The Global Fraud Landscape
As long as there’s been currency, there’s been fraud. But not until the 21st century was it so easy for fraudsters to engage in illicit activity, reap the rewards, and evade prosecution and incarceration for their crimes.
In a survey of more than 5,000 respondents across 99 global territories in 2020, PricewaterhouseCoopers (PwC) found that 47 percent had suffered at least one form of fraud in the prior 24 months—averaging six per company. These were commonly customer fraud, cybercrime, asset misappropriation, and bribery and corruption, which cost $42 billion. Yet only 56 percent of respondents say their organizations investigated their worst incident; just over one-third of respondents said they reported the incident to their boards.
“Fraud committed by customers tops not only the list of external perpetrators (at 26 percent) for the most disruptive fraud, but also the list of all crimes experienced (at 35 percent, up since 2018),” PwC said in its Global Economic Crime and Fraud Survey 2020. “Not surprisingly, customer fraud is especially prominent in the financial services and consumer market sectors. This could be significant, as more industries shift to direct-to-consumer strategies.”
The losses from fraud, however, can be difficult to calculate. Some of them represent exact financial figures—like costs due to fines, penalties, responses, remediation, and direct financial losses. But others cannot, including brand damage, employee morale, and lost future opportunities.
“Some frauds—such as external frauds—generally strike from outside the company, are transactional in nature, lend themselves to active monitoring, and when managed properly may reduce financial impact,” PwC explained. “For other frauds like bribery and corruption, or those internally perpetrated, it’s more about managing and mitigating the downside risk. They tend to be harder to predict, monitor, and result in more costly fines—and have ancillary repercussions such as lost business or brand harm.”
In February 2021, for instance, Europol, the Spanish National Police, and the U.S. Secret Service announced the dismantlement of an organized crime group implicated in a vast fraud and money laundering scheme involving 105 people and 50 financial institutions.
Dubbed Operation Secreto, the cross-border operation detected the criminals who had set up shell companies in the United States and opened bank accounts for those organizations that they transferred money into from different locations in the European Union.
“Based on this trust, the American-based banks issued debit and credit cards for these accounts,” according to Europol. “Retailers in on the scam, most of whom were in Spain, used the payment cards to finance the available credited amounts on the cards. To launder the stolen funds, they transferred them to different bank accounts, owned by members of the criminal network located in several EU countries. More than 50 American financial institutions became victims of these fraudulent activities losing over €12 million ($14.4 million).”
When it comes to individuals, fraudsters are increasingly using social engineering, phishing, and other tactics to compromise victims—especially during the COVID-19 pandemic when people were more vulnerable, according to an FBI Flash Alert issued in June 2020 and additional findings from Europol.
“Traditional cybercrime activities such as phishing and cyber-enabled scams quickly exploited the societal vulnerability as many citizens and business were looking for information, answers, and sources of help during this time,” according to Europol’s Internet Organized Crime Threat Assessment, 2020.
Individuals desperate for information on protective personal equipment (PPE), the latest health guidelines, and local ordinances were at high risk of opening phishing emails that could compromise their credentials and lead to identity theft, financial account compromises, and more.
While 2020 numbers have not been issued as of Security Management’s press time, the FBI’s Internet Crime Complaint Center (IC3) tracked a steady increase in the number of crime complaints and financial losses reported to it. In 2015, the IC3 received 288,012 complaints for $1.1 billion in losses. By 2019, the number of complaints had almost doubled to 467,361 for $3.5 billion in losses.
Many of the complaints reported to the IC3 in 2019 involved an overlap of personal information and corporate information, such as business email compromise scams (1,307 incidents worth $384 million), elder fraud (68,013 incidents worth more than $835 million), and tech support fraud (13,633 complaints worth more than $54 million).
And looking to the future, Europol’s annual Internet Organized Crime Threat Assessment found that development of non-cash payment fraud reflects an increase in sophistication and targeting of social engineering and phishing.
“Fueled by a wealth of readily available data, as well as a Cybercrime-as-a-Service community, it has become easier for criminals to carry out highly targeted attacks,” Europol found.