WEBVTT 1 00:00:00.300 --> 00:00:02.460 Suparna Goswami: Hello there. I'm Suparna Goswami. I'm 2 00:00:02.460 --> 00:00:05.010 associate editor with Information Security Media 3 00:00:05.010 --> 00:00:08.280 Group. I have with me today Frank McKenna who is chief fraud 4 00:00:08.280 --> 00:00:11.610 strategist with Point Predictive and author of the blog 5 00:00:11.640 --> 00:00:15.420 FrankonFraud. Frank, welcome again and happy new year. 6 00:00:16.740 --> 00:00:18.930 Frank McKenna: Happy new year, Suparna. I'm really happy to be 7 00:00:18.930 --> 00:00:22.710 here. I hope you had a good holiday and looking forward to a 8 00:00:22.710 --> 00:00:23.400 great new year. 9 00:00:24.240 --> 00:00:26.100 Suparna Goswami: Frank, before I ask you to predict the types of 10 00:00:26.100 --> 00:00:29.550 fraud you will expect in 2023, how will you sum up the year 11 00:00:29.550 --> 00:00:32.220 2022? What was the fraud highlights for you? 12 00:00:33.330 --> 00:00:35.730 Frank McKenna: You know, it was a year like no other. I don't 13 00:00:35.730 --> 00:00:39.090 think we've seen anything quite like it ever, which made it 14 00:00:39.240 --> 00:00:42.390 interesting to be in the kind of fraud field to see everything 15 00:00:42.390 --> 00:00:45.720 that happened. I mean, I think we saw things like check fraud 16 00:00:45.810 --> 00:00:50.340 in an old technology type of fraud, like check fraud, became 17 00:00:50.340 --> 00:00:53.100 the number one type of fraud. Who could have guessed that? We 18 00:00:53.100 --> 00:00:57.750 saw Zell fraud become really prevalent in the news, 19 00:00:57.750 --> 00:01:00.630 especially toward the end of the year when the government kind of 20 00:01:00.630 --> 00:01:04.290 stepped in and started to go after the banks to do more to 21 00:01:04.290 --> 00:01:08.220 try to help victims of scams. So that was a big story. You know, 22 00:01:08.220 --> 00:01:12.840 we saw new horrible scams emerge. We saw pig butchering, 23 00:01:12.840 --> 00:01:16.560 you know, very inhumane type of scam where you're treating the 24 00:01:16.560 --> 00:01:21.960 victim like an animal. And we saw that scams just continued to 25 00:01:21.960 --> 00:01:26.460 proliferate in and just get worse and worse. We saw 26 00:01:26.760 --> 00:01:32.070 interesting things happen around fake accounts. So, Elon Musk, he 27 00:01:32.070 --> 00:01:36.390 thought about 20% of Twitter's accounts were fake and made up 28 00:01:36.390 --> 00:01:41.910 by bots, we saw PayPal, another large FinTech, identify 4.5 29 00:01:41.940 --> 00:01:45.390 million fake accounts. It actually hit their stock price, 30 00:01:45.390 --> 00:01:49.830 because it was such a big story. That just showed how prevalent 31 00:01:50.190 --> 00:01:53.190 that this synthetic identity problem that this fake account 32 00:01:53.190 --> 00:01:57.060 problem is having across banking and FinTech. And then finally, 33 00:01:57.330 --> 00:02:00.540 toward the end of the year, we just saw crypto implode, we're 34 00:02:00.540 --> 00:02:04.440 in massive bubbles for real estate, for mortgage, for 35 00:02:04.440 --> 00:02:08.910 crypto, for stock market, for bonds - bubbles were everywhere. 36 00:02:09.120 --> 00:02:12.840 Everything was really frothy, even venture capital. And we saw 37 00:02:12.960 --> 00:02:16.770 that bubble burst. And when that bubble burst, we saw all of this 38 00:02:16.770 --> 00:02:22.200 fraud start to rise up. And that just kind of capped off the year 39 00:02:22.200 --> 00:02:27.840 - a really big year in fraud with lots of interesting stories 40 00:02:27.840 --> 00:02:29.310 and lots to keep us busy. 41 00:02:30.360 --> 00:02:33.900 Suparna Goswami: Sure. Clearly we can say that 2022 would be a 42 00:02:34.200 --> 00:02:38.370 year of scams as well as year of crypto fraud. And that's where 43 00:02:38.370 --> 00:02:42.900 my next question is. So did the rise of crypto