As a predicate offense to money laundering, it’s crucial gambling operators have fraud detection solutions in place to mitigate the risk of “dirty” funds flowing through online gaming platforms and into the legitimate financial system. In this article, gambling operators can learn more about fraudsters’ tactics and discover why implementing proactive fraud prevention strategies is crucial for safeguarding the integrity of online gambling platforms and ensuring a safe and fair gaming environment for all players.

What is online gambling fraud?

Online gambling fraud refers to any illicit or deceptive activity conducted within the realm of online betting and gaming platforms aimed at manipulating outcomes, exploiting loopholes, or defrauding players or the platform itself for financial gain. This type of fraud encompasses various schemes and tactics, including:

• Payment fraud: Using stolen credit cards or fraudulent payment methods to fund gambling accounts or withdraw winnings. 
• Match fixing: Rigging the outcome of sporting events or casino games to ensure a specific result, often in collusion with athletes, referees, or employees of the gambling platform. This undermines the integrity of the game and deceives legitimate players.
• Bonus abuse: Exploiting bonuses and promotional offers provided by online casinos or betting sites through fraudulent means, such as creating multiple accounts or using automated bots to meet wagering requirements unfairly.
• Identity theft: Stealing personal information to create fake accounts or impersonate legitimate users to commit gambling fraud. It can lead to unauthorized access to accounts, fraudulent withdrawals, and other illicit activities.
• Use of cheating software: Developing or using software tools designed to manipulate the outcome of games, exploit vulnerabilities in the platform’s software, or gain an unfair advantage over other players.

How does online gambling fraud work?

Online gambling fraud centers around exploiting vulnerabilities within online betting platforms. One significant factor contributing to the prevalence of fraud in online gambling is the absence of face-to-face interaction, coupled with the anonymity afforded by digital transactions. 

This environment creates opportunities for fraudsters to exploit loopholes, such as using stolen credit cards or engaging in new account fraud, resulting in financial losses for both operators and legitimate customers.

Fraudsters may collaborate with others to manipulate game outcomes, exploit software vulnerabilities to gain unfair advantages or orchestrate sophisticated scams targeting unsuspecting players. Additionally, techniques like phishing emails and social engineering tactics are employed to illicitly access customer data, further exacerbating the risk of fraud.

The impact of fraud on online gambling

Gaming and gambling websites saw a massive increase in interest during the COVID-19 pandemic when many people were forced to change their habits due to stay-at-home orders across the world. In fact, three times as many people visited online gambling websites in 2020-2021 compared to 2018. However, criminals quickly followed suit to tap into this growing market, leading to the average fraud rate for gambling and betting companies skyrocketing by 80 percent.

While the global online gambling and betting industry generated $536 billion in 2023, and projections indicate it will set new revenue records by reaching $1.4 trillion by 2030, this growth is threatened by the rising rates of online gambling fraud. In addition to undermining consumer trust and confidence in the industry, rising fraud rates could hamper the industry’s continued expansion.

The Role of Technology and Talent in Payment Fraud Detection

The value of payment fraud is set to soar to more than $40 billion by 2027. Download our guide to see where and how financial crime leaders are investing in fraud detection to overcome major pain points and limitations.

Download now

Common types of online gambling fraud

Some of the primary tactics fraudsters employ in online gambling include:

• Bot fraud: The creation of custom code or scripts designed to automatically analyze potential winning odds in various online gambling games such as poker, blackjack, or slot machines. Referred to as value betting, this strategy aims to develop a gambling bot capable of exploiting perceived advantages in the game algorithms. It is often conducted by those with programming experience.
• Affiliate fraud: When deceitful actions are taken by a third party to benefit from marketing techniques such as pay-per-click (PPC) campaigns. This can involve using stolen data or payment details from an iGaming provider to drive leads for their own business.
• Multi-accounting (aka: bonus abuse): The creation of multiple accounts with the same website in an attempt to cheat the system. Often websites offer welcome bonuses for new players, which is a way for individuals to take advantage of these promotions and receive more than they’re entitled to. In matched betting, individuals also deploy multi-accounting to ensure a profit. This tactic entails placing bets on both possible outcomes of an event, thereby guaranteeing a positive return regardless of the outcome.
• Credit card fraud: This can happen in various forms, including the use of stolen credit card information to make transactions on online gambling platforms. This is just one avenue through which criminals can capitalize on stolen financial data.
• Chargeback fraud: A player depositing funds into their gaming account using a credit card, gambling, and then disputing the charges with their credit card issuer, claiming the transactions were unauthorized or that they did not receive the promised goods or services. This may happen unintentionally if, for example, a child uses their parent’s mobile device to make a gambling-related payment unbeknownst to the parent, who subsequently reports it as fraud. 

Advanced fraud detection solutions powered by AI

The predictive capabilities of advanced fraud detection software can help gambling operators anticipate and thwart potential fraud schemes. Some solutions have even been shown to offer significant reductions in all payment fraud-related losses. By harnessing predictive analytics, firms can effectively safeguard against fraudsters’ constantly evolving gambling fraud tactics, ensuring enhanced security and peace of mind.

Robust customer screening solutions are just as vital, helping operators know who they’re doing business with and whether certain entities should receive more due diligence surrounding their gambling activity. Solutions that can also screen customers against sanctions and watchlists, politically exposed persons (PEPs), adverse media, and enforcement data are particularly valuable, especially those that use artificial intelligence (AI) matching algorithms to ensure alert accuracy and reduce the likelihood of duplicated profiles. 

The post What is online gambling fraud, and how can it be prevented? appeared first on ComplyAdvantage.

This comprehensive guide delves into 12 distinct types of financial fraud, providing concise definitions and real-world examples, and subsequently exploring best practices for financial companies to detect and prevent these sophisticated illicit activities. 

12 different types of financial fraud

1. Identity theft
2. Payment fraud
3. ACH fraud
4. Account takeover fraud
5. Advance fee fraud
6. Credit card fraud
7. Investment fraud
8. Consumer fraud
9. Fraudulent charities
10. Return fraud
11. Chargeback fraud
12. Cybercrime 

1. Identity theft

Identity theft involves illegally acquiring and using sensitive personal information, such as Social Security numbers or bank account details, with the intent to perpetrate fraudulent activities. Technological advances have also led to even more sophisticated ways of committing identity theft. In February 2024, a finance worker at a large firm released $25 million after a conference call with fraudsters who had used deep fake technology to impersonate the firm’s Chief Financial Officer.

Financial services employees must be vigilant in verifying customer identities to prevent unauthorized account access. Rigorous customer authentication processes and continuous monitoring are essential to safeguard against identity theft, ensuring the integrity of financial transactions and maintaining customer trust.

Scammers employ numerous techniques to engage in identity fraud. Common examples include:

• Phishing: Using deceptive tactics to trick individuals into divulging sensitive information – typically executed through fraudulent emails or messages. Phishing schemes often impersonate trusted entities such as banks, regulators, or colleagues. The malicious intent behind phishing attempts ranges from stealing login credentials to gaining unauthorized access to confidential financial data. Recognizing and thwarting phishing attacks is imperative, as falling victim to these scams can have severe repercussions, compromising personal and institutional security. 
• Physical theft and mail interception: Scammers often resort to physical methods such as stealing wallets and purses from individuals. This straightforward yet effective tactic provides access to personal identification and credit and bank cards. Additionally, criminals may dig through mail and trash to uncover sensitive information like bank statements. 
• Data breach exploitation: Malicious entities can also capitalize on large-scale data breaches to obtain sensitive information, including clients’ or employees’ personal and financial records. Exploiting vulnerabilities in cybersecurity measures, criminals gain unauthorized access to databases, exposing a vast array of confidential data. 

2. Payment fraud

Payment fraud encompasses practices targeting financial transactions, including credit card and check fraud. FIs should be tuned to irregularities in payment patterns and exercise due diligence when processing transactions. 

