The most common types of digital frauds faced by companies consist of phishing, spoofing, identity fraud, account fraud and transaction fraud.
Some days ago, Delhi Chief Minister Arvind Kejriwal’s daughter Harshita Kejriwal was in the news after being duped of money by a fraudster in an online transaction. Upon scanning the fraudster’s barcode, she was duped of money instead of receiving money. While this became a viral news on account of her background, there are countless gullible people becoming victims of nefarious frauds every day, many of which go unreported and most remain unresolved.
Organisations, too, fall prey to such scams despite having cheques and balances in place. In India, online financial transactions are fast gaining popularity as a preferred means of payment, mainly because of the government’s thrust on financial inclusion to provide banking to the unbanked via the Pradhan Mantri Jan Dhan Yojana (PMJDY), Payments Interface Platform provided by the National Payment Corporations of India (NCPI) through the United Payment Interface (UPI) and the digitisation of identity verification through Aadhar. The government revolutionised the lending and payments landscape, unleashing opportunities for innovation, resulting in emergence of newer business models. In less than four years since its launch in 2016, the Unified Payments Interface (UPI) has increased in volume terms to outdo other modes of payment. As per data released by the Reserve Bank of India, the annual turnover of UPI in 2017-18 was Rs 1,09,832 and 2019-20 reported Rs 21,31,730.
This use of technology to reduce friction in various functions and emerging technologies disrupting the existing business models, has given rise to a whole new industry, popularly addressed as ‘FinTech’, a portmanteau of Finance and Technology. The fintech industry has witnessed phenomenal growth in the past few years in India and across the globe, not just in terms of the number of companies engaged in lending, due to availability of access to easy credit, but also in the emergence of innovative business models such as Peer to Peer (P2P) lending, Neo Banks, cryptocurrencies, digital insurances, business models to underwrite workers engaged in gig economy, use of social media data to underwrite new to credit customers, etc. It has also ushered innovation in ancillary industries or enablers of fintech space such as e-KYC, payments gateway, credit scoring, etc.
Fraught with opportunities, this trend has attracted the attention of investors as well as that of fraudsters who have come up with ingenious and innovative ways to con the system and make a quick buck. As per a report by ACI Worldwide which tracks and analyses real-time payment across 48 global markets, India ranked No.1 with 25.5 billion real-time payments transactions. The report cited that the frauds pertaining to real-time payments were increasing as fraudsters tend to target new channels. In India, identity theft accounted for 11.6% of fraud incidents while digital wallet account hacks were at 6.2%. The most common types of digital frauds faced by companies consist of phishing/spoofing, identity fraud, account fraud and transaction fraud.
Phishing/Spoofing: In the recent past, this has become one of the most common methods, wherein targets are approached via email, telephone, or text message, masquerading as a legitimate/trusted source to lure gullible individuals into sharing their sensitive data or organisations computer networks. The information thus gained is used to access social media networks, banks accounts, etc. resulting in financial loss. The popular web series ‘Jamtara’ gives a sneak peek into the modus operandi of the phishing activity.
Another modus operandi is impersonating popular apps, which, when downloaded, can hijack all the information in a matter of seconds. For instance, Paypal is among the most spoofed brands used for phishing attacks. Fraudsters send spam email with an embedded link that redirects recipients to a counterfeit Paypal website/app. In the email, fraudsters try to create panic citing unusual activity in the victim’s account and urge account holders to follow the instructions given in the mail to secure their account. Gullible users who part with sensitive information relating to their bank account, full name, address etc. give way to identity theft and find their accounts emptied clean of money.
Synthetic Identity Fraud: The most common fraud that we see in fintech lending these days is the counterfeiting of personal information by fraudsters, known as Synthetic Identity Fraud. It is relatively easy today for fraudsters to gather personal data like phone numbers, addresses, ID proofs and photographs from social networks that host most of customers’ vital and vulnerable data or even from deep web. Deep web is that part of the world wide web that is not identifiable by regular search engines like Google, Bing, etc. as they are concealed behind passwords or other security walls.
Digital identities (phone numbers and email addresses) can be easily created and destroyed. Despite various checks, the lack of mapping between these digital ids with offline ids further complicates the matter. The entire fintech industry functions in a fast-paced environment, which gives lenders limited lead time to assess their clients’ applications and thereby, makes it easier for fraudsters.
Account Frauds: An account fraud takes place when fraudsters gain un-authorized access to a person’s bank account and use the opportunity to empty the account balance. Many a time, victims are oblivious to the fact that their sensitive information has been compromised till they are made aware of the financial loss. Another type of unique account fraud occurs when customers with good credit score decide to commit fraud; they avail a large amount of loan from banks and disappear after stealing the money. This type is particularly hard to detect because the intent of the person availing a loan is hard to gauge. This is usually observed when the macroeconomic situation is facing rough weather with job losses and people with good credit history can resort to such tactics out of sheer desperation.
Transaction Frauds: Around 1.4 lakh cases of transaction frauds were reported in FY ’20 due to compromised credit and debit cards and net-banking details resulting in loss of around 600 crore rupees. When fraudsters use stolen credit cards or identities to make large purchases, the transaction time required for the payments is usually very less for the business to verify the authenticity of the user. The fraud is detected after the victim reports the loss of money in their account and the company ends up compensating the victim while the scammer usually goes undetected.
Fraud Prevention and Detection: Fraud prevention and detection is a continuous, ongoing process and the key to prevention is to detect it right at the stage of origination on a real time basis. However, it is easier said than done. Machine learning (ML) and Artificial Intelligence (AL) algorithms offer an effective counter for fraud detection and prevention. Based on the learning from the historical patterns in data, current sets of transactions can be analysed before lending companies decide to proceed with a particular application.
Multiple variables relating to transactions such as income, location, employment history, education, digital identities (phone number and email id) will be analysed for the possibility of fabricated detail in the application form. Similarly, fraudsters also come up with newer ways to bypass the checks in place. Hence, for any company, making the algorithms better by training them on newer methods is important to stay ahead in the game. The use of reinforcement learning through machine learning algorithms can continuously take feedback from humans and learn to become increasingly accurate with time. However, it can be an expensive affair for small and medium size companies.
Another ingenious way for small and medium size companies is to take a collaborative approach, wherein the fraudulent customers’ profiles and delinquency data are shared to a pooled database that can be accessed for greater good. This collaborative approach can extend to other functions depending upon the openness of companies. For example, companies can assign their risk score to each profile with the help of solutions offered by startups and organisations that generate insights to detect frauds. Based on a variety of parameters such as fraud history, location and name match percentage across platforms, there are solutions to map the digital trail of identities to give a clear signal to companies on the authenticity of the identity right at the beginning and decide about on-boarding a client or otherwise.
There is no single approach to prevent fraud. It is a continuous learning process to stay ahead in this cat and mouse game.
(By Shivraj Harsha, Co-founder, TrustCheckr)