fraud or NFT 44 00:02:42.900 --> 00:02:45.210 surprise you? Were you expecting this? 45 00:02:46.740 --> 00:02:49.980 Frank McKenna: Crypto fraud. Did it surprise me? Not in the 46 00:02:49.980 --> 00:02:55.260 least. I mean, many of us knew that we'd seen this before, we 47 00:02:55.260 --> 00:02:59.850 looked at the 2008-2009 mortgage crisis where everything was in a 48 00:02:59.850 --> 00:03:04.650 bubble. Crypto was just ripe for fraud, for scams, for money 49 00:03:04.650 --> 00:03:06.990 laundering, you know, when you have these fiat currencies that 50 00:03:06.990 --> 00:03:09.990 are really tied to nothing, with the exception of Bitcoin, I 51 00:03:09.990 --> 00:03:12.150 think that's a little more legitimate, but these other 52 00:03:12.150 --> 00:03:16.110 cryptos - I was not surprised at all that they were subject to so 53 00:03:16.110 --> 00:03:19.260 much fraud. In fact, I knew it was going to happen, it was just 54 00:03:19.260 --> 00:03:20.070 a matter of time. 55 00:03:20.910 --> 00:03:22.710 Suparna Goswami: So how do you see this particular kind of 56 00:03:22.710 --> 00:03:25.290 fraud evolving or changing this year? 57 00:03:26.700 --> 00:03:28.500 Frank McKenna: So what I think is going to happen - I think the 58 00:03:28.500 --> 00:03:31.950 dominoes are going to continue to fall. And we're just kind of 59 00:03:31.950 --> 00:03:34.980 in the middle of it right now. And company after company, 60 00:03:34.980 --> 00:03:37.860 crypto after crypto is just toppling. I think we're just 61 00:03:37.860 --> 00:03:41.490 going to see a lot of these cryptos just go under, I think 62 00:03:41.490 --> 00:03:46.620 we're going to see a lot of the celebrities and the social media 63 00:03:46.620 --> 00:03:51.090 influencers that were touting NFTs, touting crypto, selling 64 00:03:51.090 --> 00:03:55.380 them, getting involved - we're going to see more of those 65 00:03:55.410 --> 00:03:59.010 celebrities and influencers get into a lot of trouble for what 66 00:03:59.010 --> 00:04:02.430 they did during that crypto bubble. I think we're going to 67 00:04:02.430 --> 00:04:06.930 see a lot more regulation. I think that's a given. I think in 68 00:04:06.930 --> 00:04:11.340 2023, there's going to be a lot more scrutiny on how do we 69 00:04:11.340 --> 00:04:15.120 regulate this market. So it's going to be a huge year for a 70 00:04:15.120 --> 00:04:18.450 lot of changes in crypto. And it may not look anything like it 71 00:04:18.450 --> 00:04:21.180 looks right now, it may completely change. 72 00:04:22.740 --> 00:04:25.170 Suparna Goswami: So finally, we are in trade when it's free. So 73 00:04:25.170 --> 00:04:27.390 what would be your predictions for the year? 74 00:04:28.500 --> 00:04:31.350 Frank McKenna: So my predictions for the year is that we're going 75 00:04:31.350 --> 00:04:35.820 to see another significant year for fraud. And it's not 76 00:04:35.820 --> 00:04:38.820 surprising, you know, fraud keeps rising. We're in a market, 77 00:04:38.820 --> 00:04:41.970 we're in an environment where anybody can be anything on the 78 00:04:41.970 --> 00:04:45.420 internet. And so, we're seeing that fraud just continue to 79 00:04:45.420 --> 00:04:48.240 increase. So I think many things are going to happen. I think 80 00:04:48.240 --> 00:04:54.690 check fraud number one is going to hit $24 billion or more this 81 00:04:54.690 --> 00:04:58.740 year. That's a 50% increase over the last time it was measured in 82 00:04:58.740 --> 00:05:03.450 2018. That rise in check fraud, what's going to happen is that 83 00:05:03.450 --> 00:05:06.690 banks are going to start to have to address it. So you're going 84 00:05:06.690 --> 00:05:11.190 to see banks start to implement newer technologies, you're going 85 00:05:11.190 --> 00:05:13.980 to see banks start to try to solve the problem of these 86 00:05:13.980 --> 00:05:17.430 identity theft and fake accounts