UK Finance revealed that in 2022, over £1.2 billion was stolen via payment fraud – with nearly eighty percent of the reported cases starting online. Payment fraud won’t go away any time soon, and is expected to cost $40.62 by 2027 – some of the most common types of payment fraud, such as credit card fraud, will be covered later in this article.

Firms can protect business assets and customer funds from unauthorized payment activities by implementing robust anti-fraud measures, such as real-time transaction monitoring and verification checks.

3. ACH fraud

In the US, the Automated Clearing House (ACH) network facilitates the secure and efficient movement of funds between banks and financial entities. ACH is pivotal in modern American banking and is a backbone for direct deposits, bill payments, and person-to-person transfers.

In instances of ACH fraud, perpetrators manipulate or gain unauthorized access to the ACH system, initiating fraudulent transactions that divert funds from legitimate accounts. Tactics such as account takeover, phishing, malware, and social engineering are common avenues for criminals to compromise sensitive account information and misuse the ACH system. 

The repercussions of ACH fraud extend beyond financial losses, encompassing reputational harm and regulatory consequences. To safeguard against this, FIs must implement stringent authentication measures, continuous monitoring, and advanced fraud detection technologies to ensure the security of electronic fund transfer systems.

4. Account takeover fraud

Account takeover fraud (ATO) occurs when a criminal gains access to an individual’s online account to steal money or sensitive information. There are many ways in which cybercriminals can do this, ranging from buying details from the dark web to using keylogging software to capture a password and email address.

While there are differences between the two, ATO has many parallels with identity theft, and a 2021 survey concluded that 64 percent of US individuals who had their identity stolen also experienced account takeover fraud.

ATO is usually conducted via credential stuffing or brute force attacks: 

• Credential stuffing is the term applied to automated tools and bots to test lists and databases to find a match. This is particularly problematic as many individuals use the same email and password combinations for multiple websites, meaning that one breach could lead to many. 
• Brute force attacks involve bots deploying random words to guess a customer’s password on a site.
  

FI employees should be trained to recognize the following red flags:

• Multiple password reset requests and login attempts.
• Changes to contact details such as addresses and back-up email addresses.
• Requesting new cards or checkbooks to a new address.
• The set up of a new authorized user.

Customer education is also vital in ensuring account safety. Staff should encourage customers to turn on multi-factor authentication (MFA), change passwords regularly, and offer the option to be contacted when a credit limit request has been made.

5. Advance fee fraud

While various forms of advance fee fraud have existed for a long time, the growing adoption of digital communication channels, including social media services, encrypted chat platforms like WhatsApp, and the continued popularity of email, has amplified its prevalence. 

Perpetrators of advance fee fraud often entice their targets with unrealistic investment opportunities or promises of substantial rewards, such as a fictitious lottery win, all based on an upfront payment. Once the payment is made, the victim loses contact with the fraudster or is coerced into providing additional funds to unlock even greater returns.

FIs are crucial in mitigating the risks associated with advance fee fraud – firms must raise awareness among their customer base regarding the indicators of advance fee scams:

• When encountering communications from a business, it is imperative to ensure the sender’s authenticity. Verifying the organization’s legitimacy is also critical when dealing with entities unfamiliar to the recipient – checking business registrations on reputable online services, such as Companies House in the UK, to confirm their status. Additionally, attentiveness to details such as misspelled URLs or addresses within the message is crucial for detecting potential fraudulent activities.
• Common types of fraud include loans, overpayments, lottery or cash prize wins, vacation rentals, unexpected inheritance, and investment opportunities. Customers should be encouraged to be particularly vigilant when receiving these communications.
• The general content of the message should also be studied – key indicators include an offer that seems too good to be true, an unusual sense of urgency, frequent typos, and the general mention of up-front payment.

Romance scams have also become more common. Typically, scammers will pose as a potential romantic partner via social networks or dating apps and employ emotional manipulation to gain their victim’s trust. A 2023 study conducted by Lloyds Bank revealed that the number of victims of romance scams has increased by 22 percent compared to 2022.

Once trust is established, scammers typically ask their target to send them money or invest in a lucrative business opportunity, often involving cryptocurrency. These schemes are called pig butchering, likening the victim to a pig fattened before slaughter – FIs should use customer relationship management (CRM) channels such as email or social media to increase customer awareness of these ploys. 

6. Credit card fraud

Credit card fraud is one of the most popular types of identity theft and fraud. It is defined as the unauthorized use of an individual’s debit or credit card to withdraw cash or make purchases. In the US, in 2022, there were 440,666 reports of credit card fraud – marking a thirteen percent increase from the previous year.

Credit card fraud encompasses two primary categories: card-not-present (CNP) fraud and card-present fraud.CNP fraud is on the rise, facilitated by stolen credit card details to make multiple online transactions. This may involve substantial purchases or bulk buying to exploit any potential time lapse before detection. 

Offline instances of CNP fraud include completing payment forms with stolen details and submitting them via email or phone – incidents leading to CNP credit card fraud range from theft in physical locations to phishing via email or text and exploiting public Wi-Fi vulnerabilities.

Card-present fraud, though less common due to chip, PIN, and mobile payment technology, also still occurs. Examples include the theft of credit cards from homes or persons, losing cards, cloning through skimming at ATMs or establishments, and interception of new or replacement cards during postal delivery. 

It’s essential that FIs actively monitor and detect suspicious credit card activities, implementing robust transaction monitoring and fraud detection systems while educating customers on safe card usage practices.

7. Investment fraud

Investment fraud and scams involve many techniques mentioned in this guide. Some will be easier to spot than others, as scammers will go to lengths to ensure any websites, documents, or details discussed seem as legitimate as possible. 

Educating customers and staff to watch out for the following can assist with protection against illicit investment opportunities:

• Stay vigilant when receiving cold calls, particularly from a company or organization with which the individual has never interacted.
• Investigate online reviews for any company offering investment opportunities, and check with the relevant local financial authority, such as the FCA in the UK, to ensure they are correctly regulated.
• Ask for legitimate documentation detailing any proposal, and seek expert advice if unsure.

8. Consumer fraud

Consumer fraud is the umbrella term for illicit activities conducted to cause financial loss or harm to a consumer or group of consumers. Common examples include:

• Identity fraud: This is where a perpetrator steals an individual’s identity or card details, either via the internet or through physical theft. Once the identity is assumed, malicious actors will attempt to access a bank account and transfer unauthorized funds.

• Mortgage/real estate fraud: Real estate and mortgage fraud encompasses deceptive practices in the real estate sector. The Boston division of the Federal Bureau of Investigation reported that over 11,000 individuals nationwide in 2021 experienced average losses of $350,328,166 due to real estate scams, a sixty-four percent increase from 2020. Among the most notable fraud types is mortgage fraud, involving intentional deception in mortgage lending, where consumers provide false information to obtain a mortgage loan or influence loan terms. 
• False advertising occurs when a business provides inaccurate information regarding the quality or benefits of a product or service, violating legal obligations that mandate honesty in advertising, governed by watchdogs such as the UK’s Advertising Standards Authority (ASA). Such practices include false assertions about a product’s capacity to enhance health, mental faculties, or cognitive abilities.

9. Fraudulent charities

Fraudulent charities exploit goodwill by asking victims to donate to a good cause. Sometimes, these charities may not even exist, or fraudsters create fake campaigns using the names of reputable organizations or established causes. 

Victims who enter their card or personal information on a website to donate may also inadvertently expose themselves to identity theft or credit card fraud, as scammers can exploit the collected data for illicit purposes.

