Criminals used to just steal money after breaking into a banking account. Now, they’re grabbing everything they can, even people’s identities. To respond to what some observers have called a fraud “butterfly effect,” the industry needs a butterfly net, a system built across banking technology and channels to defend account holders more effectively.
The challenge in stopping it with better authentication stems from inherent elements of the banking relationship. No matter how security is upgraded, account holders always need to be capable of logging in. They always can unintentionally hand over access to their account or have it stolen from them, even with voice, fingerprint, and facial recognition authentication methods.
Technology, though, has created a new line of defense inside and across banking channels, according to experts at Fiserv. Knowledge of account holders provides institutions with an upper hand, and by combining data across banking channels, they can more accurately identify unusual or suspicious activities, potentially stopping fraud in its tracks.
What Is The Fraud Butterfly Effect?
Account holders who get hacked face a complete disruption, and even destruction, of every facet of their financial life: Deposits stolen, credit lines maxed out, new checks in a “spouse’s” name, passwords and phone numbers changed, and new credit cards and debit cards issued. The hackers will also steal account holders’ identity if they can.
“Criminals are now creating new accounts in your name with your digital credentials and behave like you, at least until you or the institution notice,” Patti Reid, vice president of card risk solutions at Fiserv, tells The Financial Brand. “They’re taking advantage of people having a broad relationship with the financial institution that they can leverage to access more money.”
A common scenario is consumers who have an old deposit account and an old home equity line of credit that has not been used recently. The victim “still has a relationship with the financial institution,” Reid says. “Thieves will enter and then draw against that line, move those funds out quickly, and then they are able to create a synthetic identity jumping off of information found in the account.”
The New Battlefield: Inside Banking Technology
Criminals tend to open fraudulent accounts at the same institution where victims already have primary accounts – known as new-account fraud (NAF) — because there is less friction for a fraudster to open accounts where victims already bank. This double impact from fraudsters has propelled banking services to the top of rankings reported by the Federal Trade Commission. The top three identity theft report types are bank fraud, credit card fraud, and loan or lease fraud. They’ve set new records every year since 2018.
A Startling Statistic:
Over half of fraudulent new accounts are opened at the financial institution where the victim is already a customer.
New account fraud in other industries — such as new mobile phone accounts and insurance — dropped in 2022, according to the FTC’s annual report. However, reports of fraud with new accounts for credit cards increased 13% year over year (to 409,981 reports of fraudulent activity), while debit cards, electronic funds transfer and ACH payments fraud reports increased 12%, to 37,153.
Even more concerning, customers also reported 110,513 counts of new bank account fraud, a 32% increase in 2022 compared to 2021.
- How Banks Can Turn Fraud Worries Into a CX Opportunity
- See all of our latest coverage of customer experience
Fraudster Tech Versus Connected Banking Tech
Accessing an account is by no means easy, but criminals are proving effective at adapting to even the most advanced authentication methods. Two-step authentication — the now-familiar process in which banking platforms send numbered passcode via SMS — has become part of fraudsters’ approach to fooling consumers. Biometrics do not perform much better.
“We have gone from knowledge-based authentication, to one-time passcode, to biometrics. Guess where fraudsters are? They’re keeping up with each advance,” Reid says. “Even for biometrics, whenever there is a data print, thieves can capture it. They can use tools available from Google or Microsoft to call you and get your voice there. With AI tools becoming so good now, authentication systems cannot tell the difference.”
“With machine learning and AI, banks and credit unions can detect fraud faster, even before the financial loss.””
— Patti Reid, Fiserv
Financial institutions must turn to their advantage over crooks, Reid says. It’s about “understanding customer behavior more fully across financial channels and touchpoints,” she says, “to more accurately identify unusual or suspicious activities.”
Fiserv customers now utilize technology that provides a complete picture of what’s happening across an account, including debit and credit card transactions, online and mobile banking activity, ATM interactions, P2P transactions, rewards programs, contact center activity, bill pay activity, ACH transactions, tokenization and wires.
“Insights drawn from that broad view, across all of their data, can identify fraud in real-time, even when the person accessing the account logged in ‘normally,'” Reid says.
Speed can be essential in stopping fraud. For example, changing a phone number is not itself an indication of an account takeover. But an institution may observe a phone number change, followed by a call to the contact center where authentication failed, followed by a changed debit card pin. Using technology to react quickly based on fraud-like sequences, rather than waiting for a human decision, creates a new line of defense.
“Certain combinations can trigger a fraud decision, even when they wouldn’t on their own,” Reid explains. “We see institutions consider insights on how the account is accessed, such as device, IP address, phone number, and we see changes across them. With machine learning and AI, banks and credit unions can detect fraud faster, even before the financial loss.”
- Stop Fraud With Inbound Call Authentication [Report]
- How Banks Can Fight the Surge in Account Takeover Fraud
A Fraudemic Plaguing the Banking Industry
The increased severity of fraud also has been accompanied by massive increases in volume during the past three years. For many, the pandemic years were also the “fraudemic” years.
Identity theft was a rapidly growing problem in banking before 2020. Then, as people carried out their lives from home for the better part of two years, digital became the preferred method to move and manage money. Banking analyst Ron Shevlin noted the trend in 2021, saying “it’s not uncommon for a Gen Z or Millennial couple to do business with 30 to 40 financial providers.”
In 2022, institutions saw a 9% increase in online and mobile banking users, according to a February report from Fiserv. Users had also gone up 10% in 2021.
Consumers clearly valued the access brought by digital, but connectivity was increased for everyone – consumer and fraudsters alike.
“It’s not uncommon for a Gen Z or Millennial couple to do business with 30 to 40 financial providers.”
— Ron Shevlin
In 2022, people filed more reports about identity theft (21.5% of all reports) in all its various forms than any other type of complaint, according to the FTC. In 2022, people reported losing nearly $8.8 billion to fraud – an increase of nearly $2.6 billion over 2021.
Bank transfers and payments accounted for the highest aggregate losses reported in 2022 ($1.59 billion), followed closely by cryptocurrency ($1.43 billion), while credit cards were most frequently identified as the payment method in fraud reports.
Strengthening Authentication Through Financial Education
Fraud tends to follow the path of least resistance. Account holders can play an important role by not becoming easy prey, but they need education.
With criminals always updating their approach, institutions can help account holders protect themselves by educating them regularly on new strategies as well as on common manipulative tactics employed by criminals. Reid also recommends banks and credit unions encourage account holders to enable notifications about transactions or changes made in their account.
Consumers are willing to take these steps and to use new authentication methods, according to GetApp data. Consumer willingness to share fingerprint biometrics, facial scanning, and retinal scanning increased in every category from 2020 to 2022.
Banking providers will always face a trade-off of “fraud versus friction,” Reid says. While authentications and account protections cannot become overly cumbersome, institutions and consumers alike have an appetite for new tools and innovations to protect them. With fraudsters causing so much more damage, the banking relationship needs every defense it can get.