Threats to cashless world soar in face of cyber fraud

The drive towards a cashless society was meant to eliminate cash-based crimes, but new data shows that it has done the opposite.

Due to this vulnerability brought on by the digitisation of banking and commerce, many people are now more vulnerable to fraud, money laundering, and hacking. Uganda Police’s records show that cybercrime has cost Ugandans more than Shs20 billion since 2022.

While announcing I&M Bank’s new core financial system early this month, Mr Robin Bairstow—the lender’s chief executive—noted that its biggest fear is not the hackers that prowl banking systems but identity theft.

“They now mostly hack your email address,” he said of hackers, adding, “I suggest that everyone should go and change passwords of their email addresses because hackers go in and compromise the system. It’s called identity theft. They compromise either your Sim or your Internet and just wait until you say that you want to change your password.”

Mr Bairstow asserted that hackers wait until their targets are en route to a plane, with their phones switched off, before talking to their bank to obtain unique one-time passwords and use them to commit fraud.

Even though the number of economic crimes in Uganda has decreased somewhat from 12,924 cases in 2023 to 13,207 cases in 2022, according to police records, the crimes are still causing havoc. The most crimes in this category, during the period, were by people disguising in false presence (10,709 cases), followed by forgeries (868 cases) and counterfeiting (262 cases).

In fact, national identity documents are used in 80 percent of identity fraud cases on the continent, according to data from Smile ID, a Nigerian digital identity verification company.

Vulnerable

Uganda’s national ID card, with a 25 percent attempted fraud rate, was also found to be the fourth most attacked ID document in Africa—it ranks slightly lower than those of South Africa, Tanzania, and Kenya.

“In 2022, document fraud rates trended consistently throughout the weekdays. However, in 2023, a shift in behaviour was observed, with higher fraud rates being caught on Mondays and Wednesdays. With biometric fraud, a similar trend is observed with consistent trend rates across weekdays in 2022, but significant variation in 2023. Fraudsters preferred weekends when committing biometric fraud in 2023,” the study shows.

On most days, fraud rises around 6pm GMT and peaks at 9pm GMT before beginning to decline. The research firm previously observed that hackers tended to target men, but now it’s registering more women in hackers’ hotspots—both in terms of money and identity, by 35 percent in 2023.

“While we have historically seen more fraud attacks from male IDs, our 2023 data suggests that the gap in fraud attempts between genders is closing, with a difference in fraud rates by gender of less than 10 percent by year end,” Smile ID noted.

Crypto currency market

Research indicates that con artists are experimenting with ways to exploit the crypto currency market after observing that businesses in this sector saw the greatest fluctuations in fraud rates, ranging from six percent in September to about 16 percent in November, 2023.

Over the course of the year, the finance industry’s fraud rates stayed relatively stable, ranging from 10 percent to 15 percent. But there was a lot of fraud in the payments sector, with as much as 42 percent in February of 2023 and 35 percent in August of 2023.

“In 2024, businesses have a duty to customers and stakeholders to stay ahead of identity fraud,” Smile ID advises.

This is because fraud is always changing. Companies, therefore, need to be proactive.

“While regulatory compliance is the bedrock of fraud prevention, it should only be treated as a minimum requirement. Businesses must go over and beyond regulatory requirements to protect the integrity of their products. Putting together a comprehensive anti-fraud system requires understanding the fraud risk points in any process. While it can differ significantly in practice depending on industry, the principles are largely the same,” the Smile ID study found.

“Stolen and fake identity attacks are most common in this stage, so we encourage businesses to use a document verification solution that includes biometrics and allows you to both authenticate documents submitted and verify personhood/true ownership with a selfie or liveness test. Check for duplicate accounts using a biometric reduplication,” it added.

High risk events

Smile ID asserts that high-risk activities like changing a password or setting up a new device might require businesses to continuously authenticate users using biometrics during these events. Biometrics is an essential tool in the fight against fraud, whether identity or financial. This is especially true in Africa where digital identity is still developing, Smile ID argues.

That verification of different people’s identities can be made more secure and dependable with biometric systems because they are harder to forge and are closely associated with individual identities.

Additionally, incorporating biometric solutions tackles the obstacles encountered in the African setting, including a notable prevalence of identity theft and a substantial unbanked population.

