Combating fraud from the very start

More than a year into a deadly pandemic that’s changed almost every aspect of our lives, financial institutions are still struggling to deal with the evolving security ramifications.

For banks, the challenges begin with the start of their relationships with new clients, according to a recent report by BioCatch. The cybersecurity firm says 85 percent of financial institutions experience fraud in the account opening process. Cybercriminals use stolen credentials or synthetic identities to create new accounts with the intent of committing fraud. Data breaches and phishing attacks provide fuel in the form of Social Security numbers, addresses, phone numbers, login IDs and other personally identifiable information.

The pandemic has exacerbated the problem of account opening fraud, as employees across industries and sectors have moved out of their offices and into their homes, which are less secure, according to financial industry officials and cybersecurity experts. That has created a new set of challenges as the financial industry struggles to balance security and customer satisfaction.

Sign up for the free BAI Banking Strategies newsletter and get industry insights delivered to your inbox.

“The pandemic created a large increase in online account and banking activity, and it has altered the ways in which each bank might use data to gain comfort with the accounts opened online,” says Chris Gerda, risk and fraud prevention officer at Bottomline Technologies, a business payments and processing solutions firm based in Portsmouth, New Hampshire.

The most nefarious examples of account takeover or identity theft fraud have involved remote-access takeovers of a victim’s computer or cell phone, says Gerda. “When a fraudster has taken over your known phone number, often known as SIM Port fraud, they are able to validate their possession of the number, and this is often a strong factor in a bank’s decision to allow an online account opening or new consumer loan approval.”

The good news, says Gerda, is that most financial services providers were already doing online account opening and many were deeply engaged in the online lending space prior to the online rush. This helped when their brick-and-mortar operations were disrupted, he says, though an upswing in applications by new customers has presented some challenges.

Banks are more focused on training

As a result, banks are increasing the amount of training that employees receive. Ed Marcheselli, managing director of learning and development at BAI, noted a 19 percent increase in the usage of BAI’s contact center compliance training curriculum during the first six months of the COVID-19 pandemic as banking employees from roles across the organization were redeployed and cross-trained to support the increased contact center volumes.

As COVID-19 continued to create challenges, requests for additional training increased, Marcheselli says

“We received additional requests for training on topics like spotting e-signature fraud and preventing COVID-19 medical fraud,” he says. “We provided microlearning courses—interactive, five-minute minicourses—to allow busy financial services employees to learn important regulatory information quickly and efficiently.”

Gerda offers five ways banks can help prevent account opening fraud:

  • Correlate multiple data points for each online application and revamp processes if you have all your “eggs in one basket.”
  • Design a system of case management for new online applications that can pivot to new forms of data and easily ingest new Application Programming Interface calls, a set of protocols, procedures and tools allowing interaction between two applications.
  • Do not rely on scores from third parties when analyzing your new account applications. Go deeper to understand specific risk codes and use that data in your own rule sets covering due diligence for applications.
  • Use anti-fraud solutions that offer repositories of threat intelligence of known bad actors, which can track fraud across other institutions using the solution so that everyone can benefit together from that data.
  • Partner with anti-fraud solution providers using API calls to enrich the data you gather at account opening.

Nermeen Ghneim, a branch manager at Pittsburgh-based First National Bank, cautions that banks must keep customer satisfaction in mind when implementing any solutions. “It’s a challenging time for financial institutions because abandoned calls could adversely impact the bank and have regulatory issues,” she says.

Financial services organizations have been directing the calls through an automated verification system that requires the consumer to enter their banking information while they are on hold to get a representative, says Ghneim.

“The majority of banks have an automated tool that can detect a spoofed phone number, and it will determine if it’s a high- or low-risk phone number,” she says. “Those who fall in the high-risk phone numbers category could go into further verification questions.”

Ghneim says that, to help with the abandoned-call rate and reduce wait times and the number of calls in the queues, banks internally outsourced their calls to retail branch employees so they can help with the volume and to go through the verification process. Those retail branch employees can also answer questions, handle basic requests and help lower the ratio of abandoned calls.

Howard Altman oversees coverage of issues affecting troops and their families as managing editor of Military Times. His work has appeared in the New York Times, Daily Beast, Philadelphia Inquirer, Tampa Bay Times and other publications.