Digital technology makes it easier to do business and helps make decisions. Yet, from a different perspective, they make companies vulnerable to attacks. What's more, technological prosperity has made the attacks so diverse, and they will become more and more sophisticated in the future.
Companies that fail to protect their corporate resources bear huge losses. In some cases, they are even forced to go out of business. According to TransUnion's most recent quarterly review of worldwide online fraud trends, fraudster risks against organizations have surged by 46% since the COVID-19 outbreak began. Furthermore, according to TransUninion's most recent Worldwide Consumer Pulse Study, more than one in every three global customers has lately been targeted by digital fraud.
What changes in fraudsters' activities should we expect this year?
Fraud trends in 2022
Fraud in metaverse
Though the metaverse is a relatively novel notion, we have already witnessed fraudulent actions in web 3.0. So before we get into detail, let's brush up on what's the metaverse first.
There is no precise definition of the metaverse yet. But an extended notion of metaverse from Neal Stephenson's novel Avalanche, published 20 years ago, is generally accepted. By this definition, the writer meant the unification of conventional, augmented and virtual reality in a common online space.
With this in mind, we can formulate the following explanation:
Metaverse is a constantly working virtual space in which people can interact with each other and objects, particularly with the help of virtual reality technologies. It is a product of convergence of physical, augmented and virtual reality in the general online space.
It is anticipated that in the metaverse, we will soon be doing many of the activities we do now, whether online or offline. Entertainment, in particular gaming, is one of the first things that will move to this «crypto universe». With Decentraland, along with The Sandbox, one of the largest playable NFT worlds where you can purchase virtual land via cryptocurrency, we see that it already has. And the list will gradually expand. In particular, it is expected that medicine will join the ride too, allowing clients to interact with healthcare professionals in a virtual environment.
Simultaneously, we observe the emergence of e-commerce. We can already pay for swords, skins, and usernames, also known as downloadable content (DLCs), and buy virtual land or concert tickets, which sounds fantastic. But, on the other hand, it creates several issues.
When are payments being made for a virtual asset, who pays for it? How can we make sure the recipient is the one who makes a payment?
As a result of inability to perform a KYC verification on several platforms, paired with insufficient regulatory controls, fraudsters' activity is rising. Using stolen financials, which are circulating on the dark web and soon expected to become easily exchangeable in the metaverse, scammers swindle businesses and customers without taking any risks.
Crimes involving blockchain transactions reached a record high of $7.8 billion in 2021. Because blockchain is the core technology that controls everything at the primary level in metaverses, there is considerable risk to the various metaverses.
Combating fraud in the metaverse is a tough nut to crack. As NFTs and crypto have a decentralized nature, it's hard to detect phishing or virus assaults. To remain their actions unnoticed, fraudsters use tools like tumblers.
The fact that fraudsters pose as creators makes metaverse fraud considerably more difficult. They may, for example, set up their own NFT firms, load it up with Ethereum, get others to preload into the marketplace they established, and then suddenly shut it down for no reason.
Welcome to the world of exit scams. Squid Coin, a digital token inspired by Netflix hit Squid Game, is a classic example of exit scam from 2021. Squid was planned to be utilized in the crypto-game Squid Game, which was based on the same-named TV show's testing. After all, it turned out to be a phony coin that netted criminals $3.5 million.
According to different scenario, fraudsters assist someone in creating an NFT, then they hack and take control over the NFT account.
With so many fraud schemes in the real world, it's not surprising that the metaverse will have its own set of scams.
The Chainalysis report states that crypto fraudsters earned $14 billion in 2021 up from $7.8 billion in 2020. It expects that figure to rise this year.
Investors experience a lack of tech knowledge and fraudsters take advantage of this. They have a considerably greater understanding of the technology underpinning cryptocurrencies and the venues where they are exchanged than the majority of crypto consumers. As a result, they are able to carry out the most complicated schemes. According to one of them, hackers create cryptocurrencies that are encoded with concealed computer code that makes them useless.
