In the effort to contain COVID-19 many transactions have been forced online, drastically changing consumer behavior and requiring businesses to build out digital channels to survive. Consumers have turned to e-commerce as a lifeline, buying everything from groceries to fitness equipment, increasing the number of digital transactions processed. As mobile and e-commerce have become the dominant channels for retailers, credit card issuers and e-commerce companies have relaxed their fraud controls and raised transaction limits in order to avoid creating friction. The usage of digital payments and online banking apps has also spiked as they have become the go-to solution for contactless payment and banking during the pandemic. Additionally, small businesses have been forced to quickly stand up online stores and launch mobile apps to stay in business.
With these changes has come an increase in fraud as bad actors have hidden behind the chaos created by the shifting behavior to execute more frequent and efficient attacks. According to an Aite Group report, financial institutions that had previously forecasted an 8% decrease in fraud this year are now projecting a 20%+ fraud increase in 2020, a remarkable jump. COVID-19 has brought a burst of new fraud schemes and reinvigorated old techniques. These are the main fraud trends we are seeing:
Phishing, the most common type of social engineering scam, is on the rise as fraudsters take advantage of the rapid shift in behavior due to COVID. These scams are designed to manipulate people into performing an action or giving away personal information and occur on several channels, most frequently social media and email. The information gained through these scams enables other forms of fraud, including application fraud, identity theft, account takeover fraud, and several forms of transaction fraud.
Application fraud, also known as new account fraud, is a form of identity theft that costs financial institutions millions every year. The most difficult form of application fraud to detect is when an attacker uses stolen Personally Identifiable Information (PII) or creates a synthetic identity to apply for a bank account, credit card, loan, or tax rebate. Fraudulent credit card applications are the most common form of credit card fraud in the US, with 88% year over year growth, according to Ascent. Relaxed authentication in response to the rapid shift to digital and remote work, and subsidy payments like the CARES Act and Paycheck Protection Program, have led to a proliferation of application fraud.
Identity theft occurs when fraudsters steal personal information to commit financial fraud, such as credit card and loan application fraud. Data leaks and theft of personal information, such as drivers' license numbers, addresses, or Social Security Numbers, are enabling new forms of identity fraud, such as synthetic identity, designed to look like a legitimate user and bypass verification methods. After fabricating a synthetic identity, fraudsters play the long game, slowly building credit until eventually cashing out.
TransUnion reported a 347% increase in Account Takeover (ATO) from 2018 to 2019. Most recently they found that 22% of American adults have been targeted by digital fraudsters as they take advantage of the chaos created by COVID-19, often to steal credentials through phishing scams with the purpose of Account Takeover. This type of fraud has increased significantly since COVID-19 began with the increase in volume of digital transactions making it easier for fraudsters to hide.
Social distancing measures implemented during COVID-19 have drastically changed purchasing behavior. Lots of people are shopping remotely - either online, on mobile or by phone - without using a physical card. Finserv Analytics reports that Card Present (CP) transactions declined 32% between February and March with Card Not Present (CNP) purchases representing the majority of transactions since. Fraudsters are taking advantage of this new behavior to mix bad activity in with the good.
With the behavioral changes accelerated by COVID-19 here to stay, business and security professionals need to be aware of increased fraud. Read more about COVID-19 fraud trends in our new white paper, Fraud in the Time of COVID-19.