How can we encourage intel sharing between the private and public sector, while meeting regulations and protecting privacy? In this episode, Simon discusses reciprocity in intel sharing and the resurgence of lower-tech crimes with Jim Hitchcock, VP of Fraud Prevention at American Bankers Association. There Jim serves as the association’s primary expert on fraud mitigation activities and programs.
How can we encourage intel sharing between the private and public sector, while meeting regulations and protecting privacy? In this episode, Simon discusses reciprocity in intel-sharing with Jim Hitchcock, VP of Fraud Prevention at American Bankers Association. There Jim serves as the association’s primary expert on fraud mitigation activities and programs. The two also discuss the resurgence of low tech scams and social engineering to beat automated defenses.
---------
“I just sat down with the US Secret Service…. What they were saying was they get a little frustrated in the sense of not understanding why, when they might call a financial institution and say, “Hey, there's fraudulent money coming your way”, they may freeze that money, send it back to the initial, the sending institution, but then things just kind of end there and they don't get any positive feedback. And all the secret service is trying to do is collect more of that information to try to identify a real person that they could go out and talk to and maybe arrest later on down the street.”
“Financial institutions also have concerns about the lack of law enforcement feedback. But law enforcement can't always give feedback, right? Because….if they're sitting on an individual that they might arrest, sometimes you just can't give that information back. They might have had grand jury documents out to obtain some of this information.So there's secrecy issues there.”
Timestamps:
(01:28) The challenges of intel sharing between the private sector and law enforcement
(08:43) Are there concerns of the government showing favoritism to certain companies?
(15:58) Is there equal reciprocity when sharing information?
(20:42) Pig-butchering compounds in SE Asia
(26:10) A rise in low-tech, in-person scams
---------
Jim Hitchcok on LinkedIn
Simon Horswell on LinkedIn
Onfido’s Identity Fraud Report
[Subscribe to the Podcast]
Simon: [00:00:00] In this episode, I'm joined by Jim Hitchcock, Vice President of Fraud Prevention at American Bankers Association, where he serves as the association's primary expert on fraud mitigation activities and programs. Jim brings extensive experience in both the private and public sector. Prior to joining ABA, Jim was a director in Capital One's anti money laundry department, serving in a fraud advisory role.
Um, he began his He began his banking journey in 2016 after finishing a career in federal law enforcement with the Department of Defense Inspector General and the U. S. Secret Service. During his tenure in the Secret Service, Jim served as a subject matter expert investigating financial identity and computer related crimes.
In today's episode, we dive into the nuances of Intel sharing, as well [00:01:00] as Jim's observations regarding current low tech scams. But first, a word from our sponsor.
Ad read: Inside the Fraud Lab is brought to you by Onfido. Onfido's real identity platform is trusted by thousands of businesses to stop fraud and know their customers.
Their AI powered identity verification means businesses can securely and seamlessly onboard customers anytime, anywhere.
Simon: Hello and welcome to the show. I'm Simon Halswell, Jim. Thank you for being with us. I just want to kick things off really. We've had a little chat about this beforehand, but I really want to get into the topic of Intel sharing.
We've kind of discussed this a bit in the UK. I'm part of a trade body known as the ADVP, the Association of Document Verification Professionals, and this is always a hot topic of conversation. On the one hand, [00:02:00] As private companies, you really want to work with government, you really want to partner with them, and that requires you to share intel.
But at the same time, you're really mindful of the fact that your customers, your clients, we're all trying to stick to, in Europe it's the GDPR, the General Data Protection Regulation. You know, you really want to prevent future criminal activities. Which is why you're sharing the intel, but to what extent you can share that intel, what detail, where the, where does the line get drawn, what are you getting back in return.
So obviously in your role, part of your focus is around commercial and government partnerships to, to help mitigate fraud capabilities. So, What is it that you're kind of seeing on your side of the pond?
Jim: Yeah, it's funny you mentioned GDPR there, Simon, because that's our biggest challenge here in the U. S.,
too, is just navigating the different regulations in place. As you know, we have strong regulatory bodies here in the U. S. [00:03:00] that, you know, regularly monitor and Audit the different banks throughout the country, depending on size, it depends on the level of scrutiny, really, but, but that's the toughest part in information sharing.
