Fraud Trends and Predictions for 2024: “What The Fraud?” Podcast

TOM TARANIUK: Hello and welcome to “What The Fraud”, a podcast by Sumsub, where digital fraudsters meet their match.

I’m Thomas Taraniuk, Head of Partnerships at Sumsub, the global verification platform helping to verify users, businesses, and of course, transactions. Sumsub has over two thousand clients in fintech, crypto, transportation, trading, e-commerce, and also gaming industries. Averting digital fraud is what we do best, and that’s exactly what this podcast is all about.

Fraud, it’s safe to say, remains a huge problem for present-day businesses. Can you believe it? In every hour of 2023, there were 97 cybercrime victims. That’s a total of 33 billion account breaches. And the cost of cybercrimes is actually projected to reach 10. 5 trillion by 2025.

In my everyday partnerships remit at Sumsub, I meet hundreds of businesses across different industries and disciplines. All of them are impacted by fraud, which is why we decided to make this podcast and help businesses and their owners get prepared for a future of more advanced fraud, and of course, more advanced capabilities to combat criminals.

To kick off the series in today’s episode, we’re peering into our digital crystal ball and checking out the biggest fraud trends and predictions for 2024.

Today’s guest is Peter Taylor, also known as The Fraud Guy. Peter is an experienced fraud consultant supporting companies with their fraud strategies to help them fight back against cybercriminals. He started his career with Greater Manchester Police, becoming the head of fraud for major loss adjusters.

Peter has even made an appearance on your TV screen, previously featuring in the BBC’s Fraud Squad. For the very first episode of “What The Fraud” podcast, we couldn’t have any other guest than the Fraud Guy. Peter, thank you for joining us today. 

PETER TAYLOR: Thank you, Tom. 

TOM TARANIUK: So, I wanted to start off with a real life case.

A man in China recently transferred 622,000 to his friend’s account during a video call with him. But alas, it also turned out to be a deepfake scam, where the criminal had used artificial intelligence, or AI to recreate this friend’s likeness, including also his face and his voice. I think it’s a stark reminder of how these complex frauds are roping in more victims and draining vast amounts of money.

So you’ve spoken before about your success in saving your clients millions with effective anti fraud strategies. May I ask, how exactly do you do this? 

PETER TAYLOR: Being a simple man, I have a simple plan. You have to understand what the frauds are. You have to understand the type of people that are committing them.

So you’re looking at the risks that you face. And then the question I ask myself, four simple questions, which is, how can I prevent this from happening? I accept that prevention is never 100 percent. So if the fraud still happens, Because some will always get through, how can I detect it? So how can I spot fraud when it’s happening in my organization or my area of responsibility?

And then, even then, once I’ve detected it, what am I going to do with it? So how can I contain fraud? Then it’s an ever continuing circle of prevention, detection, containment, and analysis. Over 12, 13 years, we saved our clients 400 million pounds. We gave them a return on investment of around about 20 pounds for every pound that they spent.

So it was a system that worked, it evolved all the time, and it improved all the time. 

TOM TARANIUK: In Sumsub’s recent Identity Fraud Report, which analyzed data from over 2 million sources across 220 countries, we see more sophisticated types of fraud rising. For instance, a 155 percent global increase in account takeovers, and also a tenfold increase in the number of deepfakes detected worldwide, and that was in 2023. Peter, off the back of that, what do you believe are the top fraud trends, let’s say, that you predict for 2024, and what challenges might these pose to businesses, regardless of their size? 

PETER TAYLOR: If you compare fraud to fashion, fraud is not like fashion.

So if you imagine sort of the clothes that we wore in the 70s and 80s, You don’t wear them now in 2023. But if you imagine, nothing ever went out of fashion. And fraud is like that. So you get new types of frauds. You get new trends, but the old ones don’t go away. So the first time I became aware of fraud was the 419 letters from Nigeria.

And the 419 letters, you know, were sent by post to businessmen and people in Britain saying, We’ve got a million pounds in the bank. We’ll do a deal with you and you can have that million pounds. You just need to send us 200 pound or 2000 pound or whatever. So I saw them years and years ago, but they’re going out today.

Today, people will still receive 419 letters or 419 emails. So a lot of it doesn’t go away. I did make a jokey predictions for 2024. And I said, what happened last year is going to happen this year. But there might be a bit more of it. Now there’s actually some truth in that. So things like account takeover, card not present, identity theft, insurance fraud, tax evasion, false tax returns, that will all continue.

