ClickCease

Hope For the Best But Plan For the Worst: 2024 Fraud Predictions & How to Prepare

So for starters, let’s be clear – there’s a lot of fraud anticipated in 2024. Some of it will be performed in creative and complex ways.

January 17, 2024
Mary Ann Miller
Learn More about the author: Hope For the Best But Plan For the Worst: 2024 Fraud Predictions & How to Prepare
Fraud & Cybercrime Executive Advisor and VP of Client Experience at Prove
Share:
"All human wisdom is contained in the words wait and hope…” - Edmond Dantes, The Count of Monte Cristo

Alexandre Dumas, the great French novelist who penned, among others, one of the greatest works of literature The Count of Monte Cristo had a lot of experience with fraud. Edmond Dantes, the protagonist of this wonderful book is one of history’s great fraudsters, yet also one we cheer for throughout his journey of deception. Aramis, Athos, Portos, and others are tricky deceivers as well in their pursuit of love, adventure, and justice. When you take into account their duplicitous behavior, their efforts are not all that indistinguishable from what we see in today’s scammers.

The line quoted above is an incredibly prescient way to view the long game of fraud. It’s also a way to think about how we think about fraud. We are forever hopeful that our efforts will bring about an end to this scourge. That hope is, in many ways, the mother of invention for our work, and we continue to develop newer and better ways to beat fraudsters at their own game. But the waiting game is what we all face. What can we develop that will outwit bad actors? What new fraud approach is just around the bend that we will need to contend with?

Predictions about fraud are usually about being on the defensive. Predictors consider how we can react. But this year, we are taking a more active approach. Rather than simply waiting and hoping, let’s also add into the mix a sense of taking charge. There are certain trends we know are already on the rise. Subsequently, we know how to attack those things right now with tools, processes, and behaviors already at our disposal. So let’s acknowledge the necessity of waiting and hoping while applying a more informed blueprint for how we can address what inevitably stands before us.

So for starters, let’s be clear – there’s a lot of fraud anticipated in 2024. Some of it will be performed in creative and complex ways. Others will manifest in simple, old, tried-and-true forms that make us scratch our heads and wonder why we cannot solve it once and for all. There is no doubt that the landscape of fraud in 2024 promises to be more complex and challenging than ever.

We also know that the right foundations of a fraud-fighting approach will provide the best defense. Identity verification processes will be the most important aspect of our efforts. With that in mind, this blog focuses on things like the renewed onslaught on Know Your Customer (KYC) processes, the rising importance of mobile Driver's Licenses (mDL) in remote ID proofing, the identity crisis haunting financial institutions, and the mounting pressure on cryptocurrency and Decentralized Finance (DeFi) entities to address their identity woes.

Trend #1: KYC Under Siege: A Resurgence of Attacks on Onboarding Flows

In 2024, we anticipate a resurgence of attacks targeting KYC processes across diverse sectors like financial institutions, marketplaces, social media platforms, e-commerce companies, and other businesses. Cybercriminals are increasingly exploiting identity theft and synthetic means to create fake accounts, leading to a wide array of fraud types, including ACH fraud, P2P fraud, check fraud, dispute abuse fraud, marketplace abuse, and card fraud.

The corresponding operational costs, losses, and compliance impacts are poised to intensify as businesses grapple with the fundamental question of how many of their accounts truly represent legitimate identities. Organizations are urged to update their identity controls and recruit leaders specializing in identity management to fortify their defenses against these evolving threats.

However, the scope of these efforts must go far beyond onboarding processes. To combat increasingly sophisticated scam tactics, fraud teams have to implement measures that are persistently applied throughout the entire customer lifecycle. One component of this strategy is the adoption of passwordless authentication. By moving beyond traditional password-based systems, businesses can significantly reduce vulnerability to password-related breaches and bolster overall identity verification throughout their relationship with each customer.

Fraudsters are not simply attacking using the same tactics in mind. The rapid shift to digital platforms that has been in motion over the previous few years will continue in 2024, and there will be a particular rise in the significance of the phone number as a primary identifier across both public and private services. Additionally, legislative data sources recognize the phone number as a key identity attribute. Traditional identity verification methods relied on conventional identifiers, but contemporary approaches emphasize the use of the phone-centric identity as a unique identifier. This preference is attributed to the ubiquity of phone numbers and the wealth of information they offer by potentially linking to diverse data sources. Through effective orchestration, this expanded potential contributes to enhancing the accuracy of 2+2 verification methods.

