Are High-Security Checks Worth It?

by PJ Rohall
As the world turns towards banking experiences that exist increasingly, and exclusively, on devices and computers, fraudsters are finding more digital loopholes to exploit. In 2022, 84% of all financial institutions with a revenue of $1 billion or more were targeted by fraud, and total losses to fraud across all institutions amounted to nearly $1.6 billion, according to LexisNexis.
From neobanks to legacy institutions, every financial organization has a multi-handed balancing act to guardrail their bottom lines. Preventing sophisticated banking fraud, meeting compliance standards, and staying market-competitive by providing a low-friction customer experience are all imperative, but implementing best practices across them also represents a huge cost to each bank.
In this article, we’ll look at effective ways to detect and prevent digital banking fraud without unnecessary friction.
Banking fraud detection is a set of techniques and processes designed to reduce risk. Financial institutions are some of the most targeted companies by fraudsters, due to their immediate access to funds and their ability to transfer them.
As such, banks and fintech institutions invest in robust fraud detection and prevention solutions to protect their assets, systems and customers.
Strictly speaking, fraud detection focuses on identifying fraudsters’ attempts while fraud prevention is all about preventing them, but the two are practically interchangeable in reality, as these strategies go hand in hand.
We could think of banks’ fraud challenges as mainly falling under three categories:
Part of adding new customers, digital onboarding is risky for banks, because of regulations such as KYC (know your customer) and AML (anti money laundering). These are legal requirements to confirm user identities and ensure they will not commit financial crimes.
Fraudsters use fake or synthetic IDs to fool the process and open bank accounts. Confirming IDs is expensive, with costs rising to $35.2 billion in 2020. It’s also especially difficult for neobanks and challenger banks, who need to acquire new customers fast with as little friction as possible.
Issuing banks should know when a suspicious transaction or withdrawal takes place. Spotting patterns is difficult because they have limited access to data points, only seeing the currency, amount, category, and name of the merchant.
If they try to block fraudulent payments based on these parameters, they may create high rates of false positives, which are frustrating for good cardholders. There are also legal requirements such as Strong Customer Authentication (SCA), and ensuring the source of funds is legitimate.
Account takeovers (ATOs) happen when fraudsters acquire the login details of a legitimate user. They use the account as their own, which has terrible consequences for banks’ relationship with customers, and enables several other types of fraud and crime.
This is why banks must do everything they can to protect their users’ accounts.
The wider problem, of course, is that fraud is adaptive. That is to say, fraudsters will quickly notice when their actions are blocked, and try another tactic. Thus, solutions such as AML software and KYC tools have to be versatile as well as efficient.
Although not many foresaw the industry’s growth when early entrants like Moven and Chime launched in 2007, digital banks have come a long way. This sector alone is now expected to hit $395 billion by 2026.
All thanks to their fast onboarding and complaint resolution processes.
Unfortunately, all that success isn’t unnoticed by fraudsters, who constantly try to exploit those swift processes by launching attacks.
Some scenarios you should look out for include:
This entails fraudsters opening new accounts by either impersonating legitimate customers or using stolen (or synthetic) identities to obtain credit.
For instance, Paypal is a major victim of account opening and onboarding fraud. In 2021, the company identified over 4.5 million fake accounts, which directly resulted from their incentivized customer acquisition strategy.
PayPal offered $5 or $10 to customers who signed up for PayPal or Venmo, automatically attracting fraudsters who used large-scale bot networks to visit the registration site. This is essentially very similar to bonus abuse in iGaming, another major pain point that SEON is known to help with immensely.
It’s important to note that Paypal isn’t a neobank but an e-wallet provider. But with neobank accounts holding more value than e-wallets, Paypal’s example highlights the extent of vulnerabilities all fintechs might be exposed to.
Sometimes, bad actors dupe your company by leveraging phishing and hacking to access users’ accounts. Once in the account, the scammer can spend the money within, change the credentials to lock the legitimate user out, or put the credentials up for sale on the dark web.
Account takeovers (ATOs) pose a significant risk to your digital bank. According to the Aberdeen Group, 84% of fintech companies experienced account takeovers in 2021, costing up to 8.3% of their annual revenue.
This occurs whenever fraudsters use an emulator or app cloners to make a bank transfer or top up an account. This digital bank fraudulent scheme is often put in motion in order to launder money.
Additionally, there are cases where a scammer will open a legitimate-looking account to receive deposits for promised service or product they’ll never deliver.
Learn more about risk assessment for challenger and neobanks, with a comparative list to help you choose the best solution for your specific use case.
Read More
While fraudsters are getting smarter with their techniques, they can be kept in check by following these recommendations below:
Charity, they say, begins at home. And so, if you must fight fraud effectively, start by screening and auditing your company’s employees.
