Digital Fraud in Times of COVID-19

By: Álvaro Arzayus

In addition to health rules (hand washing, social distancing and isolation), a new pandemic rule should be digital hygiene: be vigilant and wary of online attacks and scams, which have grown exponentially due to people's need to stay safe.These have grown exponentially due to people's need to stay in touch with family members, the rise of online shopping and teleworking as a productivity tool, among others.


The World Health Organisation (WHO) recently warned of such threats, stating that criminals impersonate the international body and fake donation campaigns to obtain private information and cash funds.

The stress and unique circumstances of the pandemic have created an atmosphere of uncertainty that is an opportunity seized by many criminals, who use their creativity to commit fraud by phone, email, text messages or social media promotions.


Phishing email phishing has always been a popular scam technique, but the millions of fake emails sent during the COVID-19 emergency are the largest increase in attacks in many years.


Other email-based scams pretend to contain public health or pandemic-related information and ask you to click on a link. However, these links are malicious and launch and install malware or Trojans on a victim's device that on the victim's device that extracts usernames, email account passwords, bank account passwords and other information. With this information theft they manage to impersonate the person and deceive banking and other entities (email, social networks, etc.).


Regardless of the size of the investment made in computer security, identifying these cases is difficult due to the complexity of techniques and tools employed to maintain anonymity and avoid detection, as well as the use of access from anonymous networks on the dark web or proxy systems that obfuscate source IP addresses.


In addition, teleworking (working from home) disables the traditional security measures that are used on a daily basis in the physical offices of companies as they are not necessarily available at the workers' homes. This makes it difficult to protect a completely remote and unadapted workforce exposed to a complex environment.


Recommendations to mitigate security risks in this complex situation:

The user is the first line of defence. In situations of uncertainty, doubt or pressure, do not respond to requests for information and consult directly with the entity or person to verify the legitimacy of the request.


The following criteria can be applied:

  1. STOP
  2. MIRE
  3. CALL

The graph encompasses many of the products and services that are easily identifiable to readers of this article: blockchain technology, facial unlocking of devices, swipe cards, multifunctional applications such as WeChat, neural network modelling, real-time analytics, etc. However, the opposite objective would be achieved if these developments accentuate the gap between financially included and financially excluded people. It should not be forgotten that the objective is to reach end users that the traditional financial system does not cover. How can we then ensure that fintech developments do not have the opposite effect? The report reviews this question in terms of the catalytic pillars.


Opportunities and challenges of fintech developments to boost access to and use of current accounts.


Account Design and Payment ProductsFor this pillar, the speed and availability generated by instant payment services, which have made it possible to execute transactions at any time, any day and almost in real time, stand out.


Another advantage is the ability to send payment requests as a reminder, giving users better control of their finances by knowing immediately the availability of funds, as well as meeting the needs of the financially underserved by offering them a close substitute for cash. For businesses, it reduces the risk of reversing transactions, so merchants can release goods or services faster and have higher margins by reducing merchant service costs. Lastly, it outlines the non-reliance on the entire infrastructure that accompanies traditional payment systems.


Of course, speed is an attraction for fraudsters. Mitigation strategies include imposing thresholds for individual transactions, periods between enrolling a new beneficiary and being able to send money to them, as well as using big data and artificial intelligence to detect fraudulent transactions in real time.


The paper takes a similar route to that of instant payments to demonstrate the potential of open banking to increase the utility of current accounts; the simplification of customer due diligence processes through digital identification; and the use of digital identification to increase the value of current accounts.[1]1]; and the use of digital currencies issued by central banks as a basic means of payments similar to cash but with tax advantages; and finally super applications covering a wide range of payment needs in the daily lives of their users (e.g. transport tickets, hotel bookings, restaurants, appointments and payments).


Note that for many of the above benefits, such as super apps, users' access to the internet and a smartphone is indispensable, so the availability and affordability of information and communication technology plays a key role. This is how the pillars and foundations are articulated.


Readily available access points: This section looks at how new products and services are reducing the demand for cash and physical access points. Most banks are migrating towards offering digital services while reducing their physical presence; some are even completely virtual and have no physical branches at all.


A paradoxical aspect of this issue is the disuse of cash as a result of digitalisation. Apparently this is what is intended to be achieved, but there is a risk that cash will be totally displaced and the elderly, people with disabilities, undocumented migrants, people living in poverty or rural communities will be excluded from many services where they will no longer accept cash.


The potential of e-wallets in combination with contactless technologies to expand the number of acceptance points at lower costs is also mentioned.


Financial Education: A clear concern here is that people's digital skills do not always keep pace with innovation, which would create a gap in terms of access. On the other hand, the use of artificial intelligence tools and machine Learning can help in making users aware of the conditions, risks and advantages of each product, through personalised advice, including voice and guidance on best financial practices.


Leveraging recurrent flows for large-volume payments: taking the considerable flow of international remittances as an example, fintech developments can contribute significantly to financial inclusion, as it will link both senders and recipients.


The synergy that could be achieved between transport systems and e-wallets in combination with contactless technologies is also discussed. Considerable amounts of the population access public transport systems, fintech developments aim to include them financially. However, the Committee recognises that the impact on financial inclusion is unclear.


Final considerations


The report concludes by addressing the role of the 3 basic fundamentals of harnessing fintech opportunities and their challenges. This section delves into the role of international authorities, regulators and governments, where a sense of cooperation is encouraged, as well as the need for regulation and investment, all to support private sector initiatives and control many of the emerging risks.


Finally, it ends by integrating in a practical way the 7 principles issued in 2016 (pillars and foundations) under a perspective specific to the digital era.

[1] In this regard, we recommend reading the recent FATF Guidance on the use of digital identification for customer due diligence.


Monitor Plus DBFD™ (Digital Banking Fraud Detector) is one of the most complete, robust and scalable solutions for fraud detection in digital environments that provides all the elements described above and applies best practices for the detection and containment of risks and cyber threats.