Another busy year here at CYBERA and globally for fraud. As is traditional at this time of year, lets look at how our predictions from a year ago worked out:
1. Continued authorised frauds at similar or increasing levels. I think I go that fairly obvious one. UK losses are essentially flat, and countries everywhere continue to report increases and the news headlines are almost everyday. FIs in many parts of the world, especially in the UK with the liability shift have been increasing in sophisticated, but still more to do.
2. Massive increase in mules. Again a tick for this one. Even in the last month we are seeing how mules are such an enabler, with this article showing the scale.
3. Harvesting credentials has been made easier through using reverse proxies and has been seen throughout the year.
4. Data compromises, unsurprisingly have continued with 2023 being a record year. We are finally starting to see some good traction in terms of rolling out of Passkeys over the last few weeks, so will be a bigger thing in 2024.
5. I’ve not been able to find evidence to show this is definitely the case, but I think anecdotally we’ve seen a number of stories related to various Fintechs having high fraud and money laundering levels over the year.
6. PSD3 is out, and along with the EU PSR calls for reimbursement of bank impersonation scams, whilst the last few weeks have seen Instant payments in the EU be mandated.
7. We’ve definitely seen Europol undertaking a number of disruption activities such as this one, among others1 and further investment in UK LEAs for this.
So, our, not outlandish, predictions proved pretty much correct, may be 6/6.5 out of 7.
I think the key takeaway here is that the momentum is definitely moving to refunding victims more, with the UK leading the charge and the EU and US (Zelle) starting to move this way too. In additions extra data and intelligence sharing to help FIs, DeFi and LEAs disrupt the criminals is also increasing.
This is all good news, but more clearly needs to be done.
So what will 2024 hold?
I could join the chorus that AI & Deepfakes will be the big fraud story of 2024, but while it will get column inches, the simple social engineering tricks will still work and be the backbone of scams.
2024, will be an evolution of both the level and types of attacks and the overall responses, so expect more of the same.
1. UK style regulation to become increasingly repeated globally.
2. Push by more governments to put pressure on big tech and social media to both add greater controls to stop scammers and to pay their way, again following the recent UK voluntary charter.
3. Targeting mules, is to become ever more important as a key way of tackling fraud and scams.
4. Scammers to target those countries with Instant payments coming on stream in earnest, such as the EU, Switzerland and maybe Canada if RTR eventually goes live.
5. There will of course be no let-up in the level of attack by scammers and they will continue to use any news story, be it war or economic issues to help defraud.
Have a great Christmas and New Year, recharge and get ready to take the fight to the fraudster and scammers again in 2024.