For banks, it’s now one of their key areas of focus as increasing numbers of their customers fall victim to more sophisticated scams relying on cyber techniques and using advanced social engineering and manipulation techniques.
Industry regulators are also hoping to better understand, prevent, and repair damage caused by fraud, as preserving their trusted relationships with consumers and businesses becomes a growing challenge.
Despite these efforts, not all jurisdictions use the same terminology, or have the same classifications when defining fraud. This can lead to fragmentation in an understanding of the data and statistics because they’re not always comparable. In the below section we’ll discuss different types of fraud, how to prevent it, and what we can do to help.
Key questions to ask are: What do we mean by “fraud”? What kinds of fraud are most prevalent? And, how can we identify, detect, and prevent different types of fraud?
Information on different types of fraud
Fraud scenarios depend on:
- Who initiated the fraudulent payment?
- Which payment channel, network, and type were involved?
- Methods the fraudsters used to initiate contact with the victim?
- Which method was used by fraudsters to approach the victim?
One question is important in distinguishing between frauds: Was the fraudulent payment authorised by the victim or not? Considering the answer to this question, some of the most common types of payment fraud are highlighted below:
1. Scams and Authorised Push Payment (APP) fraud
How it works
An customer is tricked into authorising a payment which they believe is legitimate but turns out to be fraudulent.
What it looks like
Who – Fraud victims are typically individual consumers or businesses (i.e., bank customers) or FI employees, and initiate the fraudulent payment themselves. The fraudster is usually a third party, i.e., not a bank employee.
What – The fraud typically takes place via credit transfers, usually via online channels that allow the payment to be placed without physical interaction with the fraudster (e-banking, online, bank apps, third-party channels).
How – Contact is typically online or via the phone (social media, SMS/phone calls, email, websites), following social engineering (manipulation, impersonation, pressure, scams).
How it happens
Often, social engineering takes place on a large scale.
For example, a group of fraudsters may send out a mass communication (this could be an e-mail, text message, or even automated phone call) to many people impersonating a legitimate entity such as a utility company, delivery service, or government organisation.
Once contact is made, the fraudsters either pressure the individual into paying a fake invoice, an overdue bill, debt, or a fee for protecting their account from being compromised; or incentivise the victim to authorise an initial payment that can lead to larger payments being taken in future.
Another common APP fraud scenario happens when people are shopping online whereby a fake institution or business promises goods or services that are then not delivered.
In some more sophisticated cases, fraudsters may also establish a more personal and longer-term relationship with their victim, such as in the case of romance scams or other emotional manipulations.
It's also common for fraudsters to purchase personal data illegally about victims (including email, date of birth, and address information) to give legitimacy to their fake businesses or entities.
Fraud targeting banks’ customers
Find out how Payment Controls enables you to leverage account insights from the entire Swift community to fight fraud.
2. Unauthorised fraud
How it works
An individual or bank’s credentials are compromised, leading to a fraudulent, unauthorised payment.
While physical contact may take place between the fraudster and the victim’s card when it comes to card fraud (such as card theft, “shoulder surfing” or contactless relay fraud), cyber techniques can also be used to hack victims and steal their details.
How it happens
Contact doesn’t always take place between fraudster and victim before an unauthorised payment is initiated because they may use malware, or an account takeover to hack the victim and get the needed account credentials.
Fraudsters may also establish contact with their victims via similar channels as APP fraud (such as by impersonating a legitimate entity) so the victim gives them their credentials. The fraudsters then initiate the unauthorised transactions with, or without, a full account take-over.
What it looks like
Who – Fraud victims can be both individual consumers or businesses (i.e., bank customers) or even banks themselves. Fraudsters could be bank insiders or external individual who initiates a payment without account holder authorisation.
What – Frauds typically take place via credit transfers online which allows the payment to be made without any physical interaction with the fraudster.
How – Cyber techniques, with or without social engineering, are common. With card fraud, physical contact or proximity may happen between the fraudster and the victim.
Possible impacts of payments fraud
Financial loss for consumers and/or banks, reputational damage for banks subject to a cyber incident or for failing to refund fraud victims, and liability risk for banks in certain jurisdictions.
How to identify, detect, and prevent fraud
Banks need to identify and prevent fraud by detecting anomalies in things like abnormal values, volumes, currencies, corridors, or account relationships.
And, while banks have a vast pool of account-level data from institutional flows and customer details, they may not have access to account-level insights from other financial institutions as these can only be observed and accessed centrally at a network level.
We’re able to give clients account-level data from the entire Swift network which is key to having a 360º view of potentially fraudulent behaviour.
Discover our Fraud solutions
Cyber attackers are innovative and now work with subtlety and sophistication. They cover their tracks and exploit the fact that payments move faster than ever. Work with Swift to monitor and protect your core payments on three fronts.