that are getting the bank 87 00:05:17.430 --> 00:05:20.550 accounts and depositing fake checks, you're going to see 88 00:05:20.700 --> 00:05:23.700 banks start to encourage people not to write checks anymore and 89 00:05:23.700 --> 00:05:26.610 use online banking, maybe some banks will get rid of checks 90 00:05:26.610 --> 00:05:30.240 altogether. I think that's going to be a big story in fraud. I 91 00:05:30.240 --> 00:05:34.440 think the second thing with scams, we're going to see a 92 00:05:34.440 --> 00:05:38.010 major change, consumers will start to be able to get their 93 00:05:38.010 --> 00:05:41.400 money back. And they're going to be able to request for banks to 94 00:05:41.400 --> 00:05:44.040 get reimbursed, that's going to create a whole host of new 95 00:05:44.040 --> 00:05:46.770 problems for banks, we're going to see a lot of first-party 96 00:05:46.770 --> 00:05:49.590 fraud claims with those scams, we're going to see a lot of 97 00:05:49.590 --> 00:05:52.800 people exploiting banks and trying to get refunds when they 98 00:05:52.800 --> 00:05:57.600 don't deserve. That's going to put banks on the defensive, it's 99 00:05:57.600 --> 00:06:00.210 going to make banks really invest and have to spend a lot 100 00:06:00.210 --> 00:06:03.480 of time in scam reimbursement. I think we're going to see 101 00:06:04.440 --> 00:06:08.130 problems with digital acquisition. So when banks and 102 00:06:08.130 --> 00:06:12.090 lenders are signing people up online, I think what we're going 103 00:06:12.090 --> 00:06:15.840 to see there is that some of these banks are going to turn 104 00:06:15.840 --> 00:06:19.800 off that digital acquisition, banks are going to have so much 105 00:06:19.800 --> 00:06:24.360 fraud. In some cases, some banks are reporting a 70% fraud rate, 106 00:06:24.870 --> 00:06:28.380 up to 70% of the applications that are not online or fraud. 107 00:06:28.650 --> 00:06:31.440 That's just untenable. So banks are going to - some things will 108 00:06:31.440 --> 00:06:33.990 have to shut off those programs. It happened last year. It's 109 00:06:33.990 --> 00:06:38.250 going to happen again this year. I think that some of the other 110 00:06:38.250 --> 00:06:40.440 things we're going to see is we're going to see a lot more 111 00:06:40.470 --> 00:06:45.120 insider fraud. So when I scan telegram and I scan the dark 112 00:06:45.120 --> 00:06:49.440 web, I'm seeing a lot of advertisements for these 113 00:06:49.440 --> 00:06:52.110 fraudsters who are advertising that they have an inside 114 00:06:52.110 --> 00:06:56.790 connection at merchants, at telcos, at phone stores, they 115 00:06:56.790 --> 00:07:01.290 say they have an inside connection, and they can get you 116 00:07:01.290 --> 00:07:04.950 SIM swaps, account takeovers, they can get you PII. I think 117 00:07:04.950 --> 00:07:08.700 there was somebody just arrested yesterday for stealing - an 118 00:07:08.700 --> 00:07:11.400 employee from Navy Federal Credit Union who was stealing 119 00:07:11.400 --> 00:07:14.580 PII. That's going to happen a lot this year. So we're going to 120 00:07:14.580 --> 00:07:18.660 see a lot of insider fraud. We're going to see and I think 121 00:07:18.660 --> 00:07:22.590 this is the big unknown. We're going to see AI being used by 122 00:07:22.590 --> 00:07:25.620 fraudsters and scammers. You know, the big story at the end 123 00:07:25.620 --> 00:07:31.650 of last year was OpenAI's ChatGPT product. That I think 124 00:07:31.680 --> 00:07:34.260 opened people's eyes to the power of artificial 125 00:07:34.260 --> 00:07:38.040 intelligence. But at the same time, that put these powerful AI 126 00:07:38.040 --> 00:07:42.270 tools in the hands of everyone, including fraudsters. We're 127 00:07:42.270 --> 00:07:46.560 going to see a new era of fraud fighting, where fraudsters are 128 00:07:46.560 --> 00:07:50.610 leveraging AI that says powerful, or