Everybody wants to do the right thing. You mentioned the government, the private sector relationship, I, I'm trying to bring, like, the law enforcement community together with our, our banking investigators. And, and they all want to do the right thing. If, if, if we could just close our eyes and let them do the work behind the scenes, it would be great, but we do have to be cognizant of the different regulations in place, so that's, that's the
Simon: biggest hurdle.
This is, this is a constant conversation I have with one of my colleagues. It's like fraud prevention would be so great if we didn't have to think about privacy. But you can't have it that way. There, there has to be a line. You have to bring privacy into it. Everybody wants to have their privacy respected.
Everybody does, including [00:04:00] fraud investigators. But at the same time, you kind of feel like you're fighting a battle with one hand tied behind your back.
Jim: Yeah, absolutely. And you know, the lawmakers, to their credit, they do, they do build into these regulations like exclusions, like if you know there's a fraud, they expect you to share the information with other institutions, for example, and we have, we have a really strong safe harbor here under our USA Patriot Act.
It's called 314B, and that allows financial institutions to share freely under a safe harbor, a protection from civil liability, as long as they're, they're trying to prevent in the long term money laundering or whatever. Financing of terrorist acts, for example, but all that starts with a fraud, right? And so, in a way, you're allowed to share [00:05:00] information to detect a fraud, stop a fraud, and long term prevent money laundering or terrorist financing.
What I'm saying is, you know, the precursor to any money laundering scheme, for example, is usually a bank fraud of some type.
Simon: So, I mean, does that then mean that the private entities, are they trying to satisfy the burden of proof themselves? I mean, once you've established something is a fraud signal, and it's well established and accepted in law, then that's great, right?
Because then we can all agree, this is a fraud case, based on these things we've seen here. They're symptomatic, the only thing they can point to is a case of fraud, in which case, let's share that data. But, is there any kind of, is there anything in place that kind of helps, uh, private entities to qualify it?
I mean, are we asking them to provide the burden of proof and make that decision on what they can and can't share? Or is it litigated and laid out much more clearly somewhere? I mean, one of the biggest problems I find [00:06:00] is, it is getting into the definitions, because sometimes the people that are, uh, writing the criteria or the definitions on the other side of the table or don't have that experience.
So they don't know about some of the circumstances, the nuances that you have when you're in the private sector. Right? They just have the law enforcement side and on that side of the table it's very Black and white, it doesn't get too gray when you're writing the definitions.
Jim: Yeah, no, that's a really good point, because it is, it is very gray when you're trying to determine whether or not you have a fraud.
Because as you know, in like, fraud prevention, there's different Rules that banks may abide to, like if, if, if you're an issuing bank of a major credit card, you're bound to like the Visa MasterCard rules, they may indicate that there are signs of a potential bust out scheme, so a bank may act on that, but then determine maybe it's just a It's just more of a dispute issue with their customer [00:07:00] and not necessarily, it doesn't rise to the level of that fraud that would allow you to share that information freely with other banks or write that suspicious activity report, for example.
So a lot of that is just based on, on the processes and the procedures. Inside a bank and, and them acting accordingly to those processes and procedures regularly so they can defend themselves when they are audited by the regulators. But really, they're just acting on unusual activity. What's, what's unusual, right?
It's pretty broad. And to determine whether or not you actually have A violation of federal law, for example, you have to go a little deeper. And I think the regulators understand that and, and they, they allow for a little bit of a, a cushion there in, in determining unusual from suspicious. Once it's [00:08:00] suspicious, then naturally that triggers different, um, requirements here in the United States to, to, like I said, file suspicious activity reports.
Simon: Okay. So it, this, this is what I mean then. So it's, it's kind of on the. The private entity to decide. if something's falling as suspicious or whether it's, you know, whether it's properly fraudulent or just irregular, and then make the decision as to what they can or can't share when it comes to sharing details with government, for example.
Jim: Yes, you're absolutely right.
