The pandemic is increasing the risk of fraud, but biometrics can help
In this interview, the first in a two-part series, Simon Marchand, Chief Fraud Prevention Officer at Nuance Communications, discusses the challenges to combatting fraud in the era of Covid-19 and how biometrics can help.
Dawn Bushaus21 Oct 2021
Sponsored by:
The pandemic is increasing the risk of fraud, but biometrics can help
In this interview, the first in a two-part series, Simon Marchand, Chief Fraud Prevention Officer at Nuance Communications, discusses the challenges to combatting fraud, including how the Covid-19 pandemic has resulted in new risks, and how biometrics technology can help. In the second interview, Marchand will discuss the effects of fraud on organizations and how telcos can monetize identity services.
Tell us about the kind of work you are doing.
As Chief Fraud Prevention Officer my role is multifaceted. Today, fraudsters are able to target a greater number of people in one sitting, target the vulnerable with more finite precision, and come up with new ways to defraud companies and consumers as new technologies and new ways of connecting emerge. My job is to ensure that Nuance’s products are aligned with the various industries we serve by understanding the different ways fraudsters could target companies and their customers.
Tell us about the kind of work you are doing.
As Chief Fraud Prevention Officer my role is multifaceted. Today, fraudsters are able to target a greater number of people in one sitting, target the vulnerable with more finite precision, and come up with new ways to defraud companies and consumers as new technologies and new ways of connecting emerge. My job is to ensure that Nuance’s products are aligned with the various industries we serve by understanding the different ways fraudsters could target companies and their customers.
In addition, concerns surrounding privacy and data protection are often at odds with the steps many organizations take to prevent fraud. Biometric technology, such as the kind Nuance incorporates, increasingly is helping firms to confirm users’ identities. So, part of my job is to make sure we reinforce the importance of guaranteeing the ethical use of biometric data.
How have fraudulent activities evolved over the years, and what kind of new trends are you seeing?
Ten years ago, fraudsters focused mostly on “skimming” credit cards and using them to withdraw money, but when chip and PIN cards were deployed they had to reinvent themselves. At the same time cryptocurrencies were emerging while dark web marketplaces were being established. All of this meant that fraudsters facilitated the move from payment fraud to identity fraud and data breaches.
Fraud wasn’t artisanal anymore, with single individuals or small groups cloning cards and withdrawing money. Dark web marketplaces and cryptocurrencies accelerated the appearance of a more complex and resilient criminal supply chain. Highly skilled and specialized groups can now collaborate without having to establish a direct relationship. Some will extract data; others will purchase it; and others will broker the deal – all behind the relative anonymity of cryptocurrency payments. In short, fraudsters became better organized and professionalized their activity.
How has fraud changed as a result of the Covid-19 pandemic?
We have seen rapid and successive changes in attack vectors, from subscription fraud and account takeovers to PBX hacking against small and medium businesses. Covid-19 has prevented fraudsters from scamming free phones in-store using fake identities, so instead they have taken over phone accounts and subsequently bank accounts by impersonating customers through other channels. SIM swaps – changing the SIM card associated with a person’s phone number – have increased significantly.
Eventually, fraudsters shifted their focus to government programs. Whether unemployment programs or special Covid-19 relief payments, they exploited the vulnerability of dated identification and authentication methods within governments. This lead to an all-time high in identity theft cases in the US, for example. It not only highlighted the need for more modern security measures within governments, but also the need for stronger national identities, digital ones – allowing essential services to be provided remotely – and paired with biometric factors.
Moving customer service agents to a home environment has also resulted in new risks including social engineering and internal fraud. At home, agents have less support and supervision which opens them to pressure from fraudsters. It is also difficult for companies to enforce “clean desk” policies.
These new risks are concerning because the economic consequences of the pandemic will continue to put financial pressure on households. Pressure paired with opportunity is a dangerous cocktail for internal fraud. Loyal employees could start to leak or use information. We saw it in 2008 after the subprime mortgage crisis, and we expect to see it again. This is why we are starting to discuss how to apply biometrics not only to identify fraudsters and authenticate customers, but also to identify employees.
Have there been changes in how fraud is prosecuted?
