ClickCease

Fortifying Indian Businesses: Understanding 8 Common Types of Fraud for Effective Fraud Prevention

Ravi Rathi
June 27, 2023

In today’s digital-first world, fraud prevention can feel hopeless. Just when you think you’ve got your fraud prevention operations under control, another new and dangerous fraud risk emerges. News stories about malware, ransomware, bots, and account takeover fraud all compete for the headlines along with phishing attacks, data breaches, and a wide array of other cybercrimes.

Most of today’s most common cybercrimes share one thing in common; they all leverage data stolen from a data breach. The total cost of data breaches is difficult to estimate but according to the IBM Security Data Breach Report of 2022, India's average data breach cost is at a record high of Rs 17.6 crore for the fiscal year of 2022.

Despite the best efforts of law enforcement, cybercrime is rampant, affecting nearly every aspect of digital life. Machine learning and artificial intelligence are radically altering the fraud landscape in new and unpredictable ways. From e-commerce and healthcare to banking and financial services, every industry in India and around the world has been impacted to some degree.

Proactively developing effective fraud detection and fraud prevention strategies for the most common types of fraud is possible. By focusing on the following 8 types of fraud, companies can develop cost-effective strategies to flag suspicious activity in real-time while also protecting user experience and preventing reputational damage.

Let’s explore the 8 major types of fraud in India and discuss how enabling advanced digital identity solutions such as cryptographic authentication can prevent online fraud and the resulting reputational damage without breaking the bank.

Fraud Type 1: Identity Theft

Identity theft, aka true name fraud, is one of the most damaging types of fraud. Identity theft takes place when a fraudster uses a consumer’s stolen personal data to achieve illicit financial gain, typically through fraudulent transactions. After stealing a victim’s identity, the fraudster will open up new accounts in various financial institutions that can be used for money laundering, apply for new credit cards, and take out loans from various financial institutions with no intention of paying them back. 

Identity theft is a broad fraud risk category that includes other types of fraud including TIN Fraud, Disability Fraud, and Synthetic Fraud. In total, over 27 million Indian adults experienced identity theft according to the most recent reports. 

How can Prove help? When creating an account using stolen personal information, the fraudster will typically enter the victim’s real personal information (name, birthday, Aadhaar, PAN number, etc.) but then replace the victim’s real phone number with their own “burner” phone number, typically a personal prepaid number.  Prove Auth™ can prevent identity theft by determining that the fraudster is neither the rightful owner of that phone nor in possession of the victim's phone (physical device) during the transaction. In other words, Prove Auth™ uses phone-centric technology to flag this fraudulent transaction as suspicious. 

Did you know that according to the Times of India, ”Bengaluru is the identity theft capital of India?” 

Additional Resources:

Fraud Type 2: First-party Fraud

Unlike identity theft, the first-party fraud scam doesn’t involve stealing another person’s personal information but rather using one’s own identity to commit fraud. A common form of first-party fraud, known as chargeback fraud, occurs when an individual makes an expensive purchase and then falsely disputes the purchase as fraudulent with their credit card company or financial institution.

Chargeback protection was designed to protect consumers from unauthorized purchases but is now used by fraudsters to bilk money from merchants. 

In the case of e-commerce, they may claim the product arrived broken. In other scenarios, they may claim their credit card was stolen and they never authorized the purchase.

This type of fraud costs e-commerce companies and financial institutions billions every year. In fact, some fraud experts claim that first-party fraud is more prevalent than third-party fraud vectors like identity theft. First-party fraud is a notoriously difficult scam to flag which is why it is often misclassified by fraud teams.

Of course, first-party fraud isn’t the only type of fraud that leverages e-commerce. Throughout India, fraudsters dressed up as legitimate couriers often trick customers paying via cash-on-delivery by fooling them into sharing one-time passwords

How can Prove help?  Prove Auth™ makes it much harder for individuals to falsely dispute charges with financial institutions as it can produce detailed evidence that indicates when a user’s verified phone number is associated with the transaction. This provides a critical layer of security on high-risk transactions like major purchases.

Did you know that global chargebacks are expected to reach volumes 47% higher than 2019 pre-pandemic levels?

Additional Resources:

Fraud Type 3: Bot Attacks

Fraudsters generate algorithms to sign up for online accounts in bulk, often using non-fixed VOIPs in the process. This is called a bot attack and they take place every day. In fact, over 1.6 million cyber attacks were blocked by insurance companies in India every day in January. 

A fraudster uses bot attacks to create thousands of phony accounts, often using real data from victims, for a variety of malicious purposes including phishing for credit card numbers and executing data breaches at healthcare websites.  

How can Prove help? Bot Attacks are prevented by establishing proof of possession of each phone number used by an end consumer. Additionally, establishing phone ownership confirms the identity of a consumer is linked to a specific phone number.

Did you know that roughly 600,000 Indians have had their data stolen and sold on the bot market?