And most fraud will happen in those areas. And then we’ve got the new areas emerging that we’ve got to keep a watch on. Some of which will accelerate very fast. Now, in some ways, if you read things that I was writing six months ago, you wouldn’t have me on as your guest. Because I was very cynical about the AI deepfakes.

Because the technology to do the AI deepfakes has been around for 10 years or more. But , I think what’s happened is that they’ve thought about how to use them now. The quality of the deepfakes has improved, but they’ve been used in particular ways. They’ve been used for false ransoms. I’ve kidnapped your daughter, or I’ve been kidnapped.

We’re seeing this, you mentioned the Chinese case. Those kind of scenarios actually fit perfectly for deepfake. And I think the thing that we’ve got to remember is it does create that fear, uncertainty and doubt, the thought that we could be imitated. The only thing that limits that is how can you use that to replicate a situation where you give me money as a result of a video call with me.

So yeah, it works. I’ve kidnapped your kid. It works. I’m in trouble, mum. I need money. It’s now being included for the business email compromise, which is where one of the C suite contact sends an email and says urgent payment needed 40, 000. It’s got to go into this account today and gets paid. And when some of those people have made insurance claims, for example, they’ve claimed, and I believe some of them, that they’ve also had a call from that person, and they’ve spoken to them, and it sounded like them, and it looked like them.

So yeah, there are ways it can be used. It is being used, but the old ways are still working. So we’re going to see a change. But as I say, what I am convinced of now is that they’re finding ways to use it. That may not necessarily be the way we would expect.

I was doing a fraud review for a company. The finance director, he was telling me about some frauds he dealt with as a finance director. And I said to him, have you had business email compromise? And he said to me, I don’t know what that is, Pete. So I explained to him, you know, you get an email from one of the management team or the board, and there’s an urgent payment got to be made.

And he said, well, that would never happen here. Our, and then he gave the name of the main man, would never do that. And then one of the admin people said, He would. He’s done it twice this week and he’s just done it again now. Oh dear. And they paid him, the fraudster, two payments, and they were just about to send him another, I think it was about twenty or thirty thousand.

Suggested read: What You Need to Know about Online Payment Fraud in 2024

Even though people know about fraud, we have to keep reminding them. We have to keep telling them again. You know, telling people once or having a training session, that’s like washing your hair. You’ve still got to wash it again next week. So this finance director was as smart on fraud as anybody and probably wouldn’t get caught out personally, but it was there happening under his nose and it just wasn’t being recognised.

TOM TARANIUK: Do you anticipate some of these fraudsters tactics to evolve? 

PETER TAYLOR: I’m predicting that they will continue to use crypto, but not as much. We used to have traditional fraud. So that was your white collar government insurance fraud. And then we had cyber fraud, which was all done online, done on the dark web. And then the other side to it was organized crime in normal organized crime gangs, who would do things like drugs, prostitution, trafficking, protection rackets. And what’s happened is they’ve all merged a little and they’ve all learned from each other. So they’ve all already started evolving. And that evolution will continue. That is my opinion. The organized crime gangs love cash. And I’m now seeing in some of the cybercrime gangs that cash has become king.

So you’re now getting cybercriminals posing with a table full of cash. Which you wouldn’t have got five or ten years ago. That’s one of the ways that it’s evolved. 

TOM TARANIUK: That’s interesting. 

I mean, talking about traditional now to the sort of new era of financial crime, we’ve seen this in our report where the top five industries with the highest percentage of fraud are online media, as well as professional services, healthcare, transportation, and now video gaming as well, which is interesting.

PETER TAYLOR: I think the list that you’ve said is accurate and will continue to be accurate. It’s anybody whose business is going to be severely disrupted by not having access to the data, and also additionally, anybody who will face a reputational risk by having their data compromised. So wherever that’s happening in business, then the cyber criminals will attack it.

TOM TARANIUK: So Peter, there are also talks that KYC, or Know Your Customer, is becoming outdated. For example, some predict that generative AI could make KYC useless. We can no longer trust our eyes to ascertain, basically, whether content is genuine. What do you think can be the remedy here? For instance, do you see modern liveness checks replacing traditional ID cards selfies?

