7. Financial scams and frauds
Financial scams and frauds rose in many jurisdictions during the COVID-19 pandemic, accelerated by increased remote access and widespread adoption of digital products and services. Financial scams and frauds continue to be a major cause of concern among jurisdictions. This chapter reports the most common financial scams and frauds in 2022. It also describes regulatory and supervisory actions taken to address the increasing incidence and complexity of financial scams and frauds.
While scams and frauds have always existed as a potential threat to financial consumers, in recent years their incidence has increased in many jurisdictions. Financial scams and frauds rose in numerous jurisdictions during the pandemic, accelerated by increased remote access and widespread adoption of digital products and services. Prior work undertaken by the Task Force during the height of the pandemic in 2021 gathered the views of 164 organisations from 81 jurisdictions on the impact of the pandemic on financial consumers; respondents identified vulnerability to scams and frauds as the second most significant risk for financial consumers arising from the COVID-19 pandemic (the top ranked risk overall was reduced financial resilience). Among responses from high-income jurisdictions, scams and fraud was the top-ranked risk (OECD, 2021[1]). More than 80% of respondents to the 2021 survey reported that the incidence of scams and frauds had increased since the start of the pandemic in their jurisdictions. The number of cross-border fraud complaints filed with econsumer.gov increased 257% between 2019 and 2020.1
As noted in Chapter 2, financial scams and frauds continue to be a major cause of concern for jurisdictions in 2022; among risks stemming from the operating environment, financial scams and frauds ranked second highest, after inflation and rising interest rates.
As shown in Figure 7.1, most responding jurisdictions (72%) noted that the reported incidence of financial scams and frauds increased in 2022 compared to 2021. In Singapore, for example, the total number of investment scam cases increased by 26% from 2021 to 2022. In Peru, the number of unrecognised operations by credit and debit card users jumped by 19% in 2022.
Conversely, the number of reported financial scams and frauds stayed the same in 7% of jurisdictions and decreased in around 21%.
Note: Based on responses from 29 jurisdictions.
Source: OECD Consumer Finance Risk Monitor Reporting Template 2023.
In terms of the amount of financial losses due to scams in frauds, in the ten jurisdictions where data is available, the total amount of financial losses increased from 2021 to 2022. These increases in financial losses averaged 27%, ranging from a 5% increase in Singapore to a 79% increase in Australia.
In Israel, the total amount of financial losses increased by around 7.5%.
In Romania, the total amount of financial losses for payment service users increased by around 8%.
In Austria, the total amount of financial losses due to scams and frauds increased by 17%.
In Malaysia and New Zealand, the total amount of financial losses increased by 19%.
In Poland, the total amount of financial losses increased by 32%.
In Chile, the total amount of financial losses increased by 34%.
In Canada, the total amount of financial losses increased by 37%.
As shown in Figure 7.2, the top types of scams and frauds by number of people affected were tricking consumers into providing personally identifiable information (selected by 86% of respondents) and fake schemes designed to tempt consumer to transfer, pay or invest money or buy fake insurance (selected by 84%).2 Further details and examples of various scam and fraud typologies are set out in Box 7.1.
Note: Horizontal bars correspond to the number of respondents who ranked this type of financial scam or fraud among the top five in their jurisdiction in 2022 in terms of the number of people affected.
Source: OECD Consumer Finance Risk Monitor Reporting Template 2023.
The next-most selected types of scams and frauds in terms of the number of people affected and the total amount of financial losses include:
The following types of financial scams and frauds were selected by two or fewer jurisdictions as the most significant types of fraud:
Common types of online frauds and scams targeting financial consumers include:
Advance fee frauds: these frauds have various different forms, but they all involve an email or other communication inviting the victim to pay money in return for receiving something of greater value such as a prize, inheritance, investment or transferred money. Advanced fee frauds include lottery scams, charity scams, impersonation scams, unexpected inheritance scams, dating and romance scams.
Authorised push payment fraud: these scams occur when consumers are tricked into authorising a transfer of money to an account that they believe belongs to a legitimate payee but is in fact controlled by a scammer.
Bank loan or credit card scams: these scams take the form of fraudulent bank loan offers in return for victims’ sending their personal details, stealing and unauthorised use of credit cards or “skimming” credit card information (see below).
