Fight fraud on all fronts: Check protections to cloud-based solutions

Key takeaways:

FIs can’t sleep on check fraud. Financial institutions on the whole shifted resources to digital channels and instant payments, including related fraud vigilance. Both large and small FIs have let down their guard when it comes to check fraud, which is impacting commercial and individual customers.

Enlist help from the cloud. On-premise fraud monitoring has given way to smarter solutions such as cloud-based anti-fraud tools. This allows financial institutions of all sizes to economically scale their fraud fight at an appropriate rate, adapting to faster changing fraud violations across banking channels.

Share industry impacting fraud trends. Financial institutions face a big challenge in deciding to share anti-fraud data or use it to their competitive advantage. There is a legal quandary of overexposure. Rather, FIs should approach the challenge as a trusted risk network. This means that fraud patterns are shared, not a single event or a single account’s data.

Transcript:

Rachel Koning Beals: Brian Keefe is senior pre-sales consultant and a fraud expert at NICE Actimize. He joins me on the BAI Banking Strategies Podcast to tell us why check fraud still has an impact on banking today, and how financial institutions can best allocate resources when fighting fraud of all types. Plus, we ask Brian that big question, should our industry share anti-fraud efforts as a united front or promote individual fraud defenses as a competitive advantage?

Now, let’s go deeper.

From reviving anti-check fraud efforts to engaging the cloud in that fight, the war against financial crime demands a lot from financial institutions. I’m Rachel Koning Beals, senior editor at BAI, and this is the BAI Banking Strategies Podcast. I’m joined by Brian Keefe of NICE Actimize. We’re going to talk check fraud today. Brian, thanks so much for joining us.

Brian Keefe: Thanks for having me. I’m excited for our conversation today.

Rachel Koning Beals: It’s the digital age of banking for all intents and purposes, but there’s a real issue that has grown and that is check fraud. Set the scene for us. Why has there been such a proliferation of check fraud?

Brian Keefe: Great question. So I think we start off with the introduction of the digital world, the use of real-time payments, whether it be a Zelle payment or the other instant payments methods that are out there today that institutions are now adopting and believe are going to be mainstream. Not so much forgetting about check fraud, but maybe putting less resources in the monitoring of that. And it’s sort of come, I won’t say full circle, but the emphasis has been brought back to check fraud in ways to more accurately monitor [check fraud], than [previously] thinking that is a way of the past. Because we still see with the check fraud today, whether it be from a commercial perspective or an individual perspective, has come full circle and really wreaked havoc on a lot of institutions, large and small.

Rachel Koning Beals: Can you talk a little bit about what the prevalent types of check fraud are? It starts even with outright mail theft, right?

Brian Keefe: Yes, absolutely. There are many different avenues that fraudsters are utilizing to gain access to a check to utilize it in their nefarious methods. It could be, we see and hear, reports from the blue boxes that the USPS utilizes for daily mail delivery. We even see those brazen fraudsters going up to the mailboxes of individual businesses or residences to obtain those checks that are going to be mailed out or that were mailed to [those addresses]. So that’s the initial beginning, and then we see the check fraud comes after the receipt of it, whether it be counterfeiting of a check, altering of a check, the washing or kiting of a check. So there’s many different areas. It starts, it transitions from there, and then you work with the introduction of that fraudulent item into the financial institutions and the fraudsters are finding ways with the institutions that maybe don’t have as robust of a monitoring solution, maybe to look at the watermarking or the signatures or other various indicators on a check to indicate that it is fraudulent in nature and not a legitimate check that the customer would either send out or receive from somebody.

Rachel Koning Beals: I’m imagining fraud departments, chief risk officers, the technology departments, they’re faced with dealing with bad actors, both at the low technology end of the spectrum and the high technology end of the spectrum. That’s a lot to deal with as far as allocating resources, especially for smaller institutions. Do you have any advice, any best practices? Where should decision-makers even begin to imagine where to spread these resources when it comes to fighting fraud?

Brian Keefe: We know with institutions large and small, they have a set budget for monitoring, whether it be the BSA (Bank Secrecy Act officer) or the fraud side, and they’re always toying with, How much do I spend on this compared to what the return on investment it is? We hear a lot of conversations around singular fraud events, a singular check maybe that was cashed for $5,000, $10,000, maybe even in excess of that, we hear $100,000. You can figure the impact that would have on a smaller institution, and for many of them it would cripple them being required to reimburse the client for those funds. So you’ve got to kind of take in context the fact that one singular event could be detrimental to an institution [and then think about whether] resources were allocated at a fraction of that loss to thwart off or to better monitor for those sort of activities. I think that’s where the institutions really need to put their mindset and then understanding, I may spend hypothetically $50,000 on a solution, which seems a lot, but coming up against an equal or larger loss that may have been detected by a solution. That’s where I think their resources and mindset needs to be.