sometimes even more 129 00:07:50.610 --> 00:07:53.310 powerful than what the banks and lenders have. That's going to be 130 00:07:53.310 --> 00:07:57.330 a real interesting juxtaposition of how fraud is going to be 131 00:07:57.390 --> 00:08:01.170 addressed with this kind of back and forth between fraudsters and 132 00:08:01.170 --> 00:08:04.560 scammers and the bank. So I think we're going to see a new 133 00:08:04.560 --> 00:08:09.360 war on fraud, that's going to be much more technological. I think 134 00:08:09.360 --> 00:08:14.070 there's going to be a likely recession, it may not be a very 135 00:08:14.070 --> 00:08:17.400 deep recession. But I think that's going to push up a lot of 136 00:08:17.400 --> 00:08:21.090 the fraud risk and defaults pretty substantially. In 137 00:08:21.090 --> 00:08:26.070 lending, maybe 50%, maybe more. Those are the types of things 138 00:08:26.070 --> 00:08:30.390 that I'm expecting this year. As always, I think we can expect 139 00:08:30.390 --> 00:08:32.880 the unexpected. There are going to be things that are going to 140 00:08:32.880 --> 00:08:36.750 happen we could have never predicted. And I think 2023 is 141 00:08:36.750 --> 00:08:37.530 no exception. 142 00:08:39.240 --> 00:08:41.580 Suparna Goswami: I'll come back to you on to check fraud as well 143 00:08:41.580 --> 00:08:44.250 as the scams, but as you mentioned, recession and 144 00:08:44.250 --> 00:08:47.190 likelihood of recession. So do you think the economic downturn 145 00:08:47.190 --> 00:08:49.020 will also lead to more insider fraud? 146 00:08:50.100 --> 00:08:53.370 Frank McKenna: Absolutely. So when you have - and we see this 147 00:08:53.370 --> 00:08:57.120 time and time again - you see it, I think the ACFE, who tracks 148 00:08:57.120 --> 00:09:00.660 insider fraud, you know, globally, they consistently 149 00:09:00.660 --> 00:09:03.990 report in times of recession, you see a lot more insider 150 00:09:03.990 --> 00:09:07.650 fraud. And why is that the case? It's the case because people get 151 00:09:07.650 --> 00:09:11.940 more desperate, people are more desperate for money, or 152 00:09:11.940 --> 00:09:17.130 opportunity. And so they resort to trying to make money if 153 00:09:17.130 --> 00:09:20.670 they're an insider trying to make extra money or resorting to 154 00:09:20.670 --> 00:09:25.290 fraud by selling information, by giving access to information, by 155 00:09:25.290 --> 00:09:28.500 doing all sorts of things that they should not be doing. But I 156 00:09:28.500 --> 00:09:31.680 also think it creates more opportunity for people on the 157 00:09:31.680 --> 00:09:36.360 outside to go to those people to try to get information, to try 158 00:09:36.360 --> 00:09:40.500 to get money, to try to exploit banks and lenders on policies. 159 00:09:41.550 --> 00:09:45.270 Suparna Goswami: Sure. So back to scams and check fraud. So, in 160 00:09:45.270 --> 00:09:48.360 fact, check fraud has always been me curious. So how do you 161 00:09:48.390 --> 00:09:52.830 see banks handling this check fraud in 2023? What new ways can 162 00:09:52.830 --> 00:09:56.220 they tackle it and even for scams, as you said, regulators 163 00:09:56.220 --> 00:09:58.770 will probably come out with a formal regulation where they 164 00:09:58.770 --> 00:10:01.410 would have to pay back the customers for certain kinds of 165 00:10:01.410 --> 00:10:04.980 scams. So how do you see banks tackling these issues? 