Various types of fraud pose significant risks to UK businesses, including financial loss, reputational damage, legal consequences, regulatory non-compliance, and loss of customer trust. Fraudulent activities can also lead to direct monetary losses through theft, embezzlement, or fraudulent transactions.
The reputation of a business can be severely affected, impacting customer perception and relationships with partners and stakeholders.
Legal consequences and regulatory penalties may also arise from non-compliance with fraud prevention regulations. Additionally, fraud erodes customer trust, potentially leading to decreased sales and a damaged brand image.
Being informed allows businesses to proactively address vulnerabilities, demonstrate commitment to security, and mitigate the potential damage caused by fraudulent activities.
Here are seven of the top fraud risk trends to watch out for in 2023, couyrtesy of Yves Laffont, Sector Lead, Financial Crime at FDM Group:-
- Cybersecurity breaches are on the rise
The Cyber Security Breaches Survey reveals that a total of 11% of businesses have experienced cyber crime in the last 10 months, which includes 26% of medium businesses and 37% of large businesses. It is estimated that there have been 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime within this time period. With each instance of cyber crime estimated to cost a business £15,300 per victim per year, the cost of cybersecurity breaches can be hefty. The rising frequency of cyberattacks means that tackling cyber threats should be a high priority for medium and large businesses in particular.
- Deepfake technology fuelled by AI advancements
Deepfake technology derives from the terms ‘deep learning’ and ‘fake’, referring to the use of AI to create realistic fake audio, video, or images. It can be used to impersonate people and aid malicious individuals in identity theft. Deepfake technology can even simulate speech, actions, and emotions, and can be quite convincing!
While deepfakes are becoming increasingly prevalent across social media apps, deepfake technology can also be used to defraud businesses by convincing an employee to compromise sensitive information, release funds, or engage in fraudulent transactions.
- Synthetic identity theft is increasingly difficult to detect
Synthetic identity theft typically combines both legitimate components, such as real addresses, and fabricated information, which can make it extremely challenging to detect and prevent. Moreover, since the fraudulent identities have no prior credit history or suspicious activities associated with them, they can evade traditional fraud detection systems that rely on historical data patterns.
- Account takeover fraud has grown by 350% YOY
An account takeover (ATO) refers to when a criminal gains access to a real consumer account, such as a social media, email, or bank account, which will typically be done using stolen information. Account takeover fraud increased by 250% year-on-year in 2020, with financial services firms witnessing 72% of all these attacks. Similarly, in 2021, 20% of data breaches were attributed to account takeovers, totalling over $5.1 billion for consumers and businesses. This emphasises the importance for financial institutions to take proactive measures to protect their customers, and serves as a reminder to other industries that account takeovers are a serious threat they may encounter and must be wary of.
- Businesses are more susceptible to card-not-present (CNP) fraud risk liability
Card-not-present fraud (CNP) occurs when consumers pay for goods and services online, by telephone or by mail, where a card is not presented to the merchant physically for verification. When a cardholder’s billing information is compromised or stolen, an unauthorised individual may use their card to make purchases. Unfortunately, with the rise of e-commerce and consumers still demanding quick ways to purchase products, fraudsters are provided with ample opportunities to exploit vulnerabilities in online payment systems, manipulate checkout processes, or use stolen card information to make fraudulent purchases.
- Insider threats pose a high fraud risk
While organisations must be vigilant of external threats, insider threats have also risen by 44% in the past few years. Insider threats can occur from the actions of either current employees, former employees, customers, or suppliers – either through malicious intent or negligence. Employees with privileged access typically pose the highest fraud risk for your business.
In many cases, insider threats are motivated by money, competitive advantages, and revenge. For example, 45% of employees download, save, or send work documents to their personal accounts after leaving a job in order to impress their new employers. The sharing of company contracts, spreadsheets, or customer information can pose a serious risk for all parties involved.
- Social engineering attacks in an age of remote working
Social engineering is not a direct cyber attack but, instead, involves using human psychology to persuade individuals to put their guard down and partake in unsafe activities, such as handing over sensitive information or clicking a malicious website link. Phishing is one of the most common forms of social engineering where fraudsters impersonate legitimate entities, such as banks, government agencies, or trusted organisations, to trick individuals into providing their personal information, such as passwords or credit card details.
Living in an age of remote working, social engineering attacks are increasing. A study shows that 9 out of 10 respondents state that the threat landscape has worsened, and 75% say remote working has contributed to this. Social engineering attackers have been capitalising on the frequent online communication with online messaging and emails being the primary form of organisational comms.