PETER TAYLOR: Yeah, I think things like liveness checks. AI detection. AI can save us, but AI at the moment is the problem. So we’ve got to rethink KYC. We’ve got to improve it, but we’ve also got to use tools that are already available now, you know, in terms of things like liveness checks, whether or not it’s a recording, other flaws and other ways that you can pick up whether or not something is AI generated as opposed to original.

So I’m sorry, but we’ve got to actually ramp up the game a little bit. 

TOM TARANIUK: What do you think of the ongoing user checks? Obviously, we’ve talked about the, some of the origination process, but do you believe they’ll become a regular practice around checking in? 

PETER TAYLOR: I think that it’s inevitable that the current checks will increase.

I think they’ve got to increase in terms of, we’ve got to really focus on the quality ones, the things that work best in terms of onboarding. I think what organizations have got to decide is which little piggy you’re going to be. Are you going to be the piggy that lives in the straw house? The piggy that lives in the wooden house?

Are you going to actually build your organization so it’s as strong as a brick house? I think organizations have got to make their mind up of where they are. But the other one as well is why I think consultants like myself are useful to people is we work across industries. So we’ve got a clearer picture of what the benchmarks are.

You know, and we can actually say, where do you actually want to be on this? And actually, again, because people do pay for consultancy, when you’re told that you’re actually a straggler when it comes to counterfraud because of the systems that you’re using, because of where you’re investing in your fraud solutions, then they do tend to pay attention and actually do something about it.

And again, with the UK, we’ve got the duty to prevent fraud coming in this year, which won’t affect a lot of smaller companies, but I think it will actually impact the culture and feed down from the bigger companies. You know, there are consequences for failing to prevent fraud if you as an organization benefit from that.

That’s one of the biggest worries from people like the regulators that I’ve seen is when an organization turns around and says, we’ll just put the price up, we’ll absorb fraud. Accepting fraud can actually be good for business, but it ain’t good for the consumer, is it?

TOM TARANIUK: Awareness is also a key weapon in our fights against online fraud, but do you think it’s sufficient on its own? Could you shed some light on what extra measures individuals, as well as businesses listening here, should take to ramp up their digital defences?

PETER TAYLOR: One thing I’ve not mentioned, which I think is a really significant factor in the rise of fraud, particularly cyber fraud, is we often talk about it and we say the dark web. The dark web is a part of the web accessed via Tor. It has no search engines and it’s populated by criminals. Mainly, also Secret Service and the BBC World Service is on the dark web, just as an aside.

So it’s not all bad stuff, but dark web activity is now all over what we call the bright net. And what I’ve seen happen since I first got involved around 2016, 2017, is this shadow economy has felt restricted by the dark web because they want victims and they want recruits. So they come out from the dark web now.

And they’re on Telegram, they’re on Facebook, they’re on Twitter, they’re on LinkedIn. They use coded expressions. The criminals all know what they are. It’s become a plague, and it has been one of the big catalysts for the rise in fraud. What’s also happened, though, is in terms of the more sophisticated ends of fraud, people are using AI.

People like Genesis Markets, they were selling cookies that just overrode the login and password system. They convinced the system that you’ve already passed all the checks and you can do whatever you want. One of the other things that they did, and did well, is plug and play fraud. You can even buy a laptop with the ransomware and all the other victims all installed and then send it. I know of American students that have been buying them as a way of financing their education.

It is now very much, as I say, accessible to people with limited technical knowledge.

TOM TARANIUK: There were many cases where simple details from social media were used to create a completely false identity, leading to significant financial fraud. As we live more online, how are we opening the doors to synthetic identity thieves? 

PETER TAYLOR: Most people that come on my training courses delete Facebook for a start.

I think it is a matter of how do you use social media and people need to think about it. But we are facing apathy and habit and I think that has got to change and the rise in synthetic identities particularly, you know, might be a stimulus to that. But I certainly take the view, what am I using social media for?

I’m a fraud investigator, but I’m a consultant. So I need business, you know, I need to market. What I do is I hide in plain sight, but I take other precautions to make sure that I’m safe. There are certain things that I’ve seen changes. For example, if you looked at, say, a big law firm, a lot of them will have 30 partners.

They’ll give you their name, their mobile phone number, their email address, and that email address sometimes will not be the company’s website. It’ll be a Gmail or worse. They’ll have a photograph of them, and that photograph will be perfect for a passport, a driving license. So I’m seeing a lot less of that now, but I am still seeing it.

where you’ve got to actually think what you’re putting out on media, how could it be used? There are things like, I try and avoid profile pics that could be used as passport photographs or as driving license photographs. So it’s actually thinking about how you use your social media and actually having, you know, some kind of guidelines and being conscious of what you do.