Simon: Now, how do you see the dynamics kind of playing out in terms of either side of this? So, I mean, I think when we talked about it before, we both kind of understood from our times in government that you do have, certainly in the UK, you have some tendencies towards not wanting to show favoritism to the private sector or individual companies, but you're [00:09:00] more likely to maybe work with a trade body because then it doesn't look like you're favoring one company over another.
Um, but then some international organizations are prepared to, I mean, up until. Quite recently, Interpol was quite prepared to partner with some of the major banks, recognizing them in and of themselves as big players, as opposed to make, you know, only working with uh, companies that were part of a larger entity, um, of, you know, a conglomerate or something like that.
Do you find anything like that in the States? Are the authorities quite happy to kind of work individually with some of the bigger players? Or would they rather kind of step away from that so they don't seem to show any kind of favoritism to the big players and ignore the little ones, as it were?
Jim: Yeah, well, having been there and now also keeping in touch with the law enforcement community, you definitely don't want to show favoritism, right?
So, you know, the, Bank size shouldn't matter when you're sharing [00:10:00] information, and to be honest, most of the investigators, that's, that's not even a decision point, like the, the federal investigators. It's more about the information, like what bank may have that payment information, it's, you know, if there's, if there's a wire sent from bank A to bank B, but they're looking at a potential mule case.
You know, they might just automatically go to bank B to, to slow down that account a little. Hey, we have suspicion, we have a victim called in, they indicated they sent money to an account on your books, you know, uh, incorrectly, could you slow that down and look at the account for us? Then actually all the, all the Laws kick in for privacy and so forth, meaning court orders, or the bank may be able to file a SAR, for example, and get that information to law enforcement, but there's no, there's no favoritism, it's more about just You know, trying to create that dialogue [00:11:00] with, with the financial institutions, it's hard to say, but what we're doing here at the, the, the ABA is we're trying to get bank to bank to at least share information quicker, easier through, through like an anti fraud tool where we're building, it's just the information exchange tool, if you would.
Simon: You're kind of building that kind of conglomerate, as it were, or a collection of people who have like minded individuals. So you're trying to basically create that within the US, outside of dealings with law enforcement, and then behave as a conduit, I guess.
Jim: Yeah, no, absolutely. And you know, we're trying to get the banks to collaborate and share information more easily.
Number one, we want to like stop that mule activity, which, which I'm still speaking to, because in my mind, the mule activity is the biggest trouble point for the banks because the, you know, the fraudsters are in it to make money and how do they monetize, they move the money around and then they, they, [00:12:00] they pull it out of our banking system.
So if we can quote, beat the fraudster to that money in a bank account. And, and stop it from going, that's our number one concern. And number two would be. You know, a deterrent factor, get law enforcement involved. We may need law enforcement to try to recall a wire that went overseas, for example, if it went to a friendly territory where they have legal procedures in place.
Simon: You want the deterrent, but part of that deterrent is visibly having consequences. Right? So it's, you know, there has to be law enforcement involvement. It can't just be a case of you got rejected and we're, you know, we're not going to take your custom. There needs to be a follow up and I think that's part of the problem we see certainly in identity verification is in some circumstances, because it's now so much more online, it's seen by people as being that much more anonymous.
Right, so it's kind of like as many goes at the [00:13:00] machine as you want, you don't have to worry about putting coins in, it's infinite lives, just keep going. Got blocked, got rejected, have another go, right? But if there are real life consequences, then you're likely to see these figures kind of drop quite a lot because people will Have a second thought about it.
So I think kind of that deterrent needs to be a lot more real and consequential in terms of a physical aspect. Right?
Jim: Yeah, absolutely. Absolutely. And I'm talking about the, you know, the greater deterrent factor as well here. But you know, all the banks in this scenario I'm describing at the end of the day, even though law enforcement won't have direct con like contact to our database that we're, we're, we're.
Our exchange system that we're developing here, bank to bank, and the banks hold the data themselves. We're not in the market of holding the data, but at the end of the day, that bank will have to comply with the Bank Secrecy Act and the USA Patriot Act and [00:14:00] normally get that kind of conduct. Written on a suspicious activity report to law enforcement.
