As banks fight fraud, they must balance trust and verification

“Trust, but verify” is a well-known warning in business. It’s a phrase that could fit just as well within the fraud prevention efforts of banks as they strive to strike a balance between trust—providing account holders with a satisfactory user experience—and verification—protecting users and themselves from financial fraudsters. Given the ongoing global criminal interest in sophisticated financial fraud, banks will constantly be requiring new layers and levels of digital security.  

Following are key questions for banks to consider when navigating their fraud prevention efforts. 

What areas are being targeted with fraud right now?  

The 2023 AFP Payments Fraud and Control Survey by J.P. Morgan revealed that 65% of organizations were victims of payment fraud attacks or attempts last year. Payment fraud is expected to continue increasing and is projected to cost $40.62 billion in 2027. 

A top driver of fraudulent payment attacks is account takeover (ATO). Meanwhile, check fraud continues to be an issue for many institutions and is cited as the payment method most vulnerable to fraud. Additionally, instant payment solutions such as Zelle, FedNow and RTP (Real-Time Payments) are gaining attention. These payment rails are convenient for end-users, but also for fraudsters. From a digital perspective, imposter fraud scams are skyrocketing, according to the Federal Trade Commission. They often start with a fraudster impersonating a consumer or business by using stolen identities to open a new account at a bank or by gaining credential access and posing as the user in the digital banking environment.  

It is imperative for financial institutions to have a layered approach to security and fraud prevention with tools like behavioral biometrics and transaction anomaly detection. It’s equally as important for banks to be prepared with guidance to minimize the impact of fraud, as they are most often the first call a business or consumer makes when fraud occurs.  

Where is the financial industry headed in terms of fraud prevention? 

Fundamentally, fraud prevention is a delicate balance between protection and the user experience. As fraud and data breaches become more prevalent in our everyday lives, banks should not be afraid to tilt their trust/verify stance to the security side. However, banks need to be sure that the added security does not create unnecessary friction in the user’s experience, as account holders still demand 24/7 access to their funds and the ability to transfer payments instantly, while also trusting their information and accounts are safe. 

Post-pandemic fraud has evolved into a large-scale business. Fraud cost American consumers $8.8 billion in 2022, according to the Federal Trade Commission, up 44% from 2021. Well-funded, widespread networks are being deployed on an ongoing basis to conduct fraud, and their organizers are willing to spend money to make money, as if they’re a legitimate business. This makes the fraud attacks more patient and complex.  

Data breaches in seemingly unrelated industries, such as healthcare, are fuel for financial fraud, as they give these fraud networks information for engaging in pervasive social engineering attacks.  

Where is technology innovation heading in terms of fraud prevention?  

Artificial intelligence (AI) is going to increase the intensity and depth of attacks, such as by using deep fakes (digitally generated imagery, audio and video) to attempt to gain account access. Conversely, AI will also be deployed by vendors who serve to protect financial institutions and their end users.  

Unfortunately, an increase of widespread data breaches across the tech industry, coupled with the fact that most Americans use weak passwords across multiple accounts, creates ongoing password-based security risk. Fortunately, there is increasing interest in fintechs to improve and adopt password-less and biometric identity management solutions, which the industry believes will offer greater digital security.  

Criminals will be quick to experiment with nascent technologies, such as AI, deep fakes and botnets (automated mass attacks), for their attempted fraud efforts. Financial institutions need to defensively match all new offensive criminal strategies and tactics by staying knowledgeable on current fraud patterns, educating account holders and partnering with technology providers that can outmaneuver them.  

What actions should financial institutions take to protect against fraud, not only for themselves but for account holders? 

It starts by taking a layered approach to fraud prevention. At a high level are layers of fraud protection based on elements such as transactions (“Does this transaction look normal?”), authenticity (“Are they behaving like a bot or a human?”) and identity (“Is this person who they say they are?”). The layered approach should also include education and account activity alerts.  

Financial institutions should critically engage and educate account holders, who are often the best line of defense for their own money. Setting up alerts for each instance of money movement or each time someone uses banking credentials can combat fraudulent activity. 

Financial institutions also need to educate and train their staff on evolving fraud threats and patterns across the spectrum of the business.  

What is the ideal layered approach to security for banks? 

Safeguard your financial institution with a system built to uncover threat intelligence and detect and mitigate phishing, pharming and malware attacks.  

Financial institutions must have a multi-layered security approach that defends users, financial institutions and the technology infrastructure. A truly prepared bank will also extend protections beyond retail accounts into business banking by meeting Federal Financial Institutions Examination Council (FFIEC) compliance objectives. Through optimized treasury management solutions, banks can prevent stolen funds resulting from account takeover, unauthorized transaction changes and fraudulent checks. Transactions should be automatically flagged and businesses should be notified in seconds when anomalies are detected.  

What does a best-in-class, multi-layered security approach include for 2024?  

» ACH and check positive pay  

» Merchant card fraud detection  

» Behavioral biometrics  

» Transaction anomaly detection 

» Suspicious digital banking activity pattern detection  

» Two-factor authentication or one-time passcodes  

» Dark web monitoring and real-time alerts  

The first call a business or consumer makes when fraud occurs is to their financial institution. The fraud that happened yesterday to a local big box retailer is potentially coming for a financial institution tomorrow. In addition to financial losses, instances of fraud can generate negative publicity and tarnish a financial institution’s reputation, which can be detrimental to its success.  

Banks should make sure their branch and call center staff understand new means of fraud and how to spot it to maintain a comprehensive fraud detection system. 2024 is the year that audio, video and photo evidence cease to be trustworthy on their own. 

Jeff Chen is Vice President of Product Management at Alkami. 

A version of this article appeared in the January BAI Executive Report “Safeguarding Against Fraud.” Read more on fraud-prevention best practices there.