Last year, the number of fraud cases in the fintech sector blew up at an eye-watering rate.
Fraudsters love fintech as an industry: As much as 85 percent of financial institutions experienced fraud in the process of account opening. Scammers steal personal information and credit card details by breaking anti-fraud systems to use a victim’s bank account and online wallet or by buying an existing account on the black market. (Existing bank accounts are available for as little as $100 on the dark web, which is cheaper than purchasing someone’s passport information.)
Another type of fraud is manipulating users directly, or so-called “social engineering.” For example, attackers can find out when people look for jobs and send them interview invitations designed to look like they’re from well-known companies such as Microsoft or Apple. Victims follow phishing links that grant the attacker access to their devices or submit their data through a questionnaire that looks like an HR website but is in fact a payment system.
Already, criminals are starting to use more sophisticated technologies like deepfakes, which for now are fortunately too complicated to compromise users’ accounts — but will eventually become accessible and widespread enough to put users and the fintech sector at serious risk.
As an entrepreneur, my personal mission and ambition is to create a world without money laundering and digital fraud. Since Sumsub was established in 2015, we’ve been helping prevent fraud for more than 400 companies across 220 countries and just earned a prestigious Global InfoSec Award as a “Hot Company in Fraud Prevention.”
We compiled a list of ways fintech companies — like our clients Cryptopay, The Token Fund, Zerion and Tokenbox — can effectively prevent fraud cases based on the latest scam trends.
Liveness Detection Technologies
Liveness detection technologies for identity verification show excellent results. Instead of submitting a static selfie, liveness detection requests users to make a circle with their heads to authenticate real, present people. Selfie technologies are also widely used, but they don’t provide 100 percent protection to companies because criminals use stolen selfies, wax figures and other ways to get into user accounts.
Some clients find that liveness impairs conversions and prefer to stick with selfies. But in our experience, the technology has increased our clients’ pass rate up to 40 percent, encouraging many to return to this tool.
It is important to know the habits of your clients and monitor their behavioral patterns. These patterns could include a change of address, duplicate card requests, password resets, typical spend velocity, the time period between different payment locations, typical shopping time and more. For example, strange calls from another city and uncharacteristic spending are cues to pay closer attention to the client.
Machine learning algorithms can gather this data to determine if these patterns are likely fraudulent. If a high probability of fraud exists, your system must be able to instantly report it to you via suspicious alerts — and in some cases block the account from further transactions. The more transparent your client's behavioral portrait is, the less likely it's for you to miss out on fraud.
It's much harder for a criminal to fool a system that uses a person’s unique physical characteristics. While passwords can be lost and stolen, biometrics serve as an additional barrier for fraudsters to overcome. And although biometrics could also be sometimes faked, forging biometrics takes much more time and many more dollars — unlike hacking static login credentials.
Requiring a fingerprint enables you to monitor if a client logged in from a different device or location and spot unusual behavioral patterns. For example, a user in England might order a bunch of decorations off a large online marketplace and the same day allegedly make another large purchase from China. There is a list of countries with a high risk of fraud, so it’s useful to keep an eye on the IP location with the help of AI.
Basic Web Safety
It’s imperative that you educate clients about security basics. Create alerts on your website that remind customers to avoid the following:
Leaving cards exposed
Clicking on unfamiliar links
Opening digital wallets by connecting to public WiFi
Trusting well-known companies that send job offers in return for a registration and personal data submittal
Warn customers not to post their sensitive information on Twitter, Instagram or any other site. A name, e-mail and Facebook profile could be enough to access and drain a bank account.
Choosing the Right Partner
Know-your-customer requirements and biometrics verification are traditional tools in the market. But there are plenty of scammers who produce high-quality fake documents. To prevent this, search for duplicate documents. For example, cross-check if a registered customer shares the same photo with a different user. If so, the passport was manually forged. Therefore, it is important to partner with companies that have a wide base of documents and identities.
It’s more important than ever to invest in cybersecurity, as we’ve seen unprecedented amounts of fraud during the pandemic. By combining multiple types of fraud protection as I’ve laid out above, you can maximize your security — and protect your customers.