When Financial and Cyber Crime Collide

By James Brodhurst, Principal Consultant, Resistant AI

Financial crime has itself undergone something of a digital transformation recently, as criminals upgrade relatively inefficient and labour-intensive processes with much more complex and automated technologies. This enables them to leverage huge amounts of compromised personal data while scaling their criminal activities to unimaginable heights.

Simultaneously, the worlds of financial crime and cybercrime continue to integrate at high speed. Whether it is identity threat, account takeover scams, phishing, ransomware or card fraud, cybersecurity vulnerabilities are being exploited to amplify the effectiveness and impact of financial crime.

That means that cyber and financial crime are now intricately connected, with proven cybercrime strategies widely used to generate inputs for financial crime. Thus, bad actors can use the theft of identities, including elements such as documents and ID photos, credit card numbers or a host of other assets to routinely harvest this information to reuse it online and commit a broad range of other crimes.

As a result, there is an ongoing uptick in the scale and impact of both types of crime. For example, last year around 49 million US consumers were the victim of identity fraud, incurring a total cost of around $56 billion. Moreover, Juniper expects online payment fraud to cost merchants in excess of $206 billion cumulatively for the period between 2021 and 2025, representing “almost 10 times Amazon’s net income in the 2020 financial year.”

At the same time, threats such as Buy-Now-Pay-Later (BNPL) and payment fraud, represent more areas of growing concern. Although it is especially challenging to accurately distinguish between real and stolen identities, fraud losses from areas such as eCommerce, airline ticketing, money transfer and banking services are predicted by Juniper Research to reach $48 billion next year.

Responding to digital crime at scale

Taken together, these issues are creating a perfect storm where the vast volume of illegal activity makes it nigh-on impossible for businesses and authorities to keep up. Automating their attacks enables cybercriminals to increase their chances of success by putting pressure on prevention and detection systems, which are already struggling to keep pace with the scale of attacks and the inventiveness of the criminals.

Often, legacy fraud prevention systems depend on labour-intensive processes where over-worked and under-resourced teams spend significant amounts of time focused on too few cases. Moreover, the cases sorted for review can prove to be false positives, further lowering defence efficiency. It’s almost like asking email users to manually identify, sort and delete their spam emails: a herculean task. It is clear that businesses are not making the best use of limited resources which should be focused on more productive and strategic issues that require the insight and experience only a human expert can bring.

To address the sophistication and volume of financial cybercrime requires advanced technologies. AI-powered, automated defences are increasingly the only tools that can work at scale to minimise the impact of financial crime while also minimizing the cost of such prevention.

As an example, AI can authenticate documents in large volumes, freeing up human teams to focus on more complex document fraud. This not only improves detection rates, boosting productivity and minimizing losses, but also introduces resistance to the fraudsters by making their processes more costly and inefficient.

In the longer term, legacy approaches to the converging threats of cyber and financial crime are unsustainable. For example, in the absence of protected onboarding processes that prevent scalable attacks on individuals and businesses, financial institutions will find themselves under growing pressure. The cost of acquiring and then protecting customers will continue to grow, while overworked staff will be subject to burnout with the consequent employee turnover further affecting prevention and detection performance. Meanwhile, losses to fraud will increase, and these compliance breaches and associated penalties will impact negatively on organisational reputation and profitability.

One way of responding to these very real threats is by automating additional processes, such as customer service and basic fraud detection. However, while introducing more automated defences plays a vital role in a more rounded approach, they are no substitute for dedicated technologies which can identify financial crime at scale and with a high degree of precision.

At the end of the day, companies that focus on updating their response to the converging risks presented by cyber and financial crime will be better placed to concentrate on growth. With a digital economy growing exponentially and the ongoing fast evolution of the banking and finance sectors, that’s a vital point to consider for any business that doesn’t want its success compromised by an inability to tackle crime.