Deep Dive: Preventing Fraudsters From Exploiting FIs’ Omnichannel Blind Spots

Consumers want omnichannel banking access so they can easily switch between in-person branch visits, call center services and mobile apps as needed.

They might pop into bank branches near their offices to grab cash, for example, then use mobile apps during their subway rides home to check their account activity. Recent PYMNTS research has shown that different channels may have different strengths, finding that 92.4 percent of customers who use banking apps to check their account balances report satisfaction with the experiences while only 68.9 percent of those who used the apps to open accounts say the same.

Financial institutions (FIs) have been working to cater to customers’ expectations of flexibility, but providing more banking channels gives cybercriminals new avenues through which to launch attacks. Digital banking’s proliferation makes it more lucrative for them to perpetrate schemes like sending phishing emails from customers’ “banks” that trick victims into installing malware or handing over sensitive details. FIs therefore must ensure their omnichannel experiences are paired with comprehensive fraud-fighting approaches that counteract potential issues.

Monitoring data from all the avenues through which FIs engage with customers is critical to keeping their information safe. This month’s Deep Dive examines how fraudsters perpetrate cross-channel schemes and why FIs are using strategies like link analysis and behavioral analysis to detect and stop such crimes.

How Fraudsters Go Omnichannel

Fraud cost U.S. consumers nearly $1.5 billion in 2018, a significant jump from the $406 million it cost them in 2017. The problem will only grow, however, if FIs do not adapt their fraud-fighting efforts to suit their omnichannel offerings. They have long focused on detecting attacks that target particular products or channels, such as bad actors using stolen credit cards or data to take over online banking accounts. It is thus common for FIs to use security tools that aim at preventing one fraud type, and a recent survey found that 57 percent of companies use four to 10 anti-fraud solutions rather than one comprehensive system.

Solutions intended to catch specific fraud forms are useful, but they fall short when criminals launch attacks in one channel to power attempts in another. Fraudsters could trick victims into handing over their bank account details online by sending emails from their “banks” that prompt them to “log in.” Victims may not know they are typing on duplicate pages that only resemble the websites they normally use to log into their online banking portals, and the details they enter can then be captured by fraudsters who enter those accounts, retrieve bank card information and use the data to make purchases at eCommerce sites or for myriad other illegal activities.

This type of fraud is particularly dangerous because it can easily go undetected. FIs that monitor card usage separately from bank account activities may not perceive anything amiss because the correct card details will be entered into merchants’ online forms. Bad actors could similarly dial into call centers while pretending to be legitimate customers, then persuade staff to reveal details that can help them log into victims’ bank accounts.

FIs may be unaware that extra scrutiny is needed on affected bank accounts until something goes wrong, but strong communication about customer touchpoints between divisions could help. Those offering multiple channels need to provide all sectors with information about suspicious events to detect patterns across platforms and fully comprehend fraudsters’ schemes — or risk having bad actors take advantage of these blind spots.

Confronting Cross-Channel Fraud

FIs can stay ahead of cross-channel cybercrime by connecting the dots between suspicious activities on different platforms or customer contact points, and tools that assess patterns to determine which are outliers are core elements of strong fraud-fighting approaches. Such tools could involve using machine learning (ML)-based solutions that monitor customers’ activities across devices and with ATMs to create comprehensive pictures of their normal behaviors.

Deviations from those norms may indicate fraudsters at work, while consistency suggests low-risk interactions. Call centers notified that the customers contacting them have largely held to their known patterns can confidently bypass extra authentication steps, for example, enabling staff to provide more convenient experiences to low-risk users.

ML-enhanced solutions offer robust and rapid analysis to power these behavioral assessments. Cybersecurity professionals appear to value such tools, too, with more than half of 102 respondents in one recent survey noting that they currently use ML or artificial intelligence (AI) in their security approaches.

Intelligence gleaned from analyzing customers’ activities in each channel can be combined to provide more holistic user profiles, and centralized fraud management platforms can pull this information together. One FI reported that an omnichannel approach to assessing its riskiest digital transactions helped it detect attempted fraudulent logins 3.6 percent more often, for example, and identify 1 percent more fraudulent payment attempts overall.

FIs also use link analysis — which maps connections between account activities — to discover patterns between instances of suspicious behavior. Security teams use the technique to chart and connect customer behaviors and known fraud events, such as when customers direct purchases to shipping addresses that differ from those they typically use when purchasing online. Another red flag would occur when mobile commerce transactions are charged to payment cards that differ from those used when placing orders over the phone. Such behavioral changes could be innocuous but also might indicate criminals are sending items bought with stolen information to their own homes or using stolen cards to pay for their orders.

Viewing account holders’ activities across channels and being able to easily detect such patterns is therefore critical to revealing fraud schemes. Promptly noticing when many different customers’ accounts are logged into from the same device — which could demonstrate that a fraudster has taken over those accounts — enables FIs to act before victims and banks suffer deep losses, and stopping fraud quickly is crucial to maintaining customers’ trust and avoiding financial harm.

Omnichannel offerings’ convenience means consumers will become more interested in them over time, and they may want access to even more channels as voice assistants and other technologies gain popularity as banking methods. FIs cannot expect the fraud-fighting tools that worked in the past to keep these new models safe, though, and methods siloed by channel will leave them guessing about whether criminal schemes are underway. Cross-channel data sharing, behavioral analysis and pattern detection are thus proving key to enabling flexible, convenient omnichannel banking access.