The dictionary defines fraud as “wrongful or criminal deception intended to result in financial or personal gain”, which is a pretty good description but also quite vague. Another definition is “an intentionally deceptive action designed to provide the perpetrator with an unlawful gain or to deny a right to a victim”. We find that in the world of business and the Cyberspace, the second description tends to describe exactly how hackers and scammers impact our lives the most. In this article we will review the case study of South Africa’s Grey listing and why it is a concern for fraudulent activity; we’ll talk you through the updates to PCI DSS, which is a standard intended to protect customers from hackers and scammers, and share with you our best tips to stay ahead of fraud and how to report it. At the end of the article we’ve also included some bonus content to help you wind down after the long read. So grab a good cuppa joe and let’s get into the details…
1. South Africa Grey listed by FATF
South Africa has been “Grey listed” by Financial Action Task Force (FATF) for not fully complying with international standards around the prevention of money laundering, terrorist financing, and proliferation financing. “Where did we go wrong?” - you might ask… Well, according to the Mutual Evaluation report of 2021 released by FATF, South Africa is Non-Compliant (NC) in key areas that raise concern for gaps where fraudulent activity can thrive. These areas are as follows:
R.6 - Targeted financial sanctions related to terrorism & terrorist financing
R.8 - Non-profit organisations
R.12 - Politically exposed persons
R.15 - New technologies
R.17 - Reliance on third parties
Further detail on this report can be seen in the image below and accessed via the reference link in the image caption.
Figure 1 Extract from South Africa's FATF Evaluation Report - https://www.fatf-gafi.org/en/countries/detail/South-Africa.html
Right! Grey listed. So what exactly does that mean and do we need to be worried? Short answer is -No don’t worry just yet, Grey listing is more like a warning shot. Long answer - FATF has 3 classification levels based on the risk of financial crime taking place unchecked. The highest risk level is to mark a country as Blacklisted, which means that the country is largely non-compliant and does not provide enough assurance or laws to protect against fraudulent and criminal financing. The second level is Grey listed, (that’s where we sit) where the country is/has made significant efforts to implement the necessary controls, however there are still some gaps that need to be attended to. In some cases, the country was previously compliant, but has failed to update their laws when requirements change. And then last, but not least, Whitelisted, where a country is deemed to have sufficient assurance and is compliant in line with the requirements listed by FATF. It’s all very monochromatic... Back to that warning shot and what happens to a country that is formally Grey listed. As with any audit and evaluation, our country has been required to formulate an action plan to address the non-compliances, implement the mitigating controls and laws, and then prepare for the next FATF evaluation, all while under “Increased Monitoring” by FATF. According to our president, Cyril Ramaphosa, our government has already started taking action to swim back to the clearer waters. Like I said, don’t fret just yet.
2. Antifraud Best practices and Insights from Global Fraud report 2023
While e-commerce may be on the rise, there's a bit of a catch – the sneaky world of online scams is thriving as well, but fear not, because we're shining a bright light on this important issue by diving into the Global Fraud Report 2023. Inside, you'll find priceless tips on how online sellers are keeping the bad guys at bay with their clever payment tactics and smart strategies to conquer the ever-changing online landscape.
The Global Fraud Report for 2023 can be found here
2.1 Fraud Attacks and Challenges:
This section begins by exploring the prevalent types of fraud encountered by e-commerce merchants and how these types fluctuate over time and across various segments of the merchant community. It places a particular emphasis on first-party misuse, commonly referred to as "friendly fraud." Additionally, the section delves into the key challenges faced by merchants in relation to fraud and highlights the areas they intend to focus on for improvement in their fraud prevention efforts over the next 12 months.
Top Fraud Attacks: Consistency and the Rise of Friendly Fraud:
The study reveals that the most prevalent forms of fraud experienced by e-commerce merchants globally have remained consistent for the third consecutive year. These top four fraud attacks, listed from most to least common, include phishing/pharming/whaling, first-party misuse (friendly fraud), card testing, and identity theft (refer to Figure 6)
Notably, friendly fraud has risen in prominence, moving from the fourth to the second position among the most widespread forms of fraud.
Figure 2: Types of Fraud Experienced by Merchants – Past 3 Year Rankings & Global Incidence (2023)
Best Practices for Mitigating Top Fraud Attacks and Challenges:
As e-commerce merchants face a consistent landscape of fraud attacks with the emergence of friendly fraud as a prominent concern, it's imperative to adopt best practices to effectively address these challenges:
Fraud Detection Technology: Invest in advanced fraud detection technology that leverages machine learning and AI to identify and respond to evolving fraud tactics, including phishing and identity theft.
Chargeback Management: Develop robust chargeback management processes to handle disputes effectively and minimise revenue loss resulting from friendly fraud.
Real-Time Transaction Monitoring: Utilise real-time transaction monitoring systems to detect suspicious activities and take immediate action when unusual patterns are identified.
Internal Fraud Prevention: Strengthen internal controls and processes to prevent first-party misuse within your organisation, including employee training and awareness programs.
Data Security Measures: Implement stringent data security measures to protect customer data and mitigate the risk of data breaches contributing to identity theft.
Fraud Analytics: Utilise fraud analytics to proactively identify potential fraudsters and trends in fraudulent activity.
Customer Support: Enhance customer support channels to address fraud-related concerns promptly and help affected customers.
2.2 Usage of Retail Approaches:
The latest findings from this year's report reveal a notable uptick in the adoption of innovative retail approaches and enhanced customer experiences within the e-commerce landscape. This suggests that many merchants are transitioning from the experimental phase to full-scale integration of these strategies in their operations for the foreseeable future.
On average, merchants are embracing 3.6 new retail approaches this year, demonstrating a slight increase from the 3.4 recorded in the previous year. Moreover, they are also implementing an average of 2.8 new customer experiences, marking an increase from the 2.6 reported in the previous year.
