Why an Identity-Based Solution is Critical to Mitigate Bank Fraud

Cheat sheet: Even with the number and frequency of fraud attempts falling in 2023 compared to 2022, fraud remains a top risk for banks in the U.S. and U.K — and trends show that both fraudulent attempts and attacks are becoming increasingly sophisticated. Many decisionmakers are opting to focus their sights from transaction-centric to identity-centric prevention models.

The report: State of Fraud 2024 [January 2024]

Source: Alloy

Executive Summary

In its 2024 U.S. State of Fraud Benchmark Report, Alloy surveyed 450 decision makers (250 in the U.S. and 200 in the U.K.) working in fraud-related roles at banks and fintechs. Respondents said fraud remained a top risk for banks in 2023, reporting an increase in both attempts and successful fraudulent attacks. A quarter of respondents reported losing over $1 million to fraud in 2023.

Alloy found some commonalities across the U.S. and U.K. Most fraud happens via internet-based platforms such as online and mobile channels, with “bust-out fraud” and authorized push payment (APP) being both the most prevalent types of fraud and responsible for the greatest financial losses.

Nearly all respondents experienced some fraud in 2023, but the number and frequency of fraud attempts occurred at a lower rate than in 2022. And while respondents experienced a decrease in financial setbacks, they also recovered fewer financial losses compared to 2022. A greater number of organizations seek outside help for fraud prevention. Half said they allocated funds to third-party providers a significant uptick from 2022 — and most banks and fintechs say they plan to invest in an identity solution to combat fraud in the next 12 months.

As banks and fintechs enter 2024, the increasing sophistication of fraud attacks is their foremost concern. This underscores the importance of shifting from transaction-centric to identity-centric fraud prevention models that increase the focus on identifying fraud at onboarding. Institutions must remember that there is always a person behind the fraudulent actions, and when they can identify the person, they can stop fraud much faster.”

Key Takeaways

 

  • Half of all respondents lost $500,000 or more to fraud in 2023. However, that portion rose to 8 in 10 for credit unions and community banks
  • 57% experienced an increase in fraud affecting both consumer and business accounts
  • 50% reported catching fraud, most commonly in real-time
  • Nearly 90% of credit unions and community banks say they are likely to invest in an identity risk solution, while 55% are likely to invest in biometric solutions.

What we liked: Alloy’s report stems from a comprehensive survey on the origins and costs of fraud — and what financial institutions are doing about it. There’s excellent insight into fraud attacks and how banks and credit unions can mitigate the risks.

What we didn’t: There’s almost too much data, which buries the most important findings and can confuse readers in some areas. Breaking up the findings by the United States and the United Kingdom also adds complexity.

Read more on the AI Arms Race: Banks and Fraudsters Battle for the Upper Hand

The State of Fraud

Frequency of fraud attempts and attacks is increasing, but at a slower pace: Nine in ten respondents experienced increased fraud attacks last year. However, the increase slowed in 2023, and some sectors (enterprise fintechs and mid-market banks) even experienced a decrease in attempted fraud attacks.

It’s worth noting that some sectors experienced a decrease in attempted fraud attacks. For example, enterprise fintechs and mid-market banks were more likely to say that fraud decreased across consumer and business accounts. Additionally, while nearly all respondents experienced some fraud in 2023, they reported slightly fewer instances than the previous year. Roughly 35% experienced a thousand or more fraud attempts in 2023, down from 47% in 2022.

chart showing the year over year charges in attempted fraud

Targets and types of fraud: At banks, most fraud occurs in the mobile (41%) and online (21%) channels. However, fintechs experienced a significantly higher portion of attacks targeting contact centers and customer service than banks at 25% compared to only 7%. Bust-out fraud and authorized push payment fraud were the most common, constituting about a fifth of fraud attacks. Alloy noted the types of fraud that occur most often are also the ones that tend to cause the most financial damage. One exception is identity fraud, which caused an outsized portion of financial damages relative to its volume.