So law enforcement always gets engaged at the end. But this is critical data for the bank to use as well. Right? They received it through legal means. Now they know that an individual is a mule. So now they can build that into their authentication defenses or the know your customer. Processes and defenses to, to, you know, weed out that individual from potentially opening up another account with their institution.
And that data shared with other institutions that will give them pause when they see a certain individual. We're not saying do not bank with people. But what we're saying is let's slow down and take a look at this individual. Because as you know, Simon, there is no silver bullet, so to speak, on, on identification, verifications, right?
In today's day and age, right when we think we have it nipped in the [00:15:00] bud, deep fakes come up. So,
Simon: the minute you do it and something else pops up, you go, ah, yeah, there's always that way. Do you ever see any kind of, any sort of friction? Um, within these kind of like these Intel sharing sort of negotiations or I, I do sometimes get a feeling that, that sort of one party can feel that they're not getting much or not getting enough from the other party for what they're giving it.
And I've, I've seen it both ways. I've, I've seen it from government side feeling that maybe they're not getting as much from the private sector as they want. Is that something you're seeing as well?
Jim: Oh, absolutely. When you first said friction, I got excited because friction in the sense of a bank. To me, there's good friction and bad friction.
You want the customer to be happy, but good friction is slowing the moment down. That's what we tell, tell our victims outside, you know, like, Hey, before you send that, that. Person to person, peer to peer payment, take a pause, stop and think about it, ask a family member before sending it. So that's good [00:16:00] friction, right?
That's what we're really trying to create in today's day and age.
Simon: Exactly. There has to be something, right? You don't want to feel the car's got no brakes.
Jim: Yeah, conflict freshening, you're talking about absolutely. I just met with the, sat down with the U. S. Secret Service. They have a global investigative operation center, GIOC, and they investigate a lot of the international type of scams going on.
Like, like the popular pig butchers, schemes, the event. Slash romance, they hook you on your romance, then it turns into an investment, bust out scam. But, but what they were saying was they, they, they, they kind of get a little frustrated in a sense of not understanding why, when they might call a financial institution and say, Hey, there's fraudulent money coming your way.
They may freeze that money, send it back to the initial descending institution. But then things just kind of end [00:17:00] there and they don't get any positive feedback. And all the Secret Service is trying to do is collect more of that information. To try to identify a real person that they could go out and talk to and maybe arrest later on down the street.
Simon: They need to know that, you know, from their point of view, the intel seems good, but you always want that confirmation. It's like, yeah, that was it, right? Yeah, I totally get that.
Jim: Yeah, and I'm working with the financial institutions on that, right? The two way street. But financial institutions also have concerns about the lack of law enforcement feedback.
But law enforcement can't always give feedback, right? Because if they're sitting on, if they're sitting on a target, the last thing they're going to do is tell a bank and somebody in the bank, because the problem with any's too right now, insiders and banks, you can't trust anybody nowadays, but if they're sitting on an individual that they might arrest, sometimes you just can't give that information back, or there might be, they might had grand jury documents out to obtain [00:18:00] some of this information.
So there's secrecy issues there. So it's just, you know, It just goes back to the beginning of what we talked about, the privacy laws, good intent, and sometimes, you know, makes it a little bit more difficult for us to actually investigate these criminals.
Simon: And also as well, I mean, I don't think anyone He's worked in government.
It's gonna shoot me down on this one, right? But sometimes things work slowly in government, right? It's, there was one of the first things I noticed when I moved into the private sector. It's like, gosh, things move fast out here. Things get done like in the next day or what have you. But when you're in a big machine like the government, particularly I would imagine federal government, then it's a lot of, a lot of cogs in that chain.
And it can be a bit frustrating from the outside looking in.
Jim: Yeah, no, absolutely. And I like how you said that outside looking in, because I like to say like, you gave my bio at the beginning, you know, I worked, I was on the outside and it was on the inside, now I'm kind of stuck in the [00:19:00] middle, it looks different on both sides, but I thought I ran fast on the outside with the, with the secret service and then, you know, the inspector general for department of defense, where we did a lot of international.
Money launderer investigations relating to the contract fraud, but when I got to Capital One, things sped up for me. Things moved really fast. Then I understood. Okay. This is where that frustration comes from. Totally different cultures here, right? Yeah. One side's used to making change to fix a problem and then talk about it later.
