International Fraud Week is the perfect opportunity to refresh on what we know about scams, the impact they can have and importantly how we can recognise and react to them in real time.
A reminder of the challenge and impact of fraud is reflected in the significant losses, and therefore successes for the criminals behind the activity.
Across Ireland €85m was lost to fraud in 2022, and a staggering £1.2bn for the same period in the UK - £2,300 every minute!
Fraud typologies continue to vary but the common denominator in how successful an attempt can be, comes down to the awareness of the potential victim. Therefore, education is key!
The ‘smishing’ technique (SMS text fraud) has been a major contributor towards the numbers highlighted above, with victims socially engineered into clicking on links, inadvertently downloading malware, sharing/confirming personal information or online financials account details as a result of a text they’ve received. Just as it would via traditional ‘phishing’, through email.
The ability of a fraudster to spoof a telephone number from a reputable organisation (Credit Union, Bank, Tax Authority, Law Enforcement) has been a really effective way of attempting to authenticate their request – and it works so often. We need to be less trusting when we receive a request that looks legitimate.
With the 95% of fraud initiating online and considering how much time is now spent on our devices, the need for awareness should be a recurring theme. Authorised Push Payment (APP) fraud (when someone sends money from one account to another for goods/services that are ultimately never received) is a classic. This has been around for years, but proving even more lucrative – UK cases rising 22% during H1 2022, and totalling £240m. APP fraud has developed recently with examples of fraudsters selling concert tickets, even foreign holidays or Air BnB accommodation that either do not exist or the legitimate owner has not sanctioned, but the fraudster is sent the money upfront.
Reminders on APP fraud are always so important when approaching heavy online traffic periods such as ‘Black Friday’ and the lead up to Christmas. If it looks too good to be true, it generally is! Keep that in mind over the coming weeks.
We're delighted to be working in collaboration with PAYAC services to deliver a Fraud Awareness Week SMS campaign. Every day for 6 days, we will send out SMS text messages to our customers' members highlighting different types of fraud and how to avoid them.
What to do in the aftermath of a scam
Making contact with the Credit Union or Bank on a number known to be correct, should be the first action a victim takes. Full disclosure of the incident will enable the Credit Union/Bank to consider the best course of actions and to initiate the process of retrieving lost funds.
A review should be undertaken of all passwords and online credentials to ensure nothing further can be compromised. Escalation of the incident to agencies referenced below would be recommended.
Is there any support for victims?
Yes. But what is important is that any potential fraud is reported at the earliest opportunity so that Credit Unions, Banks and Law Enforcement can react as soon as possible. See below the breakdown of escalation / support agencies for the UK and Ireland.
The Fraud Outlook into 2024
For the Irish financial markets, SEPA Instant Payments is going to drive considerable transactional behaviour changes, and without the appropriate control, will provide opportunities for fraudsters. Funds moving from one account to another within 7-10 seconds will reinforce the importance of education as to the risks involved. Considering the statistics on case load and financial loss attributed to online banking activity, SEPA Instant Payments could contribute significantly to the Irish stats if not carefully rolled out with risks clearly defined.
To caveat that, the proposal for Confirmation of Payee being launched closely with SEPA Instant is a major boost, as it has limited the success of APP fraud the UK. The ability to verify a new payee’s name and account details, and getting a matching success rate before sending funds is designed to act as a disrupter to successful APP fraud. If the Credit Union/Bank has implemented this with the detail required, it should provide the payer with enough notice and warning to verify the payee they are sending funds to.
To summarise, it’s worth noting that fraud will continue to adapt and challenge victims and Credit Unions/Banks alike. Combining that with expanding regulation, it will continue to be a threat.
At Wellington IT we’re committed to working with Credit Unions to prepare the readiness for what is coming down the tracks, and to be on the front foot with the ever-changing transactional landscape.
Blog written by Ben Roy, Wellington IT Compliance & Data Protection Officer