The deep dive: Banking fraud trends in EMEA
By Puja Sharma
The deep dive’ is our bi-weekly exploration of a relevant topic, hot trend, or new product. For Prime subscribers only.
How does it work?
Remote access scams gained significant favour with criminals and fraudsters, with the elderly most at risk, as global losses to fraud eclipsed $41 billion in 2022
BioCatch, the behavioural biometric intelligence and digital fraud detection, released an annual EMEA Digital Banking Fraud Trends report. As bank fraud continues to threaten progress and disrupt lives in the digital age, according to the study scams have become the favoured and most effective tool used by cybercriminals across the European and Middle Eastern region. The researchers found that 52% of reported 2022 fraud cases in digital retail banking were due to scams, as consumers contend with the cost-of-living crisis and increasingly new and sophisticated scams that target some of the most vulnerable people in society.
“It is tragic when anyone is scammed and suffers the associated humiliation and financial losses, especially when those victims are afraid, trusting, and vulnerable,” said Gadi Mazor, CEO of BioCatch. “Our report emphasises the need for financial institutions to recognise the pivot cybercriminals have made away from attacking systems to now focus on humans. We as a community of banks, governing bodies, and vendors must work together to devise solutions and regulations that protect our customer’s privacy and financial assets. This is possible and we must act quickly.”
This report provides a high-level view of the fraud landscape based on aggregated data from financial institutions across EMEA over twelve months beginning January 2022, as well as data and insights.
Who is under the radar?
Authorised Push Payments (APP) scams are the major cause of fraud losses in the UK. Around 12% of all fraud in EMEA are Remote Access Trojan (RAT) attacks. Over 70% of RAT scams originate via a phone call. Elderly banking customers are unequally targeted by scams leveraging RAT attacks.
The report found that over 70% of these RAT scams originated via a phone call from scammers directly to their human targets. Shockingly, 85% of these remote access cases involved seniors, illustrating the increased risk of digital banking for vulnerable demographics.
The inaugural report shows that remote access fraud continues to rise in the region, with cybercriminals using RAT attacks to not only execute fraud but also to observe and commit social engineering attacks on their victims. The report also highlights that Authorised Push Payments (APP) scams caused the greatest losses, which banks in the region are now moving quickly to address with the introduction of new UK legislation from the Payment Systems Regulator (PSR).
Why does it matter now?
Banking fraud is constantly evolving as criminals find new ways to trick their victims. As an example, fraudsters used vaccination appointments to solicit confidential information during the Covid-19 pandemic. The huge rise in home delivery of goods during lockdowns created a new line of attack for fraudsters. Text messages purporting to come from Amazon invited people to click on a link to obtain a refund.
Fraudsters will always “follow the money” and move to those channels where the number of potential victims is increasing. No matter how mechanisms for executing fraud change shape, however, they will still rely for their success on the same basic aspects of human psychology. Fraudsters will succeed, as they always have, by exploiting their victims’ fear, anxiety and readiness to trust messages that appear to come from official sources.
Banking fraud continues to increase and the question of who is liable for the losses that result is becoming a more serious concern. Banks are generally liable to reimburse victims of frauds in which the fraudster initiates the illicit payment. In cases where the victim does so – authorized push payment frauds – banks have usually been able to avoid liability.
This is changing, however. In the UK, ten leading banks have voluntarily signed up to the “Contingent Reimbursement Model Code”, which allows individuals, microenterprises and charities that become victims of authorized push payment fraud to claim reimbursement from their bank – unless the victim was warned about the potential for scams before making the payment but chose to go ahead in any case.
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage