Part 1 — Types of Digital Fraud: You Can't Fight What You Don't Understand
Instances of business-to-business fraud have increased dramatically, with fraudsters exploiting a variety of circumstances triggered by the global pandemic. B2B fraud has the potential to cripple businesses with millions of dollars in losses. But knowledge is power; this three-part article series will increase awareness of evolving fraud schemes and discuss the newest tools and methods for detecting and preventing fraud.
In the wake of COVID-19, instances of commercial fraud became much more likely as businesses, financial systems, and service providers of all types were put under extreme pressure to respond and adapt to the crisis.
A recent report from the Association of Certified Fraud Examiners found that 51% of organizations responding to the survey have uncovered more fraud since the onset of the pandemic. Fully 71% of survey respondents expect the level of fraud impacting their organizations to increase over the next year.
The general trend toward rapid growth in commercial fraud tracks with data on consumer fraud from the Federal Trade Commission in the United States. B2C as well as B2B companies are affected by fraud, and there are a number of fraud scenarios that target both businesses and consumers. Looking at the FTC’s identity theft and fraud reports from 2016 to 2020, there was a steady increase in the number of fraud complaints between 2016 and 2019.
The reported fraud complaints increased year over year, as shown here:
It’s striking to see how the number of FTC fraud complaints jumped by nearly 27% between 2019 and 2020.
Why Has Fraud Been Increasing?
What accounts for the exacerbated vulnerability of businesses to instances of fraud? One major factor: during the pandemic, many businesses shifted their operations to become “digital storefronts” rather than physical locations. They had to, because of the dramatic change in customer buying behavior, with transactions largely taking place online due to fears of virus transmission. With commercial reopening plans thrown into question by highly contagious virus variants, e-commerce is expected to reach $4.9 trillion globally by the end of 2021.
The other major factor was the shift to remote work, which increased a variety of risks related to the vulnerability of data, devices, and files. Many employees were working on unsecured networks and personal computers that could be more easily penetrated by fraudsters. Reduced oversight and decentralization of tasks — such as generating payments — also made instances of fraud harder to detect.
In light of expectations for fraud to continue to proliferate, all businesses and capital market participants need to have a plan to battle online fraud on a continuous basis. But before you can make a plan to combat something, you need to be sure that you understand it. What do we mean when we refer to “fraud”? What types of fraud are specific to businesses, rather than individuals? And what are the red flags that organizations need to learn to recognize?
Types of Commercial Digital Fraud
There are, unfortunately, almost as many types of fraud as there are colors in the rainbow. Here is a selection of the most widely occurring frauds.
One of the most common types of frauds is the creation of shell, or shelf, companies that are created for the sole purpose of committing fraud. These companies allow fraudsters and criminals to hide identities and motives, conceal the origin, flow, and destination of funds, and obscure the true beneficiaries of fraudulent activity. “Empty shell” fraud schemes include:
- Limited to no business activity relative to business nature and time in business
- Using synthetic identity to create a new business or reactivate an inactive business
Another burgeoning fraud type is business misrepresentation — defined as material malfeasance and deception through the fabrication, exaggeration, or omission of business data. This type of fraud cuts across both first-party and third-party fraud observed in the marketplace. Misrepresentation fraud schemes can include:
- Exaggeration of employee headcount, time in business, or annual revenue
- Alteration or fabrication of bank statements or utility bills
We’re familiar with identity theft when it comes to individuals. A similar approach is used by fraudsters when it comes to business identity theft. This is where the perpetrator acts as the business owner or representative of a legitimate company. Using the “borrowed” credentials of a legitimate business, a fraudster can engage with another business in ways that ultimately reduce cash flow, cause problems with creditors and suppliers, and even affect the business’s reputation. These schemes can include:
- Establishing temporary office space or merchant accounts in another company’s name
- Filing bogus documents with government or credit agencies to change another business’s registered address or the names of the directors and officers
- Using a business email domain not linked to the company domain for transactions
“Move Over, I’m Taking Over”
Another example of observed fraud is “account takeover,” where the fraudster compromises an existing account of a legitimate business. In this dangerous development, the perpetrator can redirect accounts payable to a different account, siphoning off significant funds before being discovered. Types of “account takeover” schemes include:
- Phishing and malware attacks
- Harvesting data from data breaches or dark web purchases
Never Intended to Pay
In many online transactions, the fraudster opens a new business account and purchases goods or services and then doesn’t make a single payment. These fraud schemes can sometimes be detected during onboarding with the analytic indicator of probability of first payment default. Characteristics of these fraud schemes include:
- Opening accounts with real or synthetic identity, but no intention of paying on them
- Boosting credit limits artificially and through manipulation of data
“Busting at the Seams” Fraud
In the “Commercial Bust-Out” scheme, the fraudster opens many lines of credit and eventually abandons all accounts after maxing out or exceeding all credit lines. Using available firmographic, digital identity, and prior fraud incident data along with analytic indicators can help identify such actors. These fraud schemes can involve:
- Making on-time payments and maintaining good account standing for months or years before committing fraud
- Making overpayments with bad checks in the final stage of “bust-out”
Combating Fraud: The Good News
To fight fraud effectively, the business community needs to achieve a higher level of awareness of fraud and the various fraud types. Thanks to increased press coverage of pandemic-related fraud schemes, this greater awareness is starting to take hold. Greater awareness will produce more internal conversations around fraud and fraud risks. Anti-fraud professionals will have an opportunity to capitalize on these conversations to argue for more resources to bolster their fraud detection and prevention programs to keep pace with the changing nature and volume of business fraud schemes.
In our next article in Dun & Bradstreet’s Financial Fraud series, we’ll look at some of the technological resources that have been developed since the onset of the pandemic that can be used to combat the newer types of fraud.