How Banks Can Fight Sophisticated Fraud Schemes Without Stifling Growth
TransUnion executives Josh Turnbull and Craig LaChapelle explain how financial institutions can combat today's evolving fraud landscape with better data integration, AI-powered solutions and organizational alignment to balance protection with continued growth.
By Justin Estes, Contributor at The Financial Brand
Simple Subscribe
Subscribe Now!
Since 2020, financial institutions have faced a perfect storm: rising funding costs, increased delinquencies and a dramatic surge in sophisticated fraud attacks. On a recent episode of the Banking Transformed podcast, host Jim Marous spoke with Josh Turnbull, SVP of card and banking strategy and Craig LaChapelle, VP of market development at TransUnion, about how these threats are evolving and what institutions can do to build resilience while maintaining growth.
The Evolving Fraud Landscape
Q: TransUnion approaches fraud categorization differently than most organizations. Can you describe the main types of fraud financial institutions face today?
Craig LaChapelle: We like to simplify the descriptions of fraud abuse because we often encounter it when serving customers. We tend to get caught up in trying to define the fraudster instead of what the fraudster does.
We like to frame it in four ways: new account fraud, credit abuse, account takeover and data harvesting. Data harvesting often underpins the attacks in the other areas. It is essentially gathering consumer data or access to consumers’ accounts, doing things like inbound call center phishing, consumer impersonation and data access through breach.
New account fraud is new accounts opened with stolen, manufactured, or synthetic IDs used to commit fraud. Credit abuse is what we’ve often heard called first-party fraud – real consumers who knowingly gain access to credit or misuse existing accounts for their own financial gain, essentially borrowing with no intention of paying back.
Account takeover is gaining access to an existing account by pretending to be the account holder to access funds. It’s enabled by call spoofing, tech spoofing, or social engineering.
Q: Since 2020, we’ve seen significant changes in the economic environment. Have these factors amplified the impact of fraud losses?
Josh Turnbull: When times are good, fraud can be seen as just a cost of doing business. But with the last few quarters and years that we’ve been through, where there are challenges in the credit environment, fraud starts being something that you pay more attention to.
LaChapelle: Just in the last four or five years, we’ve seen a 30% increase in synthetic identities and 30% of all online apps are from bots – high volume attacks by malicious entities. We’ve seen early default rates really spiking. Credit abuse alone is estimated to account for 25% of all credit losses and this has grown by over 60% since 2019.
Fraud’s Post-Pandemic Resurgence
Q: We’ve seen fraud risk decrease during the pandemic but surge afterward. What’s driving this pattern?
Turnbull: The quiet period for us was not the quiet period elsewhere. Money was freely flowing, tending to stabilize many folks during the pandemic and that was unfortunately easy hunting grounds for fraudsters. Now that’s dried up, they’re back at the doorstep of financial services companies. The other factor is changes in technology that have made it easier for fraudsters to do what they do.
LaChapelle: During the pandemic, fraudsters shifted to where the big dollars were easily available with lower thresholds – the government subsidy programs, whether PPP, unemployment compensation, or relief payments. Those had weaker controls. They were gaining access to data through breaches and warehousing that data, keeping it alive and available for future attacks. That’s what we’re seeing now.
Q: What’s enabling the dramatic increases in synthetic identities and bot applications?
Turnbull: It’s alarming how often TransUnion sees an abnormally large number of applications hit a customer’s website over a weekend or on a weeknight. We are the ones to notify the customer—they haven’t seen it. There’s still a lack of monitoring tools.
The other challenge is that organizations have layered on defenses, one after another, over time. Unfortunately, these tools don’t talk to each other. So I’m left as an organization with six different signals, some giving red lights, some giving green lights and I have to sort through that. That’s the environment many financial services companies find themselves in today.
The Performance Gap in Fraud Prevention
Q: What are the biggest gaps you’re seeing within financial institutions in catching up to what’s happening in the marketplace?
Turnbull: One of the things that’s really tricky if you’re a fraud executive or P&L owner is to think about the variety of types of fraud we’re seeing. If you’re not digging in and looking at every single instance of fraud in a post-mortem analysis, do you even know and can you quantify the problem? That’s part of it — understanding the magnitude of the problem. You have to do that to justify an investment or change in the process.
