Digital Fraud Trends for 2024: The expansion of artificial intelligence will shape the battle against fraudsters

Criminals are continuously adapting. This was particularly evident in connection with PSD2 – the latest version of the directive that regulates payment services in the EU – where stricter requirements for customer authentication in payments were introduced. Before PSD2, less than five percent of the fraud cases detected by Tietoevry Banking, Financial Crime Prevention (FCP) were related to phishing.

"Today, this form of fraud accounts for almost 40 percent, and these cases are often more challenging to detect. This is a trend we expect to continue increasing into 2024," says André Moen Eide, Head of FCP Defence Centre.

Many of the methods used are highly sophisticated, and criminals run various campaigns to target as wide an audience as possible. In general, we expect criminals to continue using new technology, with artificial intelligence being used to manipulate and acquire payment information.

Here are the fraud trends that will continue to shape 2024:

• Brand names of various players in the postal/courier, hotel, streaming services, and public institutions are being misused in scams that target a large portion of the population - often in the form of emails or text messages.
• Another emerging trend is QR code phishing (Quishing). This is often successful because many people do not think twice about following a link - which most have learned not to click.
• Social manipulation in the form of "safe account scams" plays on fear. Fraudsters pretend to be from the police or bank and offer to assist in transferring money to a secure account.
• "Recovery scams" are also a form of social manipulation where a fake investment advisor helps victims recover previous investments. Often, the victims are led to fake applications where they can track investments and returns in real-time. Another variation is "Refund scams" where scammers trick victims into believing they have received money they should not have, and then demand the money be returned.
• Fake online stores where payment information is compromised and misused shortly after.
• Both voluntary and involuntary mule activity resulting from social manipulation.

For FCP (Financial Crime Prevention), there are several factors that need to be in place to succeed in the fight against fraud. The ability to monitor transactions across payment channels has been important as fraud moves quickly between both cards and accounts.

Today, over 90 percent of all attempted frauds are detected by our systems, with the majority of transactions being stopped in real-time without any loss for our customers - and we are continuously working to improve our systems to stay ahead of criminals, says André Moen Eide.

Sharing BankID despite warnings

One of the major challenges we face when we are online is proving our identity. In Norway, we have largely managed to solve this challenge with the introduction of BankID and Buypass. However, e-ID is not without its problems in one of the most digitized societies in the world. One challenge is digital exclusion; many people are left out for economic, social, or medical reasons.

"We see a lot of fraud associated with the use of BankID. A survey by Norsis shows that 1 in 5 people have shared their BankID with others, which allows the recipient to impersonate them. Half of those who have shared their BankID report that they have been subjected to fraud," says John Erik Setsaas, Director of Innovation at FCP.

For example, many older people share their BankID with their children to get help with tasks.

"Banks and other services often lack the capability to provide access to others, so it is easiest to share access to BankID. This is against the agreement with BankID and is strongly discouraged," continues John Erik Setsaas.

The SODI report published last year examined fraud with e-ID in vulnerable groups in society. It shows that there is a high degree of fraud in close relationships for this group. But other groups in society can also experience this type of fraud by having access to their partner's mobile and often knowing each other's passwords.

"We strongly encourage not sharing passwords or BankID - not even with the person you share a bed with," emphasizes John Erik Setsaas.

AI makes it easier to impersonate someone else

With the proliferation of AI, we are seeing an increase in scams that trick people into making a payment. Many people receive AI-generated phishing emails that are addressed directly to them. Now, it is also easy to use AI to mimic someone else's voice. Scammers can call and pretend to be a family member, convincing you to transfer money. The extreme case of this is fake kidnappings, also known as kidnapping scams.

CEO fraud, where the boss sends you an email requesting an urgent transfer, becomes more believable when you hear the boss's voice over the phone. The advice is to always be sceptical if you receive a call regarding something out of the ordinary.

"Even though we at FCP monitor financial transactions and manage to stop a significant portion of fraudulent transactions, it is important for each individual to do what they can to protect themselves in the fight against financial fraud, where scammers use your identity," says André Moen Eide.