Our yearly tradition sees us gather 5 fraud trends that businesses should look out for in 2021.
As you already know, 2020 won’t go down in history as one of the most cheerful years…
And while we’re all happy to get a clean start in 2021, it certainly doesn’t mean we should lower our guard anytime soon – especially when it comes to fraud.
So once again, we’ve highlighted five fraud trends for 2021 that we believe every business should be on the lookout for.
The Rise of CrimeOps and FaaS (Fraud As A Service)
PSD2 directive and 3DS have been a mixed bag for online businesses so far. Their implementation has been inconsistent, and SCA (Strong Customer Authentication) is sometimes hard to integrate properly.
The UK, Ireland and Malta, for instance, have reviewed regulations and delayed the date by which it should be mandatorily deployed.
Businesses who do meet the standards are also increasing friction for their users. As Nick Manyard, Lead Analyst at Juniper Research put it in an article for Paypers, “Regulators should consider using the delay period to communicate changes effectively to consumers and avoid a cliff-edge situation”.
If there’s one silver lining, it’s that the new measures are in fact forcing fraudsters to change tactics. The bad news is that fraudsters are now getting increasingly organised.
They’re creating entire networks, structures, and business models dedicated to phishing and transaction fraud. Some even use Jira, the developer project management board, to optimise their workflows in targeting businesses or individual victims.
If this new wave of CrimeOps continues to develop, 2021 will be a rough year for fraud managers…
SIM-Swapping Continues to Stump Telcos and Operators
SIM swapping, or SIM highjacking isn’t anything new. In fact, it gained notoriety last year when Jack Dorsey, CEO of Twitter himself, was the victim of an attack. If you need a quick primer on the topic, we’ve covered SIM jacking in our post on virtual SIM card detection, which you can find here.
How SIM Jacking Works
- Fraudsters obtain a phone with a number they control
- They find their victim’s phone number
- They call the network company and convince the operator to change the victim’s number to theirs. More sophisticated criminals even bribe staff at the phone company to help.
- All the verification SMS for 2FA and OTP are now under their control. They reset passwords for social media accounts or bank accounts.
The problem? In spite of a number of op-eds and published articles condemning telcos’ lack of response, we haven’t noticed any new developments. SIM swapping is still rampant (as are all kinds of ATO or account takeover attacks).
But until phone operators get serious about a) opening up about risks, and b) offering concrete solutions, we’ll have to report on growing rates for the upcoming years.
BNPL (Buy Now Pay Later) Scams Become The Norm
We’ve managed to make it this far without mentioning COVID-19, but at the time of writing, the pandemic is not exactly under control. This means the trends we’ve seen accelerating in 2020 will continue well into 2021.
One of them is the rise in BNPL, or Buy Now Pay Later fintechs. Retailers want to capitalize on the growth of online sales (as brick and mortar shops are still shut), and that means accepting as many payment options as possible. Giving consumers the option to buy products or services on 0% credit is a great competitive advantage.
That is, of course, until fraudsters come in to ruin the party. We’ve seen them hire mules to beat the system. We’ve seen them set up shops to buy legitimate ID documents in developing countries. Who knows how far they’ll go.
We’ve already noticed that BNPL companies like Klarna changed their policies to fight fraudulent purchases such us ”BNPL fraud”, which ended up damaging innocent people’s credit ratings. This is a serious issue that will need proper identity proofing solutions.
Another Good Year for Data Breaches and Synthetic ID Fraud
Another year, another record-breaking data breach. Sadly, we’ve seen the numbers of user records appearing on the darkweb grow exponentially each year. 2021 isn’t going to be much different – especially with the rise in fraud attacks due to the pandemic.
We’ve already covered how this affects the number of fraudulent FX accounts. We expect it to become increasingly problematic in the banking sector.
As challenger banks, or neobanks, continue to push the boundaries of frictionless experience for onboarding, fraudsters attack with increasing frequency.
How Fraudulent Synthetic IDs Work
Synthetic IDs combine real customer information and fake data. Fraudsters create accounts for users who behave like legitimate customers, which makes them harder to flag. This also allows fraudsters to build credit scores for borrowing loans, or to create a complex digital footprint for attacking other businesses.
An Economic Downturn Will Fuel Merchant Fraud
We’ve yet to fully experience the economic consequences of the COVID-19 crisis. The most immediate one: a possible worldwide economic downturn. Mass unemployment and debt, and a rise in merchant fraud, which payment gateways will need to monitor closely.
- Bust out fraud: a fraudster applies for a merchant account with no intention of running a real business. They process as many transactions as possible before abandoning the account.
- Identity swap: sophisticated criminals on anti-money laundering lists or merchants from countries with economic sanctions can’t open accounts with major acquirers. To bypass these obstacles, they can set up fake online stores. The issue here won’t be chargebacks, but regulatory fines (and reputation damage).
- Factoring, or transaction laundering: this occurs when an unknown business uses an approved merchant’s payment services to process unlisted products or services. With the growth of micro-merchants and payment channels, it’s impossible to keep track of everything sold. Criminals lie about the nature of their businesses and sell high-risk products, illegal goods, or grey-area services like multi-level marketing (pyramid schemes).
Fraudsters are always thinking ahead. How to bypass new security measures, how to organize, and which cottage industry is about to become mainstream, ripe for attacks.
In a world where frictionless onboarding and ease of use isn’t just an option, but expected from customers, it’s harder than ever to implement the right anti-fraud solutions.
That is, of course, unless your fraud prevention systems are as invisible as possible. At SEON, we’ll be continuing developing frictionless integrations, features, and products to ensure 2021 is as safe a year as any for your business.
Speak with a fraud fighter.
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
Sign up for our newsletter
The top stories of the month delivered straight to your inbox