Payment card fraud: in addition to lost or stolen card fraud, criminals may capture data from payment cards by card skimming at ATMs or ticket machines or through phishing (see below). Victims of such types of fraud may not realise that their data has been stolen. Criminals can use this data to create fake cards or to carry out fraudulent Card-Not-Present transactions.
Phishing and social engineering: the attacker attempts to use communications such as emails or social networks to trick consumers into providing valuable personal data such as passwords, login details or bank account details. Often the communications appear to come from an official source and invite victims to click on a link and enter their details via a fraudulent website.
Malware attacks: victims click on a link or attachment that installs or executes malicious software on their computer allowing the perpetrator to steal personal details and commit fraudulent activities such as unauthorised transactions. Ransomware is a type of malware that blocks or limits access to a computer or file with a demand for a ransom be paid to the scammer for them to be unlocked.
Sources: OECD (2020[2]), Financial Consumer Protection Policy Approaches in the Digital Age: Protecting Consumers’ Assets, Data and Privacy, www.oecd.org/finance/Financial-Consumer-Protection-Policy-Approaches-in-the-Digital-Age.pdf; Interpol (n.d.[3]), “Financial crime”, https://www.interpol.int/en/Crimes/Financial-crime.
Many jurisdictions noted that the rise in consumers falling victim to financial scams and frauds has coincided with an increased use of mobile and digital financial services, in part due to the lasting behavioural effects of the pandemic which moved activities online. As the volume of transactions grew on online financial services platforms, the sector became an increasingly attractive target for criminals, with an attendant growth in frauds. Younger investors, who have entered the market through digital channels (mostly investment platforms and apps) seem to be keener to make investment decisions on their own, or to follow financial advice from self-proclaimed experts on the internet (i.e. “finfluencers”), which can make them more susceptible to scams and frauds.
The increasing digitalisation of the financial sector has not only led to a higher level of fraudulent activity, but it has also altered the types of scams most frequently perpetrated. In Nigeria, for example, financial scams and frauds are shifting from counterfeit card capabilities toward harder-to-identify online fraud schemes. In general, fraudulent activity is becoming much more sophisticated – both in terms of cyber-attacks that target financial institutions and consumer-targeting scams. Israel, for example, noted the increasing use of IVR (interactive voice response) to carry out scams over the phone. In the United States, fraudsters are leveraging the faster (e.g. real-time or near real-time) and streamlined payment capabilities of innovative peer-to-peer (P2P) payment solutions, which have become increasingly popular among consumers. Fraudsters are using ever more complex forms of social engineering, which can be highly complex and fact specific. This is evident in the rising share of complaints relating to unauthorised transactions, as noted by Bank of Italy among others.
Another popular form of fraud consists of the creation of websites through which financial activities are illegally provided, which is an easy and inexpensive way to reach a vast number of potential victims. In some cases, as described by Luxembourg, these fake websites are detailed copies of the actual sites of supervised entities. As highlighted by Italy, the use of social media platforms can also help lure consumers toward these fake platforms. In Greece, the majority of complaints received by the securities supervisor in 2022 were about unauthorised brokerage firms that targeted potential investors through cold calls and fake advertisements on social media networks. Criminals may also misrepresent themselves as employees of a regulatory authority, in some cases even offering to provide redress to victims of earlier scams. In 2022, Austria witnessed a dramatic increase in scammers claiming to be members of the Financial Markets Authority. The Financial Conduct Authority of the United Kingdom similarly noted that “FCA scams” (i.e. fraudsters pretending to be from the FCA) were among five scam types most commonly reported to the FCA.
In Indonesia and Thailand, authorities have observed fraudsters tricking victims into downloading malware (such as an .apk attachment on Android phones), which can then be used to remotely control the device to transfer money through the victim’s mobile banking application. Authorities in Thailand also reported that scammers had developed fake mobile loan apps, which required potential borrowers to deposit money upfront to guarantee loan approval. Borrowers made the payment, and the fraudsters absconded with the money without delivering the promised loan.
The prominence of financial scams and frauds on the agendas of policymakers and regulators has grown in response to their increasing incidence and severity. Jurisdictions reported responding to the increase in scams and frauds with a range of regulatory initiatives and supervisory actions:
In Peru, enhanced authentication regulation came into force in 2022, which included both digital services’ onboarding and strong authentication requirements beyond the use of two-factor authentication. This regulation, which upgraded the security framework established in 2009, also established that the financial institution is responsible for any transactions that are a) reported as not recognised by the consumer (or occurring after the consumer has reported the loss or theft of their credentials) and b) not approved by strong authentication processes.
