I can remember, some years ago, watching a YouTube video that a guy had recorded while he was playing World of Warcraft, the massively multiplayer online role playing (MMORG).
As the game progressed, he gradually began to realise that he was the only human player and that all of the other avatars in the game were actually controlled by bots.
Welcome to the future – writes Dave Birch, author, advisor and commentator on digital financial services.
Bots And Money
The mounting incredulity in that player’s voice as he came to the conclusion that he was the last person left in the game was fascinating to me.
I showed this video at a few seminars and workshops and told people that I found it a more interesting vision of the future financial services than people queuing in a virtual bank branch in Second Life.
The impact of bots on that World of Warcraft economy is worth noting. For one thing, it was complicated.
Some goods in the game became less valuable because bots were working round the clock to obtain them whereas others became more valuable because “bot mafias” cornered the market.
That poor chap playing alone came to mind when I read the widely reported case of a worker who was tricked into transferring some $25 million after fraudsters using deepfake technology posed as his company’s CFO in a video conference call with what the mark thought were several other members of staff.
In fact he was the only human being and everyone else in the video call was a deepfake recreation.
Given the increasing quality of deepfakes, the ease of use of sophisticated voice cloning technology, and the tendency of too many people to turn off their cameras during Zoom meetings anyway, it is no surprise to me to see that enterprising criminals are launching such attacks.
Synthetic identity fraud is already one of the fastest-growing cybersecurity threats, accounting for nearly 80% of all identity fraud in the U.S. (and is estimated to cost businesses close to $5 billion this year).
With generative AI helping them to scale up their attacks, it is hardly hyperbolic to talk about the tsunami of fraud that is going to wash away trust not only in commerce but in politics and the media as well.
A recent report that analysed billions of sessions across various industries and regions found that almost three-quarters of all web and app traffic was malicious, driven by bots and human fraud farms that launched a variety of attacks via SMS, the web and mobile phones.
Since we lack a working population-scale digital identity infrastructure, and appear to lack the will to assemble one, I suppose we’ll just have to get used to mass market mountebanks engaging in large-scale fraud.
The extent of fraud is now so great that going without a practical strategy to attack seems like suicidal approach to a cancer spreading throughout the financial system.
Fraud is already more than 40% of all reported crime in England and Wales, yet according to the National Crime Agency it is “largely underreported” with only around a sixth of all incidents being reported to the relevant authorities!
Given the scale of fraud, it really shouldn’t be that hard to find a business case for a solution.
It is not just about money though, a recent report from Visa looked at the negative impact of authorised push payment (APP) fraud on UK consumers beyond the financial losses.
Their research found that one in three of those surveyed reported that their mental health suffered as a result of the fraud and almost half feel at risk of falling for the scam again.
Visa called for cross-industry collaboration to fight fraud, with an increased focus on prevention measures. That is, more effort directed towards stopping the money from leaving victims’ bank accounts rather than trying to find the criminals afterwards.
Time For Action
I agree, of course, but it makes me ask the question as to what kind of cross-industry collaboration this should be?
Were we to actually want to do anything about the problem then we should probably start with having some kind of financial services identity that would take the place of payer and payee addresses in transactions.
In other words we could amend the instant payment infrastructure to allow access to institutions only and give retail consumer and business customers access only via a request-to-pay (R2P) layer or a variable recurring payment (VRP) layer, both of which would deal with digital identities, and not branch, codes, routing numbers and other such relics from the dawn of bank automation.
While consumers would see this switch from sending money to branch XXYYZZ and account 00998877 to responding to a request from £dgwbirch as a matter of convenience and simplicity, under the hood it would be a world of identification, authentication and authorisation using the tried and tested cryptographic techniques.
Central to this solution would be restoring trust, so that consumers know that if they send money to £dgwbirch or £tesco or £mancity then the money can only go to the intended recipient.
How much would it cost to create this infrastructure compared to the cost of fraud already here, let alone the fraud to come?!
The post Fraud is out of control: Payments industry needs to collaborate appeared first on Payments Cards & Mobile.