Fraud Detection and Prevention in Banking Explained

It may be commonly known that most of banking fraud takes place online, but the actual figures will surprise many: An estimated 93% of banking-related fraud takes place online, per the Financial Crime Report Q2 2021.

From neobanks and challenger banks to legacy institutions, every financial organization has to fight against complex, ever-changing fraud attacks while retaining the key advantage of going digital: seamless, convenient customer experience. 

In this article, we’ll look at effective ways to detect and prevent digital banking fraud without causing friction or false positives.

What Is Banking Fraud Detection?

Banking fraud detection is a set of techniques and processes designed to reduce risk. Financial institutions are some of the most targeted companies by fraudsters, due to their immediate access to funds and their ability to transfer them.

As such, banks and fintech institutions invest in robust fraud detection and prevention solutions to protect their assets, systems and customers.

Strictly speaking, fraud detection focuses on identifying fraudsters’ attempts while fraud prevention is all about preventing them, but the two are practically interchangeable in reality, as these strategies go hand in hand.

The Biggest Fraud Challenges for Banks

We could think of banks’ fraud challenges as mainly falling under three categories:

1. Customer Onboarding

Part of adding new customers, digital onboarding is risky for banks, because of regulations such as KYC (know your customer) and AML (anti money laundering). These are legal requirements to confirm user identities and ensure they will not commit financial crimes.

Fraudsters use fake or synthetic IDs to fool the process and open bank accounts. Confirming IDs is expensive, with costs rising to $35.2 billion in 2020. It’s also especially difficult for neobanks and challenger banks, who need to acquire new customers fast with as little friction as possible.

2. Credit Card Fraud Prevention

Issuing banks should know when a suspicious transaction or withdrawal takes place. Spotting patterns is difficult because they have limited access to data points, only seeing the currency, amount, category, and name of the merchant.

If they try to block fraudulent payments based on these parameters, they may create high rates of false positives, which are frustrating for good cardholders. There are also legal requirements such as Strong Customer Authentication (SCA), and ensuring the source of funds is legitimate.

3. Account Protection

Account takeovers (ATOs) happen when fraudsters acquire the login details of a legitimate user. They use the account as their own, which has terrible consequences for banks’ relationship with customers, and enables several other types of fraud and crime.

This is why banks must do everything they can to protect their users’ accounts.

The wider problem, of course, is that fraud is adaptive. That is to say, fraudsters will quickly notice when their actions are blocked, and try another tactic. Thus, solutions such as AML software and KYC tools have to be versatile as well as efficient.

Typical Digital Banking Fraud Scenarios

Although not many foresaw the industry’s growth when early entrants like Moven and Chime launched in 2007, digital banks have come a long way. This sector alone is now expected to hit $395 billion by 2026. 

All thanks to their fast onboarding and complaint resolution processes. 

Unfortunately, all that success isn’t unnoticed by fraudsters, who constantly try to exploit those swift processes by launching attacks. 

Some scenarios you should look out for include:

Account Opening Fraud

This entails fraudsters opening new accounts by either impersonating legitimate customers or using stolen (or synthetic) identities to obtain credit. 

For instance, Paypal is a major victim of account opening and onboarding fraud. In 2021, the company identified over 4.5 million fake accounts, which directly resulted from their incentivized customer acquisition strategy.

PayPal offered $5 or $10 to customers who signed up for PayPal or Venmo, automatically attracting fraudsters who used large-scale bot networks to visit the registration site. This is essentially very similar to bonus abuse in iGaming, another major pain point that SEON is known to help with immensely.

It’s important to note that Paypal isn’t a neobank but an e-wallet provider. But with neobank accounts holding more value than e-wallets, Paypal’s example highlights the extent of vulnerabilities all fintechs might be exposed to. 

Account Takeovers

Sometimes, bad actors dupe your company by leveraging phishing and hacking to access users’ accounts. Once in the account, the scammer can spend the money within, change the credentials to lock the legitimate user out, or put the credentials up for sale on the dark web. 