It’s important to note that aligning the phone number with personally identifiable information (PII) data, such as name, address, date of birth, and email address, establishes ownership of the phone number. This, perhaps among all other approaches, is critical to preventing identity takeover within the KYC compliance process. The phone number's intrinsic link to various data points not only solidifies its role as a primary identification key but also reinforces its utility in fortifying identity verification methods for the digital age.

Trend #2: Mobile Driver Licenses Will Become Popular Remote ID Proofing Solutions

We should expect to see a rapid increase in use cases in the private sector for mobile Driver's Licenses (mDLs) for remote ID proofing. Lobbying efforts directed at the government for broader adoption of mDLs in the private sector are already happening, and while the government's current focus is primarily on compliance with the Real ID Act, discussions will broaden to include the benefits of mDLs in remote identity verification across industries.

Key figures, such as Jeremy Grant, Managing Director at Venable, will likely play a leading role in advocating for the widespread use of mDLs. The Better Identity Coalition's testimony to the House Homeland Security Subcommittee underscores the importance of identity management innovation in navigating the challenges posed by evolving fraud trends.

The implementation of mDLs for remote ID authentication demands an exploration of the technical advancements embedded within these digital licenses. From secure encryption algorithms to advanced biometric integration, fraud engineers are going to need to understand the underlying technologies that fortify mDLs against manipulation and counterfeiting attempts.

It will become clear to those tasked with implementing this new type of authentication that to effectively combat fraud, mDLs require a real-time identity verification solution at the foundation of all efforts. Fraud engineers will need to design and implement systems that facilitate seamless and instantaneous verification, utilizing protocols that ensure the validity of mDL data during each authentication attempt. To do this effectively, fraud teams will have to grapple with the challenge of interoperability and standardization within the ecosystem of mDLs. Ensuring compatibility with various systems and platforms necessitates a deep understanding of industry standards, protocols, and frameworks, enabling a smooth integration process across diverse applications.

Given the dynamic nature of fraud, fraud engineers should focus on developing continuous monitoring mechanisms for mDLs. Implementing anomaly detection algorithms that can swiftly identify irregularities in user behavior or authentication attempts is crucial to staying ahead of emerging fraud patterns and will be a critical element of their 2024 fraud playbook.

Trend #3: Financial Institutions Will Continue to Grapple with SARs and Identity Attribution

Not all fraud challenges in 2024 will be new ones. Financial organizations have been waiting and hoping for better ways to align Suspicious Activity Reports (SARs) reports with correct and accurate identities. This issue is anticipated to persist in the coming year, as it poses multifaceted problems for fraud teams and the financial sector at large.

In 2021, financial institutions collectively filed a staggering 3.8 million SARs as part of their commitment to combat financial crimes. However, a disconcerting revelation emerged from these statistics – a significant portion, precisely 1.6 million SARs, were associated with fraudulent activities. This alarming fact, as identified by the Financial Crimes Enforcement Network (FinCEN) in the Identity Project, underscores the pervasive nature of identity and synthetic-related fraud within the financial landscape. 

At the heart of this trend lies a critical issue – the inability of financial institutions to consistently link SARs with correct and verified identities. This complexity presents a formidable challenge when attempting to attribute financial crimes accurately to specific individuals or entities.

The complex nature of identity fraud is built on a wide array of tactics which include synthetic identity creation, identity theft, and other sophisticated maneuvers, complicating the task of identifying the true perpetrators behind suspicious financial activities. The result is a convoluted web of fraudulent transactions, making it arduous for fraud teams to establish a clear line of attribution to criminal actors.

As the scale and complexity of financial fraud continue to evolve, the struggle to complete SARs accurately emerges as a critical pain point for fraud teams. The lack of clarity in identity attribution not only impedes effective crime prevention but also hampers the ability to recoup losses and mitigate the broader impact on the financial ecosystem.

In light of these challenges, 2024 marks a crucial juncture for financial institutions to fortify their fraud detection and identity prevention mechanisms. Addressing the identity attribution conundrum requires a concerted effort towards adopting advanced technologies, leveraging data analytics, and fostering collaboration within the financial industry.

Strategies encompassing enhanced data verification and phone-centric authentication will play a pivotal role in unraveling the complexities of identity-related fraud. As financial institutions confront the escalating challenge of accurately completing SARs with correct identities, their proactive efforts will be rewarded through better alignment and capture of fraudulent identities.