The other side, the government talks about it for years and then makes change, right? So, so how do we bridge that? That different culture is the challenge.
Simon: There's lots of debate in government, right? That, that's, that's the thing. It's like trying to get it right once. Whereas I think when you're in the private sector, it's, it's almost the reverse.
It's like, try this first. If it doesn't work, fail fast. and then you move on to the [00:20:00] next iteration, next iteration. But that's, that's kind of the different nature, right? Now, you touched on pig butchering, and it made me realize when we talked about this before that I'd only kind of understood the description as one side, of the actual equation.
And, and that's down to my ignorance. And it is a fascinating phrase, it's so descriptive, and I always thought that it was just referring to the victim at the end of the, the romance scam, if you like, or the investment scam. I didn't realize, Quite where the full name of it came from, and it was a real slaphead moment for me, no pun intended, but if you could just explain that one to people as well.
Jim: Yeah, absolutely. It's, it's an awful term, like, right? So, you know, a lot of the consumer advocacy groups back here in the United States like to refer to it more as, like, financial grooming. Just because if somebody becomes a victim of a piglishing scheme, what's the [00:21:00] likelihood of them reporting? Admitting they're part of something so derogatory, right?
But the term was created by these large groups of individuals in mostly like the Southeast Asia, Southeast Asian region. But what they've done is they've set up compounds and then they Recruit workers on open social media, um, so somebody thinks they might have land, landed their, their dream job. They travel, show up at a, at a pre planned site, meet with the individuals and then they're basically brought back to the compound and they're not free to go and they have to conduct different, you know, romance and investment scams.
In order to, you know, earn their freedom back someday, if, if they ever get their freedom back. You see different stories about people actually being able to [00:22:00] escape being imprisoned, and they tell just horror stories. So, so could you imagine, you know, being held against your will and told you have to Do something in order to number one, stay alive, but number two, get your freedom back and go visit your real family again.
You're probably gonna put a lot, a lot of effort into doing that, right? Doing that job. So, so even though it's Might not be in their genetic makeup to defraud people. They do it out of, out of need that will serve to survive. Yeah. So it's just awful. And then, you know, how the rest of the process works.
They through social media, they recruit, they hook individuals and through a romance pitch. And then eventually they convince this romantic relationship. needs some investments and then they get them hooked on these large dollar investment schemes [00:23:00] and, and really just bust the victim out. They, they figure out what their life savings might be, might be, you know, I've talked to different people where it's like people lost over 4 million over like an eight month period, you know, wires and increments of 150, 000 30 times.
So it's just a problem. And then You know, it's not like, it's something that is so detectable by, by, by the banks. The scammers know how to defeat that through different like, social engineering tactics, training. They might train the victim on what to say to the bank when the bank calls. So, so that's the problem here in today's environment, and that's why these big picture schemes are so successful is they're stepping outside of the bank walls, outside of our great technology, because they can't beat our technology as well as they can [00:24:00] through the social engineering, so they, they bring them outside, and yeah, and they get that dialogue going, and they speed up the clock, and, and people just may, um, You know, for lack of a better description, poor decisions, because that's, that's, that's what it is.
But, you know, it's just, and where's the balance? Like, how do you train potential victims on this without offending them, keeping them engaged, right? Hey, you're making poor decisions. Nobody wants to be told they're wrong, right?
Simon: You know, if you fall into one of those sort of scenarios as well, You're already sold on the story, on the dream that's kind of got you to the table in the first place, right?
So, that's not just someone sort of coming in and telling you you're making poor choices. That's someone coming in and sort of smashing something that you really want to believe in. And that's, you know, belief is one of the strongest things in the human psyche. If you can get someone to believe in something, Then they'll do incredible things [00:25:00] for you.
We've started talking about scams. And I thought what was quite interesting before as well was we see all the, you know, quite often when we're on the podcast we've been talking about some of the more advanced stuff, the use of AI, deep fakes, we've talked about, you know, what people are talking about on the dark web and to what extent they're, you know, using different tech.
