In this month’s Digital Fraud Tracker®, Darren Beyer, chief product and strategy officer at Qolo, tells PYMNTS about the year’s most pressing fraud threats and why he thinks technology deployed in layers is the best way to stay protected.
—
Fraudsters target companies of all sizes and in all industries, taking every chance they can get to steal funds or data.
There are countless techniques at play, ranging from technologically advanced tactics such as botnets to old-fashioned methods that prey on users’ unawareness, including confidence schemes and phishing. Beyer pointed out that one of the most dangerous methods, account takeovers, is currently on the decline in favor of alternative methods.
“Account takeovers are a little bit [rarer] than people think because it takes a lot to get in there,” he said. “Right now [the most common] scenarios are phishing: posing as officials and asking victims to make payments. The problem now is that victims use faster payments or [automated clearing house (ACH) services], which don’t have the same level of controls or consumer protection as using your card does, such as chargeback rights.”
Bad actors have varying targets when it comes to their fraud techniques, but it ultimately boils down to stealing money.
While some bad actors attempt to gain direct access to bank accounts, others try to steal personal data such as passwords, usernames and Social Security numbers with the intent to sell this data to other bad actors who will then use it to profit.
“At the end of the day, the fraudsters always want to get access to the underlying funds; otherwise, what is data worth to them?” he said. “You can sell an identity and get paid for that, but ultimately, someone on the other end of that identity is going to monetize it. We saw this happen a lot during the pandemic.”
Technology deployed in layers is the best way to protect against digital fraud.
One of the most important steps is verifying that customers are who they say they are via know your customer (KYC) protocols and biometric or behavioral verification. This must be augmented by behind-the-scenes analysis, however, to catch bad actors who make it past the first layer of security.
“Once you identify a definitively fraudulent account, then you can take a look at all the data elements — addresses, phone numbers, emails and names — and you look not just at the program that was being attacked but across the entire system,” he said. “And once you find another account that uses the same phone number, or another one that uses the same email address, then you can use AI and machine learning to determine if those are fraudulent.”