Fraud and Scams - The dark underbelly of Payments

Show Notes

Welcome back to Bitesize Payments, in today's episode we dive into the murky waters of payment fraud and scams. From ancient swindlers to modern-day cybercriminals, we're charting the course of deceptive practices that have evolved alongside our financial systems. 

Fraud is a personal and often distressing experience, and while we won't dwell on the emotional aspects, it's important to recognise its impact. 

Our story begins in ancient civilisations, where currency first sparked opportunistic deceit. Recall the bustling marketplaces of Lydia, the cradle of coinage we discussed in episode one, where fraudsters first exchanged counterfeit coins for genuine ones, setting the stage for an enduring struggle between trust and deception.

 So, let's set sail on this journey through time and technology and the dark underbelly of payments.

Payments Industry Insights

History of Payments

Payment System Explained

Corporate Payments Strategy

Payment Regulations Impact

ISO20022 Standard

Digital Payments Evolution

CBDC Advancements

Cryptocurrency in Payments

Financial Technology Education

Transcript

SPEAKER_00: 0:00

Welcome back to Bite Size Payments, where we go through the history, we explain how things work, and of course, who does what. In today's episode, we're going to dive into the murky waters of payments fraud and scams, from ancient swindlers to modern day criminals, if you like. We're charting the course of deceptive practices that have evolved alongside our financial systems. So let's set sail on this journey through time and technology and and frankly, the dark underbelly of payments. Here we go. Fraud and scams are very personal, and by the very nature, very depressing experiences. And while I won't dwell on the emotional aspects, I do want to call out the fact that if you've ever been affected by it, you know what I mean. This is a very tough and sad part of our industry. Okay. Our industry begins in ancient civilization where currency first sparked opportunistic deceit. Recall the bustling marketplaces of Lydia that we talked about, the cradle of coinage we discussed in episode one, where fraudsters first exchanged counterfeit coins for genuine ones, setting the stage for an enduring struggle between trust and deception. Throughout history, counterfeiting has been so prevalent it's been referred to as the world's second oldest profession. Before paper currency, fraudsters used methods like clipping to skim precious metal from coins. Alongside this, of course, the creation of convincing forgeries. The shift to paper money created more opportunity and challenges for the counterfeiters, which frankly were met with very severe penalties. In the late 20th century, advances in computer and photocopying technologies made it possible for people without sophisticated training to copy currency easily. In response, more and more sophisticated anti-counterfeiting systems, such as holograms, multicolored bills, embedded devices such as strips, etc., raised printing, micro-printing, watermarks, you name it, there was a lot put to try and beat these bad guys. According to the United States Department of Treasury, there was an estimate of somewhere between$70 to$200 million in counterfeit bills in circulation at any given time in the US. Let's put that into context. In 2023, the global financial impact of fraud, including payments fraud, was substantial. According to a report by Nasdaq and Oliver Wyman, fraud costs approached$500 billion. billion worldwide, with payment fraud including cheques and credit card fraud contributing close to$450 billion of this figure. Additionally, e-commerce losses due to online payment fraud are expected to exceed$48 billion globally. So clearly this is an extraordinarily large business, if that's the right term. However, The truth of the matter is while we talk about these numbers and the numbers can be so large that it becomes a little bit meaningless. But the key thing here is at the end of all of this, there is a business, a business owner or a person who's been hit. And that's the real key point here that we need to not lose track of when we talk about some of these big numbers. We often hear about the terms fraud and scams, and it kind of gets mingled into one. But in the realm of payment security, the terms fraud and scam are distinct. Fraud refers to the wrongful deception for gain, encompassing a broad spectrum of illegal activities such as identity theft, payment card fraud, often involving unauthorized transactions without the victim's consent. Scams, however, involve victims being manipulated into authorising transactions themselves under the guise of legitimacy, be it through phishing, investment schemes or feigned relationships in romance scams. The difference lies in the authorisation of transactions. In fraud, the victim is unaware and uninvolved in the transaction authorisation. Scams, conversely, see the victim as an active participant misled into authorising payments. This nuance, of course, is critical, as it affects the likely outcome of recovering lost funds. Financial institutions typically treat transactions with victim consent differently, even if that consent was obtained deceitfully. So while we move forward in payments, the financial world has become more and more complex. The introduction of paper money and later credit cards opens up new avenues for fraud. In the 1950s, for instance, credit card fraud emerges, marking the beginning of a new era in financial deception. But it's the advent of our dear friend the internet that truly revolutionizes payment fraud. CYMA criminals frankly now have a global playground. In the late 1990s and the early 2000s, we witnessed the rise of online scams, phishing, identity theft, transforming the landscape of financial fraud. Okay, so let's get down to some brass tacks and discuss the key types of fraud and scams. Phishing scams. These include fraudsters impersonating legitimate organizations, such as a bank, a government agency, or a well-known company, via email, text, messages, or by phone calls. They frankly attempt to trick individuals into providing sensitive information, such as bank account details, login credentials, personal ID, etc. The communication often includes urgent or threatening language to try and provoke immediate actions. Then we have advanced fee fraud. This scam involves the victim being asked to pay upfront fees for service or goods that will never, ever materialize. It's often used in lottery or prize scams where the victim is told they've won a large sum of money but need to pay taxes or processing fees or some kind of nonsense before receiving the prize. I know that I would be a multi-billionaire if only this was true. In fact, it's shameful. CEO fraud or business email compromise, BEC. In this scam, fraudsters impersonate a company executive or supplier and send emails to the employees, typically in the finance department, instructing them to make urgent wire transfers to a fraudulent account. The emails can be highly convincing, sometimes involving hacked email accounts or domains closely resembling the legitimate ones. Romance scams. These are scams where scammers create a fake profile on a dating site or social media platform to form relationships with unsuspecting victims. Over time, they build trust and eventually request money, often in emergencies, travel expenses to visit victims or seemingly legitimate investment opportunities. Tech support scams. Victims