But at the same time I've always felt like, and I've started to see as well, uh, A counter rise or a counter spike in people following up on low tech in person scams as well. It's kind of, they, they tailed off, obviously, as they would during the pandemic. Everyone's in lockdown, you can't commit the same stuff in in person.
And this is why I think we saw a massive increase in online fraud, because all you do with that kind of problem is you don't stop it, you just displace it. You know, you push it back here, it's going to pop out over here. But now I think we're starting to see kind of like an equal response to the fact that we've had all this online fraud or these [00:26:00] online scams, and they've really started to sort of peak.
Now we're starting to see more of the in person scams coming back. But what's been your experience with that recently?
Jim: Yeah, well, it's, I'm glad you asked, and I like how you described, we just displace it, right? Just displace the fraud. There's, they just shift their, their, their tactics a little bit, but it's all the same, right?
Simon: I say fraud's like water, right? It's always gonna find a way, and again, this idea of displacement, it's the same kind of thing. If you, if you stop it coming from one place, it just comes around the other way, or you'll find another way around the path. Water always finds a way. Fraud is, Just like Walter in that respect.
Jim: Absolutely, no. And just so you know where I'm coming from here, I host like three different fraud information sharing groups here at ABA, and they're all well attended. But one's the National Best Practices where we talk everything fraud, another one we kind of zero in on, it's called Regulation E, it has to do.
With the consumer's rights, basically, when it comes to the [00:27:00] electronic transfer of funds, like a debit transaction, for example, it covers. It doesn't cover credit cards, but it will cover, like, the debit channels, um, and, like, ATM withdrawals, things like that. But, and then I also host an internal fraud group, as well.
So, that's three different groups. I host a monthly. I probably have over 500 different individuals registered from different banks. I'm just one of them, the NBP, the National Best Practices. And we usually get 150 people on each meeting. But we talk anything, anything fraud. So what I'm hearing a lot now is, is naturally check fraud.
That's, banks are still struggling with that. It's probably, We can say it's at its peak, but I don't think it's going any place soon, and there's reasons for that, which we'll talk about in a moment. But then, along with check fraud is, I'm picking up a [00:28:00] lot on the whole synthetic game is, is, is storming back.
Not necessarily, like, manufacturing the synthetic identities, but now they're putting them to use through mule activity. I told you the number one enemy of mine I'd love to take down are the mules, right? You stop the mules, you stop the money flow. So the synthetics are starting to come to life there, but also synthetic businesses.
Popping on the radar big time now.
Simon: I, I started to see this as well. It's, it's crazy. People like creating, I've seen so many fake LinkedIn accounts now to, to support these.
Jim: No, it's nuts because they're able to, you know, through social engineering, just using LinkedIn nowadays, they're able to just look at it, see that, hey, you work for an individual, but you might be sourced from a sourcing employment company, right?
So then they also, they have somebody else digging through data and they see your name as [00:29:00] being engaged with that sourcing company and somehow they're able to connect the two and then send an email to maybe your direct boss at the company you're working with saying there's a problem with your payroll.
And that's a true story, by the way, it happened to somebody real close to me. So it's fascinating how they're working today like that. But back to what I'm seeing is really the check fraud, the synthetics, well the problem is even the synthetic businesses are being used for multiple gains by the criminal element.
It's perpetuated the counterfeit check issue or the, uh, wash check issue, but also just to move other large money as well in like a BEC, business email compromise scheme or something. So, so that's the battle that the fraudsters now be. Come so adept at, at using these different. Make ups to just continue [00:30:00] the different fraud types, you know, your Zelle, your, your peer to peer frauds are still, still hot.
Anything, anything with instant cash, right? The debit handles are the targets and, and checks go along with that. So, but the problem with checks, what we're seeing is, You know, when I worked Chex, late 90s, early 2000s on the streets, there were regionalized gangs, you know, so we could, we could, we could put a little bit of a den in the activity by taking down a group.
Well, they got away from that, but now they're back, but what they have at their fingertips is this global communication channel, whether you're talking about the deep dark market we always used to talk about, the deep dark marketplaces, Or you're talking about, about Telegram, a social media site, right?
