Preventing fraud has been a challenge for businesses for centuries. Old fraud tactics continue to be used today in addition to hundreds of other types of ways to commit fraud that have emerged as new ways to provide business services and products have been adopted. In recent years the opportunities to commit fraud have burgeoned as the COVID-19 pandemic thrust businesses suddenly into situations where workers worked remotely and consumers purchased more frequently remotely, online and through social media sites and new apps, usually assuming that all was secured. And to expand the fraud risk environment even more, many new and emerging types of technologies with insufficient-to-no security controls are being widely adopted by organizations of all types, bringing more fraud pathways.
Many of the new types and trends for committing business fraud included the expanded use of cryptocurrencies for business payments, and utilizing AI and similar tech to create synthetic identities to commit a wide range of frauds. There are many other tactics being used, but these are two areas of quickly increasing fraud. Businesses are in the midst of a perfect storm of digital fraud.
Cryptocurrency fraud
From the beginning of 2021 to mid-2022, more than $1 billion in cryptocurrency was lost to fraud scams; more than any other payment frauds. Cybercrooks are pretending to be established businesses to communicate with consumers, which harms the reputations of those businesses that are being impersonated. Another cryptocurrency fraud is when businesses accept cryptocurrency for payments, and then the cryptocurrency exchange experiences a hack or insider exploitation and the business’s money is subsequently stolen or otherwise lost.
A few ways in which businesses can mitigate the risks of cryptocurrencies:
- Make employees and customers aware of potential impersonators of their business that could be running cryptocurrency scams. Post information to the business website and provide an email and/or phone number for those who think they may be seeing such tactics that are coming from what appears to be your business.
- Use strong security and authentication practices for the business crypto accounts, including multi-factor authentication (MFA), never sharing login credentials, and strongly encrypting in storage and during transmission all data associated with cryptocurrencies.
- Follow Know Your Customer (KYC) and Anti-money Laundering (AML) practices.
- Use offline cold wallets for the majority of the business’s cryptocurrency value share. Keep the minimum required amount of liquidity online or with the business’s payment service provider.
- Use third-party trusted broker services that have been vetted by the cryptocurrency community. Look for one that has insurance for your fiat money, and ideally also for your crypto accounts, depending upon how much you are depending upon cryptocurrency in your business.
Synthetic identity fraud
Artificial intelligence (AI), machine learning (ML) and deep learning tech are being used to create fake identities using parts of real individuals’ identities mixed with fake parts, which quite simplistically explained is synthetic identity fraud. Synthetic identity fraud is being increasingly used to gain access to consumer business accounts.
Synthetic media tools, such as those used to modify or create video, images and audio representing real people, are readily available for anyone including fraudsters to use. The use of these new ways to create synthetic identities makes it harder for businesses to identify and stop such frauds.
Synthetic identity fraud caused $20 billion in losses for U.S. banks and financial institutions in 2020. Losses from synthetic identity fraud are projected to reach $2.48 billion by 2024. Businesses face huge challenges stopping synthetic identity fraud since it is not identified by most traditional fraud prevention models.
A few ways in which businesses can mitigate the risks of being a victim of synthetic identity fraud include:
- Use strong identity verification processes and procedures. Verification methods should include a variety of dependable information sources. Commonly used are passports, driver’s licenses and other government-issued identification documents. Increasingly more often used are biometric data, such as iris scans, fingerprints and other types of biometrics that typically are not publicly available.
- Monitoring suspicious activity is necessary to detect and prevent synthetic identity fraud. This is where AI tools can turn the table on synthetic identity fraud and use it to prevent that crime instead of enabling it.
- Human awareness is still necessary, though. Especially in businesses where customers are known by workers, especially in small to medium-sized businesses. Procedures should be followed that include scrutinizing customer behavior and transaction patterns to identify unusual or suspicious activity that may indicate fraud.
- Collaborating with other organizations, such as those in local anti-fraud and security associations, and those in national industry-specific associations can be very useful. Having a contact within law enforcement agencies is also valuable for preventing successful synthetic identity fraud attempts by staying aware of current fraud crimes. When businesses and other types of organizations share information about synthetic identity theft and other types of fraud activities, organizations will be much more likely to detect and prevent fraud before it occurs. And, it could also help to identify and apprehend synthetic identity fraud criminals.
Businesses must remain vigilant and proactive in their efforts to prevent fraud by adopting strong security measures, staying up to date with emerging fraud activities and collaborating with other organizations to share information and prevent fraud before it happens.