FIs can contribute significantly to protecting customers from losing funds to fraudulent charities and organizations by:

• Using transaction monitoring to detect unusual patterns associated with potentially fraudulent charities. Many software options allow FIs to set up alerts for large or irregular donations.
• Ensuring there is a robust customer due diligence (CDD) process set up to thoroughly vet charitable organizations setting up accounts.
• Conducting real-time screenings of charities against global watchlists and sanctions.
• Advising customers to watch out for red flags such as urgency, vague mission statements, and unsolicited contact from charities they’ve not previously dealt with. Firms should also encourage customers who wish to donate to do so through verified channels, such as a charity’s registered site.
  

10. Return fraud

Return fraud refers to illegal practices where individuals exploit the returns process of goods and services to gain a financial advantage – usually a significant problem for retail and e-commerce businesses. 

This can involve returning stolen merchandise, using counterfeit receipts, or manipulating the returns systems for illegitimate refunds or retail store credits. Some of the most common methods include:

• Receipt fraud: Stealing or falsifying receipts to return a product and profiting from the refund. This can also involve purchasing an item from a retailer at a lower price and attempting to return it to another store with higher retail value.
• Bricking: This is where a malicious entity purchases an electronic item, renders it unusable, and returns it for profit. This can also include switch fraud, which involves buying a working item and then attempting to return a previously damaged version of the item to profit from the returns policy.
• Stolen items: Occurs when an item is stolen and returned for a full refund.

Top prevention and detection practices include transaction monitoring to identify patterns indicative of returns fraud, such as frequent or unusual returns behavior. Organizations should also be encouraged to employ biometric authentication and MFA to enhance customer screening processes when making a return. 

Collaboration with retailers is also essential to share information on known return fraud cases and work collaboratively to educate and combat future attempts.

11. Chargeback fraud

While many chargebacks are legitimate, chargeback fraud occurs when a customer disputes a transaction with their payment provider for illegitimate reasons. Chargeback frauds can have serious financial ramifications for FIs and retailers, with unnecessary costs and the enablement of other illegal activities – experts have reported that chargebacks cost merchants over $100 billion in 2023.

Before a chargeback can be classified as fraudulent, it’s important to distinguish whether it’s legitimate. 

• Legitimate chargebacks, aimed at protecting customers, involve billing errors, unauthorized charges, or undelivered goods, supported by regulations like the Fair Credit Billing Act (FCBA) and the Electronic Funds Transfer Act (EFTA). Customers have a specified timeframe to dispute, usually 60 days under the FCBA, ensuring protection against unauthorized transactions.
• Fraudulent chargebacks, also termed friendly fraud, occur when customers falsely claim legitimate dispute reasons, such as unauthorized charges or non-received goods. Resolving these requires firms to navigate a process proving the legitimacy of the charge. Merchants suspecting misleading claims can challenge the chargeback, emphasizing the importance of understanding legitimate and illegitimate grounds to manage resources and protect against unwarranted claims efficiently.

Firms must integrate preventive measures into a comprehensive risk management system to prevent chargeback fraud effectively. Customer documentation, diligent onboarding processes, and detailed customer and transaction records form the foundation for validating dispute claims. 

A robust transaction monitoring system can also help identify subtle patterns indicative of fraudulent behavior, particularly with repeat offenders. 

12. Cybercrime

Cybercrime is one of the biggest emerging threats to FIs, businesses, and individuals worldwide – it has been estimated that money laundering from cybercrime could reach $10.5 trillion by 2025. The general term cybercrime encompasses a wide range of criminal activities conducted online, including:

• Phishing: As mentioned earlier, this involves fraudulent attempts to obtain sensitive information or steal an individual’s identity. Phishers usually pose as trusted entities and use emails, messages, or websites to gain a target’s trust.
• Malware: Short for malicious software, this is where negative entities use viruses or computer programs to harm or exploit vulnerabilities in an individual’s computer system or device.
• Cryptojacking: Hackers illicitly use a victim’s system to mine cryptocurrency without their knowledge or consent – this is often a byproduct of successfully installing malware.
• Ransomware: Ransomware is software that locks a user’s files and devices, rendering them inaccessible. Cybercriminals will demand a ransom, usually in cryptocurrency, to unlock them.

In alignment with Financial Action Task Force (FATF) recommendations, banks, and financial institutions must establish risk-based AML/CFT programs to combat cybercrime threats effectively. 

This entails conducting comprehensive risk assessments of customers and implementing proportionate responses. Specifically, in cybercrime, firms must focus on customer identification and ongoing monitoring.

How to detect and prevent fraud

In the ongoing battle to prevent fraud in its many forms, FIs should employ the best practices in this guide. Ongoing staff training and customer awareness initiatives are crucial to a firm’s defense strategy. Fraud detection software is also vital. These programs help keep businesses safe from the continuously evolving nature of payment fraud scenarios with the application of AI and bespoke rules.  

With the right software, FIs can establish customized thresholds and promptly receive alerts upon detecting potentially fraudulent behavior, effectively thwarting payment fraud, ACH fraud, and other illicit activities. Smart alerts not only identify fraud but also provide insights into the reasons behind each alert’s creation, resulting in enhanced analyst efficiency and a potential reduction of up to 70 percent in false positives. 

Fraud and AML teams often face common challenges when working in silos, which can lead to occasional oversight of connected persons or entities. Fortunately, dynamic fraud software seamlessly integrates into an FI’s existing systems, ensuring alignment between personnel and software. This alignment has been shown to result in a 25 percent reduction in all payment fraud-related losses with some software.

The post 12 types of financial fraud appeared first on ComplyAdvantage.

This blog highlights the top fraud trends of 2024, and provides practical strategies firms can employ to efficiently mitigate risk.  

5 fraud trends in 2024

1. Synthetic identity fraud remains the most common form of identity theft.
2. The use of AI by fraudsters.
3. The rise in fraud-as-a-service.
4. Contactless fraud rises following innovations in the payments landscape.
5. Pig butchering emerges as a top payment threat.

1. Synthetic identity fraud remains the most common form of identity theft

In 2024, criminals are expected to continue exploiting weak IT protocols, setting up fake investment websites, targeting e-commerce businesses, and carrying out social engineering scams like phishing, smishing, and vishing. Synthetic identity fraud, which includes the use of stolen data, is predicted to remain the most common form of identity theft. 

According to analyst house The Aite Group (now Datos Insights), synthetic identity fraud represents 10-15 percent of charge-offs in an unsecured lending portfolio. With US consumers reportedly losing nearly $8.8 billion to identity theft and fraud scams in 2022, this number is estimated to reach $23 billion by 2030.  

2. The use of AI-based attack vectors

Artificial intelligence (AI) is increasingly being used by criminals to commit fraud, launch attacks against individuals and businesses, and illegally access the global financial system. In recent years, AI has been associated with inciting terror attacks, creating deepfakes for extortion, carrying out corporate espionage, and disseminating child sexual abuse material (CSAM). 

As AI technologies develop, experts predict criminals will increasingly utilize AI-enabled techniques like data poisoning, snake oil, burglar bots, online eviction, market bombing, fake recognition trickery, and forgery.

3. The rise in fraud-as-a-service

Once a criminal has found a use for AI, it can be easily shared, replicated, and sold, creating “crime-as-a-service” models. Fraud-as-a-service (FaaS) is one such model, where cybercriminals offer fraud-related tools and operations to individuals who do not have the technical expertise to commit fraud themselves. Instead of utilizing dark web marketplaces, scammers are increasingly relying on deep web messaging apps, like Telegram to maintain anonymity. In one scheme Telegram uncovered in 2021, cybercriminals received crypto payments in exchange for using stolen credit card details to purchase meals from various restaurants and have them delivered to the buyer’s location.

The alarming rise of FaaS has largely been attributed to criminal entities’ incorporation of generative AI (GenAI). GenAI’s ability to swiftly process vast amounts of data helps criminal groups gather information on potential targets with unprecedented speed. This accelerated reconnaissance enables cybercriminals to tailor their attacks more effectively, posing a heightened threat to individuals and financial institutions (FIs).

