It is common for technology pundits and organizations to share predictions at the beginning of the year. It’s sort of a tradition at this point—but a tradition with a purpose because understanding current trends and how those trends are likely to pan out over the coming months can help organizations be more prepared to effectively defend against attacks.
Before considering predictions for the coming year, though, it’s fair to take a look back at the predictions for the preceding year and assess how accurate they were. Anyone can make predictions. The true test, though, is whether or not they come true.
In this blog we’ll take a look at identity and synthetic fraud trends and provide insight on what they will mean for financial services providers in 2023. But, first, let’s examine our predictions from 2022 and see how we did.
Growth in Alternative Payments Will Add Fuel to the First-Party Fraud Fire
We believe FPF will continue its rapid growth in 2022, driven by product innovation and an increase in customer expectations across digital banking and commerce. And gave BNPL as an example suggesting that the lack of inquiries due to prequal and lack of credit reporting would cause increased losses to that industry.
It seems this played out as predicted.
Buy-now-pay-later firms and other payment processors suffered significant losses. A study from PYMNTS found that retail merchants lose about $89 billion per year due to first-party fraud. They summed up the challenge, “Consumers leverage an astonishing variety of tactics to wage first-party fraud, leaving merchants with a critical dilemma: Do they tighten up their generous policies and attempt to curb this fraud at the expense of legitimate-customer loyalty, or do they maintain current policies and accept first-party fraud as one of the costs of doing business?”
FTC ID Theft Rate Increase Will Make 2022 The Year of the Asterisk
Last year’s report indicated an increase of over 100% in the reported number of ID theft complaints by consumers (the numbers show 1.3 million complaints in 2020, as opposed to 2019’s total of 650,523 complaints). What’s the root cause here? While the economic downturn related to COVID was undoubtedly a contributing factor, it obscures a crucial source of that increase. Most fraud experts agree that it is mostly related to fraudulent FTC affidavits that were submitted in attempts to remove legitimate bad history from credit reports. This is referred to as “credit washing”. The problem of credit washing at the FTC continued during 2021 and one can expect another sharp increase in ID theft claims from consumers when the new FTC numbers come out in February 2022.
I was disappointed not to see an asterisk in the FTCs reporting for the year. The ID theft rate did, in fact, increase. However, the lack of verification or oversight for FTC affidavits enables consumers to wield them as a weapon against credit bureaus. The credit bureaus are compelled to comply and remove the entries from the credit reports and facilitate the fraudulent credit washing.
Bot Attacks Will Increase in New Account Operations
There has been an increase in the amount of large scale fraud attempts in new accounts especially during the last half of 2021 and such attempts will likely accelerate. These massive scale attacks in new account fraud attempts can overwhelm scoring systems and manual investigation teams such that they have difficulties in handling the larger volumes of suspect applications.
Bad bots contribute to an array of security and fraud challenges. The 2022 Bad Bots Report from Imperva revealed that bad bot traffic accounted for a record-setting 27.7%–almost a third—of all global website traffic in 2021. The ability to not only automate but automate at an overwhelming scale makes bad bots a compelling tool for criminals and a dangerous concern for businesses.
Imposter Scams Will Triple
To receive and move money, imposter scammers use everything from crypto, gift cards, DDA, savings accounts, and payment apps like Zelle, Venmo, and Cash App. Because of the broad consumer education about the use of gift cards by scammers, we predict that use of crypto and bank DDA and savings accounts will increase by imposters in 2022.
The percentage of people who have been impacted by imposter fraud, and the total accumulated losses from imposter fraud continue to rise. Scams targeting older and younger individuals are on the rise. Like many attack types, imposter fraud often comes down to simply being a numbers game. Consumers are better educated and more savvy about these attacks in general, but executed at a high enough scale criminals can still find enough victims to return a sizeable profit.
There Will Be An Increase in Government/Industry Partnering to Educate Consumers About Fraud
COVID brought about substantial change for almost every industry and organization in the world, including the public sector. The U.S. government saw a massive increase over the last few years in the amount of fraud attempts to entitlement programs, stimulus packages, and tax scams.
There has been intense scrutiny to identify and prosecute fraud involving government programs such as the Paycheck Protection Program (PPP), Economic Injury Disaster Loans (EIDL), Unemployment Insurance (UI), and more. In December, the United States Attorney’s Office for the East District of Virginia shared that more than 50 individuals were charged in 2022 related to 26 cases of fraud schemes connected to the Covid pandemic.
