Home / Banking Strategies / The banking industry’s multi-billion dollar fraud problem—and how to solve it

The banking industry’s multi-billion dollar fraud problem—and how to solve it

The banking industry has a multi-billion dollar fraud problem—and as fraudsters get more aggressive and resourceful, the costs will only rise.

Financial institutions continue to spend more and more money on fraud tools, with seemingly no end in sight. Every time fraud goes up, bank spending goes up with it in a cycle that clearly indicates a flawed approach. Creating an optimized customer experience—while driving down fraud and meeting strict compliance regulations—poses a major challenge for the industry.

Aite Group notes that 74 percent of large North American financial institutions reported that online/mobile fraud losses continue to trend up. These numbers are staggering. 

Of course, technology represents a bank’s first line of defense against fraud. A Juniper Research report on online payment fraud said merchants and financial services organizations will spend $9.3 billion annually on fraud detection and prevention tools by 2022. Here’s a big part of the problem: financial services organizations labor under complex computing environments. And they’re only growing more complex as they incorporate new technologies, making them harder to defend.

Financial services organizations also face the headache of solutions overload. More than a thousand vendors sell security solutions to banks, with a bewildering variety of claims and undifferentiated value propositions. Selecting the right one equals a daunting task: Vendor approval can take more than a year, implementations typically take six months or longer, and the solutions are not designed to work together.

Meanwhile, the nature and sophistication of attacks against financial services organizations—especially in online and mobile channels—have reached new heights. As the techniques of online fraud continue to evolve, banks are realizing they cannot easily contain it. According to the 2018 Identity Fraud Study from Javelin Strategy & Research, 1.5 million victims of existing account fraud had an intermediary, bogus account opened by cybercriminals—who use them to access and siphon funds from existing accounts.

The bottom line: This marks a 200 percent jump from the previous high.

To address the challenges and stop the loss of billions of dollars to fraud each year, banks need a profoundly innovative approach that enables vast cross-channel data extraction and detects fraud in real-time. Additionally, today’s financial services organizations must expand the use of AI/machine learning, risk analytics, behavioral analysis and biometrics. These tools reduce fraud, ensure regulatory compliance and increase growth of online financial services by increasing consumer trust across digital channels.

Also, open platforms that leverage simple application program interfaces (APIs) to connect to third-party data sources in real time will improve real-time decisions, better protect consumers against fraud, boost the bottom line and protect brand integrity.

Intelligent authentication marks one of the latest tech innovations that help organizations easily achieve these goals. It works through a comprehensive risk score based on the consumer’s behavior, the integrity of their devices and mobile apps, and other contextual data points. For example, it can recognize that a bank customer, whom we’ll call Paul, regularly transfers $200 to the same account each month from the same mobile phone in Chicago. The score and related level of risk for this transaction is based on Paul’s unique behavior and context.

What makes this information important? Because if it now appears that Paul is trying to send $1,000 to a new account from an untrusted different device in Paris, this falls outside his usual scope and contextual pattern. As a result, this transaction stands out as a possible fraud attempt. But people don’t live in boxes; It’s entirely possible that Paul traveled there.

So instead of denying the transaction, intelligent authentication challenges the consumer accordingly. Paul gets conditional access to particular account features, such as larger funds transfers. If Paul can pass the security hurdle and authenticate, he can proceed. As Paul’s particular contextual patterns and circumstances evolve, the technology is intelligent enough to recognize these changes and adapt.

As noted in a September 2017 Aite Group report, “Digital Authentication: New Opportunities to Enhance the Customer Journey”:

“The key to successfully deploying these technologies without disrupting the user experience is to ensure that solutions are well-integrated, not additive. Any friction should be appropriate for the risk of the transaction.”

Fortunately, the report says, a variety of technologies can guarantee both greater security and a superior user experience. That’s great news. But banks need to put the new technology and best practices into motion.

Mitigating fraud ultimately requires keeping up with the latest technologies that better assess and mitigate existing and quickly emerging fraud schemes. When they deliver a strong, consistent and friction-appropriate user experience across digital channels, today’s banks will grow revenue, bring new solutions to market fast and quickly exceed customer expectations—which drives higher services utilization and precious loyalty.

Banks must do all this even as they push to outflank the competition through new and differentiated solutions. Much is at stake for financial institutions beyond hard fraud costs. A bank’s reputation remains critical to its success. Implementing risk-based security to protect against it adds up to one of the best ways to maintain a good reputation among customers, drive down incidents and meet strict regulatory requirements.

For banks, the imperative is obvious: To stop fraud, step up now.  

Want more Banking Strategies? Sign up for our free newsletter!

David Vergara, head of security product marketing for OneSpan, has more than 10 years’ experience in the software security space.