Sardine

A shocking stat: Half of all financial fraud in India is now on UPI. Scammers have now figured out they can socially engineer people to share their UPI PIN number to authorize transactions or create entire clones of legitimate apps to steal credentials. Faster payments really do mean faster fraud. Detecting scams before they happen relies on 👉 Identifying active calls in session, to see if the pre-payment a user might be being socially engineered 👉 Looking for high-risk activities pre-payment like screenshots often used by scammers 👉 Data sharing between sending and receiving UPI app or service These features will have to become a default across the industry if we're going to get a handle on the scamdemic.

One thing not discussed enough: Bots are taking over the internet. 42% of all internet traffic is bots, 65% of those are malicious. Bots can do everything from 👉 Scraping data, logos and CSS to produce realistic impersonation websites 👉 Grabbing product images, descriptions and pricing information to create counterfeit store fronts 👉 Open multiple accounts to try chargeback fraud, or create fake sellers on marketplaces Bot detection is too important to be left to the standard firewalls given how much impact it has in financial fraud. Cybersecurity and fraud teams need to collaborate to see the whole picture, detect more advanced bots. Whether that’s from detecting the use of VPNs and proxies, to a session simply “behaving” in a very non human way.

How can we get compliance right and ensure nothing falls between the cracks of Fintech company and sponsor bank? Simon and Sarah will unpack in this webinar 👇👇 You can join by clicking here 👉 https://lnkd.in/e7PrSQPa

Fraud patterns don’t care about geography. With clients in Europe, LATAM, and even Japan lately we see they all have very similar fraud patterns. The nuances vary, but things like scams, social engineering, returns fraud and money muling are consistent. The unlock for fraudsters was they can commit crimes from anywhere. Often they’ll have an HQ in a low-income country like Myanmar or the Philipines and run their scam call centers centrally. So much of the spike in volume is coming from these professional groups, the more we can share information as a community, the better we can defend our users.

How can we get compliance right and ensure nothing falls between the cracks of Fintech company and sponsor bank? Simon and Sarah will unpack in this webinar 👇👇 You can join by clicking here 👉 https://lnkd.in/e7PrSQPa

Monzo's proposed new features for fraud are amazing 📌 Known locations or "leave your money at home." Places you're comfortable moving large amounts of money but fraudsters are unlikely to access 🤝 Trusted contacts. If a large transfer is requested your trusted friend must approve. Hugely helpful if your phone is stolen or for vulnerable folks. 🔐 Secret QR codes. Print out a QR code and keep it in a safe place to scan when needed.If these aren't available the fallback is step up KYC. All of this is possible with the right user device signals + some imagination Kudos to our friends in the fraud squad 🐟 trying to make things a bit better every day

New Fraud Just Dropped: QR Code exploits. The volume of scams involving QR codes is exploding, especially exploiting legitimate banking apps to steal customer funds. In 2024, QR codes are now everywhere. They are cheap, simple and convenient. But they have a big problem. Fraud. (As Dave Birch rightly points out) 👉 The trend started in China, where in March 2017 90m Yuan were stolen in a single city (Guangdong) by replacing merchant QR codes with fake ones that steal personal information 👉 Today across China a quarter of viruses and trojans occur via QR codes 👉 Also in China scammers have been caught placing fake parking tickets — complete with QR codes for easy mobile fine payment — on parked cars This is now coming to Western markets and has exploded since the pandemic. 👉 In the Netherlands, a QR code scam exploited a legitimate feature within a mobile banking application 👉 In Germany, phony emails containing QR codes lured eBanking customers to malicious websites under the guise of reviewing privacy policy updates to their accounts 👉 In Belgium they are being use to trick people using electric car charging stations (pictured) 🐟 We’re now seeing this come to the UK and US where QR codes are used to initiate real-time payments (RTP), or collect card information via phishing pages. 🐟 With the rise of mobile wallets, the use of NFC (tap-to-pay) is always preferable because it is harder and more expensive to spoof 🐟 At Sardine we’re always looking for risky accounts, data, and transaction geolocations (like coming via a card from an unknown merchant while at a carpark).

Recent financial data breaches exposed user PII from many banks, allowing fraudsters to bypass verification checks. We’ve built a free service in Sonar to check for this risk. For example, if a new customer is signing up, one common check is to ensure that the account name matches the account and routing number. If bad actors have compromised that data, it would allow them to pass this check easily. The new red flag service will check if an account’s credentials exist on the dark web and return a “true” if they’re found. When added to the 1,000s of other critical data points for onboarding or making payments, we hope this helps manage the risk of compromise. You can read more in the press release below 👇 #fraud #hacks #databreach https://lnkd.in/ei4DmWUh

Scams are becoming the fastest growing type of fraud and most companies can't keep up. Why is this happening? Here's why 👇

I know what you’re thinking. Marketplaces don’t want to be banks.But they do need to fix their seller problem. They don’t want to do KYC. The answer is lightweight “business verification” of the seller. How? Read more on our blog. https://lnkd.in/eDnakCya