Top fraud trends in 2023

How to prepare for growing threats, manage fraud costs, and make the business case for better fraud prevention tools

In our Annual State of Fraud Benchmark Report, Alloy surveyed over 250 executives, product teams, fraud fighters, and other professionals across regional banks, community banks, enterprise banks, and fintechs. Recently, Tommy Nicholas, the co-founder and CEO of Alloy, got together with Mike Cook, VP of Fraud Commercialization at Socure, and Mitul Parmar, VP of Product & Strategy at NeuroID, to talk through the report’s findings and which fraud trends they’re paying close attention to this year. (Hint: you’re going to want to beef up your fraud prevention…soon.)

The trio also discussed how banks and fintechs can clearly identify the types of fraud they’re experiencing and outlined better ways organizations can make a business case for the anti-fraud tools they need to fight the good fight.

Watch the full webinar and read through highlights from their conversation below.

Fraud rates are on the rise

There was a dramatic rise in fraud attacks in 2022:

• 91% of banks and fintechs reported an increase in fraud rates

• 63% lost over $500,000 to fraud during the same year

• 67% of respondents reported that over half their workforce is working on fraud-related activities

When you consider all the ways that banks and fintechs are continuing to implement more fraud solutions, it’s a real reality check to hear they’re losing more money, even though they’re catching more potential fraud with increased measures. The reason? Fraud has shifted, changed, and become harder to stop. Fraudsters are getting better at what they do, they have more resources, and they have better technology.

The rise of COVID-19 compounded the problem. Consumers organically moved to more online and mobile transactions, and this steep push toward digital experiences created a wider playing field for fraudsters. Anytime there’s a big, dramatic technology trend or shift, fraudsters will take advantage and attack. Now, they’re not only smarter, but they have more opportunities than ever before, and certain economic factors are contributing to the increase.

Increase in first-party fraud

The economic downturn that followed COVID-19’s height opened the door to more incidents of first-party fraud in particular, which has increased more over the last two years than any previous time period. It now accounts for 27% of onboarding applications, according to Experian.

Experts suggest that this trend is attributable to COVID, which exposed the gaps in identity verification when fraudsters started taking advantage of government funds during the pandemic. In the wake of this deception, it may have reduced the stigma of first-party fraud overall. Consumers feel less hesitant about taking advantage of lenders when they’re facing an economic downturn or shaky financial circumstances, and have less to lose.

The pressure for fintechs to grow

Many earlier-stage fintechs tend to focus on account takeover to keep their existing consumer base safe, secure, and happy, and get weary of any fraud prevention strategies that might slow down the onboarding process.

The focus on growth also throws off the consumer base balance. Because many fintechs like neobanks or lending products focus on hypergrowth, and tend to be newer companies, they frequently onboard new consumers. These new customers make up the main percentage of their entire base. Compared to larger institutions that have been around longer — that actually are onboarding more consumers, but at a smaller percentage rate in comparison to their entire customer base — fintechs have a higher vulnerability to new account fraud incidents. They might not be reviewing identities as carefully when they’re racing to meet growth goals.

Fraudsters have grown in patience and numbers

Whether it’s an individual, an organized crime ring, or a nation-state, today’s fraudsters are bolstered by better funding and stronger technology. Meanwhile, a lot of the same technological advancements in fraud prevention — automated testing suites, machine learning, natural language processing, robo dialing, and even social media — actually help fraudsters commit fraud as well. So, you have a larger number of bad actors with good technology, malicious intent, and more attack vectors than ever before.

Fraudsters can also afford to be more patient. They’ll build a record of credit activity for up to 18 months at a time using synthetic identities. Suddenly, a “consumer” that’s kept their average account balance below $4,000 for over a year will attack. The attack can cost upwards of $90,000, which isn’t an amount most fintechs can afford to lose, and it’s an amount banks certainly can’t lose without a lot of questions being asked.

The business case for fraud prevention

Again, 70% of respondents in Alloy’s benchmark report said they lost at least $500,000 in fraud, and 27% reported losses of over $1 million due to fraud. Keep in mind, these estimates only represent fraudulent transactions where banks and fintechs experienced monetary loss. They don’t represent the hidden cost of fraud, and they don’t represent the overall exposure to fraud in instances when the loss was averted.

You still have to consider the total amount of potential fraud losses an organization was exposed to, or the fraudsters who’ve made it through the application funnel and haven’t acted fraudulently — yet.

If those numbers alone don’t move you, consider all the different costs of fraud and the upcoming regulations that could increase those costs exponentially.

Fraud costs are vast

Fraud costs aren’t solely monetary. They span a wide range. Sure, fraud attacks result in direct financial loss and/or the continued loss of funds over time, but they can also cause:

• Reputational damage

• Legal repercussions

• The loss of good customers

• Regulatory penalties

And the fact is, different stakeholders view potential fraud costs through very different lenses based on the context, incentives, directives, and day-to-day tasks. For example, executives reported being way more focused on reputational damage and loss of consumers. But for other roles on the front lines, those held responsible for fraud incidents, they’re still most concerned with direct financial losses. Due to the differences in their priorities, there is an opportunity to strengthen the connection between the C-suite and the teams fighting the fraud.