166 00:10:06.090 --> 00:10:09.210 Frank McKenna: Yeah, so I think with scams in particular, I'm 167 00:10:09.210 --> 00:10:14.490 not sure that banks will actually reimburse for check 168 00:10:14.490 --> 00:10:17.760 scams. They may. But I think what the banks are going to 169 00:10:17.760 --> 00:10:22.380 reimburse for is more the Zell, the more PDP account takeover 170 00:10:22.380 --> 00:10:25.710 type scams where the consumer was exploited, where they gave 171 00:10:25.710 --> 00:10:29.010 out their one-time passcode or their login information. So I 172 00:10:29.010 --> 00:10:32.940 don't think that the checks will really play much of a part into 173 00:10:32.940 --> 00:10:36.180 the reimbursements. However, in saying that banks are going to 174 00:10:36.180 --> 00:10:39.330 grapple with check fraud this year, and I think they're going 175 00:10:39.330 --> 00:10:41.910 to do a few things, I think the first thing they're going to do 176 00:10:41.910 --> 00:10:45.450 is invest in new technology, I think there's going to be new 177 00:10:45.450 --> 00:10:49.740 technology investment in checks, because it's so high, I think 178 00:10:49.740 --> 00:10:52.050 the second thing that's going to happen is banks are going to 179 00:10:52.050 --> 00:10:56.970 start to scrutinize their mules problem, where these are people 180 00:10:56.970 --> 00:11:00.690 that are getting these accounts, typically they're the neobanks, 181 00:11:01.080 --> 00:11:03.390 they're getting these accounts, they're opening them up with the 182 00:11:03.390 --> 00:11:06.750 express purpose of depositing fraudulent checks, and then 183 00:11:06.750 --> 00:11:09.510 going to the ATM to withdraw them. I think banks are going to 184 00:11:09.630 --> 00:11:13.800 implement new technology that's going to be able to stop that. I 185 00:11:13.800 --> 00:11:18.210 think banks are going to also do a lot more customer education on 186 00:11:18.210 --> 00:11:21.420 checks. They're going to try to get consumers to stop writing 187 00:11:21.420 --> 00:11:25.830 checks, to go to online banking, to use other forms of payments 188 00:11:25.830 --> 00:11:30.150 that are not as subject to all the types of fraud. I think 189 00:11:30.150 --> 00:11:33.180 that's the way that banks are going to address check fraud in 190 00:11:33.480 --> 00:11:35.670 2023. But I don't think it's going to be easy. I think it's 191 00:11:35.670 --> 00:11:38.670 going to be a real challenging year for check fraud for banks. 192 00:11:39.360 --> 00:11:42.180 Suparna Goswami: And even for scams, the authorized payment 193 00:11:42.180 --> 00:11:46.020 scams, the Zelle fraud. So how do you think banks should tackle 194 00:11:46.050 --> 00:11:46.890 first-party fraud? 195 00:11:48.180 --> 00:11:51.720 Frank McKenna: I think banks need to first be aware that 196 00:11:51.750 --> 00:11:54.930 first-party fraud exist, and that is perpetrated by 197 00:11:54.930 --> 00:11:59.400 customers. I think what happens a lot of times with banks is 198 00:11:59.400 --> 00:12:02.670 there's a failure to recognize the difference between an 199 00:12:02.670 --> 00:12:05.970 identity thief who's a third-party fraudster and then a 200 00:12:05.970 --> 00:12:09.180 person that's trying to steal from you who's a real person - 201 00:12:09.180 --> 00:12:12.090 is a real person behind first-party fraud. Maybe they're 202 00:12:12.090 --> 00:12:14.250 even using their own name. They're using their own 203 00:12:14.250 --> 00:12:18.420 identity. Banks need to be able to accept that that's the type 204 00:12:18.420 --> 00:12:21.180 of fraud they're going to try to stop. They're going to have to 205 00:12:21.180 --> 00:12:23.400 work with their marketing departments, their origination 206 00:12:23.400 --> 00:12:26.580 department, say, "We're not going to tolerate people that 207 00:12:26.580 --> 00:12:29.490 are coming in to exploit the bank." I think that's step one. 208 00:12:29.910 --> 00:12:34.020 I think step two is once you make that acknowledgement, use a 209 00:12:34.020 --> 00:12:38.970 lot of your same tools that are looking for fraud, for 210 00:12:38.970 --> 00:12:42.030 third-party fraud and use them in the same way. But look for 211 00:12:42.060 --> 00:12:45.630 first-party fraudsters, these people may not be using fake 212 00:12:45.630 --> 00:12:48.900 identities, they may not be using stolen identities, they 213 00:12:48.900 --> 00:12:52.530 may be using their own identity, but they may be hitting bank 214 00:12:52.530 --> 00:12:55.380 after bank after bank. So you're going to want to look at those 215 00:12:55.380 --> 00:12:59.460 types of people and tackle those first-party fraudsters a little 216 00:12:59.460 --> 00:13:02.340 bit differently, but using the same technology to use for all 217 00:13:02.340 --> 00:13:03.240 the other types of fraud. 