AI-powered scams, insider fraud threat to financial sector - report

Insider-led cyber security attacks posed the greatest threat in 2024 leading to organisations losing billions, according to the first edition of the Digital Identity Fraud in Africa Report.

Insider-assisted account takeover fraud (ATO) became a growing concern alongside traditional ATO methods like phishing or credential stuffing.

According to the findings, the trend was particularly pronounced in West Africa, with instances in East Africa where high-profile cases emerged in commercial banks and fintechs.

“In Q2 2024, Nigerian banks terminated multiple employees implicated in fraud, costing the sector billions. Similar cases were reported in Kenya and Uganda,” said CEO of Smile ID Mark Straub.

He points out that what makes insider-assisted ATOs dangerous are their ability to bypass traditional security features like multifactor authentication.

Fraudsters rely on compromised or willingly provided access, making these breaches harder to detect and prevent. The financial and reputational damage to institutions is often severe.

“The future of fraud prevention lies in adaptability. While AI provides fraudsters with powerful new tools, it also helps security practitioners harness global intelligence to counter zero-day attacks and automate processes that were once manual,” said Straub.

“Fintech platforms with weak know-your-customer protocols remain the most vulnerable, as these bad actors use identity farming to create fraudulent accounts that conceal the origins of illicit funds. Tackling these vulnerabilities requires collaboration between industries, governments, and technology providers to create a safer digital ecosystem.”

The findings by Smile ID, a provider of identity verification solutions, show that alongside the internally initiated cyber theft, East Africa had the highest rejection rate for biometric and document verification due to outdated, inconsistent, and poor-quality identity documents, making verification difficult.

“East Africa also recorded the highest rejection rate for combined biometric and document verification attempts, reaching 27 per cent in 2024, primarily due to the reliance on outdated, inconsistent, and poor-quality identity documents, which hindered the verification processes,” reads the report.

Drawing on anonymised data from over 110 million identity verification checks conducted by Smile ID across Central, East, West, and Southern Africa in 2024, the report uncovered sophisticated fraud tactics exploiting vulnerabilities in fintech platforms and digital ecosystems, accelerated by emerging technologies such as generative AI, deepfakes, and insider-assisted schemes.

Document fraud remains one of the most persistent forms of identity fraud in Africa, evolving with advancements in technology and increased reliance on digital verification.

As the first Identity Fraud study to comprehensively address fraud trends across Africa, the fraud report highlights ongoing challenges and opportunities on the continent.

The widespread adoption of biometric verification over traditional textual methods has significantly strengthened fraud prevention, driving the overall fraud rate during customer checks down to 25 per cent in 2024 [a 4-percentage-point decrease].

However, this year-over-year progress has prompted fraudsters to develop more sophisticated attack methods targeting biometric systems, resulting in millions of dollars in fraud losses across key African markets.

“Despite improvements in KYC processes, overall fraud losses escalated in key African markets, including Kenya, where one of the country’s largest lenders lost Sh1.5 billion to fraud, according to reports,” reads the findings.

African digital platforms are facing increasing cybersecurity threats, with authentication fraud rates soaring to four times higher than those recorded during registration.

This trend highlights the growing risk of account takeovers as cybercriminals target user authentication systems.

According to recent fraud data, illicit activities on digital platforms are most frequent between 10 PM and 6 AM East Africa Time (EAT), with a peak at 2 AM EAT.

The cover of darkness appears to provide cybercriminals with a favourable window to exploit security loopholes.

Mobile Software Development Kits (SDKs) have become the primary tool for detecting fraudulent activity, accounting for 68 per cent of all identified fraud cases.

Other fraud detection integrations contributed 32 cent, underscoring the importance of mobile-based security measures in combating digital threats.