Mobile first

It is projected that 451 million smartphone subscriptions existed in sub-Saharan Africa alone in 2023, and that figure will rise to 632 million by 2028. Smartphones are the main means by which many digital subscribers in Africa access the Internet and other critical services like banking. In light of this, companies are advised to prioritise self-serve mobile-first authentication in order to meet African users where they are.

“Although the agent-led approach may be useful, especially in rural regions with poor technology access, it can be fraught with challenges, including customers sharing personal information with agents who may sell it or use it for fraud,” Smile ID noted in its report.

“A self-serve mobile-first authentication approach means customers have the autonomy and security to verify their identity through their smartphones. This approach aligns with the growing preference among African consumers for digital solutions that offer convenience, speed, and security,” it added.

SDKs better than APIs

Enterprises collaborating with identity verification partners have the option to employ either software development kits (SDKs) or Application Programming Interfaces (APIs). Although APIs offer a great deal of customisation potential, using them may require a company to put in a lot of extra effort to meet the particular difficulties presented by the African market.

SDKs, however, can be designed with these particular regional factors in mind, providing a more specialised solution for verification needs. For example, they can have a dedicated capture screen that lights up the user’s face to guarantee that even in dimly lit environments, high-quality selfies are taken. Additionally, they can be designed to produce high-quality images that are the right size for transmission in places with spotty internet.

In contrast to APIs, which need to be in continuous contact with a server, SDKs can be designed with offline features or data caching to handle sporadic connectivity. They can also be tailored to manage errors and retries, which are essential in settings with erratic network conditions and guarantee a more streamlined and dependable user verification procedure.

Varying regimes a challenge

Smile ID points out that businesses looking to expand throughout Africa continue to face substantial obstacles due to the continent’s varied regulatory environment. For instance, companies must make significant investments in in-depth research to comprehend the unique Know Your Customer (KYC) and Anti-Money Laundering (AML) frameworks in each target market because every African nation has its own set of regulations and compliance requirements.

“When outsourcing ID verification, businesses should look for partners with extensive coverage and local expertise around the continent. An ideal ID verification partner should provide solutions with sufficient geographical coverage and advice on the local regulatory landscape in countries your business is expanding to. This prevents the need for multiple integrations, allowing companies to expand to new territories with minimal technical work,” Smile ID notes in its study.

Synthetic identity attacks

The expense of sophisticated fraud is seen to be decreasing due to the quick development and ease of use of AI tools.

“In 2024, we expect to see substantially more synthetic identity fraud in Africa. These attacks often combine hyper realistic deepfakes with stolen ID credentials obtained via the web or data leaks,” Smile ID predicts.

“Although there hasn’t been a significant uptick in synthetic identity fraud on the continent, global fraud trends already indicate that fraudsters are increasingly using deepfakes to try and beat biometric checks including liveness checks. As AI solutions become more accessible and the skill requirements lessen, more of these kinds of attacks are expected,” it adds.

These attacks might employ multi-modal deepfakes, which combine audio and video to produce incredibly lifelike content that is difficult for humans to recognise on their own.

An evolution in identity theft attempts and financial scams that push the boundaries of current identity verification procedures are expected as well. It is anticipated that social engineering and phishing attacks will become more challenging to detect as individuals will find it challenging to distinguish between authentic media and deepfakes.

AI crucial in fight

It is expected that AI-driven technologies intended to counteract the sophistication of fraudsters will advance at the same rate as the scammers themselves. For instance, AI will make it possible to continuously monitor user actions and transactions and to instantly notify users of any suspicious activity or possible fraud. This degree of attention to detail is essential in the quick-paced digital world where threats can materialise at any time.

“By analysing patterns in user behaviour, AI systems can identify deviations that may indicate fraudulent activities, offering an additional layer of security,” Smile ID notes, adding that there will be an increase in the use of active liveness detection systems, which impose tasks on users.

By guaranteeing that an actual human being is present throughout the verification process, these tasks are expected to considerably lower the possibility of deepfake spoofing and impersonation.

To counter new and emerging identity fraud techniques, sophisticated anti-spoofing models would be created.

With an accuracy that far exceeds human capabilities, AI would play a critical role in identifying deepfakes. This involves spotting even the smallest anomalies and inconsistencies in artificial media.

[email protected]