Additional Resources:

Fraud Type 4: Physical Theft of Phone

The physical theft of phones is not as scalable as the other types of fraud because it requires a criminal to steal a mobile phone from an unsuspecting victim which is risky, time-consuming, and attracts attention from law enforcement. 

However, this type of crime does happen. After the phone is stolen, the criminal can use the phone to perpetrate a wide variety of fraudulent activities including intercepting OTPs, using existing accounts to conduct money laundering, and executing account takeovers, steal passwords. Remember, if your phone is stolen, contact your mobile carrier right away. 

How can Prove help? Trust Score+® can detect when the carrier suspends the phone line and performs a legitimate SIM Swap. Phones with recent SIM swaps earn a lower Trust Score® and can be flagged as suspicious activity. This can prevent financial institutions from issuing one-time passwords, putting a stop to unauthorized account takeover fraud. 

Did you know that the Indian government has set up a pan-Indian program to track stolen phones?

Fraud Type 5: Port Attacks

In this fraud scenario, a fraudster impersonates the victim and ‘ports’ or switches the victim’s phone number from one mobile carrier to another. Sometimes this requires social engineering or bribing employees at cell phone stores. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, wallets, trading accounts, and other important accounts to transfer the funds into tonal financial institutions.  

How can Prove help? Trust Score+® will detect when a victim's phone number is taken over through a SIM swap via a Port-out attack. This attack is more common in taking over existing accounts versus at account creation. This capability is included in the base Trust Score®.

Did you know that about 63% of Indian adults say that they feel more vulnerable to cybercrime since the pandemic? There has been a cumulative total of 819.70 million mobile number portability requests submitted by the end of March 2023 according to TRAI.

Additional Resources:

Fraud Type 6: SIM Swap Fraud

SIM swap fraud takes place when a fraudster impersonates the victim and requests a device swap from the same mobile carrier. The victim’s phone will be deactivated and the fraudster’s device will begin accepting phone calls and SMS from that number. This is called a SIM swap. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, wallets, trading accounts, and other important accounts to transfer the funds into their accounts. 

How can Prove help? Trust Score+® will detect when a victim's phone number is taken over, through a SIM swap via a device swap attack at the existing carrier. This attack is more common in taking over existing accounts versus at account creation. 

Did you know that 36% of Indian adults detected unauthorized access to an account or device in the past 12 months?

Additional Resources:

Fraud Type 7: Synthetic Identity Fraud

Synthetic identity fraud is a newer iteration of identity theft. In this fraud threat, a fraudster will create a synthetic or false identity by combining both real data from a victim with fictitious personal information. 

How can Prove help? Prove Auth™ enables passwordless authentication with device intelligence for mobile apps and omnichannel experiences and protects from fraud and account takeovers — all while enhancing the consumer experience.

Did you know that 60% of Indian adults reported being “very worried” that their identity will be stolen?

Additional Resources: 

Fraud Type 8: Known Fraudster

Most fraudsters are prolific. They don’t just target one victim, they target hundreds or even thousands of victims. When they target a victim, they often take over multiple accounts– focusing especially on financial institutions (including wallets, banking, investment accounts, etc.) Unfortunately, they often evade law enforcement with ease.  

How can Prove help? Trust Score+® is a prevention solution that can detect bad actors and suspect phones that have been used in financial crimes as we launch the Prove fraud network. In addition, we are analyzing the correlation between phone number tenure and recycling behavior to catch known fraudsters and abusers.

Did you know many fraudsters are part of large, highly-organized fraud rings?

The fight against fraud can be challenging, but it is not impossible. By understanding the various types of fraud that exist and using cryptographic authentication-based digital identity solutions like the ones offered by Prove, businesses can protect themselves and prevent fraud from occurring in the first place.

Conclusion

Over the past few years, fraud has proven to be the Achilles' heel of digital transformation. Although India’s rapid shift to a digital-first approach to business has resulted in innumerable benefits ranging from economic growth to consumer convenience, it has also resulted in a surge in fraud. To prevent fraud and protect consumers, a growing number of companies throughout India are leveraging Prove’s comprehensive suite of digital identity solutions to prevent the most common and dangerous fraud vectors today. 

To schedule a free consultation with a fraud prevention expert, contact us today.

Tags:
india

Keep reading

See all blogs
Empower Your Development Workflow with Prove Identity’s New Developer Portal

Prove Identity has launched a free Developer Portal for engineers to test out the Prove Pre-Fill® solution, which streamlines the customer onboarding process while preventing fraud.

Nicholas Dewald
September 24, 2024
Emerging Markets and Mobile-First Economies Embracing Digital Identity Verification

PYMNTS interviewed Prove CMO Brad Rosenfeld for the most recent episode of, “What’s Next in Payments,”

Kelley Vallone
September 18, 2024
The Rising Threat of Fake Business Accounts: Mary Ann Miller Offers Guidance on Effective Identity Verification Strategies

Miller was the featured guest on InfoRisk Today, where she explained some of these rising threats and the corresponding need for better, more rigorous identity verification strategies.

Kelley Vallone
September 18, 2024