I think, uh, the other thing, though, is the double whammy fraud. And this is where it gets difficult. So I’ve always been from a school where if you’re trying to sort something out, you never do one thing, you do two. You know, like a pincer movement on a problem. So when you do something to try and stop fraud, something else will happen.

So you might be dealing with the initial problem, but you might be creating another problem. So, one of the difficulties now is we’re creating for authorized push payment. We’re creating a system whereby the receiving bank and the sending bank in the UK have got to compensate the customer. So we’re now going to get people putting in false claims for authorized push payment.

No good deed ever goes unpunished. So we’ve got to be thinking about that, and I know the banks are. You know, there’s some quite sophisticated people there. So, yeah, you know, we’ve got to try and stop authorised push payment fraud. Now we’ve got to compensate, but we’ve also got to think about false claims.

So that needs to be in there, and I remember years ago, um, about two or three years ago on a ransomware webinar, and I said, well, what if somebody does it themselves? So the IT guy and one of the directors get together and put the ransomware in. So they’re actually involved in it because they don’t own the company.

They’re just wage slaves like everybody else. And now they’re going to get 4 million. And somebody said that will never happen. Well, there’s a guy being convicted. He was the head of IT and he was on the ransomware team. It was him, you know, that was doing it. So you’ve got to double think and get ahead of the game.

That might sound like you’re complicating things. But if I can use a football analogy, if you actually go a little bit further than you actually have to, you’ve got more chance of doing a good job on the main problem. And in football, we always say when you’re taking a penalty, you don’t shoot for the back of the net, you shoot for 20 yards behind the net.

That shot is more likely to go in. So I think we’ve got to be a bit smarter and not do just enough. Actually do the right thing and also consider to say that whenever you do something good, something else might happen as well. And it’s better for you to have thought of that and plan for it or at least prepared for it.

TOM TARANIUK: So to sum up, can you give our listeners your top three tips on protecting themselves and also their businesses from online fraud in 2024? 

PETER TAYLOR: First of all, the basics of using all the data and the systems and the automation that is available to you to protect yourself from fraud. You can’t not do it nowadays.

Anything else is foolish. So it’s about how you use technology. Absolutely. The second one though, is instead of people being the weakest link, Help them to become the strongest link. So in your, in your organization, I do a lot of training for organizations. And I’ve changed that training. So instead of going in there and warning them about fraud and that they might commit fraud and they better not do it, I teach them all how to protect themselves from fraud risks and cyber risks.

And they love it. And they take it on board. But because they’re now equipped to protect themselves, they’ll then naturally protect the organization. So we’ve got to make people the strongest link, not the weakest link. And that continues through as well, is the technology must be supervised by a human.

Because you’ve got to remember all this technology is still trying to become sentient, and it isn’t. But people are. I’ve seen a good example of it being done which is the Department of Work and Pensions. They put in an AI system, people express doubts. So they’ve changed how they use it. They’ve not got rid of it.

What they’ve done now is when something is flagged, instead of the payments stopping or being suspended, they wait until they’ve got further evidence. Yeah, so they’re making a better decision. 

Suggested read: Machine Learning and its Role in Fraud Detection and Anti-Money Laundering Compliance

TOM TARANIUK: Peter, thank you for coming on the podcast today. It was great to get your insights and also your first hand experience in terms of what you’ve seen around the space, as well as answer some critical questions, which I think everyone are very, very interested in finding out a little bit more insight into, so thank you. 

PETER TAYLOR: Thank you very much. I really appreciate the opportunity and I also look forward to further episodes as well.

TOM TARANIUK: Thank you for joining us on today’s episode of “What The Fraud”. On the next episode, we’ll be investigating the world of AI generated fraud. Last year, in fact, a study found that almost one in twelve Britons have already been targeted by cybercriminals. And these cybercriminals were impersonating their loved ones using technology to clone their voices, and of course, businesses are being impacted too.

So if AI generated payment scams are indeed left unchecked, it’s estimated it could cost businesses globally 343 billion, and this is by 2027. We’ll be discussing AI as a double edged sword, and also the risks of AI generated fraud, like deepfakes, for instance, versus AI powered solutions for business protection.