218 00:13:04.650 --> 00:13:07.350 Suparna Goswami: And finally, Frank, technology wise, what is 219 00:13:07.350 --> 00:13:11.790 the one technology that you are looking forward to in the year 220 00:13:11.820 --> 00:13:15.240 2023, which you think will help reduce fraud a great deal? 221 00:13:15.900 --> 00:13:18.150 Frank McKenna: You know, there's a few. I can't just name one. 222 00:13:18.150 --> 00:13:20.250 But I'll tell you what I'm excited about. I'm excited about 223 00:13:20.250 --> 00:13:24.240 biometrics, I think biometrics have a long way to go in terms 224 00:13:24.240 --> 00:13:28.350 of how they can help bank with both scams and fraud. I love 225 00:13:28.350 --> 00:13:31.680 passwordless authentication, I think I talked a little bit 226 00:13:31.680 --> 00:13:34.350 about in my blog post that I did with Mary Ann Miller, by the 227 00:13:34.350 --> 00:13:37.350 way, and Karisse Hendrick, I can't take full credit for that 228 00:13:37.350 --> 00:13:40.440 because we all did that together. But we're all really 229 00:13:40.440 --> 00:13:44.310 excited about passwordless authentication, about you know, 230 00:13:44.340 --> 00:13:48.090 if you think about 80 to 90% of the account takeovers are 231 00:13:48.120 --> 00:13:51.120 because of these credential stuffing. If we can get rid of 232 00:13:51.120 --> 00:13:53.490 that, that's going to make a huge impact on fraud. So I'm 233 00:13:53.490 --> 00:13:56.700 excited about that. I'm excited about the stuff that we're doing 234 00:13:56.700 --> 00:13:58.980 at Point Predictive honestly, the stuff that we're doing 235 00:13:58.980 --> 00:14:03.870 around data, alternative data and AI. And then finally, I'm 236 00:14:03.870 --> 00:14:09.180 really excited to see what the industry does with AI. Because I 237 00:14:09.180 --> 00:14:12.360 think what we've seen over the last year is the absolute 238 00:14:12.420 --> 00:14:17.490 explosion of AI and the power that it can represent. I think 239 00:14:17.490 --> 00:14:21.240 where we're going to see a lot of advancement is in the use of 240 00:14:21.240 --> 00:14:26.130 AI, both in use by fraudsters but anti-fraud as well. I'm 241 00:14:26.130 --> 00:14:28.860 really excited to see where that goes. So there's quite a few 242 00:14:28.860 --> 00:14:32.370 things that I'm keen on for 2023. 243 00:14:33.450 --> 00:14:37.350 Suparna Goswami: Let's see how 2023 unfolds for us when it 244 00:14:37.350 --> 00:14:39.810 comes to fraud. But thank you so much, Frank, for sharing your 245 00:14:39.810 --> 00:14:43.560 views with us. As always, a pleasure speaking with you. 246 00:14:44.130 --> 00:14:46.410 Frank McKenna: Yes, thank you, Suparna. Thanks for giving us a 247 00:14:46.410 --> 00:14:50.490 platform to talk about fraud, to talk about things that are going 248 00:14:50.490 --> 00:14:54.720 to happen this year because my thought is if we collaborate on 249 00:14:54.720 --> 00:14:57.180 fraud, if the industry works together, that we know more 250 00:14:57.180 --> 00:14:59.370 about it, we can just get better at it. So I appreciate you 251 00:14:59.370 --> 00:15:03.210 giving us platform to talk about it and you have a very happy new 252 00:15:03.210 --> 00:15:03.510 year. 253 00:15:04.140 --> 00:15:06.420 Suparna Goswami: Thank you. You were listening to Frank McKenna 254 00:15:06.420 --> 00:15:09.420 for ISMG. This is Suparna Goswami. Thank you so much for 255 00:15:09.420 --> 00:15:09.780 watching.