Fight Scams Fraud with a Holistic Approach
The Rise of Scams in Asia Pacific
Australia is one of the hardest-hit countries in the entire APAC region. Australians lost $4.3 million to scams in 2021. That’s an increase of 172 % on the losses reported in the same period in 20201.Fraud is exploding beyond Australia and spreading across the APAC region. It was the fastest-growing criminal activity in China last year. Scam victims in Singapore lost more than $168 million to scammers in the first six months of 2021. That was up from $63.5 million in the same period last year2.
In Japan, fraudsters exploited security weaknesses in NTT Docomo’s mobile e-payment system.
Scammers made more than 120 improper withdrawals from customer’s bank accounts. The fraud amounted to 28.5 million yen (S$334,750)3.
Scammers pulled off one of Thailand’s largest-ever banking scams in October 2021. The criminals stole 130 million baht or $5.3 million. Fraudsters made unauthorized transactions on 40,000 people’s debit and credit cards. These included hundreds of transfers for goods and services from businesses registered overseas. Each transaction was for tiny amounts of around 35-100 baht. Banks did not ask cardholders for password verification because they were low-value transactions. The illegal transactions went undetected by customers and banks.
“We’ve seen scams increasing in the last two years,” observes Samuel Parker, the head of analytics for fraud and identity professional services at LexisNexis® Risk Solutions.
“We’ve seen an uptick in scams in Australia and across Southeast Asian Banks. Our clients are seeing their numbers go from few events to several thousand in a few short months.”
Banks hoping to fight scams know fighting fraud revolves around three things. First, identifying and authenticating the customer. Second, detecting transaction and behavioral anomalies. Third, quickly responding to mitigate risks.
Common Types of Fraud
According to Samuel Parker, LexisNexis® Risk Solutions has seen an uptick in a particular fraud. “We term it “Remote Access Scam”, he said. This is when victims are unwitting participants in their own fraud. There are many examples of this type of scam.“Fraudsters can find out there is a network outage. They discover this through social engineering. Or they find out from a public report by a Telco,” Parker explains, “They start calling people in the suburbs. They say, ‘Sorry for the interruption to your internet service. We know how to make sure it doesn’t happen again. Can we have a remote session to look into your configuration?’ This is a common attack.”
Or scammers trick victims with a pop-up warning on their screen that their computer is at risk. Once victims call the recommended number the scammer gets to work. They convince the victim to open a remote access application such as TeamViewer, and say they need to take control in order to resolve the issue with their computer.
“The scammer persuades the victim to go check their modem,” explains Samuel Parker.
Scammers add recipients to the target’s bank accounts while the victim is away, the scammer leverages the distraction of the modem check to transfer cash out of the victim’s account.
Other types of fraud start with a text. Samuel Bolivar is LexisNexis® Risk Solutions regional director of professional services APAC and estimates he receives about six scam texts a day.“They say, your parcel is ready for delivery, click on this link,” Bolivar observes Swindlers send fake emails in “phishing” expeditions to get bank customers’ credentials. Or they talk unsuspecting victims into buying crypto-currency. The investment appears to appreciate in value super-fast. Problems arise when the victims attempt to cash in their investment. They discover that to get their money back, they have to pay swindlers more.The nature of scams fraud often reflects the country the victim lives in. SMS text scams are common in countries such as India and Indonesia.
Taking Advantage of Victims’ Vulnerability
Conventional wisdom says older people are more likely suffer at the hands of scammers. But they are not the only victims. LexisNexis® Risk Solutions discovered in a recent study that the ages of scam victims arrange themselves in the shape of a letter U.
Fraudsters hit those in their late teens to early ’20s more than the average. Samuel Parker explains, “The younger generations are more tech savvy, but they’re also more naïve.” Covid is contributing to the rising number of scams. Samuel Bolivar said scammers feed on the social isolation and vulnerability of their victims.
“Victims live alone. Victims feel stressed. They want to get rid of problems fast,” offers Bolivar. Scammers may use different strategies, but all their techniques share things in common.
Scammers put victims under the pressure of time in an attempt to rush them into a bad decision. Scammers promise high rewards such as winning lotteries or returns on investments. Fraudsters will sometimes appeal to a victim’s sense of status, with an offer “intended for VIP customers”. Sometimes, they promise to resolve a problem with a victim’s account. The scammer almost always wants to collect personal information. If the target clicks on a link and completes a form, the scammer has what they need to steal the victim’s money.
A Borderless Type of Attack
It was straightforward to see where scammers were calling from in the past. Crime gangs from different countries had their own special scams. Now scams are global and can be undertaken by anyone from anywhere.
In Australia, scam calls appear to come from local phone numbers. The scammers reason that targets in Australia that see a call is coming from Australia are more likely to answer the phone. The call could really be from thousands of miles away. It is simple for fraudsters to cloak their true country of origin.
