Skip to main content

3 Fraud Trends to Watch in 2024

3 Fraud Trends

By Nicole Reyes, Director, Fraud Prevention at PSCU/Co-op Solutions 

Financial institution fraud incidents have been steadily rising in recent years, as the rise of AI and automation have made it easier and more lucrative for criminals to engage in large-scale, increasingly sophisticated scams.  

Consider that global payment fraud increased by 22% between the first half of 2022 and 2023. In addition, the U.S. saw check fraud increase by a third during the same period.  

The growth of such schemes is placing credit unions and members at heightened risk. In this article we share three big trends to watch in 2024, in an effort to help guide your fraud mitigation and prevention strategies in the new year. 

Fraud Landscape Evolving in Speed, Complexity and Sophistication 

Beginning in 2020, several new fraud trends began to emerge. As the pandemic took hold, the public engaged in fewer in-store, in-person payment transactions, driving the rise of digital wallets and new innovations like buy online, pickup in store. These new retail channels increased the opportunities available for card not present (CNP) fraud. 

In 2021, brute force BIN attacks, where criminal rings attempt to guess the correct combination of debit or credit card number, expiration date and CVV to hijack as many cards as possible within an entire BIN, emerged front and center. Although clunky and unsophisticated, these attacks are highly effective when attempted at scale with the help of automation technology. 

And then, starting in 2022, artificial intelligence entered the scene. The introduction of ChatGPT in November 2022 hit like a tidal wave, and the possibilities of generative AI and large language models captured the general public’s imagination for the first time. Bad actors took advantage of the technology to produce sophisticated, AI-driven malware, phishing emails, and even deep fakes and voice spoofing. 

Entering 2024, this is the world we’re living in now. 

3 Fraud Trends to Watch in 2024 

  1. First party fraud grows in sophistication: According to the major associations, between 20% and 30% of all payment fraud claims are considered “friendly fraud,” meaning they are perpetuated by or involve the actions of the cardholder. Criminals continuously come up with new scams to confuse and in some cases, entice cardholders to engage in “too good to be true” offers, hoping for a financial windfall that quickly goes sour. In some cases, it is the cardholder themselves who initiates the fraud. 

    For example, this past holiday season saw a major increase in fraudulent returns, some involving inventive schemes such as boxes filled with bricks instead of expensive consumer electronics, and mocked-up receipts. 

    Another recent scam employs disappearing ink on return labels. In this fraud the scammer obtains credit for returning an item, but by the time the box arrives at the distribution center, the return code and sender’s address have completely disappeared from the label, making the fraud untraceable. 

    According to the National Retail Federation, more than $100 billion in return fraud was conducted in 2023, representing 13.7% of all returned goods. Retailers expect roughly 17% of all post-holiday returns will be fraudulent. 
    Other types of first-party scams are also on the rise, including phishing, vishing and imposter scams. TV personality Andy Cohen recently shared the harrowing tale of having his bank account emptied by scammers impersonating a representative of his bank. Through a series of emails, text messages and voice calls, Cohen was tricked into providing the fraudsters with his online banking credentials and activating call forwarding to have all incoming calls forwarded directly to the scammers. 

    With Valentine’s Day around the corner, romance scams are also on the rise. This tried-and-true technique is growing in complexity. And although such first-person scams have been traditionally associated with older victims, younger members are not immune. Gen Z, including college students have increasingly become involved in such schemes like phishing attacks, where criminals entice victims into depositing checks into their bank accounts then wiring the proceeds to the fraudsters by instructing them to keep a portion for themselves. Of course, after the cash is wired, the checks bounce, and the victim is left holding the bag. 

    For credit unions, the rise of such fraud is especially concerning considering an evolving regulatory framework that is shifting liability from cardholders to financial institutions. With less risk for purported victims, they will undoubtedly be less diligent. And as the use of AI for voice cloning, romance scams and imposter schemes become more commonplace, it’s increasingly much harder to detect and prevent such crimes. 
     