These cryptocurrencies are sometimes tied to «smart contracts», which require a basic knowledge of computer coding to understand. These contracts may contain a clause according to which any resale will result in the creator receiving a large amount of the token's value in fees.
Some crypto-scammers forbid customers from reselling their cryptocurrency. Thus, the fraudster gets full control over the cost of the new token.
Another popular type of fraud involves hackers exploiting flaws in the websites used by cryptocurrency investors to acquire, sell, and store tokens. That's what happened with Banksy's artwork.
Bad news is scams will get more sophisticated as individuals adopt cryptocurrency at great speed.
Since COVID-19 caught up with us, iGaming was one of the most fast-paced industries. TransUnion's study showed a +19% growth in transactions among global iGaming customers since the pandemic began. The number of fraudulent operations has also increased in direct proportion to this growth.
Researchers claim that «fraud rings» and money laundering activities are among the most common kinds of fraud. Multi-accounting fraud, identity theft, and chargebacks, on the other hand, remain equally popular. But first things first.
To attract players to sign up, several iGaming companies provide major perks for registering a new account, such as risk-free bets and deposit matching. Because fraudsters are aware of this, they disguise themselves as regular users and establish many accounts in order to take advantage of these perks. This, according to their logic, increases their chances of winning.
Identity theft and credit card stealing
According to the account takeover scheme, a target of criminals is VIP and high-value customers, who may have significant balances in their accounts. As a rule, fraudsters move a small amount of funding after getting access to an account, which usually stays unnoticed (at least for some time).
As card-not-present (CNP) transactions are possible, non-players are also at risk. Fraudsters may easily acquire stolen credit cards on the dark web, then pass the registration stage in a few minutes because they have to find out a cardholder's name, address, date of birth, etc and use data to play.
Chargebacks (also known as «friendly fraud»)
The player deposits funds into his account, loses the money, regrets it, and disputes the payment with his bank. To dispute the charge they can also claim they’re being manipulated — and they're right.
Many gaming developers include difficult or time-consuming barriers into their games on purpose. The Candy Crush countdown timer is a clear example, but there are many ways to put your players in the crunch.
However, often the operator is quite lenient so he brings the money back. Due to chargebacks and customer retention issues, major gaming publishers like Activision, Blizzard, Electronic Arts, and Sony are losing enormous sums of money.
Another chargeback issue that igaming companies deal with is valid chargebacks caused by stolen identities. When the legal cardholder notices the unexpected amount on their account, they file a dispute. It might be a lost game for operators to balance user enjoyment against loss risk.
Operators are seeking to provide gamers with certain benefits, but doing so may expose them to fraud. By improving their upfront fraud controls, iGaming businesses may reduce chargebacks and win amicable fraud disputes.
Our forecast: New payment types will increase fraud threats
After COVID-19, our purchasing habits will never be the same.
For the foreseeable future, card-based payments are anticipated to remain the primary payment mechanism. However, as the number of payment methods grows and payment acceptance restrictions rise, fraudsters will benefit from this system.
In the next few years, we will see the growth of more automated payment methods that minimize consumer involvement in the payment process: invisible and request-to-pay payments in particular.
These payment methods make the payments experience more smooth, but they also increase the need for omnichannel monitoring, which presents a problem for bank fraud teams. Additionally, it may lead to increased dispute or charge-back transactions.
To strike a balance between transaction acceptance and fraud risk, financial institutions will need to use increasingly sophisticated consumer and fraud profiling tools.
Ultimately, the function of protecting businesses from the risks of online fraud is performed by fintech. Today, payment systems such as Stripe, PayPal, and Dwolla are involved in verifying the identities of those who send and receive payments online. And banks, as well as credit card companies, assist them. All of these organizations work together so you can provide your customers or clients with a safe payment experience.