Even Fraudsters Take Summer Vacation—Here’s What You Should Do While Their Guard is Down
The first thing to know about today’s digital fraudster is that they’re just like you, but with a criminal twist. They’re the bizarro supermen and the Dr. Hydes of the workforce, with their own commutes to manage and KPIs to hit (as they’re defrauding you of millions). While their nefarious tactics rely on advanced technology, the fraudsters who pull the bot and genAI puppet strings are still human—and they still need to relax once in a while.
According to our fraud data, summer is when fraud slows down the most. Fraud leaders have known this informally for a long time—but at NeuroID we have the crunched numbers across our client ecosystem to show exactly what fraudsters are doing in the summer (and how you should respond).
Is it a Cruel Summer?
In July of 2023, NeuroID clients experienced a striking 45% decrease in fraud attacks (as compared to the 2023 baseline). In addition to measuring the number of fraud attacks our customer’s experience per month, we also look at the size of the attack—that is, how many coordinated users are trying to attack at once. We measure this by looking at the number of risky users connected to the attack (i.e., the number of applications initiated that we identified as high risk). While June had slightly more attacks than July, those attempts had 85% fewer risky users per attack. July’s attacks also brought fewer risky users per attack, with a 69% decrease below standard per attack rate—so, 16% more attackers per attack than June, but still far below the baseline average number. In fact, July had the second lowest number of total attacks in the year.
While you’re hopefully relaxing in the warm summer months, to assume your fraudster counterpart is on vacation as well is a bit of a leap, of course. It’s more likely they are reacting to natural consumer trends. With summer sunshine luring digital buyers outside and businesses slowing down launches and promotions, the ecommerce world typically cools down when the real world heats up. Fewer targets simply means less fraud.
Lazy, Hazy Days of Summer?
What does this summer slump tell us, other than that fraudsters want to work on their tans after lurking in the shadows? It tells us that attacks in the summer months are less likely to be organized fraud rings, seeing as they don’t include the heavy bombardment of dedicated escalation. They’re likely either smaller fraud rings (a fraud start-up, if you will) or just lots of individuals spotting the same loophole (maybe through a marketing campaign that reached the Dark Web).
But although early summer’s fraud attack volume is the lowest for the year, by August, 69% of attacks were organized fraud rings. August is the second-highest month of the year for fraud ring attacks as financial institutions (FIs) and ecommerce organizations boast tempting targets of back-to-school specials. By the time leaves are starting to turn, we see a stark jump to a 13% above average number of risky users per attack (which is a 74-percentage point increase in just a month!).
Clearer skies for teams who’ve been on high alert through the more tumultuous, risky spring seasons seems like great news. And on the numbers side, it definitely is: 57% of US FIs experienced an increase in fraud attacks affecting both consumer and business accounts in 2023. And the spring fraud spike is intense, with up to a 50% increase in fraud attacks and 3X the number of risky users per attack. Who wouldn’t want some lazy, hazy days after that onslaught?
The Problem with Relaxing
At NeuroID, we’re all for taking a breather when you can (my Marketing Director is on a two-week trip to Paris even as I write this—Hi, Bethany!). But as best practice consultants in fraud detection, we can’t help but see a 3-month downturn in fraud as an opportunity for more than relaxing.
Alloy’s State of Fraud Benchmark Report found that both in 2022 and 2023, “respondents cited “dramatic increases in volume of transactions over a short period of time” as the leading indicator of attempted fraud. In-and-out fraud attacks are frequent and difficult to detect, let alone fight. NeuroID is designed to solve this market problem and find this unseen fraud—now is a great time to talk to us about how it might work in your ecosystem. The summer slump overall is a perfect time for fraud prevention teams to regroup and reassess strategies, anticipating an increase in fraud activity immediately in the fall, before it goes into the big end-of-year and new year spikes.
Summer is the best time to ensure that your fraud systems are agile and ready for fraudsters returning from their holiday, so you can meet them with more robust and effective fraud prevention measures. It’s likely when you have the most time to research and talk to vendors (including us!) who can help you do a post-game analysis of the fraud you’ve been seeing, and how they can help. Alloy reports that 48% of US FIs see a decrease in manual reviews due to investments in fraud prevention tools. Wouldn’t that be a great efficiency improvement to have in place for September, when fraud attacks will be 25% higher than those in July?