Banks are meeting their anti-fraud responsibilities by investing heavily in techniques to keep up with the fast-evolving practices of online fraudsters, but they are finding it hard to keep up with the rapidly evolving challenge.
This was a key finding of the authors of the 2023 Global Banking Fraud Index published by fraud prevention software company SEON this month. It found the costliest type of fraud recorded last year, cheque, card and bank account fraud, was more than three times as common as the second costliest type, online shopping and auctions fraud. The third costliest was application fraud, excluding mortgages.
The report shows that while digital-only banks facilitate financial inclusion for millions of customers who have been traditionally unable to open a bank account, fraudsters are finding new digital ways in which to exploit weaknesses.
It cites Brazil’s Nubank, the world’s largest neobank both by customer base and valuation, as one of the major players which is “showing consumers that financial services can be a right, rather than a privilege”. But it warns such digitisation means more “bad actors” are finding digital ways to get included. According to the report, 71% of fintechs surveyed reported that they had suffered a business email compromise (BEC) breach in the past year.
The prevalence of BEC as a “huge security flaw” is among key findings of the report, that include unique identity validation challenges offered by buy now, pay later agreements and scams that lead to automated push payment (APP) fraud.
The findings on the risks of APP fraud echo those of the UK’s Payment Systems Regulator (PSR), which revealed almost £500m was lost to such scans in the past year. The PSR says it expects to see more action from financial institutions to stop these scams occurring and to better protect people should they fall victim.
Meanwhile, according to banking trade association UK Finance, last year more than £1.2bn was stolen by criminals through authorised and unauthorised fraud in 2022, equivalent to more than £2300 every minute.
Must do better
Co-author of the Global Banking Fraud Index Tamas Kadar, CEO and co-founder of SEON says: “We have to do a better job at catching up with all the [fraud] projects and activities because, part of an ever-evolving process, they are getting smarter day by day, and are now also utilising technologies such as AI.”
they are getting smarter day by day, and are now also utilising technologies such as AI
Martin Rehak, CEO of software company Resistant AI, says that the easiest and cheapest anti-fraud approach for institutions is to stop the creation of money mules at the onboarding stage. But he adds that this must be followed up with an audit of their existing customer base to root out any ‘sleeper’ mule accounts that have not been activated yet.
“They need to fight fire with fire,” he warns. AI is the only way to effectively combat these threats by applying machine learning techniques to outsmart the attackers’ technology, he says, adding: “As more attacks occur, it is easier to detect patterns in the behaviour, types of documentation and so on.”
Mr Rehak says that AI can be used to assess the context and tie together every aspect of a fraud for detection, from the onboarding stage through to the extraction of stolen money. “With interlocking defences using multiple independent layers of AI, this reduces the level of threat and covers an institution’s blind spots,” he says.
The SEON report shows that the volume of business email compromise attacks targeting poor awareness training and process management is growing. Supporting the findings is a report this month by ACI Worldwide, which says financial crime and fraud are perennial problems for banks and financial institutions, and which predicts that the global cost of fraud will surpass $40bn by 2027.
Cleber Martins, head of payments intelligence and risk solutions at ACI Worldwide, says banks need to safeguard their customers and revenue by shifting their focus from relying on traditional measures designed to prevent check or card fraud. “[Banks] need to arm themselves with the right fraud strategies to capitalise on the security of the real-time payment rails and reap the benefits of real-time payments without fraud management becoming a cost centre,” he says.
Neobanks vulnerable
APP fraud is on the rise and is a serious problem for all financial institutions, according to Mr Rehak, who agrees with the report’s finding that digital-only neobanks face a greater risk than traditional banks. “New threats are evolving and Interpol has stated that financial and cyber-crimes top the list of police concerns,” he says.
Read more on APP fraud
To launder the proceeds of crime, fraudsters need to operate multiple accounts to make the process efficient, explains Mr Rehak. Digital providers are targeted because of their convenience, as they provide high-quality, well-documented and easy-to-use interfaces that allow all users to control the account digitally. They also provide digitally native, low-friction onboarding, he says.
“The criminals are attracted by convenience, exactly like the legitimate customers,” he explains. “Newer digital providers are facing the reputational fallout from APP fraud and they may be blacklisted by other financial institutions. If their customers can’t make payments to other banks, this removes the convenience – and trust – that is at the core of their offering.”
Fraudsters need to open multiple accounts in order to launder the proceeds of crime, he says, and digital providers are targeted because of their convenience. “The ease of opening accounts helps customers, but it also helps criminals,” he says.
He adds that while traditional institutions also offer digital account opening and are thus also subject to fraudulent attacks, the size of their customer base makes this less of an existential threat.
Multiple banking initiatives are underway globally to address the problems relating to fraud. Last month, Australian banks announced a new digital platform intended to facilitate the quick reporting of fraudulent payments en route or transferred to another bank. According to the Australian Banking Association (ABA), the new Fraud Reporting Exchange (FRX) platform will enable faster and more targeted communication to help banks stop and recover as much money as possible when customers have paid scammers.
The ease of opening accounts helps customers, but it also helps criminals
An ABA spokesperson says: “This will help disrupt fraudsters and scammers by allowing the reporting of scam payments in close to real time, boosting the likelihood that funds can be frozen and returned to customers.”
The Australian government has set up a A$58m ($40m) National Anti-Scam centre due to be phased in next month, with data-sharing capability to be built up over the next three years. While the FRX is designed to help speed up the recovery of funds for scam victims where possible, the SEON report identifies many factors that can cause scams to occur in the first place, says the ABA spokesperson.
“As scammers get increasingly sophisticated and scams more complex – using online platforms, phone calls and SMS to reach consumers as well as a range of payment and crypto channels – an ‘ecosystem’ approach to disrupting scams is essential,” they add.
Mr Kadar concludes that the biggest lesson from the latest global banking fraud survey is that there is still a long way to go. “Customer success and support and product teams must be very much interconnected in order to have a real, tight feedback loop about customer complaints,” he says. “Banks and other financial institutions and their customers are actually moving in the right direction. It’s just challenging to keep up with the pace of growth there. It’s not an easy challenge to solve.”