Deepfake and “Impersonations” Will Create Havoc for the Uninformed
Deepfake technologies are getting better and becoming downright mainstream. In October of 2021, Adobe even released a limited technology of their own, called Project Morpheus. Deepfake technology is getting so good and has become so widely available that Facebook continues to invest heavily in research of technologies to guard against future threats. So far, the research is mostly focused on finding patterns within the deepfakes by reverse-engineering the methods used to create deepfake imagery. This raises issues in fraud detection rates because the fraud models can’t detect the patterns until they see many of the same pattern, and bad actors can easily manipulate patterns such that they can limit the ability to detect them.
What a difference a year makes. Generative AI tools like ChatGPT, DALL-E, VALL-E, and others have captured headlines so far in 2023 with an improved ability to create content—text, video, images, and audio—that is on par with content created by humans. The pace of advancement and sophistication is accelerating exponentially, and it will be difficult, bordering on impossible, to recognize or differentiate content from humans and content generated by artificial intelligence. Deepfakes—even bad ones—are difficult to detect unless the camera on the phone is actively in use via a SDK.
What Has Been Will Be Again
I expect to see the trends from 2022 continue to evolve throughout this year. As long as a given tool or technique continues to be effective for committing fraud, there is little reason to change it.
While the FTC tried to do a good thing with the affidavits—providing a tool to help out consumers—they also told the bureaus that if they receive one of these affidavits, they are required to consider it true and correct. That ties the hands of the credit bureaus when it comes to identifying or preventing fraud.
Bots are exceptionally versatile—enabling price scraping, content scraping, account takeover, account creation, credit card fraud, denial of service, gift card balance checking, denial of inventory, and scalping. What makes bots a serious and growing concern, though, is the increasing level of sophistication of the bots. Not all bots are created equally. Some are designed to evade detection and protection solutions. According to Imperva, these evasive bad bots account for nearly two-thirds of all bot traffic—with more than a quarter falling under the designation of “Advanced” evasive bad bots.
Partnerships between the public and private sector to educate consumers about fraud have proven effective and will continue. There has been greater appreciation of the scope and scale of fraud on the part of government, law enforcement, and private sector organizations, and a more concerted effort to work together to address the problem by ensuring people are more savvy and better educated. Much of that effort is being invested in education and awareness programs to help consumers recognize fraud attempts and avoid becoming a victim in the first place.
Generative AI models are improving dramatically and deepfakes are going to become easier to create and harder to detect. At Socure, we have seen an increasing pattern over the last year of what we call “impersonation” fraud attempts. Essentially, the PII provided on a document is 100% legitimate. However the headshot in the document as well as the selfie picture may not match the true identity. This can be detected only if a capture app in a SDK is used in the process, which mitigates the deepfake images. We have developed proprietary algorithms to detect this fraud type, but the technology didn’t come easily and without unique technology innovation.
Looking Ahead at 2023
Based on the trends in identity and synthetic fraud and advancements in technology, we fully expect to see more of the same across the areas identified in our 2022 predictions. Beyond that, though, let’s take a look at what 2023 has in store.
Continued growth in the use of machine learning
Given the success that financial institutions have had using machine learning to detect synthetic identity fraud, it is likely that we will see continued growth in the use of this technology. Financial institutions will likely invest in more advanced machine learning algorithms that can detect even more subtle patterns of fraud.
More widespread collaboration
As financial institutions continue to recognize the benefits of collaboration, it is likely that we will see more widespread collaboration in the fight against synthetic fraud. This could take the form of industry-wide databases of known fraudsters, or more informal networks of institutions that share information on suspected fraud.
Greater investment in identity verification
Given the importance of identity verification in preventing synthetic fraud, it is likely that financial institutions will continue to invest in this area. We can expect to see more sophisticated identity verification tools, such as biometric authentication, become more common. Financial institutions may also start to rely on multiple sources of data to verify the identity of their customers, such as social media profiles or government-issued identity documents.
Please reach out to learn how Socure can help you accept more good customers, reduce fraud, and streamline your risk operations.
Mike Cook is VP of Fraud Solutions Commercialization at Socure and works alongside Data Science, Product, Sales and the Fraud Investigation team to help ensure solution optimization across all the markets Socure serves. Mike has been an innovator in fraud, identity, and credit risk for almost 35 years and has created several patents for identity risk technologies.