Financial institutions (FIs) often shut down accounts at the first sign of fraud, but this blanket approach can alienate legitimate users and let stealthier cybercriminals slip through the cracks. In the latest Preventing Financial Crimes Playbook, PYMNTS spoke with an FBI spokesperson to examine why FIs should pay attention to users’ online cookies and other unique indicators to protect against financial crime in the digital age.
Fraudsters are constantly adjusting where and how they attack digital entities and retooling strategies to circumvent the financial regulations designed to keep them in check.
Cybercriminals are leveraging a growing variety of emerging technologies to launder funds or skim data, and banks or other entities tasked with guarding against such schemes have not yet strengthened their fraud responses to match this type of complexity. Most banks still have a “shoot first, ask questions later” response to fraud, according to an FBI spokesperson. Financial institutions’ (FIs’) fraud responses have not evolved to the point where they can easily distinguish between fraudsters and legitimate users, so they will simply shut down accounts at the first sign of risk, she explained in an interview with PYMNTS.
“We have been fighting with a lot of banks because what they do … what they are doing is punishing everybody,” the spokesperson said. “They are punishing you [as a consumer] by shutting your account down and basically making your life very difficult.”
This type of fraud response not only may strain relationships between FIs and their customers but can also fail to protect against online fraud as the scams, technologies and tactics fraudsters are using to conduct money laundering or other forms of white-collar crime become more complex. Staving off bad actors armed with stolen credentials who can mimic legitimate businesses or consumers should therefore be top priority for FIs.
Defending Against Digital-First Financial Crime
Halting online cybercrime is becoming increasingly difficult for FIs and digital businesses because cybercriminals have become increasingly adept at tricking financial entities or other online companies into believing they are legitimate users. These bad actors tap previously stolen data — everything from consumers’ personal details to the cookies stored on individuals’ computers — to mimic consumers’ online presence almost exactly, the spokesperson explained.
“What [fraudsters] will do is they will send you something via your phone or your email and they will collect your cookies, and they will use those cookies, and then the bank cannot detect that they are not you,” said the spokesperson. “But this is where I feel like the bank needs to be a little bit more … they need to be more understanding toward the customer, instead of [saying] ‘Oh, we will just shut everything down. The reason they cannot do that is the criminals are literally cloning who you are right down to a tee — you would not know if it was me or if it was Joe down the street.”
Paying close attention to cookies and other online indicators — data that many banks have but typically fail to include as part of the way they determine users’ legitimacy — is one way banks can better protect against these emerging forms of cybercrime, she noted.
“I basically would tell banks to look at the pattern and the history and [at] whether it is acceptable [for customers] to buy $60 worth of dog food if they never had that anywhere on their [bank statement],” the spokesperson said. “I think most banks … are just trying to do damage control, and damage control to them is shut everything down and maybe later we will readdress the situation.”
Developing the ability to determine risk and apply account shutdowns more selectively — to isolate and barricade only fraudsters — should therefore be a focus for FIs in the coming years. This requires banks to reconsider their overall financial crime and protection strategies, however.
The Human Element
One way banks could potentially gain an advantage over fraudsters is by pairing robust fraud protection technologies, including watchlist screening or anti-money laundering (AML) solutions designed to filter out such fraud, with trained teams of human analysts that may at times be more discerning than computer algorithms.
“Private banks, they have no qualm to whether … they keep you as a client or not,” the spokesperson said. “But I feel like there needs to be a huge revamp. Most banks need to start looking [at or] hiring not necessarily a fraud team, but … a team that looks and identifies, ‘Oh, this is not right.’ Most banks use a computer algorithm, and that computer algorithm decides whether something is fraud or not. And I feel like that has clouded any human regard to what is OK and what is not OK.”
Cybercrime is likely to become more dangerous as the online banking and commerce world becomes broader and more complex. Pairing watchlist screening or AML solutions with the trained human eye will allow banks to prep their fraud and financial crime prevention approaches accordingly.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More