The State of Financial Crime 2024

Explore the trends shaping today's financial landscape and their implications for the year ahead.

Download your copy

4. Contactless fraud rises

According to Juniper Research, the number of people using contactless mobile payments will reach 1 billion by 2024, rising from 782 million in 2022. This includes tapping cards, smartphones, and digital wallets offered by providers such as GooglePay, ApplePay, and wearable devices. With the proliferation of devices with near-field communications (NFC) technology, the use of mobile phones for accepting payments is expected to keep growing. In fact, it is anticipated that by 2027, transactions associated with contactless payments will amount to $10 trillion.

However, with these innovations come more opportunities for criminals to exploit them for their financial gain. For example, in the UK, contactless fraud rose by 82 percent in 2023, card ID theft increased by 97 percent, and lost and stolen cards generated £100.2 million in losses.

5. Pig butchering emerges as a top payment threat

According to Visa’s Spring 2024 edition of its Biannual Threats Report, pig butchering scams have emerged as one of the top four payment threats against consumers. In these schemes, fraudsters search dating and social media sites for victims and create fake accounts to interact with them. The objective is to gain the victim’s trust and become their “lover” or “friend”. The scammer may even pretend to be a long-lost contact of the victim.

In 2023, the Federal Bureau of Investigation (FBI) saw over $3.5 billion of reported losses in relation to pig butchering, equating to around 40,000 victims. As GenAI and other emerging technologies develop, scams like pig butchering will become increasingly convincing, “leading to unprecedented losses for consumers,” according to Visa’s chief risk and client services officer. 

How to mitigate fraud risks in 2024

Legacy fraud solutions typically work on a reactive basis, responding after a crime has been committed. However, to effectively mitigate fraud risks in 2024, compliance teams need sophisticated tools that are proactive – while not negatively impacting the customer experience. Some practical risk mitigation strategies include:

1. Deploying a real-time fraud detection solution with prevention capabilities that can go beyond individual rules to comprehensive data analysis and identify suspicious patterns of behavior.
2. Using an AI-powered solution that provides alert prioritization, allowing higher-risk alerts to rise to the top for review and reduce time wasted on false positives.
3. Establishing clear, validated, and consistent fraud definitions, ensuring a solid understanding of common typologies and their red flags.
4. Intuitively setting fraud transaction monitoring thresholds based on an analysis of risk data.
5. Employing a risk-based approach built around payment flows, security, and customer profiles.
6. Conducting annual risk assessments to check all mitigating measures are completely set and in control. 
7. Integrating fraud and AML practices – siloed teams, while common, are more likely to miss potentially connected risk signals. 

Advanced fraud detection solutions for 2024

To address the growing threat of fraudulent activity in 2024 and beyond, firms can ensure their fraud detection solutions are capable of predicting future risks as well as identifying common scenarios. With ComplyAdvantage, companies can utilize dynamic thresholds that calibrate automatically and adapt to criminal behavior to beat fraudsters’ creativity. Moreover, the solution can provide analysts with the reason why each alert was created – not only improving alert rate quality but also contributing to a 40 percent increase in team efficiency and a 70 percent reduction in false positives. 

The post Top 5 fraud trends in 2024 and how to mitigate them appeared first on ComplyAdvantage.

According to research conducted by Lloyds Bank, the number of people who fell prey to romance scams in 2023 increased by 22 percent compared to the year prior. With one in ten dating profiles believed to be fake, heightened vigilance is needed by more than those using the platforms. Financial institutions (FIs) need to be able to recognize the red flag indicators associated with romance fraud and implement dynamic processes that can detect and block suspicious transactions. 

This article explores the nuances of romance scams, highlighting the common tactics used by fraudsters and the methods firms can employ to mitigate risk and safeguard their customers.

What is a romance scam?

A romance scam is a deceptive scheme where individuals, often posing as potential romantic partners, manipulate emotions to establish trust before exploiting victims financially. These scams typically involve creating a false identity, building a romantic connection, and then requesting money or financial assistance under false pretenses. 

Tactics used by romance fraudsters

While men are more likely to fall for romance fraud tactics, women tend to report higher average losses. Lloyds Bank also found that individuals aged between 65 and 74 consistently lose the most money to these scams each year, with an average of £13,123 – the highest amount of any age group. 

But how do these situations occur? Fraudsters typically employ some of the following common tactics to deceive their victims:

• Gifts and tokens: Scammers may send gifts or small tokens of affection to manipulate victims emotionally and establish a sense of reciprocity before requesting larger sums of money.
• Fake identities: Scammers often create fictional personas with compelling backstories to establish trust and emotional connection. In some cases, fraudsters impersonate professionals, like military personnel or business executives, to add credibility to their stories and gain trust.
• Love-bombing: This is when perpetrators shower victims with affection, compliments, and promises of a future together to quickly foster emotional dependence.
• Scripted conversations: Fraudsters often use pre-written scripts and templates to streamline communication, ensuring a consistent and effective approach with multiple victims.
• Threats and blackmail: In some cases, fraudsters resort to threats or blackmail, leveraging personal information shared during the scam to coerce victims into providing more money.
• Multiple victims: Romance fraudsters are known to engage with multiple victims simultaneously, juggling different deceptive relationships to maximize financial gains. In many cases, the victims are elderly individuals – also known as elder financial exploitation (EFE). 

Romance fraud red flags

The Federal Bureau of Investigation (FBI) has reported that scammers are increasingly utilizing romance scams as a conduit to persuade victims into cryptocurrency investments or trading ventures. Over an eight-month period in 2021, the FBI Internet Crime Complaint Center (IC3) documented a staggering 18,000 complaints related to romance scams, resulting in approximate losses of $133.4 million. 

This surge in financial exploitation underscores the need for heightened vigilance from firms as fraudsters seamlessly integrate the allure of love with the complexities of both traditional and digital financial landscapes. Key financial red flags to look out for include:

• Unusual transaction patterns: Frequent, unexpected, or large financial transactions, especially those involving overseas transfers.
• Crypto loans: A customer takes out a large loan and uses the proceeds to purchase virtual currency or wires the proceeds to a virtual asset service provider (VASP) for the purchase of virtual currency.
• Sudden requests for large sums: Rapid and substantial requests for funds, particularly coupled with a romantic narrative or emergency situation.
• Inconsistent account information: Discrepancies between the customer’s provided information and their transaction patterns, such as sudden changes in contact details or addresses.
• Unusual withdrawals or cash advances: Accounts with large balances that are inactive or have limited activity begin to show constant, uncharacteristic, sudden, abnormally frequent, or significant withdrawals of large amounts of money being transferred to a VASP or being exchanged for virtual currency.
• Multiple unrelated parties sending money: Detection of numerous individuals sending funds to the same beneficiary, especially if there’s no clear connection, may be a sign of a romance scam network.
• Isolated transactions outside typical customer behavior: Transactions that deviate significantly from a customer’s usual spending patterns or financial behavior. 

Behavioral red flags

In addition to the financial indicators above, the following customer behaviors could be indicative of a romance scam taking place: 

• Lack of experience: A customer who has no prior history of using, exchanging, or interacting with virtual currency attempts to exchange a significant amount of fiat currency from an existing or newly opened bank account for virtual currency. They may also try to initiate high-value transfers to VASPs.
• Responding to solicitation: A customer receives an unsolicited message online or via text and expresses interest in an investment opportunity using virtual currency that supposedly offers significant returns.
• Succumbing to coercion: A customer mentions they were instructed by an individual who recently contacted them to exchange fiat currency for virtual currency at a virtual currency kiosk. They were then asked to deposit the virtual currency at an address provided by the individual.

