The cat is out of the bag 🐱📤 👜. And you can’t put the cat back in the bag. Once the cat is out of the bag, it’s out for good.
And if 2021 taught us anything, it’s that chronic fraud – like the cat – is here to stay forever.
The myth that fraud is for sophisticated criminals only is over. It’s too easy to do. It’s far too lucrative. And most of the time there are zero consequences.
Hundreds of Thousands Of New Fraudsters Have Been Activated
The fact is we created hundreds of thousands of new fraudsters and scammers (if not millions) over the last 18 months.
We created financial pressure where they were desperate. We pushed trillions in stimulus money piles for them to take. And then we let social media platforms train them, or recruit them into the dark world of fraud.
Brett Johnson spelled out the allure of fraud to the new generation of Telegram fraudsters in this post.
The fraud cat is out of the bag. We can’t go back now. Get used to it and double down your efforts. It’s going to be a long, hard fight.
First, Let’s Look Back At 2021 – It Was Deja Vu All Over Again
Maybe it was wishful thinking, but I was under the impression that 2021 would be a return to normalcy in a “post-pandemic world”.
Well, the pandemic never ended. And fraud never went back down. 2021 was deja vu all over again but with some interesting new twists.
And here is what we saw:
#1- Stimulus Fraud Mushroomed to $242 Billion As Benefits Abuse Worsened
Fast money = Fast fraud. And no money was faster, or easier than stimulus money (again) in 2021. If anything, the Paycheck Protection Program (PPP) fraud got even worse in 2021 with new Fintech entrants being blamed for enabling fraud rates as high as 15% while they collected billions in fees.
#2 -Identity Theft Soared to $56 Billion – A 300% Increase Over Prior Years
Perhaps not surprisingly but certainly jarring, identity theft estimates soared. In March, Javelin estimated that identity theft losses had increased over 300% – driven largely by stimulus-related fraud and scams.
#3 – SAR Filings Will Likely Hit Record- 4 Million For The Year As Fraud Reports Climbed To Highest Ever
By October, SAR filings to FinCen indicated that from a reporting perspective 2021 was going to be another record-breaking year.
SAR’s are estimated to hit 4 million by the end of the year – another 8% increase in reported fraud over last year.
#4 – Bots Emerged, Wreaking Havoc and Ushering In A New Era of Fraud Automation
And 2021 ushered in a whole new level of social engineering tools designed to make fraud easier for those hundreds and thousands of new fraudsters that entered the scene.
In June, OTP Bot services began to appear which completely automated the pilfering of OTP passcodes from victims with zero human-to-human interaction.
#5 – As Scams and Fraud Proliferated in 2021, The Government Stepped In
By July, with fraud and scams increasing at record levels the government stepped in.
The CFPB released a FAQ on electronic funds transfers, that clarified their position that more consumers needed to be reimbursed for scams. It marked the beginning of the end where banks can hold consumers liable for all scams.
#6 – Amazing Fraud Companies Grew Quickly As Investment In Fraud Technology Hit New Heights
But it wasn’t all doom and gloom in 2021. One bright spot? There was massive investment in fraud tech and a whole legion of startups took in a record amount of funding. The fraud space is red hot across identity, lending, data orchestration, and automation.
Looking back, 2021 was an eventful year with some highs and lows. Fraud, as always is the case, is in a constant state of change.
What Can We Look Forward To in 2022 ? I called Maryann Miller (And Karisse Hendrick Too)
So what is in store for 2022?
To answer that question, I reached out again to Maryann Miller and asked her if she wanted to come up with another list for the new year.
This year, we needed a little extra help however so we called our good friend and cyber fraud expert – Karisse Hendrick – to give us her take on a new and emerging fraud we think is going to be a big deal in 2022.
Prediction 1 – Synthetic Identity Fraud Increases With Deeper and Better Fakes And Expansion To Synthetic Businesses
Synthetic Identity will continue to grow and keep its reputation as America’s fastest-growing financial crime. Virtually every financial institution is grappling with synthetic identity because the fakes are getting deeper and more convincing.
In 2021, identity thieves proved they could defeat Driver’s License checks with realistic-looking masks. They proved they could fake their credit history with virtually undetectable fake tradelines. And they were given a plethora of online tools such as generated.photos to create an endless array of fake images for identities.
In 2022 Synthetic Identity will only get better with fraudsters leveraging a variety of techniques including:
- Using CPN profiles aged for at least 24 to 36 months to appear more legitimate
- Use of real high value tradelines such as mortgages and high limit personal loans to bolster credit history
- Using third party public records tools (the same search tools banks and investigators use) to identify true non-issued social security numbers which will make detection more difficult
- Leveraging more realistic Drivers License, SSN Cards and other supporting documentation
- Using computer generated synthetic faces for documentation and selfies
Additionally, fraudsters will shift their focus to using synthetic identities tied to shell companies and aged corporations to go after much higher value business credit lines. Most credit repair companies are already pushing consumers in this direction now.