Prevent fraud while you optimize the consumer experience

When you make a business case for fraud prevention, it’s important to understand which audience you’re addressing and what priority speaks to them the most. Imagine you’re a fraud manager tasked with getting a high return on investment (ROI) for any outside vendors you’re using to fight fraud. Phrase your argument in terms of the number of consumers put at risk without fraud prevention software, the possible costs of fraud, and the potential of reputational and regulatory damage, so the C-suite will be more convinced, get on the same page, and give you the tools you really need.

For example, while traditional identity verification methods are time-consuming and cause customer friction, robust fraud prevention software — like an Identity Risk Solution — brings multiple data sources together for a single, complete view of a customer and offers a better way to prevent fraud without added friction. It provides a clear view of your customers’ activity with a centralized view. A strong identity risk solution leverages the broadest network of fraud signals, enabling banks and fintechs to detect and action on fraud and compliance in real-time.

If the C-suite is hesitant to make the spend, stress the potential increase of revenue, but don’t forget to discuss increased consumer satisfaction and reduced churn. Help them see that fraud prevention is part of optimizing the consumer experience.

New regulations on the horizon

While banks and fintechs currently aren’t required to cover every loss from a legal standpoint, new regulations are likely coming. If and when they do, a significant dollar loss will hit banks and fintechs in late 2023 or early 2024.

When this happens, it’s going to be best to cushion the blow. Investing in a solution that allows you to future-proof — and boost your fraud prevention strategies sooner rather than later — allows you to remain flexible and change when new regulatory guidelines arise.

Why is it important to correctly identify types of fraud?

When fraud isn’t identified correctly, it affects the quality of your data. If banks and fintechs want to build their own identity risk solutions, and the assigned tags or categories aren’t correct, they will mislabel fraud, get murky results, and miss potential attacks. It's important to be aware of the quality of the data being used, and proper fraud identification is crucial for strong fraud prevention.

For example, synthetic fraud is difficult to identify and will often be tagged as first-party fraud or credit loss, so banks and fintechs can’t take the necessary steps to prevent it in the future. Not to mention, if there isn’t a legitimate person to repay the loan, then you have to eat the cost.

Other fraud trends to keep your eye on

To help you better identify the types of fraud your organization might be most vulnerable to in the future, we’ve provided our watchlist for the rest of 2023 below. We will keep an extra close eye on these trends as the year progresses.

1. Increased online access to PII leads to more synthetic fraud

Synthetic fraud is difficult to detect because the fraudster uses real people’s information on a fake application. They create the synthetic identity using a real social security number with a false name, or a false social security number with a real name, to make the application appear legit.

With the amount of personally identifiable information (PII) floating around on the dark web, it’s not difficult to get consumer A's name and date of birth, then pair it with consumer B's social security number to combine a variety of different identities and defraud a bank or fintech.

2. Increased use of P2P services leads to more money muling

Money muling is a type of second-party fraud where an individual is recruited, often unknowingly, to transfer stolen money or illegal funds between bank accounts in exchange for a commission. It’s used for money laundering because moving funds through many accounts makes it more difficult to trace. The individuals aren’t always aware of the criminal activity, having been persuaded through false job offers or online scams.

Money muling is also used in conjunction with other types of fraud like account takeover and identity theft. In many cases, fraudsters will use stolen bank account or credit card information to make fraudulent purchases or transfer money to a money mule's account. The money mule will then be instructed to withdraw the funds and transfer them in multiple ways, for example, via wire transfers or cryptocurrency on the blockchain.

Now that decentralized peer-to-peer (P2P) services are more popular and widely used, fraudsters will collude together to disperse payments across these services even faster without raising suspicion.

3. Increased use of AI tools leads to more business email compromise

Business email compromise is a type of third-party fraud conducted through a social-engineering scam. A fraudster hacks into a company's email system or network, then uses the access to impersonate an executive or employee to trick others into making fraudulent transactions or revealing sensitive information. These attacks are sophisticated, convincing, and very manipulative.

They can cost significant financial damage. In 2019, a European subsidiary of Toyota lost $37 million when hackers posed as a business partner of the company and convinced an employee in the finance department to send the payment.

Today, fraudsters use AI-based impersonation tools to effectively enhance the quality of their communications. They’ll instruct the AI tools to utilize natural language processing and machine learning to analyze the target’s email communications and identify patterns that closely mimic their language and tone. Then, fraudsters will incorporate those patterns into their communications to trick legitimate executives.

As fraudsters produce more targeted, sophisticated attacks — and the importance of correctly identifying fraud continues to grow — building a better business case for fraud prevention is key to maintaining a good consumer experience. If you want your growth and proactive investments and strategies to continue, you must stay one step ahead.