Earlier this year, a Washington-based family spent "20 minutes in hell" when they received a call from what sounded like their daughter pleading for help, accompanied by a man demanding $10,000 for her safe return. It turns out this terrifying ordeal wasn’t real – it was a scam made possible by recent advancements in AI.
Stories like this one have skyrocketed in 2023 as generative AI has made it easier to create highly believable and convincing content. Phishing attacks in particular – which trick individuals into revealing sensitive information, sending money, or clicking on malicious links by posing as a trusted source – have become more credible when powered by AI.
The use of generative AI can make social engineering scams more believable by writing more convincing prose in phishing emails or texts, or it can be leveraged to create much more sophisticated scams by mimicking someone's voice in live conversation. In either case, it often leads to customers giving up their credentials. In fact, in the first quarter of 2023, the rate of account takeover attacks rose a staggering 427% compared to all of 2022.
Kris Nagel is the CEO of Sift, the Digital Trust & Safety Platform.
Increase in spam and scams
A recent report from Sift found that 68% of U.S. consumers have noticed an increase in spam and scams since November 2023, when ChatGPT was first released, while 49% of consumers admit it’s become more difficult to identify scams during the same period. This is a growing and pervasive threat, and failing to address it will be costly for businesses. The same report found that 54% of consumers believe they shouldn’t be held responsible if they were scammed into providing their payment information and it was then used to make an unauthorized purchase.
To stay ahead of these threats, businesses need to rethink their fraud prevention strategies and technology stacks. According to Juniper Research, e-commerce losses to online payment fraud totaled just over $41 billion in 2022. But these schemes are fast-evolving, and losses are expected to grow. AI-enhanced and bot-based scams are already being sold "as-a-service," enabling even novice fraudsters to launch sophisticated attacks with minimal effort. This is just the beginning as we can’t yet predict how AI will impact businesses over time, or how quickly the technology will evolve.
While the Chief Security Officer (CSO) or Chief Information Security Officer (CISO) may spearhead initiatives like building the right fraud prevention tech stack, that does not mean the responsibility should start and end with their teams alone. Here are four things companies can do to build a more collaborative fraud prevention strategy.
Four tactics to prevent fraud
Recognize the impact of fraud on your organization's reputation, finances, and customer trust: Companies lose revenue and loyalty if a customer is a victim of fraud, but businesses can lose out if a legitimate customer has lost access to their account and is unable to log in or complete a purchase. Fraud prevention needs to be done well, which means prioritizing it, integrating it into strategic planning, and allocating sufficient resources to stay ahead of emerging threats. Develop and track key performance indicators (KPIs) related to fraud prevention efforts, such as the number of detected fraud attempts, the rate of blocked logins and transactions, and the customer “insult” rate (the rate of legitimate customers who are unable to complete a transaction or login because their activity has been mistakenly labeled as fraud).
Integrate your cybersecurity and fraud efforts: In many organizations, security, business, IT, and fraud divisions are segmented and treated as separate entities. But their missions are the same, and they are more effective when aligned around a common goal and annual plan. Companies should take inventory of their tech stack to understand how to best build a comprehensive platform. Getting the handle on basic objectives, tools, and processes can make it easier to standardize best practices and third-party Identity, Fraud Prevention, and Cybersecurity vendors.
Lean on AI to fight AI-driven scams: The growing availability of generative AI and automation tools means that fraudsters can create and launch scams at an unprecedented rate. It also makes it easier for them to attack multiple channels at once, sending emails, texts, and phone calls to targets to maximize their chances of someone falling for their scam. When stolen credentials are used to defraud businesses, manually reviewing each activity isn’t an option due to the scale of these attacks. The only way to successfully identify fraudulent activity before it causes harm is to rely on AI and machine learning, which can identify thousands of signals in real-time for better speed and accuracy. This can be the difference between a successful scam or stopping an account takeover before financial damage, such as a fraudulent transaction, takes place.
Communicate fraud awareness to your customers: Customer education can make a meaningful impact against fraud as well. Company executives should work with marketing, customer support, and communications teams to ensure that customers understand how to stay safe and identify the warning signs of fraud.
Taking decisive action now to strengthen fraud prevention might serve as a future competitive advantage. As fraud threats continue to evolve, companies that take a proactive approach will be better positioned to not only weather the AI-induced storm, but create a better experience for their customers.
