Fraud remains the leading form of identity-related suspicious activity cited in Bank Secrecy Act (BSA) reports by a large margin, while technologies enable greater overall risks around exploitation, according to new research from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
FinCEN’s latest “Financial Trend Analysis,” published Tuesday, reviews data from BSA reports filed in calendar year 2021. The agency identified at least 14 typologies that bad actors use to exploit the validation, verification, and authentication processes at financial institutions.
Of the approximately 1.6 million identity-related BSA reports FinCEN analyzed, general fraud was the most frequently reported suspicious activity at 1.2 million instances. Behind it was false records (423,000 reports), followed by identity theft (222,000), third-party money laundering (154,000), and circumventing standard processes (110,000).
Other, less frequently occurring typologies included account takeover, abuse of access, refusal to cooperate, cyber incidents, and general scams.
Regarding tactics employed, 69 percent of BSA reports indicated attackers impersonated others as part of efforts to defraud victims, according to the analysis. Eighteen percent of reports described instances of bad actors using compromised credentials to gain unauthorized access, while 13 percent cited exploitations of verification processes.
Institutions most impacted were depositary institutions (1.3 million reports), money services businesses (501,000), and securities/futures firms (103,000).
FinCEN said it observed attackers are leveraging data breaches, as well as automated password cracking tools, in their attempts to undermine identity processes. The agency also cited remote work as a vulnerability that could present additional openings for bad actors to exploit and warned the rapid evolution of artificial intelligence (AI) might further enable money laundering, fraud, and other cybercrime.
To combat identity compromise, FinCEN is working with its government counterparts to develop best practices frameworks and exploring ways digital identity, AI, and privacy-enhancing technologies might help mitigate such exploitations.
“Robust customer identity processes are foundational to the security of the U.S. financial system and critical to the effectiveness of financial institutions’ programs to combat money laundering and counter the financing of terrorism,” said FinCEN Director Andrea Gacki in a press release. “Financial institutions are encouraged to work across their internal departments to address these schemes.”
No comments yet