In February, we published our first Digital Banking Fraud Trends in India report. With additional information from the past five months, we can now provide an update on where things currently stand.
Deep-dive analysis: An evolving landscape
Key data points, as per BioCatch data:
• 11% increase in sessions analyzed
• Peak of 405 million sessions seen in March 2024
• 101% increase in reported fraud volumes
• Up to 40% of reported fraud is now categorized as a voice scam
As BioCatch continues to see more traffic than ever in India, crossing the 400 million-session mark in the month of March, we also see an increase in the volume of fraud reported by our customers – a spike that vastly outpaces the growth of generic traffic.
While overall traffic volumes grew by 11%, fraud volumes climbed 101%. Q1 2024 numbers were double those seen in Q4 2023, and preliminary data forecasts Q2 showing still more fraud-volume growth, suggesting: As Indians continue their adoption of digital banking practices, fraudsters are taking advantage and executing more attacks than ever before.
Breaking the fraud down further, one interesting insight is the type of fraud reported. In our report in February (based on 2023 data), we saw the majority of reported frauds were categorized as account takeover (ATO), i.e. executed by third parties. It would appear now, just months later, the landscape has already changed.
We saw that 55% of all fraud reported to BioCatch in 2023 was ATO. This remains true throughout 2024. But the number of reported voice scam cases more than doubled in the last three months, from 15% to nearly 35% (with a peak of 40% in April).
This suggests fraudsters are changing their tactics to exploit the weakest link: human beings. Over the years and across the globe, we’ve seen fraudsters transition toward social engineering scams – sometimes in response to enhanced controls aimed at stopping ATO fraud, other times simply to increase their success rates. We now see this same global trend reflected in India.
Working together as a fraud-fighting community is pivotal for banks to be successful as they adapt to this changing landscape. Likewise, learning from peers that have been successful, as recommended in our post about Southeast Asia perhaps modeling its fraud-fighting legislation after Australia’s, is also key to getting a head-start.
Presence in India
As part of BioCatch’s commitment to fighting fraud in India alongside our Indian customers, we’ve participated in and held events in the country, presenting at the BFSI Fraud Detection & Management Summit at the end of February and holding our own trademark events: Fraud Fighters – open to only BioCatch customers, allowing them to debate and learn about fraud trends and best practices – and Threat Talk Live, which offers an intelligence briefing to financial institutions who have yet to join the BioCatch community.
One of the main talking points at our events was the detection of mule accounts – a topic we raised on our report earlier this year, which has become an area of focus for many banks. In particular, we looked at a case study that explored how fake job scams – a common type of scam in India – leads to mule accounts, due to the widespread operation that sits behind them.
RBI Annual Report
Another key event over the last few months was the release of the RBI’s Annual Report on May 29. The report itself covers many areas, but looking through the fraud lens, we’ve identified the following key takeaways:
• Fraud across the public sector continues to be the biggest contributor to fraud losses, although the private sector saw its biggest number of reported frauds ever in 2023.
• Overall fraud losses were down by 47% last year, although there was a 166% increase in fraud volumes. This suggests fraudsters are going for low-value, high-volume fraud attacks.
• 80% of fraud cases take place digitally (via cards or digital banking), but that represents just 10% of all fraud losses, with the majority of losses (85%) originating via financing (loans).
• There is a significant time-lag between fraud taking place and being reported/detected. Nearly 90% of frauds from 2023-24 occurred in previous financial years. This is down from 94% last year, suggesting an improvement in detection and awareness.
The RBI also provided insights into initiatives that it’s pursuing to increase the protection offered by banks to consumers, including the strengthening of fraud risk-management systems as well as streamlining assessments of KYC/AML risks.
In the less than five months since the release of our India report, we’ve observed a significant spike in fraud in the country – a trend also seen by the RBI – and a shift in the most prevalent types of fraud. At the same time, Indian banks seem potentially more open than ever to making a real effort to address the nation’s (and the region’s and the world’s) mule problem. If Indian banks are able to focus on identifying mule accounts – the way stops through which all fraud passes – before social engineering totally dominates the fraud landscape, the nation could become an interesting case study for other banks around the world to follow.