Trend #4: There Will Be Increased Pressure on Crypto and DeFi Companies to Address Identity Issues

It would seem incomplete to list trends without addressing the identity issues in the cryptocurrency and decentralized finance (DeFi) markets. There will be special urgency in 2024 because crime and terror financing emanating from these new financial ecosystems has reached a tipping point. This article delves into the dynamics of this identity trend, emphasizing the imperative for self-regulation and anticipating the inevitability of regulatory scrutiny aimed at perfecting Know Your Customer (KYC) practices.

Both crypto and DeFi have inadvertently become fertile ground for illicit activities, including crime and terror financing. The decentralized and anonymous nature of these financial systems has enabled bad actors to exploit identity loopholes, posing a growing threat to the integrity of the entire sector. Recent stories, like the discovery of almost $1 billion in alleged terrorist and human and narcotics trafficking financing funneling through crypto giant Binance demand a decisive response in 2024.

It’s no secret to the crypto and DeFi communities, who find themselves at a critical juncture where self-regulation becomes not just a moral imperative but a strategic necessity. The industry must take proactive measures to address identity challenges, reinforce security protocols, and demonstrate a commitment to eradicating illicit financial activities within their realms. This involves collaborative efforts among key stakeholders, including exchanges, projects, and industry associations, to establish and enforce robust self-regulatory frameworks.

As regulatory pressure mounts, crypto and DeFi platforms face a delicate balancing act. Achieving KYC perfection is imperative, yet it must be approached judiciously to maintain the core tenets of decentralization, user privacy, and financial inclusion that define these ecosystems. Striking this delicate balance requires a nuanced approach that leverages cutting-edge identity verification technologies while preserving the fundamental ethos of crypto and DeFi.

To navigate this, crypto and DeFi platforms must turn to technological solutions that go beyond the tipping point. Implementing advanced identity verification mechanisms, including passwordless authentication and phone-centric verification to fortify these platforms against identity-related threats.

Final Word

Hoping and waiting has some level of inevitability in it, but it’s not a strategy. Knowing what we face in the coming year gives us the opportunity to face it head-on and with the right tools to put our organizations in the best possible positions to avoid major fraud issues. We encourage you to check out our How to Attract More Fraud in 2024 article for more.

Also, check out last year’s predictions here.

The modern
way of proving identity

Trusted by 2500+ leading companies to reduce fraud and improve consumer

Mary Ann Miller
Fraud & Cybercrime Executive Advisor and VP of Client Experience at Prove

Mary Ann Miller is the Fraud & Cybercrime Executive Advisor and VP of Client Experience at Prove. Mary Ann is a well-respected expert in the fraud and identity space who has been quoted by Sky News, TechCrunch, American Banker, USA Today, and others. Mary Ann was most recently Head of Fraud Strategy at Varo Bank, where she led the fraud strategy process for transitioning the fintech to a nationally chartered challenger bank. Prior to that, Mary Ann's held directorships and executive roles at well-known organizations such as USAA, PayPal, Lloyd's Banking Group, and other technology firms. She has also served on the US Federal Reserve Secure Payments Task Force and is a current member of the Federal Reserve’s Scams Definition and Classification Work Group.

Keep reading

See all blogs
Read the article: Account Takeovers: The Silent Revenue Killer
Blog
Account Takeovers: The Silent Revenue Killer

Account takeover (ATO) fraud is rapidly becoming one of the biggest threats facing digital marketplaces and gig platforms. Learn how ATO attacks work, why they are accelerating, the latest fraud trends and statistics, and how continuous identity verification helps organizations prevent account takeovers while protecting revenue, customer trust, and user experience.

Blog
Read the article: The Silent Drain: How SMS Pumping Is Bleeding Digital Marketplaces Dry
Blog
The Silent Drain: How SMS Pumping Is Bleeding Digital Marketplaces Dry

SMS pumping fraud is silently increasing verification costs for digital marketplaces by exploiting OTP workflows. Explore how these attacks operate, why traditional SMS authentication is failing, and how proactive phone intelligence can prevent fraud before an SMS is sent.

Blog
Read the article: Prove and Baselayer Partner to Bring Real-Time Business Verification to ProveX
Blog
Prove and Baselayer Partner to Bring Real-Time Business Verification to ProveX

Prove and Baselayer simplify business verification by combining trusted identity, real-time KYB intelligence, and seamless onboarding into a single workflow without requiring additional verification steps.

Blog