Examples of romance scams

Pig butchering

Pig butchering is a scam that combines investment schemes, romance scams, and cryptocurrency fraud. The analogy comes from the idea of fattening up a pig before butchering it. In this type of scam, a group of cryptocurrency scammers search dating and social media sites for victims. They create fake accounts and contact potential victims through sites like Tinder or WhatsApp. The objective is to gain the victim’s trust and become their “lover” or “friend” through friendly discussions. The scammer may even pretend to be a long-lost contact of the victim. 

In one pig butchering case, US authorities seized $9 million worth of cryptocurrency, which was traced to a criminal organization that scammed over 70 victims through romance and crypto confidence scams. The funds were laundered through various cryptocurrency addresses and exchanged for different cryptocurrencies using a technique called chain hopping. 

Financial emergency deception

In this scenario, a scammer establishes a romantic connection and later fabricates a financial emergency. The fraudster convinces the victim that they are in dire need of funds due to a sudden illness, legal trouble, or an unforeseen crisis, exploiting the victim’s emotions to extract money.

Netflix’s 2022 documentary, The Tinder Swindler, put a spotlight on this type of scam, where conman Shimon Hayut allegedly swindled dozens of people across the globe out of millions through a Ponzi scheme. While dating multiple women online, he followed a pattern of creating a fake emergency – claiming enemies had frozen his bank account or that a business deal had gone wrong – and then asking his dates for money to help him. His victims arranged the money through loans and from their personal savings. Meanwhile, Hayut used the money to fund his luxurious dates with his next target.

Beneficiary and inheritance scams

Scammers may also craft elaborate stories involving a significant inheritance, claiming to be the recipient of a substantial fortune but facing obstacles in accessing the funds. Seeking emotional and financial support from the victim, fraudsters often weave a tale of shared wealth and future prosperity. The unsuspecting victim is enticed with promises of a shared life of affluence, only to end up financially drained and emotionally betrayed by the fraudulent narrative.

In 2022, the Federal Trade Commission (FTC) received 2,762 reports of “foreign money and inheritance scams” – a 13 percent increase from 2021. In one instance, three individuals were charged with running an inheritance fraud scheme across various online dating platforms. According to court documents, the defendants allegedly contacted victims and falsely informed them they had received a large inheritance and convinced the victims to send them money to claim the lump sum, resulting in a total loss of over $750,000.

How can firms detect romance scams?

A multi-faceted approach that combines technology, employee education, and collaboration with law enforcement is needed for firms to fortify their defenses against romance scams. Key best practices include:

• Implementing behavioral analytics to detect unusual patterns in customer interactions, such as rapid escalation in online relationships or unexpected financial transactions associated with potential romance scams.
• Strengthening identity verification processes, ensuring thorough validation of customer information. Fraudsters often use fake identities in romance scams, and robust verification can help uncover inconsistencies.
• Conducting internal training programs to educate staff about the signs of romance scams. Increasing awareness among employees can enhance the institution’s ability to detect and prevent fraudulent activities.
• Analyzing communication patterns with customers, looking for scripted messages or unnatural language that might indicate the use of pre-written templates – a common tactic in romance scams.
• Cross-referencing customer information with fraud databases to identify potential red flags or connections to known fraudulent activities associated with romance scams.
• Utilizing real-time transaction monitoring systems to detect suspicious activities promptly. Romance scams can evolve quickly, and continuous monitoring enhances the chances of early detection and intervention.
• Fostering collaboration with law enforcement agencies to share information and stay abreast of emerging trends in romance scams. These partnerships can enhance the effectiveness of fraud detection efforts.
• Embracing cutting-edge fraud detection solutions that leverage artificial intelligence (AI) and machine learning (ML). These technologies can analyze vast datasets, identify patterns, and adapt to evolving tactics employed by romance scammers.

Mitigate romance fraud risks with an AI-based solution

The rise of romance scams is a growing concern, and firms need to have advanced fraud detection solutions in place to address this issue. The Financial Action Task Force (FATF) has recommended the use of AI and ML technologies to help firms detect potential risks and prioritize alerts to make remediation more efficient. Automated fraud detection solutions can also help firms comply with legal and regulatory requirements by monitoring transactions in real time. A risk-based approach built around customer profiles, security, and payment flows is also key to a robust fraud risk-mitigation program.

To learn more, click here to see how Fraud Detection by ComplyAdvantage compares to other solutions in the market. 

The post What is a romance scam? appeared first on ComplyAdvantage.

In many ways, fraud detection and prevention are just as vital to the long-term health of a bank as customer acquisition and retention.

This article will look at:

• The types of fraud banks have to contend with.
• Some of the methods used to detect and prevent fraud.
• How new technology enables better fraud detection in banking. 

What is fraud detection in banking?

In banking, fraud detection refers to the ability to monitor all transactions and payments in a way that helps banks accurately and quickly notice any suspicious activity worth reporting.

A bank’s ability to do this relies on a combination of:

• Technologies that can work together to rapidly reduce the workload of transaction monitoring at scale by accurately detecting anomalous patterns of activity, from account takeover fraud to Automated Clearing House (ACH) fraud and every variant in between.
• Processes that can synchronize the efforts of customer-facing and compliance teams without subjecting staff to false positives.
• People who have the time and space needed to make clear judgments based on an encyclopedic knowledge of global and local regulations.

Crucially, this core capability is critical to the bank’s wider anti-money laundering and counter-terrorist financing (AML/CTF) efforts. 

Types of fraud in banking

 A big part of what makes fraud detection and prevention so challenging for the banking industry is the sheer range of criminal activity possible. Fraud takes many forms, including:

Even beyond these established methods of fraud, the inescapable reality of the modern financial system is that there will continue to be new forms of fraud and creative crime.

Fraud detection challenges for banks

Fraud and attempted criminal activity poses a colossal, multi-dimensional risk to the banking industry. At the heart of this lies three core challenges:

• The volume and variety of fraud: Banks need to be able to monitor millions of transactions to identify thousands of instances of attempted criminal activity every month, from credit card fraud to synthetic identity fraud. Each attempt at fraud is designed to appear deviously different from the last, and compliance teams are inundated by false positives, false negatives, and everything in between. It takes sophistication, agility, and speed to tackle such a wide array of threats at the scale of billions of customer interactions.
• The impact on customer experience: As is so often the case, efforts to improve a bank’s security almost always have an impact on the customer’s convenience. Longer onboarding processes, frozen accounts, and complex authentication procedures all have a detrimental effect on a customer’s ability to move freely. But they’re essential to a bank’s ability to detect and prevent fraud. Even industry-wide developments like open banking create just as many exciting opportunities as they do vulnerabilities.
• The burden of technical debt: In many ways, banks are engaged in a long-term technological arms race against a global diaspora of criminals. But while criminals can simply adopt new technology to attempt new crimes, banks have the additional challenge of tackling new threats with older infrastructure. To reliably detect and prevent fraud, banks need to be able to balance an aggressive evolution of their technology stack with a pragmatic use of the assets they’ve already invested in.

Methods used by banks to detect and prevent fraud

 In banking, fraud detection and prevention rely on a combination of analytic techniques and technologies.

1. Analytics technology

Commonly used analytic techniques include statistical data analysis methods like parameter calculations, probability distribution and modeling, regression analysis, and data matching. But banks increasingly rely on artificial intelligence through data mining, neural networks, machine learning (supervised and unsupervised), and pattern recognition.

2. Identification technology

Technologically, banks use cutting-edge methods to authenticate, verify, and identify devices and customers. This includes more recent capabilities like behavioral biometrics and device fingerprinting, but it also includes tried and trusted methods like two-factor authentication and encryption.

3. Workflow technology

It’s also worth noting the infrastructure and software needed to take the signals generated by all these exciting technologies and turn them into an accurate stream of useful alerts for compliance officers and analysts to make sense of. 