Figure 3: Usage of New Retail Approaches & Customer Experiences – 2023 vs. 2022
Best Practices for Combating Fraud While Embracing Novel Retail Approaches and Elevating Customer Experiences:
Here are best practices for anti-fraud measures as you adopt new retail approaches and customer experiences:
Data-Driven Fraud Detection: Utilise advanced data analytics and machine learning algorithms to detect fraudulent activities. Analyse patterns in customer behaviour and transaction data to spot anomalies indicative of fraud.
Behavioural Biometrics: Implement behavioural biometrics to track and analyse user behaviour, including keystrokes and mouse movements. This can help identify fraudsters who may have gained unauthorised access to user accounts.
Multi-Factor Authentication (MFA): Enforce robust MFA mechanisms, including two-factor authentication (2FA) and biometric verification, to ensure that only authorised users can access sensitive data and perform transactions.
Real-Time Transaction Monitoring: Continuously monitor transactions in real-time for suspicious activities. Implement automated alerts and triggers to flag potentially fraudulent transactions for further investigation.
Fraud Risk Scoring: Develop a fraud risk scoring system that assesses the risk associated with each transaction. High-risk transactions can undergo additional scrutiny and validation.
User Verification: Verify the identity of customers, especially during high-value transactions or account access. Document verification, document capture, and identity verification services can help ensure the legitimacy of users.
Machine Learning Models: Employ machine learning models to predict fraudulent behaviour based on historical data. Continuously train these models to adapt to new fraud patterns.
Fraud Education and Training: Educate your team on the latest fraud tactics and prevention methods. Equip them to recognise and respond effectively to emerging threats.
Collaborative Anti-Fraud Ecosystem: Collaborate with industry peers, law enforcement agencies, and anti-fraud organisations to share threat intelligence and best practices. Collective efforts can help combat fraud effectively.
Privacy and Compliance: Adhere to strict privacy and compliance regulations, such as GDPR or CCPA, to protect customer data. Ensure that your fraud prevention measures align with these regulations.
Incident Response Plan: Develop a robust incident response plan to swiftly address any security breaches or fraudulent activities. Define roles and responsibilities for handling incidents.
Customer Communication: Maintain clear and transparent communication with customers regarding fraud prevention measures in place. Educate them on how to safeguard their accounts and data.
Fraud Analytics Tools: Invest in specialised fraud detection and prevention tools and services. These tools often include features like real-time fraud alerts, chargeback prevention, and transaction monitoring.
Regular Audits and Assessments: Conduct regular security audits and assessments to identify vulnerabilities in your systems and processes. Address any weaknesses promptly.
Continuous Improvement: Fraud prevention is an ongoing process. Continuously assess and enhance your anti-fraud strategies to stay one step ahead of fraudsters.
2.3 Business Impacts of Fraud: After a tough year where fraud-related issues were on the rise, there’s finally some good news. Merchants are reporting improvements in the past 12 months, especially when it comes to their local operations as depicted in Figure 5. It’s like a small ray of sunshine after a storm.
Notably, this improvement in negative fraud metrics has been particularly pronounced in North America, where investments in fraud management witnessed a substantial increase in the previous year. Additionally, merchants in the Asia-Pacific (APAC) region, midsize and enterprise-level businesses, and both members and non-members of the Merchant Risk Council (MRC) have also reported statistically significant declines in various key metrics. This trend aligns with the overarching positive trajectory this year, demonstrating declines across the board.
Figure 4: Fraud Management KPIs – 2023 vs 2022
Best Practices for Sustaining Improved Fraud Metrics:
As merchants experience a welcome decline in fraud-related metrics, it's essential to implement best practices to maintain and enhance these improvements:
Continuous Monitoring: Continue vigilant monitoring of transactions and customer behaviours to identify and respond to emerging fraud patterns promptly.
Data Sharing and Collaboration: Collaborate with industry peers and organisations to share threat intelligence and stay updated on evolving fraud tactics.
Advanced Fraud Detection Tools: Invest in cutting-edge fraud detection and prevention tools that employ machine learning, AI, and real-time analytics to proactively detect fraud.
Geographic Risk Assessment: Assess and manage fraud risks associated with specific regions or markets, tailoring your fraud prevention strategies accordingly.
Fraud Review Processes: Implement robust fraud review processes to scrutinise high-risk transactions without causing unnecessary friction for legitimate customers.
Adaptive Fraud Models: Continuously update and refine your fraud detection models to adapt to evolving fraud tactics and customer behaviours.
Incident Response Planning: Maintain a well-defined incident response plan to swiftly address any security breaches or fraud incidents and mitigate their impact.
Feedback Loops: Establish mechanisms for gathering feedback from customers and internal teams to identify areas for improvement in fraud prevention.
Resource Allocation: Allocate sufficient resources to your fraud prevention efforts, aligning budgets and staffing with the evolving threat landscape.
Compliance: Stay informed about and adhere to relevant industry and regulatory standards for data protection and fraud prevention.
4. Bonus Content: Exploring Fraud on Netflix
Now for the fun… We all love a little spilt tea. Please enjoy our list of favourite shows on Netflix that explore the concept of fraud.
The Recruit – A deep dive into corporate espionage, not for the faint hearted.
Outlaws – An upbeat comedy.
The Great Hack – A skin crawling documentary about misused private information.
Trust No One: The Hunt for the Crypto King – Exploring the one thing we all fear most when investing.
Inventing Anna – Mastermind or your worst nightmare?
FYRE: The Greatest Party That Never Happened – A documentary on one big scam.
Bad Vegan: Fame. Fraud. Fugitives. – A documentary about how a good business can quickly turn sour.
Comentarios