receive, for instance, unsolicited communications, calls, pop-ups or emails claiming to be from tech support. of a well-known software company or hardware company, informing them of a non-existent problem with their computer or device. The scammers offer to fix the issue for a fee and may also install malware or request remote access to the victim's computer to steal further personal and financial information. I've tried to describe the various types here but clearly there's a lot more subtleties a lot more nuance and the scammers and the fraudsters get smarter and cleverer each day by trying to do slightly more credible things but the truth is there's a whole other world and the whole of the world for me is app scams and this is where In general, the fraudster poses as a bank official or a law enforcement agent or a representative of a well-known company, claiming there's an urgent need to transfer funds for security reasons or to settle a supposed debt or invoice, etc. The bad guys then coerce you to initiate a transaction. And that transaction is then authorized by you. And as a result of that, it's very challenging to recover the funds. And the victims often bear the loss. Hopefully that will change with regulation. But that whole genre is actually the biggest and the growing and probably the most frightening one right now. Okay, so around the world, we have different levels of fraud, but we also have different levels of innate trust. We have different levels of the norm, if you will. We also have different levels of financial literacy and technology to help combat the bad guys. But generally speaking, there is still an awful lot of fraud and the same principles that are enacted by the bad guys happen across the world. But like we talked about with the counterfeiting, the increased use of technology to make sure that our paper notes are much, much more difficult to counterfeit. But if we were to go back in time, we'd also see that we had, for instance, cross-checks, which made it more and more difficult for the bad guys to abuse checks. But it's not just that. You also see the industry and the regulators working together. You now see the huge change over the years from the use of cards with the click-clack machines that we talked about before to the magnetic stripe and now, of course, chip and pin and embedding them in phones and what have you. So every time you move forward, something else happens, but you can can see that the industry and the regulators are trying to work together. So the regulators aren't idle and the industry isn't idle. But there are certain things that we haven't talked about. For instance, things like GDPR. Data security regulations have come into play to try and protect our data. KYC, know your customer. These regulations require institutions to verify the identity of their customers, making it harder and harder for fraudsters to open up accounts in stolen names. We have AML laws trying to prevent criminals from laundering money through the financial system. These regulations can also help identify and stop fraudulent transactions. the Payment Card Industry Data Security Standard, that's easy to say, PCI DSS, which is a industry-wide standard that sets security requirements for organizations that accept, transmit, or store credit card information. So there's an awful lot of activity here trying to fight against the bad guys. But some of these things do seem a little like table stakes rather than a added value. For instance, I can't remember a bank advertising that you should move to them because they have a better KYC than the bank you're already working with. However, it's very clear that this is a very complex environment. And it's currently, or feels to me, like a case of whack-a-mole. We do this, they do that. The bad guys try and find something else. They try and find another niche. We try and protect that. But it's whack-a-mole. The bad guys clearly are very agile and they often operate in regions where it's difficult to track, let alone protect them or get the money back. While clearly the industry and the regulators are trying to do their best, it does appear to me that often compliance is more important than innovation. And moreover, the financial losses that the banks make can often be seen as just the cost of doing business. We clearly need to stay ahead of the bad guys, but I do fear that it's wishful thinking. And I don't think that we can really put the genie back in the bottle if that ever was the case. In some countries now, we're starting to see that regulators are saying, hey, we think this is a complex problem. We don't always know exactly what the right thing to do to combat it is. But what we can do is put the focus, back on making the citizens whole. That is to say, if they've been scammed, and of course, if they haven't done it to themselves, so to speak, then actually they should be made whole again. Now, a lot of my banking friends will be up in anger because this just seems like madness to them, but I'm afraid I believe it is probably a step in the right direction. And my logic here is that bringing a focal point of fraud into the bank, I think we'll start to put a big pound note or dollar sign onto the bank to make sure they do something about it. I think it is too easy to say it's just a cost of doing business. And it's also true to say that within the banks, it can be in very different places. And so bringing it all together, I think is important, putting the pressure on the banks to do something about it, I think is also very much the right thing to do. When I was on the PSR, I made my views very well known. Wasn't always popular in saying so, but I think it's true. When I worked on the building out of the PSF, I worked amongst other parts of it on the fraud initiative, trying to bring together the best practices to help the UK do the right thing. One of the other things that I'd really like to see is that we focus in on who are the bad guys and who are the good guys. And in my point of view, the good guys are the banks, the corporates and the citizens. However, most banks, are one-man bands when they're fighting fraud. They can't really share the information or the vectors of fraud that are coming in. And I would like to see that change. I do believe that the banks should be able to share that knowledge. And I know that there are privacy laws and I know that there are competition laws, et cetera, et cetera. But the truth of the matter is, I would genuinely like to see when the bad guys start attacking banks, that that information is shared immediately so that we can fight them together, not as a singleton bank with, frankly, one arm tied behind their back. I'd like to see the full intellect, the full insight, the full ability of the banks fight the bad guys. And in that sense, I believe there is very much a bigger picture. Well, there you go. I'm off my soapbox now. Frauds, scams, it's really the dark underbelly of payments. Not nearly given enough focus, in my humble opinion. That doesn't mean to say there aren't fantastic people. There genuinely are fantastic people working in banks, working in software houses, working in the cards industry, trying desperately to fix fraud. these problems. I just think there's a bigger picture and they could do with some help. But least we forget the size of this industry that we've now spawned is absolutely astronomic and we need to get our brains around it. So be safe out there. Be careful. And oh, if you could tell a friend, that'd be great. Cheers now.