LaChapelle: Sometimes, we see customers who know there might be fraud, but since the account is performing okay and they’re not a hundred percent sure, it takes them a while to act on it. Do they have confidence in their ability to act? Do they have confidence in their ability to take a potentially performing account offline and report it?
There isn’t a silver bullet in this area — you need to layer on different solutions. You need that orchestration to integrate the signals. Fraudsters get in because there’s a gap or insufficient signal data. You need to be able to verify who that person is, assess their behavior and evaluate the device they’re using.
Q: How important is organizational alignment in effectively combating fraud?
Turnbull: We worked with a regional bank that was taking a disproportionate share of fraud losses on cards issued to people who had checking accounts for quite some time. They have relaxed rules for opening a credit card for an existing deposit account holder. The deposit side says, “We don’t have a fraud problem here. We’re not willing to make the investment or introduce friction to the application process.”
You wind up with situations where a lack of collaboration and people coming together across organizational divides make it tricky to adapt systems and make progress on this front.
AI and Data: The Future of Fraud Prevention
Q: How is AI advancement helping prevent fraud?
Turnbull: Customers are particularly concerned about call centers and the ability to generate voice conversations. It’s now relatively easy for someone thousands of miles away with compromised data to use voice generators to hit up call centers and have involved conversations with agents to harvest data.
LaChapelle: AI is already being used in fraud prevention solutions. They’ve been early adopters, particularly when assessing signals on behaviors to identify what’s highly likely to be predictive of fraud. Vendors are looking at inbound calls and other behaviors to identify risky behaviors and use that as a signal during an interaction.
Turnbull: Historically, someone would apply for an account and provide a phone number, and fraud prevention tools would look at whether that phone number is associated with the person historically and check the velocity of applications. Now, we can look at that phone number across a broad set of data and understand how many other people it’s tied to, what those people have in common and the velocity of those things. It’s the ability to tie pieces of data together and come back with a more meaningful signal than legacy models.
Dig deeper:
- Banking Under Siege: Building Resilience Against Rising Fraud
- How Banks Can Fight ‘Under the Radar’ Customer Fraud
- How to Protect Your Card-Issuing Business Against Digital Disruptors
Q: What data sources have recently become more critical in fraud prevention?
LaChapelle: There are a lot of signals out there, almost more than folks can handle without AI. People are looking at social media behaviors – being able to link to social media activity, how active they are on particular sites and the size of their network.
Turnbull: Phone data is incredibly powerful, but it’s not just about having more data – it’s about how you deploy it in the context of everything else. It’s not just winding up with a series of signals that I somehow have to make sense of, but bringing that together intelligently.
Building a Balanced Fraud Strategy
Q: What should financial institutions do to improve consumer education around fraud prevention?
LaChapelle: Many institutions are educating consumers not to click odd links, to go directly to their website and never to ask for information via text. But one of the things leading institutions are doing is implementing advanced call technology — branding their calls with their name or logo to give confidence to the consumer and prevent fraudsters from making their calls look like they’re coming from a particular institution.
Q: Looking ahead, what are the most important elements financial institutions need to address as the fraud landscape evolves?
Turnbull: Ensure your people are working together and have aligned incentives. As economic conditions change, credit abuse fraud may increase. Sharpen your tools to identify applicants who may not have the best intentions will be critical.
LaChapelle: Every institution needs to focus on its tolerance for losses. It’s a trite phrase, but I can guarantee zero fraud — how do I do that? I don’t create any accounts. So, you have to figure out where your threshold is.
Balancing Risk Management with Growth
Q: If you were placed in a traditional financial institution today, what would be your first action regarding risk management?
Turnbull: My first move would be to understand how we address fraud organizationally. Who’s incentivized with what? Are objectives aligned? A decent-sized credit card issuer we spoke with recently had a P&L owner who said, “Look, fraud is not a goal of mine, but the fraud responsibility falls outside my remit. That said, I’m not interested in growing until we can tackle this fraud problem because I know it hits my P&L. So I’m going to take some of my budget, help my colleague with fraud and make some investment.”
LaChapelle: More tactically, the easiest way to stop fraud is to prevent it from getting in. At a minimum, I would filter out synthetics in my marketing programs. From an account takeover standpoint, I would check device IDs in addition to the human element — device ID and behaviors all day long. I would also implement call technologies that help consumers help themselves.
