COVID-19 has unleashed a new low in financial crime
What to do about criminal activity exploiting COVID-19 fears.
We are likely entering a prolonged period of heightened vulnerability to fraud and other financial crime due to criminal activity exploiting COVID-19 fears and the strain on workforces at banks and other financial institutions (FIs). This makes it a good time for FIs to review their anti-fraud and cybersecurity infrastructure, technology, models, and processes. Improvements and upgrades to financial crime postures at FIs include digital banking security protocols (such as multi-factor authentication); new AML and fraud scenarios (including recognizing transactions that are tied to scams taking place outside the bank); systems and activity monitoring for internal fraud; enhanced threat models; and updated cybersecurity playbooks.
COVID-19 is providing criminals with ideal conditions for perpetrating all types of fraud, including fraud directed at customers and fraud directed at banks.
The Most Wanted list of fraud directed at customers is growing daily. Some of these are:
- ID theft and account takeover, which takes advantage of consumers’ disrupted banking routines, leaving accounts open to takeover. Moreover, legitimate COVID-19 related communications from banks, employers, and other organizations as well as heightened anxiety make it easier for individuals to fall for phishing scams ultimately aimed at account takeover or payments fraud.
- Payments fraud is proliferating. Scams include counterfeit sites falsely claiming to sell in-demand items such as face masks; or sites soliciting donations for non-existent COVID-19 health organizations, charities, etc.
- Social engineering. Concerns over personal and family health provide fertile ground for social engineering; e.g., fraudsters impersonating a medical facility claiming they have treated a relative and need payment.
- Investment scams that prey on the human desire to make a quick buck on the back of the epidemic. An egregious form of this type of scam is fraudulent companies claiming a breakthrough in COVID-19 treatment and soliciting investment.
- Market manipulators, similarly, are stoking claims that a legitimate drug company has made such a breakthrough in order to boost the stock price.
Banks and other organizations are also facing challenges from internal fraud, ransomware attacks, and other cyber threats—the financial sector equivalent of the Van Gogh painting stolen from an unguarded museum in the Netherlands this week. Workforce disruptions are leading to less oversight of systems and operations, leaving the door open for internal systems breach—possibly in coordination with external bad actors—fraudulent account activity, contract fraud, etc. Similarly, reduced oversight of cybersecurity systems makes banks more vulnerable to cyber attacks.
Early Van Gogh stolen from Netherlands museum closed due to COVID-19
The financial sector response to COVID-19 will be drawn out, multifaceted, and complex. But there are some basic areas FIs can work on to protect themselves and their customers from these financial crime threats.
First, firms should ramp up awareness efforts for their customers by (re-) educating customers on financial crime threats, including:
- How to recognize legitimate communications from the bank.
- External phishing scams aimed at stealing account credentials, installing malware, payments fraud, etc.
- Social engineering scams via phone and text.
Second, update financial crime models to both understand changes in consumer behavior (such as increased online purchases) and spot the new typologies of fraudulent activity:
- Unusual transactions indicative of payments fraud, investment fraud, etc.
- High-risk segments, such as the elderly, who are subjected to heightened account takeover risk due to disrupted banking routines and COVID-19 mortality.
Similarly, financial institutions should update their cybersecurity analytics and response playbooks and take full advantage of cyberthreat information sharing programs.
For many firms, technology upgrades may be needed to achieve the flexibility and speed needed to respond to the even more rapidly changing financial crime landscape in the year of COVID-19. This will be challenging due to the economic and business outlook, not to mention workforce deployment challenges, and therefore require smart investments in automation and efficiency tools.