During the past year and a half, the pace of our online lives accelerated — from remote work and Zoom meetings to virtual charity events and online shopping, which increased nearly 33% during the pandemic to a record-setting $791 billion, according to Digital Commerce 360 estimates.But it wasn’t just online sales setting records — identity […]
Get Instant Access to This Article
Subscribe to Hartford Business Journal and get immediate access to all of our subscriber-only content and much more.
- Critical Hartford and Connecticut business news updated daily.
- Immediate access to all subscriber-only content on our website.
- Bi-weekly print or digital editions of our award-winning publication.
- Special bonus issues like the Hartford Book of Lists.
- Exclusive ticket prize draws for our in-person events.
Click here to purchase a paywall bypass link for this article.
During the past year and a half, the pace of our online lives accelerated — from remote work and Zoom meetings to virtual charity events and online shopping, which increased nearly 33% during the pandemic to a record-setting $791 billion, according to Digital Commerce 360 estimates.
But it wasn’t just online sales setting records — identity theft and fraud reached new heights, too. In the past 24 months, according to a PwC global cybercrime and fraud survey, more than $42 billion in fraud-related losses were reported.
Additionally, Federal Trade Commission (FTC) numbers show that Americans filed more than half-a-million COVID-19 fraud reports alone and have lost an estimated $480 million since March 2020.
The number of identity thefts, which had been rising steadily over the past three years, more than doubled to 1.4 million from 2019 to 2020, Alite Group data shows.
As cybercrime and fraud numbers escalate, banks and other financial institutions are under more pressure to not only educate business clients and consumers about identity theft and fraud prevention, but also provide tools — like account monitoring — to warn clients if their personal or business data is at risk.
Frank Rudewicz, who oversees investigations for fraud, forensic accounting, asset tracing and other litigation for accounting firm CliftonLarsonAllen (CLA), says the landscape of banking-related fraud has evolved dramatically over the past few decades, driven by the explosion of online banking and payment apps like Venmo, which provide more opportunities for criminals to create fraudulent accounts with stolen information.
“Thirty years ago, [fraud] preventative measures were mostly geared towards check fraud,” Rudewicz said.
But between social media targets, phishing emails and ransomware attacks that hijack personal or business data, cybercrime has become a cottage industry.
And it’s been fueled over the past year by hundreds of billions of dollars in COVID-related funding that has been dispersed through unemployment benefits, federal stimulus checks, and the Paycheck Protection Program (PPP), which have been heavily targeted by fraudsters and cybercriminals.
And it wasn’t just pandemic-related payments that were targeted for profit; health scams also rose related to websites selling at-home COVID vaccinations, vaccination surveys promising rewards in exchange for shipping and handling fees, at-home coronavirus testing and inexpensive health insurance for work-from-home jobs.
Remote work itself has also been a factor, Rudewicz says, in the rise of identity theft and cybercrime because workers are more likely to have their networks open for longer during the day. “Many remote employees, [even if they’re not working], have their networks open,” Rudewicz explained. “They may log off at 4 p.m. but log back on at 9 p.m. so the network is more vulnerable because it’s open additional hours during the day.” Additionally, the increase in emails via remote work has created more opportunities for phishing attacks, which can launch computer viruses through a weaponized web link.
External, internal threats
Another big driver of identity theft has been the growth of social media, which saw usage increase during the pandemic, says Troy Damboise, executive vice president and chief operational risk officer for Liberty Bank.
“Over the past 10 years, the accessibility of data has proliferated, and people are filling out their profiles with where they went to high school, their birthdays, their significant others’ names,” Damboise said. “Oftentimes that’s the type of information used for [financial account] security questions and cybercriminals look to harvest that information.”
Damboise says it's good practice for bank customers to review their monthly bank and credit card statements in a timely fashion and report any unauthorized purchases. While fraudulent credit card purchases are legally covered by the credit card company, the same protections do not automatically exist with bank accounts.
Banks, Damboise says, must investigate and are likely to reimburse funds lost to fraud, but it’s not as iron-clad as credit card protections. Among the top disruptive fraud-related events for banks in 2020, according to PwC’s global fraud survey, were customer fraud (27%), cybercrime (15%) and financial statement fraud (14%).
And it’s not just external actors — like hackers — that are driving fraud rates up. Occupational fraud from internal employees is also playing a role. In fact, PwC numbers show that more than one in four survey respondents cited senior managers (26%) as their company’s primary source of fraud.
According to a global study by the Association of Certified Fraud Examiners (ACFE) there were more than 2,500 worldwide cases of internally-generated fraud at companies last year, causing total losses of more than $3.6 billion.
In more than one-quarter of cases, the employee was experiencing financial difficulty.
Steps to safeguard
Rudewicz says it's important — particularly for small businesses hiring new employees — to conduct a job analysis of the role.
“For a small mom-and-pop business, especially during COVID, if someone who has worked with you and you’ve trusted for years leaves,” Rudewicz explains, “they might have earned access to certain parts of the business that a new employee in the role shouldn’t have and that might expose a vulnerability for fraud for the business.”
Dan Sun, who oversees cybersecurity investigations for CLA, says it’s important to use a multipronged approach to reducing cyber risks internally at financial institutions and businesses through robust IT security and employee training, and externally through a multistep identity authentication process, which is becoming more common with many banks, including texting codes to a customers’ cell phone on record prior to allowing account access.
“Hackers can remotely intercept a username and password,” Sun said. “But it’s harder to remotely intercept a customer’s physical phone.”
Also gaining traction is biometric security measures like facial and voice recognition.
And more businesses and banks are taking additional steps to protect themselves and their customers with 40% of PwC survey respondents saying they plan to increase their spend on fraud prevention in the next two years.
And with good reason.
Research has found that companies with a dedicated fraud-prevention program spent 42% less on fraud response and 17% less on remediation costs than companies with no program in place.
Liberty Bank’s Damboise said fraud and cybercrime are only going to get more complex.
“We’re always trying to stay one step ahead of the [identity thieves and cyber criminals] and they’re trying to stay one step ahead of us,” he said.
