Scam-busting smart tech on the way
Losses to fraud have skyrocketed in the past six months, and banks are increasingly looking to new technology to help them stay one step ahead of scammers.
An Auckland IT professional who lost $60,000 to a cryptocurrency scam says she and her partner feel let down by the way their bank handled the situation. The pair lost their savings through what they thought was an investment in cryptocurrencies.
Thousands of dollars was taken out of their account sporadically, amounting to $60,000 over 18 months. She said she had since discovered the scammers were linked to war crimes and human trafficking.
Cryptocurrency was bought and put into a crypto wallet, then broken up into smaller amounts and transferred to other crypto wallets, making it impossible to claw back.
The couple have been unable to retrieve any of that money.
Young and tech-savvy, the woman said she worried that if they fell for this scam then anyone could.
‘‘What worries me, is really large-scale crime is happening, and I keep feeling like I am being hit with a huge amount of bureaucracy, and a huge amount of laws that need to be changed,’’ she said.
She said her bank and police kept pointing the fingers at each other, bouncing the issue between the two without any resolution.
The ordeal had left her discouraged and feeling let down by the banks, which were supposed to be looking after her best interests, she said.
The banks had become complacent about scams and fraud because they had become inundated with more cases, she said. They should have more technology built into their fraud monitoring processes to stamp out malicious intentions before transactions happened.
Scams have been on the rise for the past five years and the amount of money lost to fraudulent activity is growing by the day.
More than $35 million was lost to scams and fraud in New Zealand last year, and there was a 90% increase in reports of scams, fraud and online harm, according to online safety organisation Netsafe.
Scams are becoming more believable and scammers more professional in their dealings with their victims, making them harder to tell from legitimate services.
More than 15,000 people fell victim to scams last year.
Global banks such as Barclays, HSBC, Citi and Australia’s NAB (owner of Bank of New Zealand) have invested US$20 million (NZ$32m) in technology firm BioCatch, which specialises in behavioural biometrics and advanced fraud monitoring systems.
BioCatch analyses an account holder’s behaviour using biometric data such as fingerprints, how hard they press a touch screen, device movement and mouse scrolling speed.
It also tracked how frequently an account holder used their online banking or banking apps, and uses biometric information to determine whether it is the account holder making a transaction or someone else with control of the person’s device via remote access softwares such as AnyDesk, QuickSupport or TeamViewer.
If it detects a third-party remote access app on the device it automatically shuts it down.
However, banks in New Zealand are not currently using the technology to detect fraud, and instead have their own in-house systems and processes, which includes manually reviewing transactions.
They create fraud rules based on trends, through coding, that are then embedded into their transaction monitoring software.
Britain and the United States were much more advanced in the adoption of technology to fight financial crime, which the woman believed scammers knew too.
She said the lack of expertise within organisations of authority was frustrating, and New Zealand banks needed to adopt new technologies in order to combat scams and fraud.
Research from the Financial Markets Authority suggests that 18% to 19% of Ma¯ ori and Pasifika people have been lured into crypto investments – double the rate of Pa¯ keha¯ .
The New Zealand Banking Association recently launched a campaign to raise more awareness of scams, however, the association would comment further for this article.
Two of the five big banks said they had plans to introduce BioCatch, but they did not want to be identified.
Another bank said it was aware of BioCatch, but had no plans to introduce it in the next 12 months.
ASB said it was working with behavioural science specialists to better identify potential scam activity, and used machine learning to detect unusual activity on its customers’ cards.
It had a multi-year plan of training and investment to address the issue. This included enhanced machine learning ability and behavioural biometric monitoring.
Westpac NZ head of financial crime Mark Coxhead said the bank continued to invest in cutting edge technologies including biometrics and machine learning. However, no matter the technology, vigilance was the best defence.
Ashley Kai Fong, head of financial crime at BNZ, said it had a dedicated fraud team working around the clock.
‘‘Scams come in many, often sophisticated forms, but a common feature is unsolicited messages sent by scammers either in texts or emails enticing people to provide personal or financial information such as banking details,’’ Fong said.
‘‘It is critical that we are all alert to unsolicited texts and emails and never click on links or reply to these messages and never supply personal or account details when they hit our inboxes.’’
ANZ said it was continually invested in upgrading its fraud detection platform and had recently implemented the latest version which was ‘‘at world best practice level’’.