They might,
Simon: they
Jim: might, yeah, they might solicit folks that want to cash checks for them on Facebook [00:31:00] and then move them to the Telegram channel so that the U. S. can't monitor any access to that activity anymore. So what we're seeing is that convergence. Of all this online communication activity, and the exchange of the, of the, the, literally the documents, or the recruitment of mules, and then the individual street level gangs are carrying out the frauds.
So, that's the challenge, is how, How well they're communicating. It all comes back to information sharing. Yeah. For some reason we outnumber them, but they information share better than this, right? Yeah. Your data was breached five years ago, but they just used it when your bank rolled out Zelle and they knew you had an account there, so now they use your data, if they can't account takeover on you.
Without your help, they're going to socialize you to do the account [00:32:00] takeover and then carry out itself, right? So that, this is what we talk about on these calls. It's just, it's just amazing.
Simon: I mean, I knew Czechs were, were big in America, but I didn't realize they were still so big. I'd struggle to lay hands on someone in the UK that still has a checkbook.
Not, you know, maybe my father's generation, but that's, that's, that's, that's, that's, Wow, cool. I mean, are you seeing any, any other kind of scams sort of along those lines outside of checking it or any other kind of like physical scams that you're aware of still being perpetrated or have started to like a newer twist on an older scam?
Jim: You know, it's the, you remember the 419 letters, the Nigerian letters? Yeah, of course. That's still prevalent, except it's done at a more professional scale, you know, with the, the, the, the AI ability. Now you're, you're trying to GPC, you can go on there and produce an error free letter. And then, then just disseminate it [00:33:00] across multiple channels, whether it's text, email, what have you.
You still see that, but what I'm hearing a lot on the information channels are just the, like the debit channels, you know, you got the debit cards targeted at a high rate. I've mentioned it a couple times, your peer to peer payments. Um, so, a lot of BECs here in the States as well, but the scams really just have different spins on them, right?
Like, they have the technology scams now.
Simon: Yeah, it's the same old plots, but with just like, you know, different twists here and there, but it's essentially the same. You can boil it down to the same basic ingredients. You know, like they say that there's only like seven stories or something like that in the whole of all of history, but then there are just slight twists on each one, you know, like your classic archetypal story.
I think scams are the same kind of thing. You've got your archetypal scam plots. [00:34:00] But then you can just tack a new gadget on it or a new app or something like that.
Jim: Yeah, no, and that's, that's really what we're hearing. Because for us, there's no, we all need help with technology because we all move. The greater of us all moved to technology during the COVID era.
So, so that's what they're doing. They just, they're just adjusting to the, to the current environment, really.
Simon: But, um, Quick, quicker than. I think kind of the establishment can actually react to it. I mean, I know there are, there are banks in the UK that have campaigns, you know, public campaigns where they're trying to reach out to those that are of a less technically sophisticated age group, let's say, those who are a little bit more wary or not as clued up as on the technology side of it, to try and educate them.
And then part of that, obviously, is this idea of trying to help them identify scams. I mean, there's an awareness piece, an education piece. I think, kind of, one of the things [00:35:00] as well is, you know, You mentioned that you do a lot of groups. I happen to know that you do a number of different podcasts as well.
Talking with you today has been fascinating. I've really enjoyed chatting with you. I'm sure anyone listening to this would like to find out more. You know, where can they find you online?
Jim: Yeah, no, absolutely. I'm, you know, I have a LinkedIn account. They can find me there. But then, of course, the aba. com website.
You can look me up under fraud and just reach out to me directly there.
Simon: Again, Jim, thank you so much for today. It's been great to talk to you. Thank you so much.
Jim: No, thank you, Simon.
Simon: Thank you for joining us on this journey inside the Fraud Lab. If you'd like more insights into attack patterns and trends as we see them at Onfido, head to onfido.
com or click the link in the show notes to access our annual identity fraud report. It's full of proprietary research into how fraudsters are attacking identity verification and how the world of prevention is changing. It's [00:36:00] full of insights. For example, financial services has seen a 23 percent increase in fraud versus last year, and 46 percent of document fraud targets national ID cards.
If you'd like to learn more, get your free copy by clicking the link in the show notes. Goodbye for now, and I hope you join us again next time.