With advances in technology, whether in cyberspace, online or through telecoms, emails and other modus operandi, come advances in online fraud and cybercrime.
The cost to the economy is huge, but the human cost to the victims is much larger and far more devastating, especially to the vulnerable and elderly in society.
No country is spared – cybercrime and fraud are not victimless activities.
They are amoral, devoid of any ethics and borderless, preying on millions of innocent individuals, banks, corporates and even governments worldwide each year to extort and defraud money and other assets, and to harvest and monetise data stolen from their unsuspecting victims.
Fraud is more than simply a cybersecurity concern. For banks, it’s now one of their key areas of focus as increasing numbers of their customers fall victim to more sophisticated scams relying on cyber techniques and using advanced social engineering and manipulation techniques.
Industry regulators are also hoping to better understand, prevent, and repair damage caused by fraud, as preserving their trusted relationships with consumers and businesses becomes a growing challenge.
But like in many other sectors of the economy and governance, including for instance the definition of impact investment and measurement; of climate change, risks and action; and various metrics of inequality, despite these efforts, not all jurisdictions use the same terminology, or have the same classifications when defining fraud and cybercrime.
This, says SWIFT, the Belgium-based global member owned cooperative and the world’s leading provider of secure financial messaging services, “can lead to fragmentation in an understand- ing of the data and statistics because they’re not always comparable.”
The socio-economic costs include financial loss for consumers and/or banks, reputational damage for banks subject to a cyber incident or for failing to refund fraud victims, and liability risk for banks in several jurisdictions.
The emotional and psychological consequences on many victims similarly can be hugely damaging.
The latest Annual Fraud Report (AFR) by UK Finance, the lobbying body for the British banking and finance industry, of payment industry fraud in the country in 2022, makes sober reading not only for millions of Brits but also for those South Africans and other nationalities who have close business, investment, employment, education, sporting, tourism and kith and kin ties with the UK.
The stark reality is that in 2023 in the UK over £1.2 billion was stolen by criminals through authorised and unauthorised fraud, equivalent to over £2,300 every minute. In all its forms, fraud accounts for a staggering 40% of crimes committed in England and Wales.
The banking and finance industry prevented a further £1.2 billion of unauthorised fraud from getting into the hands of criminals.
The Borough of Thamesmead in south east London has become known as a notorious hub of online fraud and dubbed the ‘Fraud Capital of the UK’ and 'Little Lagos', with reference to the Nigerian email scammers who became the scourge of the world in the last decade.
One area, according to UK Finance, which has seen a dramatic rise in fraud is authorised push payment (APP) cases.
“We found that 78% of APP fraud starts online and another 18% via telecoms.
This is the scale of the problem, and the banking and finance sector is at the forefront of efforts to tackle fraud.
We still need much greater action from other sectors as criminals are clearly exploiting weaknesses outside the banking system.”
The UK government keen to protect the City of London’s reputation as the most important and largest financial services centre in the world, and to protect consumers, is finalising the Online Safety Bill (which is at its Report Stage in the House of Lords) and The Economic Crime and Corporate Transparency Bill – both of which have fraud prevention and reform of company formation, anti-money laundering, information sharing and seizure of crypto assets at their core.
Under the new legislation, according to David Postings, CEO of UK Finance, “for the first time will require technology and social media companies to remove scam adverts from their platforms.
Online platforms and telcos need to work harder at closing down the opportunities for fraudsters to use their systems.
The government’s recent fraud strategy rightly says we need to focus on stopping fraud at source and that ‘it is other industries, especially online technology giants, who should do more to stop criminals exploiting their services’”.
While there has been a slight decline in overall fraud losses coming down last year compared with the previous year, there is no room for complacency.
“The risks remain elevated as fraudsters adapt and use increasingly sophisticated tactics and technology to fool consumers.
“We need a broad coalition of effort from beyond financial services to tackle fraud.
“This combination will give us the best chance possible to stop fraud at its source, and minimise the impact on consumers,” emphasised Postings.
Another recent report by Kaspersky, the online fraud and cybersecurity protection firm, in its advanced persistent threat (APT) activity report for Q1 2023, warned that criminals are targeting Android phone users in the Middle East, Turkiye and Africa (META) region which accounted for 14% of installs of potentially unwanted mobile financial apps META ranks third among the world regions behind APAC and LATAM in the number of installs of such apps.
As Android holds a dominant market share of 78% in the Middle East, 80% in Africa and 70% in Turkiye, cyber-threats for this mobile operating system remain persistent.
Certain mobile financial apps offer seemingly legitimate microlending services, however, they were found to engage in scams and collect personal data from users’ smartphones.
These apps, stress the APT Report, request access to text messages, contacts and photos/videos before a loan can be provided. In case the user delays the debt payment, app operators may use the data collected from the smartphone for blackmailing and forcing the user to return the debt. For instance, information can be dispatched to all of the user’s contacts informing them of the user’s debt accompanied by photos from the gallery.
According to Igor Golovin, Malware Analyst at Kaspersky: “The threat landscape evolves, and mobile financial cyber-threats become more sophisticated and pervasive.
“While downloading smartphone apps from official app stores is less risky than obtaining them from elsewhere, apps can still request the user to give access to different types of personal data that could then be misused.
“As smartphones are used to store an increasing amount of personal data, granting access to it raises security concerns and places additional demand on the security of mobile devices and privacy-preserving ways of storing the data.”
The global cost-of-living crisis has been a boon to cyber-criminals, who are exploiting and taking advantage of people’s anxieties around their finances. This includes fake investment opportunities, cheap deals which turn out to be purchase scams, and impersonation fraud that tricks people into handing over personal details and passwords which are then used to access financial accounts or set up fake ones.
More can be done to prevent fraud, including easier data-sharing, increased law enforcement capacity, collaboration with other sectors and greater powers for firms to use funds that are proceeds of crime.
It’s a pity that the global technology giants, who have form in dragging their feet in other areas such as eradicating hate speech, gender abuse, misogyny and child abuse, have shown a callous dereliction of duty in doing much more in preventing cybercrime and fraud. After all, the telcos are the facilitators of fraud and cybercrime by merely connecting the scammers and fraudsters with their unsuspecting victims.
Parker is a writer based in London
Cape Times