Financial crime is a constant worry for banks and other financial institutions (FIs), with fraudsters leveraging a number of different schemes to abscond with bank customers’ money and personal data. A recent study from the American Bankers Association (ABA) found that losses from fraud attempts against bank deposit accounts totaled $25.1 billion in 2018, a jump from the $19.1 billion lost in 2016. Fraudsters often work together on these schemes, participating in organized cybercrime rings where they can buy and sell fake identities and swap trade secrets and tactics.
The good news is that banks are collaborating with FinTechs, industry associations and a host of other partners in the mission to stop fraud. The growing threat of organized fraud has made FIs much more willing to cooperate than they were just a few years ago, according to Chris Tremont, executive vice president of virtual banking at Radius Bank.
“Historically, banks have been fairly close-lipped about [fraud],” he said in a recent interview with PYMNTS. “It’s not talked about very regularly. But there are probably more learnings that could be had if banks were willing to talk about what they’re seeing and cooperate a little bit better."
This cooperation could come in many different forms, according to Tremont, including sharing data for customer authentication. All of it is necessary, though, to help curb the rising tide of organized fraud that threatens the entire financial industry.
Fraudsters Go Phishing Together
Banks like Radius often face a wide array of fraud threats against their digital banking systems, with fraudsters working in concert with one another to exact their schemes. One particularly prevalent threat is phishing, according to Tremont, which sees fraudsters impersonating banks in text messages or emails to trick consumers into handing over personal data.
“It’s an attempt to steal credentials like usernames and passwords so [the fraudsters] are able to log into people’s accounts and move funds out,” he explained. “Sometimes it’s about just getting access to the data — like people’s personal, private information, name or Social Security number — so they can perpetrate fraud down the road.”
Fraudsters often do not leverage this information themselves, but instead sell or trade it to other fraudsters on dark web marketplaces. This data is often used to stage account takeovers (ATOs), in which bad actors gain access to customers’ accounts for nefarious purposes. Detecting and preventing the movement of money through these ATOs is difficult for banks, according to Tremont, as consumer protection laws often prevent FIs from stopping transactions before the money is lost.
“When the money moves, there [are] a lot of protections for consumers that prevent the bank from pulling the funds back, so the bank is left holding the bag,” he explained. “Due to those policies, the funds are made available before we’re even able to account for it.”
No single FI can possibly track and develop preventions for every type of fraud that bad actors attempt. Instead, banks must work together, just as the fraudsters do, to share collective intelligence and develop joint solutions for financial crime prevention.
The key to preventing fraudsters from taking over customer accounts through phishing is ironclad authentication, according to Tremont. Passwords alone are useless if banks do not require additional verification data to stop the fraudsters dead in their tracks.
“It’s all about who you let in the front door,” he said. “We spend a lot of time on the upfront onboarding of new accounts, and we’re using a number of sources behind the scenes, including device checks and a bank history check.”
This bank history check cross-references hundreds of different data points that have been gathered throughout the customer’s entire financial history. Accessing this data is impossible for any bank to do on its own, which is where the teamwork of other banks and companies comes into play. Radius Bank, for example, partners with Experian and Equifax to gather this data.
This collective intelligence sharing is useful for forward-thinking fraud prevention as well. Banks, FinTechs and technology providers often share data based on emerging fraud trends, allowing all members of the partnership to develop prevention solutions before they are needed.
“Some of the [partners] that we work with help us change our scoring or things that we should be looking at based on forward-looking data or more recent data, rather than relying on a model they set up a year ago,” Tremont explained.
This affability among banks is a relatively recent development, he said, with banks often having been reticent about their fraud prevention efforts in the past. The advent of digital banking and the wave of new fraud techniques forced them to change their tune.
“What’s changed is the realization that digital banking is not just a fad, but it’s where most consumers and small businesses are living today, and there’s more fraud prevalent than what we used to experience,” he said. “We’re stronger as a group than we are as individuals. That sort of mentality is starting to seep into many different banks, and people are more willing to talk about what’s going on.”
Continuing this cooperation into the future will be critical for banks to counter the multitude of fraud techniques that bad actors deploy. Financial crime may never be stopped entirely, but standing together gives banks a fighting chance at reducing its impact.