“A fraudster with a fake email address can create a Skype account and buy a mobile phone number for $5 a month. Then they can make calls from that number,” shares Bolivar, “To avoid call logs, fraudsters delete the account after four weeks and move on to new number.”
A more sophisticated crime gang can buy a block of phone numbers from the Dark Web. These fraudsters then configure a phone server to mask the caller’s home country. “You need to know more about the telco environment to do that,” offers Bolivar, “But it is common.”
A Layered Approach to Fight Scams
Scams fraud is expensive. And not only for the victim. For every dollar of fraud, institutions lose three dollars. That’s once you add associated costs to the fraud loss itself. What can banks do about scams?
Fight Scams Fraud with a Layered Approach
LexisNexis® Risk Solutions use high-end technology in multiple layers to help businesses defend against fraud.
The first layer is digital and identity assessment. This involves using device identification, advanced true ID capabilities, behavioural biometrics and bot identification, among other strategies to identify possible fraudsters.
The second layer focuses on decision analytics. LexisNexis® Risk Solutions collects, aggregates and analyses data to detect and mitigate cyberthreats.
The third layer supports optimum authentication, including the use of one-time passwords and behaviour capabilities that can cause almost no friction to the customer’s interaction. We also offer solutions for fraud investigations, supporting the ability to examine compromised accounts and systems accessed by an attacker to potentially discover how an attacker breached fraud defenses and enabling businesses to collect evidence around the intruder’s profile.
Technology is a crucial pillar to fighting fraud, yet other layers need to be added for intercepting complex fraud attempts like scams.
LexisNexis® Risk Solutions uses a holistic approach, including internal processes and customer education, to fight scams. Our guide shares insights on 5 ways banks in the Asia Pacific region can beat scammers today.
1. Look at all customer behaviour
Banks need visibility across the whole customer journey.
That means everything the customer does. It can go from account registration to login to all the customer’s internet banking. It includes adding new beneficiaries, making transfers, payments and changing email addresses.
“If you have visibility into all touch-points, you can set rules. You can build context for a customer’s actions. What is the typical login pattern for this customer?,” shares Samuel Parker. Fraudsters coach victims through the scam process. Victims are told to do things on their device. This means their behaviour changes. They may start using the loudspeaker. They may leave their smartphone flat on the table while they do things on the banking app. The victim could put down and pick up their phone over a longer-than-usual session on a banking app. These kinds of behavioural signals suggest a customer is being scammed. LexisNexis® BehavioSec® is one of our newest products.
“Looking at an interaction in isolation is going to help detect fraud. You can catch even more fraud when you leverage wider visibility and context,” offers Samuel Parker.
2. Look at changes over time
LexisNexis® ThreatMetrix® can help a bank identify anomalies in traditional customer behaviour over time.
“We can look at historical information,” says Samuel Parker, “The payment the customer made this week is twice the normal payment over the last four months. Or we see 10 different logins in the last two minutes from 10 different devices. These could all signal a potential attack.”
3. Predict what’s coming next
Banks can better predict what could be an attack in the future by leveraging analytics.
“LexisNexis® Risk Solutions builds machine learning models to detect fraudulent activity,” says Sam Parker, “A significant effort goes into coming up with ways to identify trusted behaviours. Then we can look across all our data and see how behaviours deviate. Then we can catch the next attack.”
“Leveraging analytics helps businesses stay ready to see something that they haven’t seen before and proactively recognize a threat,” explains Samuel Bolivar.
4. Educate customers
Not all solutions are based in technology. Banks must tell customers what to expect and remind their customers of typical protocols, such as not calling customers to ask for personal details. Samuel Bolivar sums up this point, “Customers should have a level of awareness that if someone calls asking for log-ins, hang up. It’s a continuous educational communication effort on the part of the financial institution.”
5. Make fraud the priority
Fraud matters. Banks do not want to be in headlines about fraud attacks where their customers are victims. Customers leave banks with reputational damage. Banks offering secure and speedy digital experiences improve customer engagement and increase opportunities for sustainable success.
Customers hold banks that perform well in fraud in high regard. Customers trust them.
“Trust is a word that you cannot measure in numbers,” Samuel Bolivar outlines, “It’s a feeling. That’s important for everyone.”
Find out more about how our solutions can help you proactively intercept scams before they impact your organization and your customers.
Sources:
1. https://www.accc.gov.au/media-release/losses-reported-to-scamwatch-exceed-211-million-phone-scams-exploding
2. https://www.straitstimes.com/singapore/courts-crime/168-million-lost-to-scammers-in-first-half-of-2021-overall-crime-up-by-112
3. https://www.straitstimes.com/asia/covid-19-pandemic-a-trigger-for-bank-scam-epidemic