Attacks are becoming more sophisticated: The largest portion of respondents — about 20% — said increasingly sophisticated fraud attacks are the leading cause of attempted fraud in their organization. Other common reasons for attempts include new product launches (16%), the holiday season (14%), and shortcomings in the fraud tech stack (14%).

Catching Fraud

Financial institutions rely on a variety of reviews and tools to identify and catch fraudsters.

Manual fraud reviews: Fewer companies relied on manual reviews in 2023, with nearly half (48%) reporting a decrease in manual reviews due to investments in fraud prevention tools.

Catching fraudsters: The most common red flag for fraud transactions remains a “dramatic increase in volume of transactions in a short period of time” (39%). Approximately a quarter of respondents indicated applications with inconsistent PII, while 18% noted inconsistent user behavior or device characteristics as the most common flag.

chart showing the most common flags when attempted fraud occurs

Dig deeper:

Fraud detection and prevention: Organizations primarily rely on real-time transaction monitoring to catch most fraud attempts. Half said they most commonly detect fraud in real-time, while 33% said they detect fraud during onboarding.

However, less than half of respondents claimed to conduct real-time interdictions on applications, demonstrating a need for stronger investments in robust fraud prevention solutions that leverage capabilities of real-time interdiction so more fraud can be stopped at the origin. Less than a fifth said they detected fraud after the transaction occurred. To prevent fraud before it occurs, 66% rely on two-factor authentication, while slightly more than half rely on phone verification, document verification, and physical biometrics.

“Institutions must remember that there is always a person behind the fraudulent actions, and when they can identify the person, they can stop fraud much faster.

Step-up authentication: Upon identifying an anomaly or risk, half or more say they rely on step-up authentication through phone, selfie, liveness test, document verification, or knowledge-based authentication (KBA). While use of KBA has increased considerably, it is often less effective against sophisticated attacks, as fraudsters can often find answers through simple internet searches.

Confidence to handle threats: While nearly all (96%) of organizations believe they can handle increasing fraud threats, 60% of those only “somewhat agree,” indicating that their organization still has room to improve its fraud management practices. The survey also found that the more senior a role respondents held, the less likely they strongly agreed that the organization was prepared to handle threats.

The Challenges and Cost of Fraud

Challenges in identifying fraud: To mitigate fraud, banks and fintechs must be able to identify the type of fraud and methodology. However, many financial institutions struggle to do so, meaning instances of fraud are likely being underreported. One such area is synthetic fraud, where stolen information is used over three to five years to build credit histories before applying for accounts.

Slightly more than half (56%) of respondents reported losing more than 500,000 EUR/USD to fraud in the past 12 months, while 25% lost more than one million EUR/USD. Not surprisingly, smaller institutions with less security suffer greater losses — approximately 80% of community banks and credit unions reported more than $500,000 in direct fraud losses.

“As banks and fintechs enter 2024, the increasing sophistication of fraud attacks is their foremost concern. This underscores the importance of shifting from transaction-centric to identity-centric fraud prevention models that increase the focus on identifying fraud at onboarding. “

Additionally, while overall losses have declined, banks, fintechs, and credit unions were less successful at recovering funds than last year. Only a third (32%) said they could recover half of their fraud losses, a drop from 66% in 2022. Additionally, not all costs are treated equally. For example, while direct financial losses were the most consequential, respondents also indicated loss due to goodwill credit, legal repercussions and loss of clients.

The costs of fraud prevention: When it comes to solving fraud, companies appear to be getting more comfortable outsourcing fraud prevention and reallocating their internal resources. Only 37% of respondents said more than half of their development teams are focused on fraud-related activities. Additionally, U.S. financial institutions continue to view fraud prevention as a worthwhile investment, with more than half saying they spent more than $500,000 on fraud prevention in the past twelve months.

Looking ahead: Three-fourths of respondents are looking to invest in an identity risk solution in the next 12 months, while approximately half are looking to invest in voice, facial, and fingerprint recognition, document verification, or anti-scam education.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.