Financial fraud: three strategic pillars

An analysis inspired by Cardaq expert Hugo Remi

Whilst consumers can often rely on a well-oiled safety net of swift refunds and regulatory support (such as through the PSR) in cases of fraud, businesses are often left out in the cold. The discrepancy is striking: 84% of retail customers get their money back within a few days, whilst corporate losses due to identity theft or returns fraud are often dismissed as unavoidable operating costs (‘acceptable losses’).

Yet figures from the National Crime Agency and UK Finance tell a different story: annual losses of over £1.1 billion are not mere ‘background noise’, but a threat to economic stability.

The evolution of the threat: from phishing to deepfakes

We are in an era where criminals have democratised cutting-edge technologies. Particularly worrying is the rise in Authorised Push Payment (APP) fraud, exacerbated by AI-powered deepfakes.

The cautionary tale: The Arup HK case, in which an employee transferred $20 million to fraudsters after participating in a video conference featuring deceptively realistic AI images of his superiors.

The lesson: Traditional multi-factor authentication (MFA) is now merely the bare minimum. Organisations must understand that fraud prevention is not a static product, but a dynamic process.

The Silo Problem: Stopping Data Fragmentation

According to the 2024 Economic Crime Survey, a quarter of all UK businesses have been affected by fraud. The main problem is not a lack of software, but a lack of integration. In most companies, data exists in isolated ‘silos’:

• Payment data is in System A.
• Returns management in System B.
• Loyalty programmes in System C.

This fragmentation makes it easy for fraudsters. Anyone who succeeds in a franchise branch with forged receipts can often repeat the scam in ten other shops on the very same day, because the systems do not communicate with one another in real time. Synergy rather than isolation must be the motto.

Collective defence: When sheep become wolves

Lone fighters stand no chance against professional fraud networks. The most important step in this reorientation is radical transparency within the industry.

Let’s imagine that the deepfake attack on Arup had already failed at another company. Had that company immediately reported the attack vector to a central database, the multi-million-pound loss would have been prevented.

The strategy for the future:

• Real-time warning systems: Reporting fraud patterns to cross-industry networks.
• Predictive analytics: Using historical data to predict attacks before they occur.
• Sanctions: Better data for authorities to effectively prosecute perpetrators.

It is time for companies to stop seeing themselves as victims. Through cooperation and the intelligent use of data, we can turn the tables and go from being the hunted to the hunter.