Rachel Koning Beals: Are there any tech solutions, anything at that end of resource allocation to really scale these efforts to thwart these fraudsters?

Brian Keefe: Yeah, I think in the same regard as the offering of real-time payments, the digital world, the monitoring solutions today have gone away from on-premise installations of those solutions and drawn it over to the cloud. We know the cloud is ever expandable. So initially, the cloud would allow the institution not to have to rely on their IT teams because the smaller FIs and even the medium-sized FIs may not have a robust IT team to manage the blade servers and the other facets of what a solution would require. The cloud allows them that flexibility to put it into that environment to scale at an appropriate rate, as well as incorporating in maybe new products or new features without needing to get access to an institution and schedule with their IT teams and security teams. So there’s a lot of flexibility available when a solution is offered in the cloud. And speed-wise as well. It allows them to incorporate in respective channels, whether it be the RTP, the FedNow … a little more efficiently, effectively and work in lightning speed to be able to monitor those transactions in real time.

Rachel Koning Beals: So we talked there a little bit about some financial risk. There’s certainly reputational risk with fraud. What about regulatory risk? That environment seems to be changing potentially when it comes to fraud.

Brian Keefe: Yeah, you bring up some great points. You talked about the financial damage that an institution would incur with even a single loss and multiple losses. The reputational where you have those clients who were contemplating doing business with your institution may have lost faith based on one or multiple events, but then you bring in the regulatory scrutiny, the regulatory penalties that may be attributed to a fraudulent event if it was something the regulators deemed could have been identified and thwarted if you had appropriate measures in place.

It’s always ever-changing, especially in the RTP (real-time payments space) and now with checks as well, bringing in more culpability on the institutions themselves if they’re found to be at fault. So taking the burden and the liability away from the customers and laying more of it on the institutions, even though that may be a shared liability from the receiving or sending FIs, it’s still something that institutions need to consider each and every day with the change in the scrutiny that’s out there.

Rachel Koning Beals: Here’s a question I think we all grapple with a little bit. It’s almost an existential question. Fraud is huge. It’s expensive. There’s scope for shared intelligence gathering when it comes to fraud. If there’s a violation at one FI, could that alert be shared broadly and potentially prevent spread, contagion, or should FIs keep their fraud protection a little closer in house and maintain a competitive advantage? So to share intelligence for the greater good or keep your fraud fight in-house for competitive advantage? I can see that going both ways. From your vantage point, what are some thoughts? I know it’s a tough question.

Brian Keefe: Yeah, it is a great question. It’s something that is talked about every day at the water coolers or within board meetings, Do we share this information with other FIs that may experience the same fraud that we have? There are a few different ways you can approach that. Certainly with sharing information cross-institution has its risk of overexposure, which would then put the institutions in a financial quandary, or I should say legal quandary. But then there’s also the thought process of looking at it from what we call a trusted risk network, where it’s looking at a pattern, not so much to a singular client, but a pattern overall from various FIs. So I think it could be either way. We look at it from the pattern perspective of identifying a pattern that isn’t unique to a specific FI or a specific customer, but maybe something that is broader in a sense to give them that ability to still monitor for that particular event, but not as associated to a singular account or individual.

Rachel Koning Beals: What’s next in the fraud fight, Brian, from your perspective? Real-time transactions, which also invite real-time fraud, may be top of mind, but what else?

Brian Keefe: Even though we’re speaking of fraud on the check perspective, which in people’s minds it’s probably the snail version of a transaction, but looking at it from the perspective of, Where can this sort of information and intelligence be utilized in the front lines? Real-time is a concern across the board for I think many institutions … getting to that ability to monitor and detect at the moment that a transaction happens. Because especially in the RTP world and the digital world, once a transaction is confirmed, the money is out the door and it’s tough to get it back. Fraudsters work in many different arenas. They have extremely sophisticated technology to move money around at a blink of an eye. So as it transitions from one institution to another, it’s tough to get a handle and hold it with the real-time capabilities to be able to monitor that sort of activity and interdict on it. That is, I think, a conversation we’re hearing more and more again at the water coolers and from prospects as well. So real-time is a huge avenue of concern for institutions large and small.

Rachel Koning Beals: Well really thought-provoking stuff today, Brian, as always. Brian Keefe from NICE Actimize, thanks for joining us today on the BAI Banking Strategies Podcast. So glad to have you, Brian.

Brian Keefe: Thank you again for having me.