Deep Dive: How FIs Are Confronting Data Lag, Inadequacies In The Face Of Sophisticated Fraudsters

Financial fraud costs businesses an estimated $1.45 trillion, and it resulted in almost half of global organizations noting they were victims of fraud in 2018.

Bad actors are constantly working to find online systems’ loopholes or weaknesses — a growing problem as such platforms enhance their operations to provide legitimate customers with more seamless experiences.

Banks are used to innovating their fraud approaches annually to respond to bad actors using new tactics or upgraded tools, with one report finding that financial institutions (FIs) and businesses saw 30 distinct fraud attacks every hour in 2019, for example. FIs may be used to fighting these battles, but protecting their platforms on all fronts is growing more difficult as open banking takes shape in Australia, the European Union and the U.S.

Open banking ecosystems connect FIs and third-party companies through application programming interface (API)-based platforms, allowing them to more easily pass data to each other. This has the unfortunate side effect of enabling opportunistic fraudsters to more easily swipe that data if they gain access, however.

Open banking’s rise also means it can be difficult to stop fraudsters from jumping from a relatively unguarded platform, like a retailer’s website, to one that stores more personal information, such as that of an FI or payment processor. This is because fraudsters can use a few stolen details to make an account on one site, then use their tools to follow any payments they make back to payment processors and banks that are interconnected on the open banking platforms.

Fraudsters can also carefully hoard a cache of stolen bank account data, credit and debit card information, Social Security numbers and other details to impersonate legitimate customers, using these details outright or cobbling them together to perpetrate identity theft, new account fraud and gain entry to other platforms. One recent breach at U.S. gas station brand Wawa led to 30 million payment card details being posted on an online card theft forum, for example, all of which can be purchased and used to carry out more schemes.

Sharing information is critical for interconnected FIs because it allows them to access lists of data that may have been stolen or compromised, and they thus do not have to rely solely on their own anti-fraud measures to stop bad actors. It is important to make sure data has been comprehensively verified as well, meaning banks must employ advanced tools like artificial intelligence (AI) and machine learning (ML) to rapidly wade through it and isolate potential fraud patterns. This will allow them to gain holistic views of their new and existing customers to better protect against cybercriminals.

There is not one technology that fits every use case, though, and FIs must adapt how they view and verify data to stay ahead of flexible fraudsters who employ tools to more easily impersonate legitimate customers. This includes exploring emerging anti-fraud solutions and the challenges arising in this space as fraud grows more complex.

AI and its Role in Data Verification

Sophisticated automated tools have grown increasingly crucial to protecting banking operations as the number of fraud events using stolen or falsified information grows. FIs are exploring both AI and ML to protect daily transactions — often made in near real time — across multiple markets and networks in quantities that would likely be impossible for human employees to validate without the help of automation. Automated tools can recognize data patterns much more quickly than humans and alert employees to potential fraud.

Failing to catch fraud often has disastrous short- and long-term consequences for FIs, too. Regulators in the U.K. and the U.S. issued a collective $8.14 billion in fines related to money laundering mishaps in 2019, for example, including penalties levied against South African bank Standard Chartered for poor money laundering controls. These fines resulted in more than financial impacts for many of the affected banks — some saw legitimate customers switch to competitors rather than risk their data falling into bad actors’ hands.

Many banks are employing AI- and ML-powered systems to protect against such costs and funds being outright stolen or misappropriated by fraudsters. Technology is only as good as the data it is allowed to access, however. Developing AI-driven tools that approach data and verification in new ways are thus essential. Many banks use AI to double-check consumers’ credentials on the back end, but this has security drawbacks when the algorithms can access only outdated or weakly verified information, such as when accounts are created and customer information is seen for the first time. FIs must thus reconsider how they employ AI to protect against new account fraud or high-risk transactions.

JPMorgan Chase & Co. is one FI using AI and deep learning to detect phishing, malware and trojan software, tactics upon which fraudsters rely to collect more sensitive information once they gain entry into banking systems. Two European banks, HSBC and Danske Bank, have each partnered with third-party firms to enhance how they isolate suspicious transactions. The latter tackled the cost-intensive problem of investigating flagged transactions that turned out to be legitimate, which ties up resources that could otherwise be used to check for fraudulent transactions.

Danske Bank’s previous fraud detection system allegedly generated 1,200 false positives per day before automated technologies were developed to wade through the data.

AI and ML technologies may be cutting down on the time and manpower it takes to identify fraud attempts amid numerous transactions, but these technologies are not yet affordable for many smaller banks. The costs of implementing them are therefore proving prohibitive for smaller FinTechs or less-established FIs.

Interconnectivity, Data and Fraud

Cost represents FIs’ second fraud-related problem. This is particularly true in Europe, where FinTechs, third parties and smaller banks now have the right to access previously siloed banking data from larger FIs under the revised Payment Services Directive (PSD2). These smaller banks often lack larger FIs’ investment capacities, meaning their fraud prevention efforts may also be less robust.

Fraud losses often affect smaller banks or credit unions at harsher rates, too, costing them between 4.5 percent and 5.8 percent of their revenues on average, according to a 2019 survey. This compares to a 2.9 percent average loss for larger institutions, with the report citing smaller entities’ lower technological investments as part of the reason for the gap. Outdated or weak technology can lead to fraudsters slipping onto smaller banks’ platforms through API and open banking technology connections and into established FIs’ larger information caches.

Tackling this issue will be the next critical stage of the open banking era. Banks and third parties with less stringent fraud prevention tools can leave doors open for fraudsters looking for more protected information, making the question less about how information can be protected or verified on one platform and more about how fraudsters enter these platforms in the first place.

AI and ML are also useful tools in this area, highlighting suspicious patterns or knowledge gaps when consumers are filling out new account applications, automatically stalling transactions that raise red flags and verifying data to establish consumers’ digital identities. Such steps are critical in fraud prevention, but these tools cannot be everywhere at once.

Data is therefore the most essential factor FIs must consider when protecting against fraud. Banks must use AI to comb robust data caches and authenticate new customers, then rely on behavioral characteristics such as geo-location, typing patterns and internal fraud controls to continuously verify existing users and keep bad actors from successfully completing transactions. Accurate information and how it is categorized are critical for these entities and will remain important for the foreseeable future.

Banks will need to keep adjusting how they use automated technologies like AI and ML to make sure they are staying on top of fraud prevention trends.