Digital Risk Protection: why financial institutions need it
Shekharr Bhagat
A new era of digital deception is unfolding. The arrival of generative AI is spawning a wave of fake messages, voices, and images crafted with alarming sophistication and speed to achieve one of the most common financial frauds: account takeover.
of APAC fraud prevention professionals see an increase in impersonation of digital presence
In GBG's 2024 Global Fraud Report, 41% of senior fraud prevention, risk and compliance professionals in the Asia-Pacific region reported seeing an increase in impersonation of digital presence, such as spoofed websites, social media, and emails. Unsurprisingly, 40% have also seen a rise in account takeover fraud.
It’s enough to keep fraud prevention professionals up at night. Faced with these fast-evolving threats, financial institutions need to fortify their defences to stay ahead of criminals and thwart the impacts of digital fraud and account takeover.
Digital Risk Protection (DRP) is not just good practice but a business imperative that financial institutions cannot afford to ignore.
This article will explain the rise of digital threats, and how DRP can help your business protect customers and safeguard your brand's reputation.
The digital threat landscape for financial institutions
Online fraud is evolving fast. Some 77% of fraud prevention professionals have seen a significant increase in sophistication by fraudsters in the last 12 months, according to the 2024 Global Fraud Report.
have seen an increase in account takeover fraud
Account takeover fraud, or account compromise, has long been one of the most common types of fraud. It is a form of credential theft in which a criminal takes over a legitimate online account, posing as a real user. The criminal can then undertake unauthorised transactions and potentially steal personal details.
Criminals gain account login credentials through a wide range of digital attacks, including attempting to reuse compromised credentials from a data breach and password-cracking tools, phishing emails and SMS, and social engineering, which is manipulating, influencing, or deceiving a victim.
These tried-and-tested techniques, combined with the proliferation of Personally Identifiable Information (PII) available on the dark web, can be effective and damaging.
Adding a new layer of complexity to the threat landscape is the emergence of generative artificial intelligence (GenAI) utilized by threat actors, including the likes of FraudGPT, WolfGPT, DarkBARD and WormGPT. Such tools make it easier and faster for fraudsters to generate content for phishing and other fraud tactics on a large scale. In the Global Fraud Report, 76% of financial services respondents said they are worried about AI voice replication and manipulation as a fraud tactic, with 79% worried about deep fakes.
Using GenAI, criminals can create convincing emails, texts, and call scripts that sound just like the company or individual they are imitating and use them in social engineering scams to trick people into giving away sensitive information by clicking on fraudulent links or making transactions.
In February 2024, a scam cost a Hong Kong-based company over HK$200 million when its employees were fooled by deep fake technology. One employee made 15 money transfers after following the instructions of digitally recreated versions of the company’s chief financial officer and other executives in a video call.
This escalation of fraud tactics point to an urgent need for financial institutions to proactively monitor suspicious digital activity and transactions to stay ahead of criminals and protect their brands and customers.
The Global Fraud Report 2024. Get the facts about fraud.
Understanding Digital Risk Protection
As digital threats have advanced, so have the ways we can defend against them. One proactive way financial institutions can defend themselves is with Digital Risk Protection.
What is Digital Risk Protection?
Digital Risk Protection refers to the tools, technologies, strategies, and processes organisations use to safeguard their digital footprint from ever-increasing and diverse digital threats.
DRP is a proactive approach to fraud prevention and online brand protection, with processes including social monitoring, digital asset monitoring, threat intelligence, and more. Commonly, DRP combines technologies for monitoring and automated detection of brand violations, together with human experts who can investigate the infringements and act to mitigate the threat.
How Digital Risk Protection prevents account takeover fraud
Digital Risk Protection uses a combination of processes to prevent risks leading to phishing scams, account takeover fraud and other financial crimes, including:
- Continuous monitoring: continuous monitoring is the 24/7 surveillance of a company's digital assets, including websites, social media, instant messengers, and mobile apps, to detect illicit use such as the creation of fake social media pages, emails, and websites by threat actors.
Digital Risk Protection can work in tandem with fraud protection technology to enhance transaction monitoring. Transaction monitoring often employs behavioural analytics to recognise genuine users based on their typical actions, enabling the quick and accurate identification of suspicious activities and compromised accounts. Additionally, DRP proactively addresses external threats by taking down fake social media pages, websites, and ads, thereby reducing the likelihood of fraudulent transactions. This combination offers a comprehensive approach to fraud risk management, with DRP focusing on external digital threats and transaction monitoring addressing internal anomalies.
The reality is that fraud is an ongoing issue that continues to evolve, and continuous monitoring through DRP is essential for detecting new threats and staying ahead of such risks. - Brand protection: DRP provides companies with brand protection by proactively monitoring for brand impersonation and any misuse of its logos and trademarks on social media and other online platforms. Financial institutions can use DRP software to scan the web, social media platforms, marketplaces, and even the dark web to identify unauthorised or counterfeit use of brand logos, content, or intellectual property.
- Incident Response: when a threat is detected through continuous monitoring and brand protection activities, the company should take swift action to remove or mitigate these threats to protect its customers and reputation.
How Digital Risk Protection protects your brand reputation
A brand's reputation is its most precious asset, yet it is increasingly at the mercy of the internet. The act of impersonating a brand can damage its reputation by associating it with fraudulent activities, not to mention potentially causing financial loss for unsuspecting customers.
By implementing Digital Risk Protection, financial institutions can ensure that the reputation they’ve worked hard to establish remains protected. It doesn’t just protect your name; it builds consumer trust, confidence, and loyalty, which are the cornerstone of any business.
Holding businesses accountable
As cybercrimes evolve, regulators are scrambling to keep up with relevant standards and frameworks to ensure businesses take the necessary steps to protect consumers and, if they fail, hold them accountable.
Many countries in the Asia-Pacific region, including Singapore, Australia and New Zealand, are looking to implement regulatory frameworks that set clear roles and responsibilities for the government, regulators and companies in addressing online scams.
The Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) have proposed a framework that may require financial institutions and telecom companies in Singapore to compensate customers who fall victim to scams if they have neglected their responsibilities. These responsibilities include banks failing to send outgoing transaction alerts and telecom companies not implementing scam filters for SMS messages.
Additionally, Singapore has urged large social media platforms to enhance their efforts against online fraud. In response, a pilot program initiated in June 2024 aims to verify the identities of risky sellers on Facebook Marketplace and risky advertisers on Facebook. Digital Risk Protection is poised to support such verifications across the e-commerce and fintech industries.
This is where DRP becomes even more critical for financial institutions. DRP helps companies mitigate the risks of digital threats, which helps save the costs of recovering payments made to scammers and reimbursing customers. It also demonstrates to regulators that they are taking proactive steps to protect consumers and take their responsibilities seriously.
The time for proactive Digital Risk Protection is now
With the proliferation of digital threats, the integrity of your brand and the trust of your customers depend on you acting now. DRP leverages the latest in behavioural analytics and continuous monitoring technologies to shield your reputation from those who seek to exploit it and enhance business continuity. In addition, by complementing transaction monitoring, DRP provides a more comprehensive approach to fraud risk management for financial institutions.
GBG is trusted by thousands of businesses worldwide. In an increasingly digital world, GBG helps businesses grow by giving them the intelligence to make the best decisions about their customers when it matters most.
Speak to our experts to find out how GBG can help you ensure the protection of your brand against fraud.