Account takeovers (ATOs) pose a significant risk to your digital bank. According to the Aberdeen Group, 84% of fintech companies experienced account takeovers in 2021, costing up to 8.3% of their annual revenue. 

Fraudulent Fund Transfers

This occurs whenever fraudsters use an emulator or app cloners to make a bank transfer or top up an account. This digital bank fraudulent scheme is often put in motion in order to launder money. 

Additionally, there are cases where a scammer will open a legitimate-looking account to receive deposits for promised service or product they’ll never deliver. 

5 Ways to Prevent Digital Banking Fraud 

While fraudsters are getting smarter with their techniques, they can be kept in check by following these recommendations below: 

1. Watch for Internal Fraud 

Charity, they say, begins at home. And so, if you must fight fraud effectively, start by screening and auditing your company’s employees.

Some of your supposed “trusted” employees might be selling customers’ account details on the dark web. You should take this seriously, as Microsoft research shows that groups like LAPSUS$, a growing team of cybercriminals, are increasingly gaining access to target organizations through recruited employees in return for money.

With research published on Clari5 indicating that 70% of banking fraud is successful because of insiders, it’s more obvious than ever that monitoring internal fraud should be a top priority. 

2. Educate Your Customers 

Making customers aware of the risks they face, what to look out for, and safe transaction tips is a sure way to reduce fraud risks like ATOs. Even more so, this strategy makes your customers trust your bank more.

For instance, Monzo introduced an online campaign to warn customers about takeover attempts in early 2022. This also helped the UK-based online bank get some positive publicity after some less favorable news coverage a few months earlier.

Here’s the tweet thread they started to educate customers: 

One thing to note from Monzo’s campaign is this: 

If you make efforts to educate customers, make sure you send out a press release. Popular media could pick up the news, leading to free publicity, more awareness and trust for your digital bank.

3. Monitor Transactions

In certain contexts, transaction monitoring to prevent money laundering and terrorism financing is a requirement, and includes filing suspicious activity reports when something is amiss.

However, keeping an eye on how customers use the website or app of a fintech or traditional institution can go a long way not just to avoid fines and be compliant but to detect and investigate potential cases of fraud.

4. Use Real-Time Data Enrichment Tools

As the name should suggest, real-time data enrichment enhances customers’ KYC data with aggregated extra data obtained from various sources such as open-source databases, digital services, and social networks. 

This is helpful in fraud detection as it gives you additional information to make better-informed risk decisions. Additionally, it allows you to get a bigger picture of your users without asking them to submit details. 

As a result, you can fight fraud without sacrificing frictionless customer experience. You can even use these alternative digital signals for credit scoring and underwriting, as they can act as trust anchors to flag bad users (as well as high-value customers).

SEON’s data enrichment modules provide a wealth of insightful data points, starting with simple information that customers provide themselves.

Email Analysis Module 

Through deep social media profiling and domain verification, this digital footprinting module helps you confirm an email address’s legitimacy by looking up 50+ online and social sites to find profiles connected to the email. It also reveals if the email address has been involved in blacklists and data breaches. 

You can look up an email manually, or integrate the Email API into your risk tech stack: 

With a risk score of 4 and observations such as the email not being on an existing website, you should scrutinize this user further.

You can also batch-check multiple email addresses in one go through the user-friendly interface or via API calls:

With risk scores of 0/100, you shouldn’t be worried about the legitimacy of these two users.

IP Analysis

Through the IP API, this module lets you know your user’s location and if the IP is on any spam blacklist. You can also use this to determine whether they are on a datacenter IP or residential connection, as well as other related information.

All of these help reduce ATOs, spyware, malware, criminal netblocks, botnets, spammers and exploit scanners. 

Here’s how:

With a risk score of 0, it’s safe to say this user actually lives in Great Britain.