In Japan, in response to a rapid increase in the number of cases of fraudulent money transfers, which were suspected to be caused by phishing scams, the Japanese Financial Services Agency (JFSA) requested financial institutions to strengthen their anti-phishing measures in September 2022.
In Greece, the Hellenic Capital Market Commission (HCMC) as published a warning to investors against investment risks and online investment fraud. The Bank of Greece also published a statement on digital private currencies warning consumers of potential investment risks.
In the United Kingdom, the Financial Conduct Authority have continued to influence search engines and social media firms to prevent scams and other illegal financial promotions from being promoted. As a result, the regulator noted a 100% reduction in illegal paid-for advertisements on Google and Bing.
During 2022, the Banco de Portugal pursued administrative offense proceedings against payment services providers for lack of compliance with the obligation to apply strong authentication requirements to access payment accounts.
In Italy, CONSOB published a warning in October 2022 calling the public’s attention to the risks associated with investment proposals made through the internet and over the telephone that, by unduly leveraging the reputation of the Amazon brand, promised unrealistic profit opportunities related to the alleged purchase of shares in the Amazon company. CONSOB noted that this example was representative of an increasingly common type of scam through which unauthorised entities launch online advertising campaigns related to fake investments in well-known BigTech companies, football companies and cryptocurrencies. These fraudulent initiatives, which consumers can join by filling in online forms, are aimed at obtaining investors' money or their personal data.
In Hong Kong (China) the Hong Kong Monetary Authority (HKMA) frequently engages with other stakeholders, such as the Hong Kong Police Force (HKPF) and Hong Kong Association of Banks (HKAB), to enhance the prevention and detection of scams and unauthorised financial activities. For instance, the HKMA participates in the Fraud and Money Laundering Intelligence Taskforce (FMLIT), which was established by the HKPF and includes the participation of 23 retail banks. Selected fraud cases are shared at FMLIT, helping banks identify over 19 000 previously unknown mule accounts, taking prompt action and also supporting law enforcement investigations. The HKMA has also shared good practices on fraud prevention and detection with the industry.
In Indonesia, OKJ and Bank Indonesia are part of an Anti-Investment Scam Task Force (Satgas Waspada Investasi) that includes the National Police’s Criminal Investigate Department and the Ministry of Communications and Informatics. A top priority of the Task Force is to track the total amount of financial losses from scams.
In early 2022, the Central Bank of Brazil (BCB) created a working group to propose actions to address weaknesses and gaps against fraud and scams and requested information on transfer, payment and purchase transactions from 34 supervised entities. The purpose of the working group was to obtain a financial trailing of frauds, whereby the results would provide insights that would help the BCB improve its regulatory framework and help supervised entities improve their procedures for monitoring fraud and scams and defining typologies. Based on the evidence collected, the working group suggested the mandatory sharing of (attempted) fraud among financial institutions to prevent new frauds and interrupt actions in progress. Thus, the National Monetary Council (CMN) and the BCB enacted a Joint Resolution establishing that supervised entities must share certain information on financial fraud.
References
[3] Interpol (n.d.), “Financial crime”, https://www.interpol.int/en/Crimes/Financial-crime (accessed on 15 December 2023).
[1] OECD (2021), G20/OECD Report on Lessons Learnt and Effective Approaches to Protect Consumers and Support Financial Inclusion in the Context of COVID-19, OECD, Paris, https://www.oecd.org/daf/fin/financial-education/G20-OECD-report-on-financial-consumer-protection-and-financial-inclusion-in-the-context-of-covid-19.pdf (accessed on 25 August 2023).
[2] OECD (2020), Financial Consumer Protection Policy Approaches in the Digital Age: Protecting Consumers’ Assets, Data and Privacy, OECD, Paris, https://www.oecd.org/finance/Financial-Consumer-Protection-Policy-Approaches-in-the-Digital-Age.pdf.
Notes
← 1. Econsumer.gov began in 2001 as an initiative of the International Consumer Protection and Enforcement Network (ICPEN), with support from the OECD. Consumer agencies from more than 65 countries support the project, which provides a platform to gather and share cross-border e-commerce complaints.
← 2. Percentages are calculated based on the number of respondents who provided answers to this question (N=37).