered when the customer signed up, other data points should be included in your collection such as their IP address, device, and most common merchants used. The fuller the picture, the more in-depth behaviour analysis can take place so you remain ahead of any risk and fully in the know.
While you can see the red light flash indicating a risk, it will quickly become near impossible to adequately address or understand all of the issues presented. Here is where risk scoring comes in.
With the help of better knowing your customer’s behaviour, risk scoring not only helps to prioritise the alerts that flash up but also adds to the customer’s data record helping to inform you of their risk profile. For example, if it is the same time once a month that their risk score increases, you can review any changes in their behaviour or external factors and implement additional authentication measures during these times.