In 2023, scammers defrauded victims from all around the world of over $1 trillion, according to the Global Anti-Scam Alliance. That’s roughly equivalent to the Netherlands’ GDP. While banks are becoming more adept at protecting their own systems from cyber-attacks, fraudsters have shifted their focus to the weakest link in any security—humans. Every day, consumers are targeted by a variety of frauds, ranging from phishing, account takeovers, and remote access scams to manipulative social engineering schemes.
This staggering sum raises a critical question: why are traditional fraud prevention methods failing to protect consumers?
Technological advancements in fraud
Unfortunately, falling for fraudulent schemes is easier than ever, as cybercriminals use increasingly sophisticated tactics. Generative artificial intelligence, in particular, represents a double-edged sword. Not only does it eliminate known signals of fraud, such as language deficiencies, but AI also assists fraudsters in developing financial malware, scaling phishing attacks, and, critically, generating persuasive deepfakes.
Experts warn that deepfakes will likely further fuel the wave of scams in the near future— even as you read this, more people are being targeted by deepfake-enhanced fraud. Distinguishing a real person (or their voice, in the case of audio deepfakes) from an artificially generated image or sound is almost impossible.
Surge of authorized fraud
The result? Authorized push payment (APP) fraud, a scam in which a legitimate customer makes a seemingly legitimate payment under the influence of a fraudster, is now the number one fraud globally.
In 2023, APP fraud losses in the UK amounted to £460 million, with purchase and romance scams reaching their highest levels since 2020. It’s reasonable to assume that APP fraud is also responsible for a significant portion of the $10 billion lost by US consumers, especially as more than 70% of these losses were caused by investment and imposter scams.
As if these figures were not worrying enough, it’s important to note that many victims never report their losses. A very conservative FTC estimate indicates that although just under $8.8 billion in fraud losses were reported in 2022, the reality, including unreported cases, is likely closer to $20.5 billion.
Why do traditional measures fail?
When it comes to authorized payments, traditional anti-fraud measures fall short. Traditional detection systems simply cannot determine whether a legitimate customer, making a legitimate payment from their regular device, is doing so under the influence of a fraudster. There are several reasons for this.
First, traditional fraud detection systems mainly focus on transactional anomalies, such as large sums of money or unusual locations. However, APP fraud often involves regular payment amounts to seemingly legitimate recipients, making it difficult for these systems to flag such transactions as unusual. The absence of contextual data is a major limitation.
Second, unlike unauthorized payment fraud, where the bank might automatically flag suspicious activity, scams are typically reported once the victim realizes they’ve been duped. Since traditional systems lack real-time, proactive measures to identify this type of fraud, the response is typically reactive, making the recovery of funds difficult.
Last, fraudsters frequently change the accounts they control, using money mules or quickly shifting funds across multiple accounts to avoid detection. Traditional systems may not track these money laundering techniques in time, and since APP fraud involves manipulating the victim into authorizing the transaction, the systems often fail to catch the fraud until it’s too late.
As some regulators begin shifting the responsibility for fraud damages onto banks, effective fraud detection is becoming crucial for financial institutions. So, is there any way to effectively prevent modern fraud?
How to prevent modern-day fraud
Addressing modern-day fraud requires modern-day approaches—ones that can cover the entire fraud lifecycle across all digital channels, and in real time. In this context, behavioral intelligence is proving to be an effective solution. It can not only verify that a user is legitimate but also identify subtle shifts in their behavior and payment patterns. This capability is critical when combating fraud in today’s landscape.
For example, ThreatMark’s Behavioral Intelligence Platform combines transaction risk analysis, threat detection, and user behavior profiling capabilities into one comprehensive solution that monitors a wide range of signals across all digital channels. The diverse range of input data about user behavior, devices, threats, and transactions provides critical context, which is essential for detecting modern fraud.
That is because scams are, in fact, detectable. There are subtle but clear signs that APP fraud might be occurring: an ongoing phone call during an online banking session; repeated transitions of a banking app between foreground and background; opting for instant payment; unusual user behavior; active screen sharing; or a new payee. These are all signs of ongoing APP fraud—and the Behavioral Intelligence platform can identify them in real time.
Leveraging context with behavioral intelligence
Relying on static rules, focusing solely on transactional anomalies, or ignoring behavioral data—these factors explain why traditional fraud prevention measures fail when faced with modern fraud based on social engineering.
To effectively detect fraud and prevent fraudsters from succeeding, banks need to leverage contextual data and detect subtle deviations in device usage, user behavior, and payment patterns, allowing financial institutions to identify fraudulent activity even when authorized by a legitimate customer. Behavioral intelligence addresses these needs, providing a dynamic and proactive defense against constantly evolving fraud tactics.