As more consumers embrace digital banking and faster, simpler ways to send money, it has created opportunities for fraudsters and increased the risk of digital fraud in Malaysia, particularly fuelled by the adoption of real-time payments.
In Malaysia, calternatives as compared to 62 percent in 2017. E-wallets are also growing in popularity with 74 percent of Malaysian consumers using the payment mode.
At the same time, the last two years saw over 51,000 online fraud complaints were lodged with a total loss of RM1.61 billion. I would like to take the opportunity to check if you’d be interested in covering this topic in more depth and discuss the complexities of fraud management.
Smart Investor recently got in touch with CK Leo, FICO’s lead for fraud, security and financial crime in Asia Pacific to find out his views.
Smart Investor: What are some of the growing fraud threats that consumers need to be more aware of?
CK Leo: According to Malaysia’s Commercial Crime Investigation Department, the top fraud threats reported this year include impersonation scams, e-commerce crime, and phishing, which could lead to account takeovers and unauthorized transactions. At the same time, consumers should be mindful of Authorized Push Payment (APP) fraud, where fraudsters manipulate consumers or individuals at a business to transfer money to a bank account controlled by the fraudster.
APP fraud is rising globally, fueled by the adoption of real-time payments, such as DuitNow in Malaysia, which enables fraudsters to flee with the money at speed.
Threats such as APP fraud are particularly difficult to detect and prevent, and show how traditional safeguards such as authentication checks, a common security measure used by banks in Malaysia, are insufficient in protecting customers.
One tool that can be used to help protect real-time payments is to use analytics that look for changes in customer behavior, such as using accounts or devices outside of their usual habits, as well as standard anomalies, such as time-of-day or frequency of a transfer. FICO has found that the use of targeted profiling of customer behavior to spot scams has yielded some impressive results, with 50 percent more scam transactions detected.
SI: Why do we still fall for investment scams, when there are a lot of legitimate investments out there?
CKL: The answer is that people want to believe that there are easy ways to make money. We are influenced by social proof in the media and online with stories of overnight crypto millionaires, stock wizards and real estate moguls. The pandemic helped to super charge the problem, as people spent a lot more time online, unable to go anywhere or spend money.
While in this state many were enticed by greed and schemes peddled by scammers that promised easy money. It is, however, worth remembering that with a clever amount of social engineering used against us, anyone can become a victim of fraud. Some schemes out there are very sophisticated at mimicry of real investment companies, setting up spoof websites and advertising on Google to attract potential victims.
Although banks and authorities are in a constant race to update and upgrade their security measures, this is simply not enough to prevent all investment fraud. There is a paramount need to educate consumers on new and emerging threats and what checks to make before investing.
SI: What are the driving factors for the rise in fraud in recent years?
CKL: Today’s technology has enabled fraudsters to undertake globally pervasive scams with shocking ease, constantly shifting in approach to find new vulnerabilities. Malaysia’s digitally savvy population and banking penetration of 92%, is expected to grow significantly in the coming years and along with it the opportunities for scammers. Criminals are attracted to both the increase in money flows and the growth in the number of inexperienced users.
Fraudsters have also been making use of technology to scale up both the complexities and the scope of their operations. Automation and bots, for example, have been exploited by criminals to gain data and create fake consumer identities for application and card fraud. In Malaysia, scammers have even created their own applications to trick consumers into giving up valuable personal information.
These ‘app scams’ were reported to involve losses of RM721,728.69 from January to July 2022. Malaysia’s Commercial Crime Investigation Department reported that impersonation calls alone involved a loss of RM199.8 million.
So, the driving factors in fraud growth are that technology has enabled the reach, scope, volume and low cost of creating scams. While a growth in digital services has increased the attack surface and the number of less educated users as well. Plus, the honeypot, or the sheer amount of money that can be made from online crime means there is an arms race going on.
For banks, this means staying on top of their banking security game and evolving to prevent new fraud types like the growth in real-time payment fraud.
SI: How must banks’ fraud detection and prevention strategies change to minimize fraud risks?
CKL: One way is by enforcing stronger customer authentication. A FICO study conducted in 2021 found that one-time passcodes issued through text messages are largely preferred by Malaysian customers due to their convenience.
However, this verification method can be easily compromised, through scams like SIM swap fraud. Banks will need to consider more robust or multiple factors of authentication for a layered approach to security. This includes tools available to them, such as biometric authentication, a method FICO found a preference for among Malaysians.
The reduction of information silos is equally key. Banks with different solutions for transaction monitoring and fraud must remove these separate silos and work collaboratively to create an integrated solution able to read data holistically, leading to timely detection and the prevention of fraud.
Thirdly, consumer education must remain a top priority for banks. Banks must maintain regular communications with their customers to assist them in preventing fraudulent transactions. They can do this by encouraging customers to keep their contact information updated to receive timely fraud alerts.
These three approaches can be realized through advanced analytics which enable real-time decision-making to prevent fraudulent attacks from taking place.
In contrast to siloed, single-focus solutions, an integrated, enterprise-wide fraud platform enables banks to have a more comprehensive approach to minimizing fraud risks. Banks will be able to dynamically adapt to emerging fraud types, while using machine learning models based on targeted profiling of customer behavior to separate between fraud, scam and normal behavior.
This shift away from siloed solutions also enables banks to choose the best channel when communicating with customers to ensure that they are safe and aware of possible fraudulent activities.
SI: What are some steps consumers can take to protect themselves from fraud and scams as they increase use of real-time digital payments?
CKL: Consumers need to be aware of the risks of APP fraud. They should always stop and think if something unusual happens, like someone messaging to say their bank account has changed. It is always worth contacting the person directly to check things like this to minimize the risk of fraud. Consumers should also be wary of downloading new applications, and scanning QR codes, which scammers are increasingly exploiting for fraud.
Above all, consumers should always be diligent about performing background checks before revealing their personal information and credentials, and always keep track and check their transactions.
SI: What’s your view on the adoption of digital currency (crypto) in the next few years?
CKL: While the technology behind digital currency has seen interesting developments over the past few years, the region has understandably been apprehensive about its adoption, especially considering the recent cryptocurrency crash and bad actors that use it to try and support criminal activity.
We know, for example that scammers have exploited the hype and complexities of NFTs and cryptocurrency to facilitate money laundering scams. The lack of oversight and regulation around cryptocurrency, coupled with the large sums of money at stake, makes the environment prime for scammers to thrive.
No matter where digital currency is headed in the next few years, stronger security and trust will need to precede its wider adoption.
SI: What makes FICO unique from others?
CKL: When it comes to fraud protection, we believe in an integrated approach that combines industry-proven advanced machine learning and artificial intelligence with real-time cross-channel fraud prevention. Our decades of investment in fraud research and innovation have yielded over 100 patents for fraud-specific machine learning innovation.
Our analytics expertise is trusted to protect 3 billion global payment cards and 65 percent of the world’s credit cards.
About FICO
FICO (NYSE: FICO) is a leading analytics software company, helping businesses in 90+ countries make better decisions that drive higher levels of growth, profitability and customer satisfaction. FICO’s groundbreaking use of Big Data and mathematical algorithms to predict consumer behavior has transformed entire industries. The company provides analytics software and tools used across multiple industries to manage risk, fight fraud, build more profitable customer relationships, optimize operations and meet strict government regulations.