Device Fingerprinting

This module exposes suspicious configuration and activity on the device a customer used to connect to your site. It helps you answer questions such as: 

• Has the user connected with this device before?
• What kind of browser did the customer use?
• Is the user’s device a mobile or desktop?
• What operating system are they using?

SEON achieves this by generating specific hashes based on any of these collectible parameters:

5. Machine Learning

Although fraudsters can attempt to enter fake information during the KYC verification process, machine learning algorithms and robust risk scoring can help to catch them.

Statistical analysis is one of the cornerstones of banking fraud detection. Put simply, it’s about gathering as much data as possible and using it to establish patterns related to risk using algorithms. This is often referred to as a blackbox fraud prevention system, and it excels at catching new types of fraud, fast. SEON customers can easily enable blackbox machine learning if they choose to.

However, there is also a whitebox algorithm working behind the scenes, training and re-training itself the longer the platform is being used, and coming up with completely bespoke rule suggestions to mitigate fraud. As it is a whitebox AI solution, it always comes with fully transparent explanations of why and how it works, as well as a confidence score.

These two ML modules work in a complementary fashion, allowing for maximum efficiency as you leverage the benefits of each.

In addition to this, you have control over which risk rules to activate, allowing or blocking specific user actions. 

Here’s how:

In all, SEON’s real-time data enrichment solution proves as a cost-effective and frictionless security layer.

You can easily build it into your product via code or plugins with the simple integration flow, maintaining a seamless onboarding process.

You also can delay IDV checks until when absolutely necessary, so you only assess users deemed legitimate, or ask customers to fill in extra fields. 

Banking Fraud Patterns & Trends in 2022

In 2022 and beyond, there are several banking fraud trends to watch out for and, interestingly, some of them rely on fraudsters working together.

• Enhanced social engineering: Thanks to technology as well as their tendency to pool their resources and collaborate, fraudsters are becoming even better at social engineering attacks, including spear-phishing such as CEO fraud. Remember that this has offline application too.
  
• Fraud-as-a-Service: The barrier of entry for criminals is lower than ever these days, as many are available for hire on the dark web. Bad actors offer online their services or access to their specialized tools as well as tutorials and walk-throughs.
  
• Biometrics spoofing: Unfortunately, biometric verification is less reliable than many believe – or, rather, much easier to spoof. For instance, in November 2021, Kraken demonstrated that it is fairly simple to crack anyone’s fingertip biometrics, and we have seen similar explainers for video and photo “selfies” too.
  
• Synthetic IDs: To create these, savvy fraudsters will combine stolen information with made up data or deepfakes. As the latter become more and more believable, customer onboarding for neobanks, BNPL, micro-lenders and more calls for increased vigilance.

All of the above are on the rise, making it more difficult for challenger and legacy banks alike to keep safe while retaining a smooth and pleasant customer journey. 

The goal is to use robust, scalable risktech that still delivers a frictionless customer experience. SEON offers a rich list of modular APIs, through which you can choose just the APIs you need to integrate into your tech stack to get richer data. 

Sources

• Banking Exchange: Neo and Challenger Bank Market to Reach $395bn by 2026
• Krebs on Security: A Closer Look at the LAPSUS$ Data Extortion Group
• Clari5: The Threat Within. Spotting and Arresting Insider Fraud
• Zion Market Research: Neo and Challenger Bank Market – Global Industry Analysis
• Forbes: PayPal Admits 4.5 Million Accounts Were Illegitimate As Fintech’s Fraud Problem Grows
• Globe Newswire: New Report from Aberdeen Group Reveals Serious Impact of Credential Stuffing and Account Takeover Attacks on the Financial Services Industry
• The Fintech Times: Acuant: How AI and Machine Learning are Fueling Fraud Prevention in an Evolving Digital Economy
• Express: Monzo issues urgent warning to all banking customers and ignoring it could be costly
• Feedzai: Financial Crime Report Q2 2021 Edition
• Kraken: Your Fingerprint Can Be Hacked For $5. Here’s How.