People still play a critical role in a bank’s ability to detect and prevent fraud. So it’s vital they operate with tools and technologies that make it easier for them to prioritize and remediate the vast number of potential fraud cases affecting their organizations in an easily explainable way to auditors.

The importance of AI and machine learning in bank fraud detection

Artificial intelligence (AI) and machine learning now play a central role in helping banks combat the threat of fraudulent activity. But it’s important to note that it helps banks in a number of different ways.

First, advanced techniques for anomaly detection, identity clustering, and graph analysis allow banks to see patterns in the vast amount of data they ingest. This kind of technology is vital here because the sheer volume of analysis being conducted would be impossible if it were done manually.

Second, automation helps banks scale up their capabilities to speed up their operations. By automating the creation of alerts and suspicious activity reports (SARs) based on the organization’s specific risk-based approach, banks are able to cover more ground than they could previously. Compliance teams clear more cases more quickly, and they can do so with fewer false positives that waste time.

Third, AI and machine learning allow banks to tackle fraud more flexibly. By enabling compliance teams to integrate more data sources and create their own rules for pattern detection, AI allows the bank to evolve and improve at a rate commensurate with criminals.

Advanced fraud detection software for banks

To combat the sheer volume, variety, and ferocity of fraud attempts they’re subjected to on a daily basis, banks need powerful AI and intelligent software. When validating vendors for fraud detection, banks may choose to prioritize solutions that offer the following capabilities:

• Rapid data integration to connect multiple streams across adverse media coverage, sanctions lists, politically exposed person (PEP) lists, and ultimate beneficial owners (UBOs).
• A powerful machine learning model that’s trained on proprietary customer, company, and financial risk data to detect more than 50 types of fraud – across all payment rails.
• Unmatched speed to value with out-of-the-box capabilities and proven processes to help banks go live in as little as two weeks.  
• Advanced capabilities like dynamic thresholds, identity clustering, and graph network detection to adapt to criminals, analyze linked accounts, and track funds across the system.
• Baked-in explainability so compliance teams can rapidly share every alert response with the relevant authorities.

The post A quick guide to fraud detection & prevention in banking appeared first on ComplyAdvantage.

Real estate fraud types

The Financial Action Task Force (FATF) and US regulators stress that the starting point for all firms is to understand the financial crime risks facing their business and to respond appropriately. Chapter two of our Guide to AML/CFT Reforms in the US Real Estate Sector explores common industry risks. While criminal typologies evolve over time, this blog considers a range of fraud typologies that real estate businesses need to be aware of. 

Mortgage fraud

Mortgage fraud is a white-collar crime involving deception or misrepresentation during the mortgage lending process. It typically occurs when individuals or entities, such as borrowers, mortgage brokers, appraisers, or even lenders, intentionally provide false or misleading information to obtain a mortgage loan or to influence the terms of a loan. 

Mortgage fraud can take several forms, five of which are highlighted in the graphic below.

Title fraud

Also known as deed fraud, title fraud is a type of real estate scam where a fraudster illegally transfers the ownership or title of a property to themselves or another party without the knowledge or consent of the legitimate property owners. According to the Financial Crimes Enforcement Network (FinCEN), this type of scam has become particularly rife in the Greater Toronto Area, where at least 30 homes have been fraudulently sold since late 2021. 

There are five steps typically involved in title fraud that are highlighted in the graphic below.

REIT fraud

Real estate investment trusts (REITs) are investment vehicles that allow individuals to invest in real estate without owning the physical properties themselves. These trusts own, operate, or finance income-producing real estate, such as apartment buildings, hotels, shopping centers, or office buildings. REITs are subject to specific regulations and offer certain tax advantages, making them attractive investments for many. REIT fraud occurs when bad actors try to sell REIT investments that turn out to be scams.

Some common tactics used in REIT fraud schemes are highlighted in the graphic below:

BEC fraud

Business email compromise (BEC) fraud is a type of cybercrime where attackers manipulate or compromise email accounts with an organization to defraud the company or its employees. The 2022 FBI Internet Crime Report listed BEC scams among US networks’ top four major cybercrime threats. The report revealed that the real estate sector was the most targeted industry, with losses amounting to $2.7 billion. This marked the second consecutive year that the real estate sector was listed as one of the most targeted sectors. Security vendor Abnormal Security further highlighted the increasing severity of BEC scams in its H1 2023 threat analysis. According to the report, recorded BEC attacks grew by more than 81 percent in 2022.  

The methods used to perpetrate BEC scams, as well as common typologies and how to effectively mitigate risk are outlined in the graphic below:

The importance of AI for effective fraud detection

Fraud is a persistent and costly problem that affects real estate businesses of all types. As fraudsters become increasingly sophisticated, legacy, manual methods of fraud detection are no longer sufficient. This is where artificial intelligence (AI) plays a crucial role in bolstering fraud detection efforts. Reasons for its importance include:

• Advanced pattern recognition: AI algorithms excel at analyzing vast amounts of data to identify patterns and anomalies that might be indicative of fraudulent activity. They can spot subtle deviations from established behavior patterns, which are often difficult for humans or rule-based systems to detect.
• Real-time monitoring: AI-powered systems can continuously monitor transactions and activities in real-time, enabling rapid identification of suspicious behavior as it occurs. This proactive approach allows for immediate action to prevent or mitigate fraud.
• Explainability: Robust AI-powered fraud detection solutions can provide explanations for alerts, helping fraud analysts and investigators understand why a particular transaction or activity was flagged as suspicious. The transparency is valuable for making informed decisions and improving fraud prevention strategies.
• Scalability: Fraud detection needs can vary greatly, and AI systems can scale effortlessly to accommodate increased data volumes and transaction rates. Whether analyzing thousands or millions of transactions, AI can adapt to the demands of the business.
• Reducing false positives: Legacy fraud detection systems often generate numerous false positives, leading to unnecessary investigations and inconvenience for customers. AI can improve accuracy by reducing false alarms through its ability to analyze multiple data points and assess risk more accurately.
• Behavioral analysis: AI can analyze user behavior over time, creating profiles of normal activity. Any deviations from these profiles can trigger alerts, even if the fraudulent activity is novel and not previously seen.
• Integration with data sources: AI systems can easily integrate with various data sources, including internal transaction data, external data feeds, and historical records, to create a comprehensive view of potential fraud risks.

See how ComplyAdvantage’s AI-powered Fraud Detection solution measures up against six other vendors here.

The post How to detect real estate fraud: All you need to know appeared first on ComplyAdvantage.

Investment scams are also rife within real estate – a sector that remains America’s favorite long-term investment despite the increasing risk of fraud. This article considers one particular real estate investment fraud type, known as REIT fraud. 

What are real estate investment trusts?

Real estate investment trusts (REITs) are investment vehicles that allow individuals to invest in real estate without owning the physical properties themselves. These trusts own, operate, or finance income-producing real estate, such as apartment buildings, hotels, shopping centers, or office buildings. REITs are subject to specific regulations and offer certain tax advantages, making them attractive investments for many. 

What is real estate investment trust fraud?

Real estate investment trust fraud occurs when bad actors try to sell REIT investments that turn out to be scams. Unfortunately, this type of scam is not uncommon, and it can be perpetrated by various entities such as fraudulent companies, stockbrokers, and financial advisors. These bad actors often use deceptive tactics to persuade individuals to invest in risky REITs, promising low risks and high returns. While such investments may seem attractive initially, many investors have lost significant value due to uncertain investments in particular REITs.

