Good morning.
I’m fascinated with cybercrime—the various ways bad actors hack into both our computers and our vulnerabilities. Now that we’ve learned to not click on attachments, urgent IRS missives, or opportunities to coinvest with foreign royalty, new threats loom.
AI has given cybercriminals better tools to trick us and created new challenges in establishing who pays for it. Remember the deepfake “CFO” of British design firm Arup who tricked a Hong Kong employee into transferring more than $25 million to fraudsters? The former lawyer scammed out of $740,000 in retirement savings? U.S. investigators are now looking at whether JPMorgan Chase , Wells Fargo , Bank of America , and others have done enough to shut down accounts run by fraudsters.
I recently sat down with Gadi Mazor, CEO of BioCatch , an Israeli fraud detection firm that specializes in preventing digital fraud, money laundering, and impersonation for banks and financial services organizations. He told me that banks are getting pretty good at the cat-and-mouse chase to keep worms, viruses, malware, and other threats from getting into our bank accounts. Now, the problem is often customers and workers themselves, when they’re tricked into doing dumb things.
Mazor calls it “customer-enabled fraud loss,” noting that “it’s often way more devastating because people feel responsible for the crime.” Elaborate catfishing scams can unfold over months. What’s more, he argues, “The more educated you are, the more prone you are to fall for this because you feel like you know what you’re doing.” He adds that “most of the people falling for these scams are men, not women.”
The question is how to fight it. BioCatch measures hundreds of signals that can indicate when someone is being scammed. That includes typing in passwords (versus cut and paste); how quickly you move the mouse (to keep the screen up as you’re talking to a scammer); delay times (reading back a password); people moving their phone to their ear (possible manipulator on the line); and timing (the rate of one type of U.K. scam went down during Russian soccer games because scammers took a break to watch). He says device theft is becoming so common in parts of Latin America that people carry two phones, with the one used for calls stripped of sensitive information.
Who’s responsible for bearing the cost of all this scamming? In October, U.K. regulators will require payment service providers to reimburse customers when they’re tricked into making large bank transfers. But Ben Chance, the chief fraud risk officer for the payment app Zelle, says the main responsibility for shutting down scammers lies with consumers and law enforcement. As he recently told my colleague Michael del Castillo, “The solution to fraud and scam prevention has to be one that focuses across all payment networks, not one isolated payment network.”
More news below.
Diane Brady
diane.brady@fortune.com
Follow on LinkedIn
This story was originally featured on Fortune.com
Most Popular
Comments / 0