  2. ATO and identity fraud take over: AI has also had a major impact on identity fraud, an ongoing challenge for credit unions and members. 

    Fraudsters are leveraging the power of AI to create artificially generated video snippets, known as deepfakes, as well as photos of victims. Some of these are targeting high-profile celebrities like Taylor Swift, but it’s only a matter of time before individuals outside the public eye also become subject to these attacks. 

    According to TransUnion, the creation of synthetic IDs is at an all-time high, increasing 220% from 2020 to 2022. Fraudsters play the long game, opening accounts using manufactured identification documents, then letting them lie dormant for months or even years before activating them to take out loans, apply for government benefits, and conduct other illegal activities. 

    The federal government is attempting to take action against AI-driven identity theft, with Congress proposing the No AI Fraud Act, which would establish a framework to protect individuals’ images and voices from being used in nefarious schemes. In addition, the Federal Trade Commission announced a contest with a $25,000 award for the best ideas to protect consumers from voice cloning. 
     
  3. Cyberattacks continue to rise: In addition to the rise of attacks on individuals, large-scale cyberattacks continue to increase. 

    According to one 2023 report, more than two-thirds of organizations suffered a cyberattack within the past year. These attacks are aimed at companies of all sizes, from small mom and pop stores to publicly traded firms like MGM. Many of these are not reported, due to embarrassment or a lack of understanding of government reporting requirements. Yet all states, as well as the District of Columbia, Puerto Rico and the Virgin Islands require organizations to report security breaches involving personal information. And stricter rules are coming at the federal level. In March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations governing reporting requirements for cybersecurity and ransomware incidents. 

    Using AI-based deepfake technology, ransomware attacks are also increasing in sophistication. Criminals are using a variety of means, including voice, video, email and text to impersonate a company’s CEO and other senior leaders and demand that employees urgently wire funds to the alleged captors. Experts expect such fraud to continue to grow in 2024. 

Credit Unions Need to Match Speed With Speed 

As the breadth and depth of fraud and scams grow, financial institutions must do everything they can to stay a step ahead of the criminals. This calls for matching speed with speed, by using new AI-driven technologies to beat the fraudsters at their own game. 

Make sure you are feeding your machine learning fraud detection algorithms with as many data points as possible, as that is the only way these models can learn, improve and maintain agility in the face of the latest threats. 

Ensure you are employing a well-layered solution for fraud prevention, detection and mitigation. In addition to machine and human learning models, it’s important to layer your risk scores. Some risk scores are mandated, but additional scores are available as ancillary solutions , based on your institution’s individual risk profile and appetite. 

The third layer involves authentication and authorization protocols—often the main defense against a fraud occurring. To prevent account takeover, it’s critical for your agents to have confidence in the individual’s identity before they provide transaction authorization. Empower your live agents to have access to robust authentication tools at their fingertips. 

Implementing one-time password (OTP) authentication for all online transactions, as well as for your interactive voice response (IVR) system, will go a long way toward enabling your contact centers and live agents to maintain vigilance and play their critical role in your overall risk strategy. 

Above all, make sure you are constantly monitoring, testing and adjusting your risk strategies and tactics. Fraud is one area where you cannot afford to “set it and forget it.” 

Start the year off on the right foot with help from PSCU/Co-op Solutions! Inquire about Co-op Cooper Fraud Score, a dynamic, integrated, real-time machine learning score to help your credit union react more quickly to fraud trends. Cooper Fraud Score supports your bottom line by reducing false positive ratios, fraud chargebacks and fraud losses. Next, empower your members with fraud alerts and CardNav® by Co-op card controls and alerts, placing them at the first line of defense against fraud.  And, round out the member experience with Co-op Resolution Center, offering centralized management of cardholder claims with rapid response times, personalized service and real-time information access.  

Co-op CU Growth Outlook