Common tactics used in REIT fraud

REIT fraud can happen with any type of REIT, but non-traded REITs are more susceptible due to the limited disclosures required for these investments. Investors in non-traded REITs can be victims of fraud in various ways. Common tactics used in REIT fraud schemes include:

• Misrepresentation: Fraudsters may misrepresent the financial health or performance of a REIT, providing false or misleading information to potential investors to attract their money. 
• Ponzi schemes: Some fraudsters set up Ponzi schemes disguised as REITs, promising high returns to early investors using funds from later investors rather than from actual real estate investments.
• Unregistered offerings: Fraudulent REITs may operate without proper registration or may falsely claim to be registered with regulatory authorities. 
• Unauthorized trading: Unscrupulous brokers or investment advisors may engage in authorized trading of REIT shares on behalf of clients, often for their own commissions or fees.
• Account manipulation: Individuals managing REITs may engage in accounting fraud to make their financial statements appear healthier than they actually are. This can involve inflating property values or understating liabilities, creating a false impression of financial stability. 

A Guide to AML/CFT Reforms in the US Real Estate Sector

Learn how real estate businesses can respond to US authorities' new measures for improved corporate transparency and financial crime risk management.

Download Your Copy

REIT fraud red flags

Financial red flag indicators relating to REIT fraud include:

• Unexplained large cash transactions.
• Irregular payment patterns.
• Abnormal trading activity.
• Complex ownership structures.
• Off-book transactions.
• Non-disclosed related-party transitions.
• Misleading disclosures.
• Rapid or unexplained asset growth.
• Unusual tax or accounting practices.

Regulations on preventing REIT fraud

The Securities and Exchange Commission (SEC) regulates REITs in the United States. REITs must adhere to strict disclosures and reporting requirements, including the submission of regular financial reports and disclosures of material information. This information must also be disclosed to the investors, as well as financial statements, property portfolios, and investment strategies. The SEC conducts examinations and investigations to detect and prevent fraud in the REIT industry. Independent audits by certified public accountants are also typically mandatory for REITs. These audits help verify the accuracy of financial statements and detect any irregularities or fraudulent activities. 

While regulatory measures may differ from one jurisdiction to another, investors and industry professionals should be aware of the specific rules and regulations that apply to REITs in their region and stay informed of any updates.

How to mitigate REIT fraud risks

Mitigating REIT fraud risks is crucial for financial institutions to uphold regulatory compliance, protect stakeholders, and safeguard the integrity of financial markets. Some strategies include:

• Enhanced due diligence (EDD): Implement comprehensive due diligence procedures for onboarding REITs as clients. Scrutinize the management team, the REIT’s operational history, and its adherence to regulatory requirements. Continuously monitor the REIT’s activities and financial health, ensuring it maintains compliance with anti-money laundering and combatting the financing of terrorism (AML/CFT) regulations.
• Transparency and reporting: Encourage REITs to provide full transparency by disclosing financial data, property portfolios, and investment strategies in compliance with regulatory guidelines. Promote robust reporting mechanisms to swiftly identify and report any suspicious activities or transactions within REITs.
• Fraud detection solutions: Implement robust fraud detection solutions that have the ability to continuously monitor transactions, identify patterns of fraud, and ultimately enhance the security of investments and regulatory compliance. 
• Audit oversight: Collaborate with reputable auditing firms to conduct independent REIT audits. Insist on auditing compliance with AML and other regulatory requirements to validate financial integrity.
• Investor education: Educate your institution’s clients and stakeholders about the unique risks and red flags associated with REIT investments, bolstering their ability to make informed decisions.

Additionally, in the UK, the 2023 Financial Conduct Authority (FCA) Handbook provides a list of best practices FIs should follow when screening for different types of investment fraud. Firms in the US should take note of these tips, which include: 

• Conducting regular risk assessments while considering the potential loss due to fraud.
• Promptly contacting customers when investment fraud is suspected.
• Modifying transaction monitoring rules to include investment fraud typologies, based on the suggestions of subject matter experts.

Detect REIT fraud with automated solutions

To combat the rising threats of real estate scams, including REIT fraud, compliance teams should consider their transaction fraud risk across three core areas of compliance:

• Process: Firms should assess their enterprise risk and adjust their risk appetite as new fraud types emerge and criminal behavior changes.
• Platform: By establishing the right risk appetite and internal alignment, fraud teams can employ machine learning and behavioral analytics to detect fraud. Unlike a rules-based approach, these automated solutions can forecast future risks and help staff respond to changing risks in near real-time.
• People: Fraud and anti-money laundering teams often work in siloes, making effective detection of financial crimes difficult. Compliance staff must ensure communication channels are in place, particularly when evaluating machine learning-based monitoring solutions.

The post What is real estate investment trust (REIT) fraud? appeared first on ComplyAdvantage.

With the increasing threat of BEC fraud, more firms are looking to take additional steps to safeguard themselves and their customers. This article explores the nuances of BEC fraud, offering compliance professionals guidance and practical tips to help them mitigate this risk and improve their firm’s fraud risk management protocols.

What is business email compromise fraud?

Business email compromise (BEC) fraud is a type of cybercrime where attackers manipulate or compromise email accounts with an organization to defraud the company or its employees. These scams often involve convincing employees to transfer money to fraudulent accounts or disclosing confidential data, resulting in significant financial losses for the targeted organization. 

BEC fraud examples

BEC fraud can take various forms, including:

• Invoice fraud: Scammers send fake invoices or payment requests to a business’ finance department, posing as legitimate suppliers or vendors. The goal is to trick the company into making payments to the fraudster’s account instead of the vendor’s. 
• CEO fraud: The attacker impersonates a high-ranking executive, often the CEO or CFO, and sends emails to lower-level employees or finance departments, instructing them to make urgent wire transfers or payments to a fraudulent account. These emails appear convincing and often exploit a sense of urgency.
• Attorney impersonation: Fraudsters may impersonate lawyers or legal representatives and send emails to businesses, claiming that a sensitive legal matter requires immediate action. They might request wire transfers to settle made-up legal disputes or legal fees.
• Gift card scams: Cybercriminals may impersonate company executives and request that employees purchase gift cards and share the card codes via email. The fraudsters then use these gift cards for personal gain. 
• Vendor email compromise: Hackers access a vendor’s email account and use it to send payment change requests or fake invoices to the vendor’s customers. Unsuspecting businesses end up making payments to fraudulent accounts, thinking they are dealing with their legitimate vendor.
• Data theft: Instead of financial gain, some BEC attacks focus on stealing sensitive company data. Attackers may impersonate employees or management to request sensitive information such as customer data, intellectual property, or financial records. 

BEC fraud and real estate

According to the FBI’s 2022 Internet Crime Report, the real estate industry has become the most targeted sector for BEC scams for two consecutive years, with losses amounting to $2.7 billion. 

In March 2023, the Financial Crimes Enforcement Network (FinCEN) published a report that analyzed financial trends relating to BEC scams in the real estate sector. The report used Bank Secrecy Act (BSA) data from January 2020 to December 2021 to provide money laundering typologies that were used by BEC attackers, such as:

• The use of money mules to hide the movement of funds following a BEC attack. 
• The recruitment of unwitting money mules through social media sites and dating apps using romance scams and elder abuse.
• The convergence of multiple fraud types with BEC scams, such as identity theft, economic injury disaster loans fraud, and stimulus payment fraud
• The use of alternative payment methods that were used to convert illicit proceeds, including online payment platforms and convertible virtual currency (CVC).

According to FinCEN, title and closing entities are the most commonly impersonated BEC incidents, representing almost 40 percent of recorded attacks. Other impersonated parties included realtors (23 percent) and investors (16 percent).

A Guide to AML/CFT Reforms in the US Real Estate Sector

Learn how real estate businesses can respond to US authorities' new measures for improved corporate transparency and financial crime risk management.

Download Your Copy

How do BEC scams work?

While the strategies fraudsters use inevitably vary depending on the type of scam being attempted, there are four steps typically involved in BEC fraud:

1. Fraudsters research the business they plan to attack.
2. Phishing, credential theft, or malware infections enable fraudsters to compromise an email account.
3. Once inside the account, fraudsters can send emails that appear to come from a trusted source within the organization.
4. Attackers use psychological manipulation to make wire transfer requests seem legitimate and time-sensitive.

