How Do Banks Investigate Unauthorized Transactions & Prevent Fraud?
According to the Financial Crime Report Q2 2021, 93% of banking-related fraud happens online. PwC’s Global Economic Crime and Fraud Survey reported that in 2020, 56% of institutions just investigated the worst fraud incident they’d ever seen.
As daunting as these numbers are, we expect them to keep growing as we continue into the digital age of banking. Every financial institution needs to be prepared to handle the ever-changing fraud attacks while maintaining a seamless customer experience… so, how can you provide flawless customer service and be perfectly secure?
Learn how banking fraud investigation, detection, and prevention works below.
What exactly is banking fraud detection?
Before we go any further, let’s define some terms.
Banking fraud detection is a list of techniques and tasks made to protect high priority assets, systems, and—most importantly—customers. Fraud detection specifically focuses on identifying fraudulent attempts on this information for investigation, while fraud prevention cuts it off at the head with real-time defenses. These two strategies work together to defend vital information.
Types of banking fraud
There are two types of fraud:
Friendly fraud, also known as credit card dispute fraud or chargeback fraud, occurs when a cardholder disputes a transaction, and then receives a chargeback that is based on false claims.
True fraud occurs when a bad actor steals a customer’s information and uses that to make a purchase or transfer funds to another account.
In friendly fraud, the cardholder is defrauding the merchant, and relies on transaction data to verify purchase authorization. When true fraud occurs, both the cardholder and the seller are considered victims.
But what happens then when a bank receives a fraudulent claim? What’s the best way to handle any scenario?
What happens when a bank receives a fraudulent claim?
First, the bank will confirm the transaction is fraudulent. This process can sometimes feel like a big ask to card owners, who feel like they have been victimized. Always ask questions regarding when and where the transaction occurred, and how the cardholder knows the charge is fraudulent.
Once this information has been collected, and if the claim is confirmed as truly fraudulent, the cardholder shouldn’t have to pay more than $50 according to the Fair Credit Billing Act. Most banks make sure their customers don’t have to pay a penny.
After the bank receives the proper documents, they have 10 business days to investigate the claim and decide if it’s fraudulent. Depending on the severity of the fraud, the bank may notify authorities–or even the FBI, though this rarely happens.
But all of this only takes place if a bad actor manages to slip through the bank’s defenses. These days, almost all banks have powerful fraud detection systems.
How do banks detect fraud?
Before the internet changed everything, banks used rule-based systems and manual evaluation to detect fraud. But as bad actors step up their game, banking fraud detection systems are forced to step up as well.
That’s where machine learning and telecommunications step in.
Machine learning uses huge sets of data to identify suspicious patterns. Predictive analytics, product recommendations, market research, and more are combined together with multifactor authentication (MFA), messaging, and other telecom monitoring tools to alert both banks and customers to fraudulent activity.
With machine learning and telecommunication added in, the banking fraud detection process is now faster, more efficient, and more accurate than ever before.
What are the biggest challenges of banking fraud detection and prevention?
Though these challenges vary, they can be broken down into four main categories:
Money Laundering
Stolen money needs to be “cleaned” through money laundering. This process occurs when bad actors pass the currency through legitimate channels to have it verified by trusted sources. Those trusted sources are usually unknowing banks.
Account protection
Bad actors can steal the login information, card information, or the card itself of a customer, resulting in an account takeover (ATO). The fraudster then uses the account as their own, which can include card-not-present (CNP) fraud, lost/stolen fraud, and counterfeit fraud, as well as digital funds transfers. This means banks have to do everything they can to protect a customer account.
Customer information is usually stolen by phishing or hacking. Two factor authentication can help financial institutions defend against this.
Aberdeen Group reported that in 2021, 84% of fintech companies suffered account takeovers. This cost up to 8.3% of their annual revenue.
Customer onboarding
Digital onboarding for banks can be… tricky.
Information can be lost, misunderstood (or, even worse) stolen during onboarding. Customer service can be tricker online than it is in person. Intents can be misinterpreted, and the pressure is on for high-risk customers.
There are regulations in place to try and help with security, like KYC (Know Your Customer) or AML (Anti-Money Laundering). These regulations are legal requirements, and they are designed to ensure customer identity is properly confirmed.
However, bad actors can use fake or synthetic IDs to open bank accounts, and since confirming IDs can be expensive on top of fraudsters being very good at their jobs, banks can sometimes slip.
Financial institutions have found over millions of fake accounts in the past. This can be especially prevalent for institutions where potential customers are offered a cash incentive to sign up.