Prediction 2 – Government Agencies Are Compelled To Deal With Identity Fraud Once and For All
You can only blame fraudsters when you’re getting crushed with fraud for so long. And government agencies are at that breaking point now.
The Federal and State governments are now largely to blame for the dramatic rise in identity fraud here in the US because they cannot get their act together in controlling fraud. Millions of US citizens are being defrauded because their systems to control fraud simply don’t work.
In 2010, identity fraudsters began hitting government agencies starting with the IRS. Those attacks drove a 46% spike in identity theft reports to the FTC. By 2015, the IRS began to do something about it and deployed artificial intelligence tools.
When those solutions were implemented by the IRS, fraudsters merely shifted their attacks to the State Tax Boards and kept the fraud scheme going. By 2020, those fraudsters shifted again to attack states Unemployment agencies, resulting in over $87 billion in fraud.
In 2022, you will see a concerted effort by fraud solution vendors (Prove, Socure, LexisNexis, ID.me, Sentilink) and taxpayers to compel the US Government to stop the fraud once and for all. I believe they will be successful.
Prediction 3 – Extent of Fintech Fraud Comes To Light and Forces More Prudent Controls
P2P apps, NeoBanks, and small business lending platforms experienced meteoric growth in 2021. But with fast money comes fast fraud. And with these new fintech players – there is tons of fast fraud.
We believe 2022 is the year that the extent of that fraud comes to light and forces some of these Fintech’s to adopt more prudent fraud controls. Because face it, the current level of fraud on their platforms is an unsustainable business model.
And some of those changes may not be voluntary. With Congress investigating the outsized role that fintech lending platforms played in the $76 billion PPP loan fraud debacle you can bet that change will certainly be imminent.
Look for big changes in Fintech fraud in 2022.
Prediction 4 – Governments Will Push Banks To Take On More Liability For Scammed Customers
There has been a seismic shift in scams here in the US and 1 in 5 consumers is targeted by phone scammers alone. In 2021, scam calls increased again by over 100%. T-Mobile tracks scam calls on their network and are logging an astounding 2.5 billion scam calls a month.
With so much impact on consumers, you can bet the Government is going to continue to push banks to do more to reimburse victims of scams. The CFPB got the ball rolling last year, but you can expect the trend to gain more steam this year. Banks will need to formulate a comprehensive strategy to stay in compliance in 2022.
Prediction 5 – Fraudster Automation Will Rapidly Accelerate, Turning Newbies Into Experts Instantly
The Fraud as a Service Industry is still in its infancy. But it’s growing exponentially as expert fraudsters and scammers turn their attention to selling their methods, services, and fraud-perpetrating-tech to others.
Professional Refunding, BEC as a Service, Buy4u, were initial fraud services that all required professional services from the seller, but with the advent of OTP Bots in the last 6 months we are now seeing more automated tools being sold in the market.
In 2022, we predict the development and deployment of these automated fraud services will accelerate. They may even begin to incorporate Ai to make them smarter, more targeted, and more human-like. These automated bots could include account opening bots, loan application bots, credential stuffing bots, and new hyper-realistic social engineering text and chatbots.
Prediction 6 – Scarcity Will Push Selling Scams Higher Forcing MarketPlace Vendors To Increase Scrutiny
Supply chain issues are expected to continue for most of 2022 and that means scarcity and inflation will persist well into the year. Fraudsters and scammers thrive in this environment. They can peddle their non-existent goods in online marketplaces for extraordinary prices to desperate buyers looking for things they want and can’t get.
It’s money for nothing – literally. And some of the new schemes they’re coming up with would make your head spin.
Take for example the new Turo Fraud Scheme that is turning synthetic fraudsters thousands a day in profit by subleasing fraudulently obtained vehicles.
In 2021, dealerships’ inventories dwindled and rental agencies had no inventory in stock because they sold off their fleets during the height of the pandemic. Synthetic fraudsters rushed in to fill the void by purchasing luxury cars and then renting their own fleet of stolen cars on Turo – often netting $500 or more per car, per day.
Look for more of the scarcity fraud schemes to increase in 2022 forcing marketplace vendors to increase their diligence.
Prediction 7 – Digital Transformation Trend Is Going To Burn New Entrants
97% of banks and lenders have Digital Transformation projects afoot to move their services and products online. While this is great news for their consumers, the move online is fraught with fraud risk these banks and lenders may not fully comprehend.
Traditional banks, credit unions, auto lenders, and mortgage lenders are good examples of the types of companies that have traditionally relied on non-digital processes to onboard new customers and originate new loans and products.
