Learning the language of fraud

There is a quote, usually attributed to Albert Einstein, that says “in the midst of every crisis, lies great opportunity.”

Over the past few years, as consumer adoption of remote work, digital payments and online shopping tools grew, fraudsters innovated, developing targeted social engineering practices to entice consumers to click on offers that are just too good to be true. This evolving threat landscape has created a perfect storm for fraud that continues to test the limits of existing anti-fraud measures in all jurisdictions.

Visa understands this, which is why over the past five years, we invested more than $10 billion in technology to reduce fraud and increase network security and hired over a thousand new specialists to protect our network from technology threats of all kinds. In the past 12 months, these efforts proactively blocked over $7.2 billion in fraudulent payments across 122 million transactions.

While Visa has had some success in blocking fraudulent payments, the extent of the problem remains shockingly high. Statistics compiled by Visa’s global anti-fraud centre for the year ending Dec. 31, 2022, paint another picture:

• Total reports of fraud: 90,137 (down from 107,381 in 2021)
• Total victims of fraud: 56,352 (down from 68,087 in 2021)
• Total lost to fraud: US$530M (up from US$384M in 2021)

The total number of fraud reports did decrease slightly, but the total financial loss due to fraud grew by over 25 per cent — a wake-up call to show the situation is far from dwindling.

Visa’s recent fraud report, “The language of fraud,” highlights how criminals craft messages designed take advantage of consumer willingness to trust too-good-to-be-true texts and emails.

Working with researchers in the U.K., Visa commissioned a linguistic analysis that revealed how language is used by fraudsters in short messages.

The study found that the most enticing clickbait messages capitalize on consumer excitement, and fraudulently tout “winning,” “free giveaway” or “act now.” Among Canadians, the study revealed that 59 per cent of Canadian consumers admit to typically responding to any type of scam phrases. Among the most common, positive news phrases (44 per cent), urgent phrases (38 per cent), and action required phrases (27 per cent) are among the top used to ensnare Canadians.

The numbers show that even the most tech-savvy consumers can be vulnerable to scams. While nearly half of the population are confident they can recognize a scam, 73 per cent are likely to miss the requisite red flags in digital communications; and over one-third (35 per cent) of Canadians admit to having fallen for a scam on one or more occasions.

It is unlikely that we will ever be able to stay one step ahead of the fraudsters, but we all have roles to play in trying to stay competitive with them. For Visa, that means investing in new tools and improving security measures, for example by expanding the use of Artificial Intelligence.

One key feature of AI systems is the ability to scale and deal with exponentially increasing complexity. As AI is designed around mimicking the human ability to interpret data by learning from experience, it is fundamentally more capable than any rules-based system.

Scale is the critical element. While humans and manual reviews are limited by available time, AI capabilities are only limited by the computational power assigned to the task. With the advent of cloud computing, this computational power is barely restricted.

AI-enabled fraud detection and prevention systems are becoming more prevalent. Rules-based systems are no longer capable of keeping pace with the rising tide of fraud. Vendors must differentiate their solutions as AI becomes increasingly common.

Financial institutions, should deploy and encourage the use of existing and better anti-fraud tools, including multi-factor authentication and account-based alerts; and improved fraud strategies that factor in systematic criminal behaviour.

As digital transformations continue within organizations, and customer experience expectations continue to climb, focusing on risk management will not only help mitigate threats but build customer loyalty and improve business processes.

How do you start the process? Businesses need to identify and prioritize key digital transformation initiatives and the necessary risk management capabilities for each one. What changes are most important to your company? What extra risks are you assuming by not addressing them?

You cannot eliminate risk, but you can prepare for it through careful planning with manageable phases to ensure you can apply the proper protections at each step.

• Recognize that risk is constantly changing in response to market dynamics, so risk management cannot be static. Companies should not only manage present risks but also plan for potential risks on the horizon. Leverage data from risk management systems to inform and improve ongoing business and technology decisions.
• Bring risk functions to the technology and business decision-making tables. Risk management is more than a suite of technologies, it is a strategy to protect your greatest assets.

Investing in technology can help automate and streamline risk and compliance, but it will not compensate for a lack of process. Start with a risk management strategy that aligns with strategic business goals, then select technologies to enable them.

Protection is Visa’s top priority. Our comprehensive approach to security relies on multiple layers of technology, analytics and security practices to help safeguard consumers, protect the payments system and reduce fraud.

Check-in regularly with anti-fraud professionals for the latest developments and how to respond to them.

Maryam Saeed is the head of risk for Visa Canada (www.visa.ca).