Why Fintech Needs to Brace Against Scammers as Fraud Levels Spike

The uptick in digital fraud has led to increased demand for regulations and record-setting fraud busts. In recent months, the U.S. has taken steps to ensure the safety of alternative payment options for businesses and consumers, including increased focus and guidance around BNPL and crypto.

Last Updated: August 18, 2022

In this article, Sift trust and safety architect, Jane Lee, discusses the uptick of fraud in the fintech sector, how fintech fraud is evolving, and how businesses can best combat increasingly sophisticated fraud tactics. 

Fintech is revolutionizing payments and digital commerce, and fraudsters are evolving right alongside. From fundraising scams targeting donation campaigns for Ukraine to crypto dating cons and buy-now-pay-later (BNPL) exploits on messaging apps like Telegram, businesses and consumers are bearing the brunt of cybercriminals’ ever-changing, manipulative tactics. 

As the industry continues to attract huge profits, fraudsters are increasingly targeting emerging and expanded payment methods. From 2020-2021, digital wallets faced a 200% surgeOpens a new window in payment fraud while crypto exchanges saw a 140% increase.

The uptick in digital fraud has led to increased demand for regulations and record-setting fraud busts. In recent months, the U.S. has taken steps to ensure the safety of alternative payment options for businesses and consumers, including increased focus and guidance around BNPL and crypto.

However, as history has taught us, even when regulations are implemented – they’re not a silver bullet. To stop fraud from getting worse across the fintech market, leaders need to understand why it’s surging and why now is the time to take action. 

Fintech Fraud is Ballooning

In 2021, payment fraud attack rates skyrocketed 70%Opens a new window across fintech. So, why has this cutting-edge technology sector been hit so hard?

The simple truth is no industry is safe from fraud. Cybercriminals know that consumers and businesses unfamiliar with new services are prime targets for exploitation. That’s why they’ve evolved their tactics to keep up with changing trends and remain omnipresent in the market. 

  • Account takeover attacks in the age of automation: Larger, faster and more devastating fraud attacks are happening online due to cybercriminals leveraging automation. Fraudsters are no longer going after one target at a time to scale. Instead, they’re now implementing bots, scripts and malicious software to eliminate the grunt work and increase the scale of their cons to do more damage in less time.

    Cybercriminals use automation to execute more sophisticated account takeover (ATO) attacks. Through credential stuffing, they use scripts to input thousands of stolen usernames and passwords into websites to gain access to a large number of accounts in a short timeframe. Fraudsters also use high-touch manual attacks, such as spear phishing, to execute ATOs. Through this method, they send scams and spam through a known user account to trick targeted individuals into sharing sensitive information, such as usernames and other credentials. The volume and sophistication at which fraudsters can execute these schemes often overwhelm businesses, making it challenging – sometimes impossible – to defend against these types of attacks.
  • The explosion of fraud-as-a-service: With nearly every facet of our lives turned digital, it only makes sense that fraud marketplaces have also turned digital. The fraud market thrives within Deep and Dark Web forums, where fraudsters provide fraud-as-a-service to other cybercriminals who may not necessarily share the same skillset.

Fraudsters operate legitimate service-based businesses with their “as-a-service” approaches. In these cases, cybercriminals deliver discounted goods and services by marketing their deals in the digital underground, using stolen accounts and personal information to illicitly purchase discounted goods or services – such as food deliveries, travel deals, and much more.

For example, our research team discovered a BNPL Telegram scheme where fraudsters were offering, for a fee, a variety of ways to commit BNPL scams, whereby individuals purchase invalid credit card information and use it to make fraudulent BNPL purchases utilizing a provider that does not do a payment authorization at checkout, leaving the providers at a loss. More recently, this activity has expanded beyond Dark Web forums into secure messaging apps, like Telegram, which allows cybercriminals to target a wider audience. These apps’ privacy enables fraudsters to conduct their business with little retribution.

This move highlights a fundamental shift in the Fraud Economy – the self-supported ecosystem that paves the way for repeated fraud. It no longer takes a group of state-sponsored hackers with years of experience to take down a business. Small but frequent attacks can now come from the average Joe, who can now easily access and purchase information to commit fraud online, ultimately impacting businesses’ bottom line. The volume at which fraudsters can execute these attacks often overwhelms companies making them challenging to defend against. Unfortunately, it’s nearly impossible for fraud teams to keep up with the underground chatter, so they need to ensure the right strategies are in place to mitigate exposure on their own platforms.

See More: Is Cybersecurity the Biggest Challenge for Today’s Fintech Companies?

How to Combat Sophisticated Fraud

While regulators and consumers keep watching the fintech industry, there’s no doubt that fraudsters will continue to target the market due to its growth potential. Luckily, fintech isn’t the first to deal with the rise of transactions and a corresponding rise in fraud. They can leverage many existing strategies to keep consumers and businesses safe. 

Preventing these attacks begins with leaders ensuring they have the right strategy in place to combat the more sophisticated schemes targeting their network. Some actionable steps businesses can take include: 

  • Employing automation and machine learning: By pairing automation and machine learning, systems can analyze thousands of different signals in real-time, far better than what humans are capable of. Once suspicious behavioral patterns are identified, fraud teams can evaluate the risk and decide the types of friction to apply. This approach enables companies to play both offense and defense, ultimately improving their ability to stop an attack with increased speed and accuracy. 
  • Educating consumers: Consumer education and increased business proactivity are two of the most overlooked keys to fraud prevention. Every business must take fraud seriously – it threatens their brand and revenue. According to Sift’s Q3 2021 Digital Trust & Safety Index, around 74% of consumers say they would stop engaging with a brand due to fraud. Businesses can begin by socializing technologies such as password managers, two-factor authentication methods, and biometric authentication methods that tie to consumers’ accounts and protect users’ financial service data.
  • Building a Digital Trust & Safety Framework: The same three factors that power business growth online – velocity, volume, and value – also increase the risk and impact of fraud. The greater a business’s opportunity for success, the greater the risk. A digital trust and safety framework reduces fraud risk and manual reviews while driving revenue and better user experiences.

The bottom line is that fraud will only become more challenging to manage if businesses don’t begin applying a holistic approach that can scale at the same speed as fraud. Fintech leaders must recognize that fraudsters are always on the prowl, adopt the right strategies, and tap into automation to effectively protect their business against the rise of fraud targeted at the industry. 

Are you strengthening your shield against scammers? Tell us about your journey so far on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

MORE ON FINTECH: 

Jane Lee
Jane Lee

Trust & Safety Architect, Sift

Jane Lee is a Trust & Safety Architect at Sift, who specializes in malicious websites, spam, misinformation, account/content abuse, chargebacks, and payments risk. Prior to joining Sift, she was on fraud teams at Facebook and Square, and also spent some time as a private investigator. She is passionate about designing and operationalizing systems for detection and enforcement of fraud at scale.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.