Social manipulation is rampant, and sharing personal identity documents like BankID provides fertile ground for extensive fraud.
Criminals are continuously adapting. This was particularly evident in connection with PSD2 – the latest version of the directive that regulates payment services in the EU – where stricter requirements for customer authentication in payments were introduced. Before PSD2, less than five percent of the fraud cases detected by Tietoevry Banking, Financial Crime Prevention (FCP) were related to phishing.
"Today, this form of fraud accounts for almost 40 percent, and these cases are often more challenging to detect. This is a trend we expect to continue increasing into 2024," says André Moen Eide, Head of FCP Defence Centre.
Many of the methods used are highly sophisticated, and criminals run various campaigns to target as wide an audience as possible. In general, we expect criminals to continue using new technology, with artificial intelligence being used to manipulate and acquire payment information.
For FCP (Financial Crime Prevention), there are several factors that need to be in place to succeed in the fight against fraud. The ability to monitor transactions across payment channels has been important as fraud moves quickly between both cards and accounts.
Today, over 90 percent of all attempted frauds are detected by our systems, with the majority of transactions being stopped in real-time without any loss for our customers - and we are continuously working to improve our systems to stay ahead of criminals, says André Moen Eide.
One of the major challenges we face when we are online is proving our identity. In Norway, we have largely managed to solve this challenge with the introduction of BankID and Buypass. However, e-ID is not without its problems in one of the most digitized societies in the world. One challenge is digital exclusion; many people are left out for economic, social, or medical reasons.
"We see a lot of fraud associated with the use of BankID. A survey by Norsis shows that 1 in 5 people have shared their BankID with others, which allows the recipient to impersonate them. Half of those who have shared their BankID report that they have been subjected to fraud," says John Erik Setsaas, Director of Innovation at FCP.
For example, many older people share their BankID with their children to get help with tasks.
"Banks and other services often lack the capability to provide access to others, so it is easiest to share access to BankID. This is against the agreement with BankID and is strongly discouraged," continues John Erik Setsaas.
The SODI report published last year examined fraud with e-ID in vulnerable groups in society. It shows that there is a high degree of fraud in close relationships for this group. But other groups in society can also experience this type of fraud by having access to their partner's mobile and often knowing each other's passwords.
"We strongly encourage not sharing passwords or BankID - not even with the person you share a bed with," emphasizes John Erik Setsaas.
With the proliferation of AI, we are seeing an increase in scams that trick people into making a payment. Many people receive AI-generated phishing emails that are addressed directly to them. Now, it is also easy to use AI to mimic someone else's voice. Scammers can call and pretend to be a family member, convincing you to transfer money. The extreme case of this is fake kidnappings, also known as kidnapping scams.
CEO fraud, where the boss sends you an email requesting an urgent transfer, becomes more believable when you hear the boss's voice over the phone. The advice is to always be sceptical if you receive a call regarding something out of the ordinary.
"Even though we at FCP monitor financial transactions and manage to stop a significant portion of fraudulent transactions, it is important for each individual to do what they can to protect themselves in the fight against financial fraud, where scammers use your identity," says André Moen Eide.
With over 25 years’ experience in digital identity, John Erik Setsaas is a pioneer in this space. He has deep knowledge in the areas of digital onboarding, authentication, electronic signatures and seals, time stamping and digital identity wallet.
He is a prolific speaker at fintech industry events around the world.