Our technology is helping to change how enterprises handle fraud. We can use biometrics information to tie dozens or hundreds of fraud cases to a single person or group. This helps tremendously with successful prosecutions. Instead of opening a case and closing it every time an attack happens, organizations can utilize the data from all victims and attacks to tie them to a very small group of individuals. They can then go to law enforcement and say, “Hey look, I have $500,000 of losses tied to 500 victims, and it’s this fraudster.” Then cases become worth prosecuting.
As a result, we are seeing an increase in prosecutions. Many law enforcement agencies around the world, including the FBI in the US and the RCMP in Canada, are using our technology. So, we are starting to see more and more awareness and understanding of biometric technology and how it can be used in the forensics process. When fraud teams use technology that is trusted by law enforcement, it opens new opportunities to address threats as a global issue, not just an internal one.
Lawmakers, politicians and law enforcement agencies are starting to pay attention to identity theft and the damage it causes to society. That awareness is positive for all and should pave the way for organizations’ fraud teams to take a more active role in stopping fraud globally.
How have fraudulent activities evolved over the years, and what kind of new trends are you seeing?
Ten years ago, fraudsters focused mostly on “skimming” credit cards and using them to withdraw money, but when chip and PIN cards were deployed they had to reinvent themselves. At the same time cryptocurrencies were emerging while dark web marketplaces were being established. All of this meant that fraudsters facilitated the move from payment fraud to identity fraud and data breaches.
Fraud wasn’t artisanal anymore, with single individuals or small groups cloning cards and withdrawing money. Dark web marketplaces and cryptocurrencies accelerated the appearance of a more complex and resilient criminal supply chain. Highly skilled and specialized groups can now collaborate without having to establish a direct relationship. Some will extract data; others will purchase it; and others will broker the deal – all behind the relative anonymity of cryptocurrency payments. In short, fraudsters became better organized and professionalized their activity.
How has fraud changed as a result of the Covid-19 pandemic?
We have seen rapid and successive changes in attack vectors, from subscription fraud and account takeovers to PBX hacking against small and medium businesses. Covid-19 has prevented fraudsters from scamming free phones in-store using fake identities, so instead they have taken over phone accounts and subsequently bank accounts by impersonating customers through other channels. SIM swaps – changing the SIM card associated with a person’s phone number – have increased significantly.
Eventually, fraudsters shifted their focus to government programs. Whether unemployment programs or special Covid-19 relief payments, they exploited the vulnerability of dated identification and authentication methods within governments. This lead to an all-time high in identity theft cases in the US, for example. It not only highlighted the need for more modern security measures within governments, but also the need for stronger national identities, digital ones – allowing essential services to be provided remotely – and paired with biometric factors.
Moving customer service agents to a home environment has also resulted in new risks including social engineering and internal fraud. At home, agents have less support and supervision which opens them to pressure from fraudsters. It is also difficult for companies to enforce “clean desk” policies.
These new risks are concerning because the economic consequences of the pandemic will continue to put financial pressure on households. Pressure paired with opportunity is a dangerous cocktail for internal fraud. Loyal employees could start to leak or use information. We saw it in 2008 after the subprime mortgage crisis, and we expect to see it again. This is why we are starting to discuss how to apply biometrics not only to identify fraudsters and authenticate customers, but also to identify employees.
Have there been changes in how fraud is prosecuted?
Our technology is helping to change how enterprises handle fraud. We can use biometrics information to tie dozens or hundreds of fraud cases to a single person or group. This helps tremendously with successful prosecutions. Instead of opening a case and closing it every time an attack happens, organizations can utilize the data from all victims and attacks to tie them to a very small group of individuals. They can then go to law enforcement and say, “Hey look, I have $500,000 of losses tied to 500 victims, and it’s this fraudster.” Then cases become worth prosecuting.
As a result, we are seeing an increase in prosecutions. Many law enforcement agencies around the world, including the FBI in the US and the RCMP in Canada, are using our technology. So, we are starting to see more and more awareness and understanding of biometric technology and how it can be used in the forensics process. When fraud teams use technology that is trusted by law enforcement, it opens new opportunities to address threats as a global issue, not just an internal one.
Lawmakers, politicians and law enforcement agencies are starting to pay attention to identity theft and the damage it causes to society. That awareness is positive for all and should pave the way for organizations’ fraud teams to take a more active role in stopping fraud globally.