Credential theft
Banks should know when suspicious activity occurs on customer accounts. Banks will review currency, amounts spent, categories, or merchant names to try and prevent fraudulent credit card activity.
Diligent banks will usually have a lot of false positives–which means a lot of locking a credit card when it’s actually the customer making a purchase, not a fraud. This can be frustrating for customers.
How to prevent banking fraud
Follow the tips below to prevent bad actors from accessing digital banking information:
Brush up on your AI
Considering the volume of transfers most banks handle, it only makes sense that a machine reviews things and flags concerning transactions–a person wouldn’t be able to keep up. Make sure you’re using the best artificial intelligence you can afford.
Beware internal fraud
Clari5 reported that 65% to 70% of banking fraud happens because of internal fraud. Your own employees can all too easily sell customer information on the dark web. Make sure your internal sources are kept honest. That kind of trust is not easily earned back once lost.
Review transactions
Monitor how customers use their online accounts on a weekly basis for high-risk customers, and a monthly basis for lower-risk customers. This can help prevent money laundering. Take note of and report any suspicious activity. AI can be especially useful with recognizing suspicious patterns.
Educate your customers
One of the best ways to prevent account takeovers is customer education. Tell customers what kinds of risks they’re up against, what they should be looking out for, and how to safely interact with their online banking system.
Make them aware of what kinds of phishing emails they’ll encounter. Alert them to what information a bank should or should not ask for over text message, and from whom the message should be sent. Another great tip for customers is to instruct them that, when in doubt, call your bank directly to clarify.
Use the best tools
How are you supposed to fight fraud rings who make this their full time job if you don’t have the best toolset? Are you contacting your customers with secure financial messaging services?
Consider using third-party tools to strengthen security. Technology has evolved beyond 2FA with tools like Pindrop. Voice authentication, multifactor analysis, and biometric security is becoming more and more commonplace—and biometric characteristics are the most secure form of authentication. Just ask NIST, the leading voice in security best practices. Companies like Bandwidth offer services that can help keep your customer data secure while improving customer experience.
Fraud Prevention Checklist to Arm Your Customers
Here’s a quick checklist to make sure you’re best prepared to protect your customers from fraudulent activity:
Step #1: Update customer contact information often.
As a bank, you should always have the right phone number and contact information for your customer. Make sure you remind customers to update their information in case they move or change numbers.
Step #2: Make sure your customers always use strong passwords
Customers should make unique versions of their password that they haven’t used in the past. Advise them against replacing “O”s with “0”s or “I”s with “1”s or other common substitutions. Tell them to make the password longer when possible, too, as this makes it more difficult for hackers to bypass. Finally, consider recommending a password manager to keep a lockdown on security.
Make sure customers know that if they use the same password or similar variations, hackers can access their accounts faster.
Step #3: Encourage mobile alerts
Encourage customers to enable mobile alerts. This means they can be quickly contacted about any suspicious activity. Customers can use a communications partner to help send omnichannel notifications like texts, calls, or other forms of messaging when suspicious activity occurs.
Step #4: Ensure customer devices have been updated
Make sure the devices customers use to access banking information are password protected and regularly updated.
Step #5: Familiarize customers with red flags
Customers should never click on suspicious links from unknown email addresses. Confirm the email address isn’t a slight variation of someone they know or an institution they trust.
Educate customers on the danger of giving gift cards or money to someone they don’t know. Once that money is transferred, nothing can be done to get that money back.
Step #6: Advise customers on knowing what third-party accounts have their login information
Sharing banking login information or other personal information with third-parties can be risky.
Advise customers to review who the third party is and what level of information they have. Customers should consider removing information access to tighten security.
Banking fraud in the future
How will bad actors update their tactics in the coming years?
These trends have been spotted on the horizon:
Synthetic IDs: We already spoke to these briefly, but synthetic IDs require an extremely savvy fraudster. Stolen information is combined with deepfakes to make a stronger false ID.
Fraud-as-a-Service: Bad actors are now available for service on the dark web. Tutorials and walk-throughs are also accessible.
Improved social engineering: This looks like CEO fraud, where fraudsters send emails or make calls posing as high-authority figures to get information.
Protect yourself from future attacks with a telecommunications partner who you know will always be upgrading their security and a voice security partner like Pindrop, leading the industry in multifactor fraud defense and voice authentication for the contact center.
About the author
Kat Edwards manages SEO at Bandwidth, a global cloud platform who specializes in providing enterprises white-glove service for cloud-ready voice, messaging, and emergency services. She is an expert on B2B marketing concerning subjects such banking fraud detection and cloud communications.