However, as compliance staff well know, fraudsters are constantly changing their tactics to avoid detection. To keep up with new scams and emerging typologies, many companies are now prioritizing powerful fraud detection solutions that can identify patterns in fraudulent behavior and quickly adapt to new threats.

BEC fraud red flags

As with most cyber-enabled financial scams, BEC fraud can be difficult to spot. However, being aware of the following red flag indicators can help firms stay protected:

• Last-minute changes in wire instructions or recipient account information.
• Unexplained urgency. 
• Request for complete confidentiality.
• Communications conducted solely through email and refusal to communicate via telephone or online voice and video platforms.
• Requests for advance payment of services when not previously required.
• Requests from employees to alter direct deposit information.
• Threats or unusual flattery/promises of reward.

To report BEC scams, US firms must contact the FBI’s IC3 or the nearest United States Secret Service (USSS) field office. FinCEN also reminds firms to contact the Office of Foreign Assets Control (OFAC) if there is any reason to suspect a cyber actor may be sanctioned or have a sanctions nexus. 

BEC fraud risks

BEC fraud can pose several significant risks to organizations, including:

• Financial losses.
• Reputational damage.
• Legal and regulatory consequences.
• Operational disruptions.
• Data breaches.
• Supply chain risks.
• Reduced employee morale.
• Remediation costs.
• Business continuity.

In light of these risks, the Biden administration’s Interim National Security Strategic Guidance identified the need to strengthen cybersecurity defenses against the increasing prevalence of malicious cyber activity. As part of this effort, the government has funded the “Shield’s Up” initiative, led by the Cyber Infrastructure Security Agency (CISA). The initiative focuses on three key recommendations to enhance cybersecurity preparedness:

1. Rapid detection of potential intrusions.
2. Adequate preparation to respond to any intrusion.
3. Maximum resilience to withstand a damaging cyber incident.

How to detect and prevent BEC fraud

To effectively mitigate the risk of BEC attacks, FinCEN has compiled the following guidelines for compliance staff:

• Report BEC scams and fraudulently induced wire transfers to law enforcement within 72 hours of the transaction.
• When filing a suspicious activity report (SAR) related to BEC, provide transactional and cyber-related information about the incident.
• Communicate and share information with other financial institutions (FIs).
• Assess the vulnerability of business processes and systems and consider taking action to increase resiliency.
• Adopt a multi-faceted transaction monitoring system.
• Provide training and awareness building to identify and evade spear phishing attempts.

These guidelines are designed to help compliance staff take the necessary steps to prevent, detect, and report any BEC scams or fraudulently induced wire transfers. By following these guidelines, FIs can better protect themselves and their customers from the risks associated with BEC attacks.

Mitigate BEC fraud risks with automated solutions

To address the growing threat of BEC fraud, it is crucial for firms to ensure their fraud detection solutions are capable of identifying common scenarios and predicting future risks. This can be achieved in a cost-effective and efficient manner by implementing an AI overlay to existing tools. AI overlays not only eliminate the need for a complete system overhaul but also enable organizations to customize their rule sets and prioritize the most high-risk alerts, making it easier for analysts to quickly identify and investigate actual incidents.

A risk-based approach built around customer profiles, security, and payment flows is also key to a robust fraud risk-mitigation program – alongside employee and customer awareness of red flags.

The post What is business email compromise (BEC) fraud? appeared first on ComplyAdvantage.

What is title fraud?

Title fraud is a type of real estate scam where a fraudster illegally transfers the ownership or title of a property to themselves or another party without the knowledge or consent of the legitimate property owners. In the majority of cases, title fraud involves vacant properties that are not the homeowner’s primary residence. 

How does title fraud work?

There are five steps typically involved in title fraud.

1. Initial access to property information: The fraudster begins by gathering information about a property they intend to target. This information is often publicly available and can include details about the property’s owner, address, and legal description.
2. Forgery: The criminal forges documents related to the property, such as deeds, mortgage papers, or transfer documents. They may also impersonate the property owner or use stolen identity information to appear legitimate.
3. Submission of fraudulent documents: These forged documents are then submitted to the relevant government authority responsible for recording property transactions. This is where the title is officially transferred.
4. Title transfer: Once the fraudster’s documents are accepted, the property’s title is transferred to them or an accomplice, effectively giving them legal ownership of the property on paper.
5. Exploitation: With control of the property’s title, the fraudster can take various actions, including:

• Selling the property to an unsuspecting buyer.
• Taking out mortgages or loans against the property.
• Leasing the property to collect rental income.

Types of title fraud

Fraudsters that attempt title fraud tend to target specific types of homeowners, including senior citizens, vulnerable homeowners, people who own a vacation home or rental property, individuals who have been a victim of identity theft, and those with paid-off properties. Once the target has been identified, the nature of the scam can take various forms:

• Forged deeds or titles: Fraudsters may forge property deeds or titles to transfer ownership to themselves or a fictitious entity. They can then sell the property or take out loans against it.
• Identity theft: Criminals can use stolen personal information to pose as property owners. They may then transfer the property title, refinance the mortgage, or sell the property without the owner’s knowledge or consent.
• Home equity theft: Fraudsters persuade the homeowner to sign documents, often under the guise of refinancing or selling the property, and then take control of the equity.

A Guide to AML/CFT Reforms in the US Real Estate Sector

Learn how real estate businesses can respond to US authorities' new measures for improved corporate transparency and financial crime risk management.

Download Your Copy

Title fraud red flags

In March 2023, FinCEN published a Financial Trend Analysis that highlighted the following title fraud red flags for compliance staff to be aware of:

• Differing signatures.
• The owner/seller lives abroad.
• Recently issued identification documents.
• A lack of knowledge about the property.
• The seller lives at a different address from the property and has no evidence, such as bills or building insurance, linking them to the property.
• The property is vacant, of high value, and/or has no mortgage.
• The seller wants a quick sale.

While no single red flag indicator determines illicit or suspicious activity, FinCEN reminds firms to consider each transaction’s relevant facts and circumstances in line with a risk-based approach to compliance.

How to prevent title fraud

Title fraud prevention measures used by businesses may include:

• Identity verification: Verify the identity of borrowers through stringent know your customer (KYC) processes, including identity verification tools and document verification services.
• Confirmation of ownership: Verify property ownership by cross-referencing records with government databases and property tax records.
• Verification of liens: Check for any outstanding liens or encumbrances on the property that could indicate fraudulent activity or financial distress.
• Employ technology: Utilize technology solutions that can help detect anomalies or red flags in property transactions, such as automated fraud detection algorithms and artificial intelligence (AI).
• Ongoing monitoring: Implement ongoing monitoring of property titles for any changes or transfers that may raise suspicion.

According to sector-specific guidance published by the Financial Action Task Force (FATF),  a risk-based approach (RBA) should be used as the foundation for an anti-money laundering and combatting the financing of terrorism (AML/CTF) program. This will help firms prevent, mitigate, and proportionally manage risks, allowing resources to be utilized more effectively and improving outcomes. 

Mitigate risks with automated fraud detection solutions

In the battle against title fraud and other real estate scams, utilizing the right tools can help firms better prevent fraudulent activity. The FATF has identified artificial intelligence (AI) and machine learning (ML) as technologies that can assist firms in detecting abnormalities, prioritizing alerts to make remediation more efficient, and intuitively setting fraud transaction monitoring thresholds. Additionally, automated fraud detection solutions can help firms mitigate risk by ensuring all transactions adhere to legal and regulatory requirements. This includes checking for compliance with AML and KYC regulations. 

The post What is title fraud and how to prevent it appeared first on ComplyAdvantage.