Fraudsters pick new targets, but threats to banks persist

U.S. banks and credit unions have again seen fraud attacks on their online services rise, but for the time being they have fallen off the fraudsters' favorite target list. That unenviable distinction goes to facets of the entertainment industry.

Suspected online fraud attempts in global financial services climbed 18.8% globally and 38.3% in the United States in the second quarter compared with the same period in 2020, according to TransUnion's Global Fraud Solutions midyear report. Those figures are notably lower than the 149% increase globally and 109% increase in the U.S. during the first four months of 2021 compared with the previous four months.

What caused the slowdown? A major reason is fraudsters shifted attention to more vulnerable sectors that conduct perhaps even more transactions than banking companies. Attacks rose 393% in gaming and 155.9% in travel and leisure worldwide. In the U.S., those rates increased 261.9% in gaming and 136.6% in travel and leisure.

The findings jibe with other studies. The security firm Arkose Labs reported a year ago that the gaming industry was becoming a key target for fraudsters, noting that 27% of the overall traffic on gaming sites was fraudulent. It was the highest such mark of any retail sector.

Still, fraud rates are expected to level off if the global pandemic eases and "we start comparing normal times to normal times," said Melissa Gaddis, senior director of customer success for TransUnion's Global Fraud Solutions team. Last year, as more people worked from home and paid for more things online, crooks exploited security gaps across many industries.

In its role of establishing the credit risk of consumers globally, TransUnion obtained the data from billions of transactions and more than 40,000 websites and apps through its TruValidate fraud analytics platform.

Banks, credit unions and lenders are among the hundreds of thousands of TransUnion clients globally that are reporting an increase in digital transactions, and they will have to stay vigilant about security.

"Even in the financial industry with brick-and-mortar sites opening back up, we are still seeing significantly more digital transactions than before because I think consumers got used to being able to transact online," Gaddis said.

"In the past year and a half, a whole new level of consumer was introduced to interacting with banks online," she added. "Older consumers are doing online banking, or those who never have before, and others just like the convenience of it."

Currently, fraudsters are more interested in gold farming, or the practice of engaging in online games with multiple players to acquire in-game currency and later sell it for real money.

Just because other sectors are more targeted, financial services companies aren’t off the hook.

In the travel and leisure world, hackers continue to go mostly after credit card credentials. In the gambling industry, which saw a 36% suspected fraud increase, the fraud of choice is trying to figure out how to get multiple free bets and free plays — all in the hopes of winning those bets to obtain cash.

Those industries may not have the extensive security networks in place that protect the financial services and payments industries, so fraudsters view them as a potentially easier hunting ground for credentials to use in other places or for other accounts.

"A fraudster's job is to get up every morning and try to perpetrate fraud and to steal, and they want to do it the easiest way they can," said Steve Hoofring, senior associate with the Strawhecker Group.

When the authorization portion of gaining access to a bank customer's account is protected through applied dynamics, machine learning, fingerprinting, tracking and device monitoring, it suddenly becomes less appealing to fraudsters, Hoofring said.

"They move to other places like gaming, social media platforms, health care and others where they haven't had the same rigors in data management," Hoofring added.

The report raised other areas of concern for financial services companies, especially those heavily involved in payments.

Security dynamics have changed in the past couple of years through open banking and payment platforms in which various software providers and fintechs are embedding payments into their products. It has created a whole new set of codes for fraudsters to try to crack with the intention of stealing payment credentials.

"Sometimes the integrated software vendors may not have the layers of security that some of the traditional players would have," Hoofring said.

"When you get into gaming, health care and insurance and start moving payments into that software, you are also moving payment data into the mix," he said.

Phishing became the top type of COVID-19-related digital fraud against global consumers in the second quarter of 2021, TransUnion reported. Of those consumers who said they were targeted with this type of fraud, 33% said they fell victim to the scams.

Stolen credit card or fraudulent charges were cited as the second most common online fraud during COVID-19, affecting 24% of global consumers.

For reprint and licensing requests for this article, click here.
Cyber security Fraud
MORE FROM AMERICAN BANKER