‘‘We are constantly evolving our authentication systems and processes to ensure we’re keeping pace with changes to the global environment. This includes investigating the use of automation, machine learning, artificial intelligence and bio-data to identify fraud faster and more accurately.’’
Kiwibank said there were always new fraud detection technologies available and as they become available the bank reviewed them for potential benefits.
A Kiwibank spokesperson said the bank encouraged customers to keep an eye on their transactions and use trusted merchants, because prevention was always better than detection.
Sam Leggett, Cert NZ senior analyst of threats and response, said the amount of money lost to scams had skyrocketed over the past six months, and tripled in the third quarter of last year.
The value of losses per incident had also increased, he said.
There were 12 frauds where more than $100,000 had been lost.
In the nine months to September, $16.5m was lost to scams and fraud, compared with $10.5m for the same period in 2021. The total amount lost in all of 2021 was $16.8m.
Typically, Cert NZ saw a spike in reports of scams and fraud at the end and beginning of a year.
‘‘What we’ve noticed is other than there being more incidents involving financial loss, we’re seeing incidents having greater financial losses,’’ Leggett said.
Text message and investment scams were catching out most people.
Phishing text messages that asked receivers to call a number to have an issue resolved, and allowing a scammer remote access to their devices, were all too common.
Investment scams had been around a long time but had become more prolific due to the rise in popularity of cryptocurrency such as bitcoin.
Leggett warned that if an opportunity looked too good to be true, then it probably was a scam.
Scam victims should contact their bank as soon as possible to maximise the chances of recovering funds, or
Research from the Financial Markets Authority suggests that 18% to 19% of Ma¯ori and Pasifika people have been lured into crypto investments.
preventing further loss. And then report the issue to police, he said.
More education was needed to help combat financial crime.
Given the limited success rates for recovering funds, prevention remained the most important piece of the puzzle to combat fraud, Leggett said.
‘‘Scammers change their methodology quickly and in a sophisticated manner to catch people, but generally speaking, if it seems too good to be true, then it probably is [a scam].’’
Never share passwords with anyone. If someone contacted you out of the blue and asked for passwords or sensitive information, then that was a good indicator it might be a scam, he said.
‘‘If you are called by someone, and they claim there is some kind of issue with your internet or bank account, and ask you to download remote access software, that is almost definitely a scam.’’
Leggett said banks had an obligation to their customers to investigate any suspected fraud.
Most scammers were based overseas, which made it harder to recover lost money, he said.
Information had to be passed to law enforcement agencies in the country the scammer was operating from, which could take a long time.
Leggett said the onus was on consumers to know what to look out for as much as it was the banks’ responsibility to educate their customers.
Taking the time to do some due diligence and research before transferring funds could mean the difference between falling victim to a scam or not, he said.
There was no end in sight for fraudulent activity and he suspected it would continue to worsen over time.
‘‘The sophistication of scams continues to improve, so that means that people trying to combat scams have to be constantly improving as well and staying up to speed with what is going on.’’
Visa said businesses were facing a growing threat of ‘enumeration attacks’, where fraudsters use automation to test and guess payment details such as card numbers, CCV numbers and expiration dates, which could then be used in fraudulent transactions.
It said botnets, a networks of hijacked computer devices, were increasingly being used to carry out and scale these attacks.
To crack down on this, Visa last year announced a requirement for its merchants to invest in technologies that identify and prevent enumeration attacks.
By October, merchants must ensure they have advanced controls in place, such as technologies that look for anomalies in shopping cart data, can block accounts after a certain number of login attempts, and restrict the number of transactions that can be processed by a merchant from a single card per minute.
Anthony Watson, Visa country manager of New Zealand and the South Pacific, said fraudulent activity had ramped up over the past few years following the onset of the Covid-19 pandemic.
‘‘The accelerated shift to digital payments has driven changes in behaviour and preferences that were likely to continue well beyond the pandemic. But as these digital habits have taken hold, fraudsters have also adapted their attack vectors to take advantage of these changes and to further scale existing threats.’’
Watson said fraudsters has shifted their attention to online fraud as commerce had become increasingly digital. He said consumers had a role to play in reducing scams and financial crime.
‘‘Cardholders have an important role to play in helping us fight fraud – they should be aware of and make use of their bank’s security features, monitor their accounts, and reach out to their bank immediately if they suspect their account has been compromised.’’