Fraud threats

Digital Anti-Money Laundering (AML) and Know Your Customer (KYC) verification is set to undergo a major stress test as the UK moves to complete its withdrawal from the European Union (EU) on December 31, 2020. Much remains unclear as to how this massive compositional change to the organization’s membership may affect future eurozone AML/KYC policy.

Whether Brexit turmoil is creating more opportunities for cyberthieves is open to debate, but COVID-19 chaos certainly is. The PYMNTS July 2020 AML/KYC Tracker, done in collaboration with Trulioo, examines the fraud landscape in COVID’s wake, while also keeping Brexit on the radar, looking at how biometrics and artificial intelligence (AI) in identity verification beat bad actors.

While battling online criminals, digital identity tools are also going touchless in keeping with new post-pandemic consumer fears of touching point of sale (POS terminals, or even cash for that matter.

Crooks targeting apps as touchless takes flight

“Putting robust, digital verification methods in place is critical for FIs that are seeking to provide remote services during the pandemic,” according to the  AML/KYC Tracker.

“More U.S. merchants and consumers are looking for touchless transaction methods to reduce their physical contact during the pandemic, and this could lead to greater interest in P2P payment apps. Providers of these apps need to ensure their services are safe against ever-evolving fraud.”

Along with the sudden revolution in touchless payments come new attack vectors, however. The dark web is doing a booming business in everything from credit card numbers to medical data thanks to COVID-era confusion, necessitating stronger authentication measures.

For example, “Cybercriminals launch a variety of attacks against mobile payment app users, including scams to trick honest customers into sending them funds under false pretenses and attacks that leverage stolen data to take over users’ accounts,” the new Tracker states.

“App providers therefore must be ready to fight back by taking steps like imposing robust authentication measures, programming automatic pop-up alerts and performing customer outreach about common schemes.”

Failure to protect customers and clients with identity authentication is being punished with increasing severity. The AML/KYC Tracker details the events surrounding Australia’s Westpac Banking Corp and its recent non-compliance fiasco.

“FIs that fail to comply with AML standards have to worry about fines, reputational damage, loss in consumer confidence and the knowledge that they may have allowed serious crimes to flourish,” the July Tracker states.

“Australian bank Westpac Banking Corp is now serving as a dramatic example of this, with the FI coming under fire for an alleged 23 million instances of AML and counter terrorist financing (CTF) rule violations. The FI recently released a report detailing the compliance weaknesses that resulted in the millions of failures that occurred between 2013 and 2019. Some of those violations are believed to have helped criminals profit from child abuse, and the FI has since replaced some of its leadership.”

Westpac is now reserving AUD $900 million (USD $570 million) for anticipated fines. The Australian banking giant isn’t alone. The new AML/KYC Tracker contains reports of similar actions from Estonia to Britain. And there’s the unfolding Wirecard scandal to consider as well.

P2P, account security beef up with MFA

Genuinely new attack vectors don’t appear every day. It is rather the endless malicious repurposing of known-effective attacks that pop up again and again. The July AML/KYC Tracker contains an illuminating collection of attack types popular in the COVID-19 era, including:

P2P payments to fraudulent sellers: Criminals accept money but never deliver the promised goods. Fraudsters know that consumers have little ability to regain funds lost this way because P2P app transactions lack the chargeback protections that credit cards have.

Account theft: ATOs are a growing threat, with financial services company Early Warning Services’ real-time interbank P2P app Zelle having become the “fastest growing area of account takeover fraud in the U.S. banking sector” in 2020, for example, the Tracker states.

To combat this rising tide of cybercrime during a period of unprecedented upheaval in global commerce and payments, merchants and FIs are turning to robust platform ecosystems.

“Platform providers … make it more difficult for criminals to be able to get into victims’ accounts in the first place by deploying multifactor authentication (MFA) requirements,” per the Tracker.

“This method requires users to supply details beyond usernames and passwords to confirm their identities when logging in. That could include entering one-time codes texted to their smartphones or even scanning their fingerprints on their devices. Such additional layers of security make it more difficult for criminals to break into P2P app accounts, as they then also have to find ways to intercept texted codes and fake customers’ signatures alongside stealing login details.”

Download the July 2020 AML/KYC Tracker