“There’s a misplaced shame that’s wrapped around it,” says Carter, who is speaking about the psychology of such fraud at Mastercard’s virtual Cyber & Risk Summit today. “But if they can’t report the crime, you can’t find the criminal.”
Carter believes that COVID-19 has played a large role in the growth of online romance fraud, which almost always starts on dating sites. These criminals thrive off of the isolation and vulnerability of their chosen victims — and the global pandemic has made people more isolated and vulnerable than almost any time in recent history.
“Everyone now has some level of concern about job security, or around health, or finances,” she says. “Plus people have been online much more, and they don’t necessarily have lots of cybersecurity knowledge. It makes it difficult for individuals to recognize they’re vulnerable to exploitation.”
Carter has spent her career studying the strategies and language that fraudsters use and she’s found some consistent patterns. The fraudster will quickly try to move the conversation from the dating app to a more personal messaging app where they are integrated with the target’s loved ones.
The fraudster will then build trust and make the victim feel in control, laying the groundwork for later betrayal, she says. As the relationship deepens, the fraudsters take control. They often text their targets early in the morning or late at night to reduce their decision-making capabilities through sleep deprivation. They make it clear that any refusal of money is seen as withholding affection.
“It’s financially and psychologically devastating because you’re being defrauded by someone you trust,” Carter says.
Stopping the fraud sooner
When someone has their credit card number stolen, it’s fairly easy for banks to spot fraudulent charges and quickly alert the cardholder. But stopping these sorts of “payee scams” (where the payment was authorized but fraudulently induced) is much more complicated, and is not limited to credit cards.
P20, a forum for global payments players (including Mastercard) to work together on issues of accessibility, security and inclusivity, has released a new report with best practices for the industry and regulators to combat payee scams. The goal, according to the report, is to work toward a comprehensive, industrywide approach to enable rapid information sharing and collaboration to detect and prevent money from reaching these criminals.
Education can help. In some U.S. states, bank tellers are trained look for and report financial exploitation if they see it. In the U.K, police, banks and regulators are working together to identify vulnerable victims who are being defrauded.
Technology can also play a role. Artificial intelligence and behavioral biometrics can capture data that, when looked at holistically, can alert banks to out-of-the-ordinary behavior that may indicate someone is becoming a victim of fraud, according to the P20 report. For example, unusually long texting sessions may point to manipulation. A shaky tap gesture could mean the person is operating under duress. Banks can also issue digital scam warning notices when biometrics seem off to alert someone to the possibility of fraud.
But most importantly, according to Carter, is that banks — and family members — keep in mind that the people who have handed over money have been masterfully manipulated and are not weak.
“These are not just financial victims,” Carter says. “They’re also victims of manipulation, and they need support and understanding, and protection against revictimization.”