Click here for glossary

Fraud: a cross-border arms race

Fraud is like an arms race where the fraudsters and the anti-fraud community are constantly evolving new processes and techniques in order to stay ahead of each other.

Whilst the majority of fraud across the globe is still soft fraud, typically credit hungry individuals manipulating application data in order to qualify for credit, career criminals are moving in, attracted by the high level of rewards and the low risk of prosecution.

Today’s fraudsters are increasingly sophisticated, techno-savvy professional criminals contributing to ever accelerating fraud levels across the world. Two key themes underpin the global explosion in fraud – the massive global advance in technology and the geographic migration of fraud types.

Advances in technology have had a significant impact on the growth and spread of fraud. For example the increased use of electronic payment systems eliminates the need for cash and cheques yet it technology makes life easier for the consumer, it also presents new opportunities to the fraudster. As new markets open up throughout the world, technology is harnessed by its people and we begin to see new forms of fraud originating in these areas. With recent developments like the introduction of Single European Payments Area (SEPA), enabling consumers in the Euro-zone to make cashless payments to anyone located anywhere in the area using only a single bank account and a single set of payment instruments, the opportunities to commit fraud and escape the authorities are only increased. The growth in the internet has helped fuel this raise in fraud making global communication easier and data more accessible and has allowed fraudsters to operate across international borders.

"Advances in technology have had a significant impact on the growth and spread of fraud..."

As more of us opt to use credit and debit cards over cash so fraud prevention technology and processes evolve to shut down the opportunities exploited by the fraudsters. Once common in the UK ‘lost and stolen’ card fraud has been combated by the evolution of several security features on the credit card, including a hologram, an enhanced magnetic stripe, hidden coding, and most recently, Chip & Pin technology. Chip & Pin has had a significant impact on the levels of ‘lost and stolen’ fraud and ‘skimming’ in countries where it has been implemented fraud has been displaced as fraudsters bypass the new controls and exploit new areas of weakness.

APACS, the UK payments association show that over the past three years losses on face-to-face transactions on the UK have fallen by two-thirds from £218.8m in 2004, to £73.0m in 2007 and in 2007 fraud on lost and stolen cards and mail non-receipt fraud are at their lowest levels for 10 years thanks to Chip & Pin. Application fraud, ‘card-not-present’ fraud and cross-border ATM fraud, meanwhile have all increased significantly as fraudsters address the impact of Chip & Pin.

APACS figures show that the overall raise in UK card fraud levels are due to a significant increase in fraud abroad which rose 77% in 2007 and card-not-present fraud losses which rose 37%. Rather than using lost or stolen cards, card details are obtained by alternative methods, like phishing, vishing and the use of malware and used for example in ‘card-not-present’ fraud to obtain high value consumer goods. A few hundred organised crime gangs operating globally, involving a complex network of associates, middlemen, techies, hackers and runners are responsible for a significant proportion of global fraud losses. In this environment global fraud prevention and detection is difficult and posses a significant challenge to government, law enforcement agencies, the financial services industry and consumers alike.

Growing levels of application fraud (CIFAS figures show a sharp increase in over 20% in cases of attempted application fraud in the UK in 2007) are a result of both displaced transactional fraud activity and an increased expectation from consumer for instant-decisions and the use of non-contact channels for account application and servicing. The key to combating fraud in this area is to have an effective fraud detection system that will flag up false identities, identity impersonation and attempted application fraud. The solution needs to balance the speed of decisioning, customer service and accurate detection and control of fraud. The challenge here is to recognise fraud as a non-competitive issue which requires all industry sectors to work together with consumers and government to combat the threat. This will require greater levels of fraud awareness and consumer education and increased data sharing, both across industry sectors and between the public and private sector, in order maximise the possibility of finding patterns and links to prevent fraudulent applications, compromised accounts and breached data assets.

Fraud prevention and detection provides us all with a constantly evolving challenge to keep pace with changing patterns of fraud and the sophisticated and global approach of a new kind of fraudsters. Organisations today need to have the most advanced solutions and support from expert consultants to stay ahead of the fraudsters regardless of industry or geography.

Paul Smith & Henning Gravklev

Fraud and Identity Solutions

Decision Analytics

Experian

Contact us for further discussions about this article

Glossary

• Card-not-present (CNP) transactions are those where neither the card nor its holder are present at the point of sale. This includes mail order, telephone and the Internet.
• Phishing is an attempt, usually made through email, to fraudulently convince people to provide their personal information for the purpose of obtaining funds, either in the individuals name or directly from their credit cards, current accounts etc.
• Vishing is a form of phishing done over VOIP (Voiceover Internet Protocol) networks. Usually, the fraudster calls the victim, presenting them self as a representative of a bank. These calls are difficult to trace as they are using VOIP technology.
• Malware is designed specifically to damage or disrupt a system and comes in the form of a virus or a Trojan Horse. Malware is increasingly used to obtain personal information fraudulently by capturing a person’s log-in details and sending this to the producer of the malware