Some of your supposed “trusted” employees might be selling customers’ account details on the dark web. You should take this seriously, as Microsoft research shows that groups like LAPSUS$, a growing team of cybercriminals, are increasingly gaining access to target organizations through recruited employees in return for money.
With research published on Clari5 indicating that 70% of banking fraud is successful because of insiders, it’s more obvious than ever that monitoring internal fraud should be a top priority.
Making customers aware of the risks they face, what to look out for, and safe transaction tips is a sure way to reduce fraud risks like ATOs. Even more so, this strategy makes your customers trust your bank more.
For instance, Monzo introduced an online campaign to warn customers about takeover attempts in early 2022. This also helped the UK-based online bank get some positive publicity after some less favorable news coverage a few months earlier.
Here’s the tweet thread they started to educate customers:
One thing to note from Monzo’s campaign is this:
If you make efforts to educate customers, make sure you send out a press release. Popular media could pick up the news, leading to free publicity, more awareness and trust for your digital bank.
In certain contexts, transaction monitoring to prevent money laundering and terrorism financing is a requirement, and includes filing suspicious activity reports when something is amiss.
However, keeping an eye on how customers use the website or app of a fintech or traditional institution can go a long way not just to avoid fines and be compliant but to detect and investigate potential cases of fraud.
As the name should suggest, real-time data enrichment enhances customers’ KYC data with aggregated extra data obtained from various sources such as open-source databases, digital services, and social networks.
This is helpful in fraud detection as it gives you additional information to make better-informed risk decisions. Additionally, it allows you to get a bigger picture of your users without asking them to submit details.
As a result, you can fight fraud without sacrificing frictionless customer experience. You can even use these alternative digital signals for credit scoring and underwriting, as they can act as trust anchors to flag bad users (as well as high-value customers).
SEON’s data enrichment modules provide a wealth of insightful data points, starting with simple information that customers provide themselves.
Through deep social media profiling and domain verification, this digital footprinting module helps you confirm an email address’s legitimacy by looking up 50+ online and social sites to find profiles connected to the email. It also reveals if the email address has been involved in blacklists and data breaches.
You can look up an email manually, or integrate the Email API into your risk tech stack:
With a risk score of 4 and observations such as the email not being on an existing website, you should scrutinize this user further.
You can also batch-check multiple email addresses in one go through the user-friendly interface or via API calls:
With risk scores of 0/100, you shouldn’t be worried about the legitimacy of these two users.
Through the IP API, this module lets you know your user’s location and if the IP is on any spam blacklist. You can also use this to determine whether they are on a datacenter IP or residential connection, as well as other related information.
All of these help reduce ATOs, spyware, malware, criminal netblocks, botnets, spammers and exploit scanners.
Here’s how:
With a risk score of 0, it’s safe to say this user actually lives in Great Britain.
This module exposes suspicious configuration and activity on the device a customer used to connect to your site. It helps you answer questions such as:
SEON achieves this by generating specific hashes based on any of these collectible parameters:
Although fraudsters can attempt to enter fake information during the KYC verification process, machine learning algorithms and robust risk scoring can help to catch them.
Statistical analysis is one of the cornerstones of banking fraud detection. Put simply, it’s about gathering as much data as possible and using it to establish patterns related to risk using algorithms. This is often referred to as a blackbox fraud prevention system, and it excels at catching new types of fraud, fast. SEON customers can easily enable blackbox machine learning if they choose to.
However, there is also a whitebox algorithm working behind the scenes, training and re-training itself the longer the platform is being used, and coming up with completely bespoke rule suggestions to mitigate fraud. As it is a whitebox AI solution, it always comes with fully transparent explanations of why and how it works, as well as a confidence score.
These two ML modules work in a complementary fashion, allowing for maximum efficiency as you leverage the benefits of each.
In addition to this, you have control over which risk rules to activate, allowing or blocking specific user actions.
Here’s how:
In all, SEON’s real-time data enrichment solution proves as a cost-effective and frictionless security layer.
You can easily build it into your product via code or plugins with the simple integration flow, maintaining a seamless onboarding process.
You also can delay identity verification checks (IDV checks) until when absolutely necessary, so you only assess users deemed legitimate, or ask customers to fill in extra fields.
Partner with SEON to reduce fraud rates in your business with real time data enrichment and advanced APIs
Book a Demo
In 2023 and beyond, there are several banking fraud trends to watch out for and, interestingly, some of them rely on fraudsters working together.
All of the above are on the rise, making it more difficult for challenger and legacy banks alike to keep safe while retaining a smooth and pleasant customer journey.
The goal is to use robust, scalable risktech that still delivers a frictionless customer experience. SEON offers a rich list of modular APIs, through which you can choose just the APIs you need to integrate into your tech stack to get richer data.
Sources
Showing all with `` tag
Click here
The top stories of the month delivered straight to your inbox