News

A fishing hook in a credit card sitting on top of a computer keyboard

The Shape of Fraud to Come

By Chris Alarie on Apr 19, 2023

Fraud is, by necessity, an ever-shifting practice. In order to stay ahead of regulators and law enforcement and in order to continue to deceive the pool of potential victims as they get wise to fraud schemes, criminals must constantly shift their tactics and come up with brand new schemes. Unfortunately, the constantly changing nature of the payments industry affords them plenty of opportunities to do so.

Fraud Trends of the Near Future

Recent trends in fraud, as well as knowledge of ongoing changes to the payments industry, allow us to make predictions about how fraud is likely to evolve in the coming years.

Romance Scams

These are fraud schemes in which a criminal disguises their identity and proceeds to trick their target into engaging in some sort of fake long distance romantic relationship as a means of defrauding them. The fraudster consistently comes up with excuses for not meeting in person—usually something like being deployed overseas in the military or otherwise out of the country—but still dupes the mark into developing what they believe to be a genuine romantic relationship. The fraudster then uses this relationship as a pretext for asking for money, usually processed as wire transfers, gift cards, or prepaid cards. After receiving the payment, the criminal ceases communication and the fraudulent nature of the relationship becomes clear.

In recent years, romance scams of this type have increased dramatically, likely due to the increased reliance on digital communication, the worsening conditions of loneliness in modern life, and the way the COVID-19 pandemic has exacerbated both. The Federal Trade Commission (FTC) reported that romance scams accounted for $547 million in losses in 2021, an 80% increase compared to 2020 and a sixfold increase compared to 2017. It seems highly likely that this form of fraud will continue to grow in the coming years.

Ransomware

Ransomware attacks are a form of cyberattack in which criminals use some sort of malware to collect personal data, block access to accounts, or otherwise disrupt computer systems in order to create leverage for a ransom. These attacks may occur at small scales, attacking individuals, or at larger scales, attacking groups or institutions.

As with romance scams, ransomware fraud is increasing precipitously. According to the U.S. Treasury Financial Crimes Enforcement Network, fraud losses due to ransomware totaled $590 million in the first six months of 2021, more than the $416 million for the entirety of 2020. Notable ransomware attacks include the May 2021 Colonial Pipeline attack in which Russian hackers shut down an oil pipeline serving the Southeastern United States and successfully convinced the Colonial Pipeline Company to pay a $4.4 million ransom—although the Federal Bureau of Investigation (FBI) was later able to recover a significant portion of the ransom.

Digital Elder Abuse

Digital elder abuse is essentially any sort of internet fraud that specifically targets senior citizens. Fraudsters attack the elderly in order to take advantage of their relative unfamiliarity with the internet and how to manage the risks associated with its use.

Experian’s 2022 Future of Fraud Forecast predicts an increase in digital elder abuse. The primary driver would be the way that the COVID-19 pandemic has forced many senior citizens who may not have had much previous familiarity with the internet to use it for essential activities such as grocery shopping and scheduling healthcare visits. They predict that these “digital newbies” will be enticing targets for social engineering and account takeover fraud schemes. Sadly, the elderly can also be targets for romance scams.

New Payment Method Scams

Recent years have brought a wide variety of new ways to provide payment, both online and in person. Most of these involve mobile phones and increase both the speed and consumer convenience. Of course, that emphasis on speed and convenience as well as the novelty opens up opportunities for fraudsters. Consumers, merchants, and financial institutions should all be aware of the risks associated with new payment methods such as “buy now, pay later” (BNPL); peer-to-peer (P2P) payments; digital wallets; open banking; and overlay services such as Google Pay, WhatsApp Pay, Amazon Pay, etc.

Phishing

Phishing is a form of fraud attack in which a fraudulent actor tricks their target into revealing sensitive information by impersonating some sort of trusted entity known to the victim. The classic form is conducted via spam email but there are a number of variants, including spear-phishing (targeting a particular individual rather than widely trawling for as many victims as possible), smishing (SMS phishing), vishing (voice call phishing), whaling (spear-phishing targeted at an executive), and others. As a widely used fraud tactic, it can be combined with a number of the other trends discussed in this article.

Identity Theft and Merchant Identity Fraud

Similar to phishing, identity theft is one of the most frequent and classic fraud techniques. A criminal fraudster impersonates somebody and uses that fraudulent identity to make purchases, transfer money, or defraud another victim as a part of a larger scheme. It can be a critical component of most of the fraud schemes discussed in this article and is likely to increase in conjunction with those schemes.

Merchant identity fraud is a sort of inverse to identity theft. Rather than impersonating an individual and defrauding businesses, the fraudster impersonates a business in order to defraud cardholders. Forbes predicts that both identity theft and merchant identity fraud will increase in the near future.

Metaverse

Metaverse fraud is necessarily more speculative than the others due to the fact that, strictly speaking, metaverses do not yet really exist in any meaningful, widespread manner. Indeed, there is not anything close to a consensus as to what the metaverse even is. Wired summarizes the uncertainty while at least aiming toward a loose understanding of what the metaverse could be:

“Broadly speaking, the technologies companies refer to when they talk about ‘the metaverse’ can include virtual reality—characterized by persistent virtual worlds that continue to exist even when you're not playing—as well as augmented reality that combines aspects of the digital and physical worlds. However, it doesn't require that those spaces be exclusively accessed via VR or AR. Virtual worlds—such as aspects of Fortnite that can be accessed through PCs, game consoles, and even phones—have started referring to themselves as ‘the metaverse.’”

Despite this uncertainty, many tech companies are making significant plans to invest heavily in metaverses whenever they actually do come into existence. Facebook even changed the name of their company to Meta, indicating how heavily the metaverse factors into their future plans. If metaverses come into wide use, there will be ways to process monetary transactions on them. And criminals will find ways to commit fraud in order to take advantage of those transactions.

Cryptocurrency

Cryptocurrency is decentralized, digital currency. It is designed to be used for peer-to-peer transactions conducted via a cryptographic ledger known as a blockchain. Cryptocurrency transactions are anonymous, since they occur over blockchains. They are also usually irreversible and are effectively unregulated. As a result, cryptocurrency is perhaps the most fertile ground for fraud in the world today. The FTC reported more than $1 billion lost in crypto scams in just the first six months of 2021. Earlier this year, the Department of Justice (DOJ) charged a married couple with crimes related to their efforts to launder more than $4.6 billion worth of stolen cryptocurrency.

Cryptocurrency also figures distinctly into the interconnectedness of both global payment regimes and the world of fraud. Each of the above categories/schemes may operate discreetly or in conjunction with other schemes. Cryptocurrency, in particular, is a key element of many fraud schemes. For example, the FTC reported that the largest portion of 2021’s record romance scam losses were processed via cryptocurrency, $139 million. The ransom in the Colonial Pipeline hack was paid in bitcoin.

Conclusion

Fraud can take many forms and attack different kinds of targets. Some of the aforementioned forms of fraud affect merchants directly; others affect them secondarily; and others may seem to be more concerning for individuals, the government, or non-merchant businesses. But make no mistake: fraud always creates an environment unfavorable to merchants. Whether or not fraud schemes directly affect or implicate merchant businesses, merchants should be prepared to protect their businesses and customers from fraud in all its evolving forms.