Skip to main content

Lesson 08 of 25

Consumer, Payment & Identity Fraud

5 min read · CFCS

Recognize account takeover, synthetic identity, and elder financial exploitation, and connect each scheme to the right control, FinCEN advisory, and SAR filing.

Where fraud meets the public

  • Consumer and payment fraud target individuals at scale
  • High volume, often lower value per case
  • Feeds laundering through mule networks
  • A growing, cyber-enabled threat

Consumer and payment fraud is fraud aimed at individuals and the payment system, and it operates at enormous scale. Each case may be small, but there are millions of them, and together they generate vast criminal proceeds that then need laundering, often through money mules. Much of it is now cyber-enabled, which ties this lecture to our later cybercrime material.

For the exam, the goal is recognition: be able to read a scenario and name the scheme, then identify the control or report that fits. Notice the connection the exam likes to draw: a scam victim's stolen funds become a launderer's placement problem, so consumer fraud and the mule networks that move the proceeds are two ends of the same chain. The FTC catalogs these schemes by volume every year, and the sheer count, not the size of any one loss, is what makes them a systemic concern.

Let's walk the major categories.

Payment fraud and account takeover

  • Card-not-present, chargeback, and authorized-push-payment fraud
  • Account takeover via stolen credentials
  • Social engineering tricks the victim into paying
  • Real-time payments raise the stakes

First, payment fraud. This includes card-not-present fraud using stolen card data, chargeback fraud, and increasingly authorized push payment fraud, where the victim is tricked into sending money themselves, which makes recovery far harder. Account takeover happens when a criminal uses stolen credentials to seize a legitimate account and drain it.

The common thread in modern payment fraud is social engineering: manipulating a human rather than breaking a system. And as real-time, irrevocable payments spread, the window to claw money back shrinks toward zero, which is exactly why prevention and rapid detection matter so much. Draw the line the exam tests: in unauthorized fraud the criminal moves the money, so the bank generally bears the loss, whereas in authorized push payment fraud the genuine customer is tricked into pushing the payment, which makes recovery and liability far murkier.

Business email compromise, where a spoofed executive emails finance to redirect a wire, is the high-value version of this same manipulate-the-human attack.

Identity theft and synthetic identity

  • Identity theft: impersonating a real person
  • Synthetic identity: a fabricated, blended persona
  • Synthetics evade traditional victim-based detection
  • Strong CDD and identity verification are the defense

Identity crime comes in two flavors the exam distinguishes. Traditional identity theft impersonates a real person, using their stolen details to open accounts or take loans. Synthetic identity fraud is subtler and faster-growing: criminals fabricate a new identity by blending real and fake data, say a real Social Security number with a fictitious name, and patiently build credit before busting out.

Synthetics are dangerous precisely because there's no single real victim to notice and complain, so they slip past detection built around victim reports. The defense is strong customer due diligence and robust identity verification at onboarding, the front door. FinCEN advisories on synthetic identity stress the bust-out pattern: the fabricated persona behaves perfectly for months or years, steadily raising its credit limits, then maxes out every line at once and vanishes, leaving no real person to pursue.

The exam distinction to lock in is simple, traditional theft hijacks an existing real identity, while synthetic fraud manufactures a new one that never fully existed.

Elder financial exploitation

  • A FinCEN priority and reporting focus
  • Romance, lottery, tech-support, and caregiver scams
  • Red flags: sudden behavior change, new 'helpers'
  • Often involves money mules and remittances

Elder financial exploitation deserves its own spotlight, and FinCEN has issued specific advisories making it a reporting priority. It spans romance scams, lottery and prize scams, tech-support scams, and abuse by caregivers or family. The red flags an institution should catch include a sudden change in an older customer's banking behavior, large or unusual withdrawals, a new and previously unknown person directing the account, or confusion about transactions the customer didn't seem to initiate.

These schemes frequently route through money mules and remittances, linking consumer fraud straight back to the laundering typologies you've already learned. FinCEN's elder exploitation advisory asks institutions to use a specific indicator when filing, and to watch for an older customer who appears alongside a new associate during transactions, who is suddenly isolated from longtime relatives, or who is wiring money abroad to someone they have never met. Frontline staff noticing confusion or distress is often the earliest and most reliable warning the wider system gets.

Defenses and recap

  • Layered fraud detection and behavioral analytics
  • Customer education and friction at the right moments
  • File SARs on fraud, mule activity, and exploitation
  • Recap: schemes, identity crime, elder abuse

The defense is layered. Behavioral analytics that learn a customer's normal pattern can flag the abnormal login, device, or payment. Well-placed friction, a confirmation step or a brief hold on a high-risk transfer, stops many scams without crippling good customers.

And customer education closes the social-engineering gap. Crucially, institutions don't just block fraud; they report it, filing suspicious activity reports on fraud schemes, mule accounts, and elder exploitation so the wider system can act. So, recap: payment fraud and account takeover, traditional versus synthetic identity, and elder financial exploitation, each with telltale red flags and a reporting duty.

Carry one principle into the exam: the strongest programs blend technology, behavioral analytics and device signals, with human-facing measures, staff training and customer education, because social engineering targets people, and no algorithm alone closes that gap. And never forget the reporting leg, a blocked transaction that goes unreported still leaves the network blind. With fraud covered, we move to bribery and corruption.

Test yourself first.

Sources

  • FinCEN advisories on elder financial exploitation (FIN-2022-A002) and on identity theft/synthetic identity
  • FTC consumer-fraud guidance
  • FATF
  • ACFCS CFCS content areas

Test your knowledge

A few CFCS questions on this material — pick an answer to see the explanation.

  1. Q1. A UK-listed company's foreign subsidiary pays a bribe to win a government contract. Senior management in London claims it had no knowledge. Under the UK Bribery Act, what is the company's exposure and its only complete defence?

  2. Q2. A procurement manager at a private company accepts a luxury holiday from a supplier in exchange for steering a contract to that supplier. No government official is involved. Does this fall within the UK Bribery Act?

  3. Q3. The OECD Anti-Bribery Convention obligates signatory countries to criminalize bribing foreign officials. What enforcement mechanism gives the treaty its practical pressure?

  4. Q4. What distinguishes a politically exposed person (PEP) from an ordinary customer, and what does FATF require institutions to apply?

Ready to practice?

Put this lesson to work on real CFCS questions.

Drill the full CFCS bank →