As these lenders and banks launch their online portals there is a very high chance that many will get burned with unexpected fraud. In fact, they may have little experience with the velocity or sophistication of attacks that will come as soon as they go live. They will experience higher levels of identity theft, synthetic identity, exploitation of the application process, and account takeover attempts.
In 2022, there will be some damage to new entrants to the online world.
Prediction 8 – Buy Now Pay Later Become Exploited With Trojan Horse Schemes
Fraudsters can sniff out any gap in a merchant’s fraud controls. And the Buy Now Pay Later (BNPL) options that many merchants now offer are their latest mouth-watering target.
According to Karisse Hendrick, a Trojan Horse scheme that exploits the gaps between the merchant’s own fraud controls and their third-party BNPL providers will evolve and grow in 2022.
Because merchants enjoy a liability shift on fraud from their BNPL provider of choice (something the providers offer as a carrot to get the business), many are not running the transactions through their fraud prevention systems. So, fraudsters create accounts with the merchant using a BNPL provider. The trojan horse is in the gate!
Within a month of the 1st transaction, the fraudster changes their payment method to a stolen credit card. Since the account has prior “good activity” the fraud prevention systems will often auto-pass subsequent charges. The fraudsters then go to town submitting high dollar purchases their carte-blanche privileges.
What further complicates this scheme (much to the fraudster’s delight) is that BNPL providers don’t notify the merchant when they receive a chargeback for prior fraud orders in a timely manner. The fraudsters can carry on the scheme racking up tens and thousands in fraudulent purchases.
Prediction 9 – Digital Identity Will Start A Fundamental Transformation
Validating digital identities has become increasingly problematic in the last 24 months. Data breaches and new social engineering techniques have made it possible for bad actors to obtain all the information they need to fake their digital identities. And account opening bots are making it easier for these same people to open hundreds of accounts simultaneously.
Data points like IP Addresses and Device ID are no longer good enough in verifying someone is who they say they are. And standard bureau alerts and legacy tools no longer deliver the sort of precision necessary.
In 2022, new technologies will emerge and take root – and at the center of that transformation will be your phone and your face.
In the next 36 months, Juniper Research predicts that over $3 Trillion in payments will be authenticated with biometrics. This includes facial recognition, iris detection, voice and fingerprint matching.
And Digital Identity will come to your phone this year too. Apple is adding the ability to add digital driver’s licenses to the Apple Wallet. Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah have already signed on and TSA will accept those digital identities at the security lines.
Prediction 10 – Fraud API Attacks Could Become Devastating Reality to Solution Vendors
The use of APIs for fraud checks is surging as lenders and banks push their digital transformation projects forward. But sophisticated attacks against those same services could become a devastating reality for some in 2022.
According to SaltLabs, the average number of API endpoints within an organization grew from 28 in June 2020 to 89 in 2021. API traffic now accounts for 80% of all internet traffic.
Attacks against vendors’ APIs are now surging. In fact, 1 in 10 API providers had their services attacked more than 500 times a month!
SaltLabs attributes the rise in API attacks due to the fact that many companies jumped on the API bandwagon quickly without the proper forethought into ongoing maintenance and security. 26% of vendors have no security strategy in place for their APIs.
Watch for these attacks to increase a lot in 2022.
Fraud Predictions Are Really Anyone’s Guess – Do you have any we missed?
Trying to predict what exactly is going to happen in fraud is nearly impossible. Your guess is as good as ours. You probably have some great ones that we didn’t even come up with.
But each of our predictions we come up with are all based on the same premiss:
- Fraud is always going to be in the new fast growing products and services.
- Fraud will always follow the fast money.
- Tomorrow’s fraud is always the same as today’s fraud, just with a twist.
So if you have been around fraud long enough, you too can probably see a new fraud trend coming in hot from a mile away.
Because it’s always the same thing and doesn’t really change. The products change. The companies that launch those products change. The world changes.
But fraud? It’s always the same thing – but with a twist 🔄.
Some Parting Thoughts For All You Fraud Fighters As We Head in 2022
As we head into 2022, Maryann and I will leave all you fraud fighters with some parting thoughts.
Frank – Be The Voice of Reason With All These Bubbles in 2022
“Face it, we are living in a strange time. There are bubbles everywhere – the property bubble, the student loan bubble, the crypto bubble, the fintech bubble, the federal debt bubble, and probably ten more. I’ve lived through a few bubbles in my time but I have never in my life seen all of them happen at once. And unfortunately, fraud has played some role in every single one of them.”
Maryann – Draw Your Fraud Fighting Energy From Helping Consumers
“As fraud fighters we’re lucky. We get to do jobs that help our companies, but we also get to help the world. I think it’s those dual roles that make our profession unique but also one that draws us all together. When work gets hard, just remember who you are really fighting for – the victims. That will drive you to always work harder. I know it does for me.”
Thank you everyone! We hope you have an amazing 2022. Thank you for all you do fighting fraud each and every day.