The financial world seems to be in a constant state of change. Two major drivers of this change are ever-evolving technologies and consistently innovative fraudsters. Every time fintech evolves, fraudsters find a way to exploit weaknesses in those systems. The COVID-19 pandemic has accelerated the rate of change in both fintech and fraud. As consumers have come to rely more and more on eCommerce, they demand quick and efficient transactions and payment systems. Financial services firms need to maintain a risk assessment workflow that allows their fraud management efforts to keep pace with the newest developments. This is a big job, but software solutions are available to streamline these processes.
The Changing Financial Landscape
The world of consumer finance has changed significantly in the past few years. Consumers live more of their lives online now than ever before, and this trend shows no sign of stopping. As more people make purchases and move money around online, cybercrime is also on the rise. The COVID-19 pandemic brought many new opportunities for financial fraud, both through increased online activity and government-sponsored loan programs. These changes pose never-ending challenges for fintech fraud management.
The COVID-19 pandemic of 2020-21 has upended the global economy in countless ways. Stay-at-home orders led anyone who did not absolutely have to be in their workplace to try working from home. Many people lacked access to their employers’ cybersecurity systems while at home, leaving them open to data breaches and other fraud.
The federal government rushed to provide relief to millions of individuals and thousands of businesses that were suffering because of the pandemic’s impact on the economy. Laws like the Coronavirus Aid, Relief, and Economic Security (CARES) Act established loan programs to help struggling businesses. The Paycheck Protection Program (PPP), for example, was intended to provide loans to small businesses to assist with maintaining their payroll even if they could not operate normally. Expanded unemployment benefits became available to people who lost their jobs because of the pandemic. Fraudsters jumped at these new opportunities.
Even before the pandemic hit, the financial services world was in the process of moving online. New forms of fintech allow financial services firms to provide faster and more efficient services to their customers. These new technologies also provide new opportunities for fraud.
Fraud that takes advantage of new technologies can impact financial services firms on multiple sides. Consumer-based fraud, such as account fraud or transaction fraud, can lead a firm to entrust debt collection to a third-party that also defrauds them. Third-party risk management is just as important as risk management on the consumer side.
Growing Number of Data Breaches
Hackers pose yet another risk to firms that maintain large databases of consumer financial information. Data breaches in recent years have given fraudsters access to hundreds of millions of user records from online service providers, payment systems providers, hotel chains, and other businesses. In the first six months of 2021, hackers have reportedly accessed the personal information of more than one billion people. The cost of these cyberattacks can extend for years after the actual breach, with damages measured in dollars and in loss of consumer trust.
Evolving Fraud Tactics
As technology advances, fraudsters adapt their methods to find weaknesses they can exploit. Whatever safeguards are built into a fintech system, fraudsters are always working to find the path of least resistance to get inside. Fraud tactics are evolving in an effort to stay ahead of cybersecurity measures. The widespread use of mobile devices, such as smartphones and tablets, in financial transactions creates many potential openings.
Fraudsters are also using technology to mimic late-20th-century methods of communication. Caller ID spoofing can allow someone to contact a company’s call center, pretending to be a customer. This takes advantage of call center employees’ desire to provide good customer service experiences. A few polite words can lead a call center employee to give up private information to a manipulative fraudster.
Key Fraud Trends Affecting the Financial Services Industry
Rapidly-advancing technology, consumer demand for quick transactions, and the COVID-19 pandemic have converged to create several important trends in fraud in the financial services industry.
Consumers want to be able to send and receive money digitally in as close to “real time” as possible. These demands have grown even more with the onset of the COVID-19 pandemic. Innovations in fintech have allowed payment processing to occur faster and faster, but this has also made fraud occur faster. Stopping a fraudulent transaction becomes much more difficult once a payee’s financial institution has received and accepted a transaction. Dealing with fraudulent real-time transactions means that fraud management systems might only have seconds to detect and respond to fraud.
Contactless payment systems allow consumers to make payments with payment devices like credit cards or debit cards without needing to swipe or insert the card or enter a personal identification number (PIN). These systems use radio frequency identification (RFID) and near-field communication (NFC) at point-of-sale terminals to transmit payment information from the consumer to the merchant. Consumers can also link credit and debit cards to a mobile device, such as a smartphone or smart watch. The mobile device can then transmit payment information to the point-of-sale terminal.
While contactless payment systems offer security advantages over the use of magnetic strips on credit and debit cards, they present other risks. Fraudsters can copy information on cards using smartphones, a process known as “skimming.” Limits on the size of contactless transactions offer some protection against fraud, but risks are still present. The emphasis on social distancing during the COVID-19 pandemic has also made contactless payment much more common.
Employing Artificial Intelligence, Machine Learning and Adaptive Behavioral Analytics
New developments in fintech are not just giving fraudsters new ways to steal. They are also helping financial service firms monitor, manage, and fight fraud. Several emerging technologies offer new tools to assess risks, improve security, and deal with fraud cases:
- Artificial intelligence (AI): AI is a rather broad concept that involves computers mimicking human thought and decision-making processes. In the financial services industry, AI can assist with fraud management by quickly analyzing large amounts of data, and doing so at a greater scale than human analysts can manage.
- Machine learning: This is a subset of AI that focuses on how a computer can learn from new data and apply it without input from human programmers. A system that uses machine learning to identify fraud can identify patterns of behavior that might escape notice by human analysts. It can adapt to new information and new techniques.
Adaptive behavioral analytics (ADA): Fraudsters never stop adjusting their approach and innovating new methods. A machine learning system that can adapt to new situations and circumstances has an edge over systems that stick to the same algorithm again and again. ADA offers the possibility of keeping up with changes almost as they occur.
Increasing Sophistication of Tools Used to Establish Identity
Fintech is also developing increasingly sophisticated methods of establishing people’s identity for financial transactions.
- IP and MAC addresses: Financial services firms have long relied on internet protocol (IP) and media access control (MAC) addresses to authenticate their customers. Each device on the internet has a unique MAC address, and each connection has an IP address. These can help create a distinct digital identity that financial service firms can use in debt collection compliance and fraud management.
- Geolocation: The ability to track a device’s location allows financial service firms to fill in gaps left by IP and MAC addresses. Geolocation uses the network of positioning systems created by cell phone towers, GPS, and WiFi networks. This allows financial service firms to detect signs of fraud, such as when a person’s payment card is being used somewhere far away from where their device is located.
- Record-matching algorithms: Consumers provide financial service firms with enormous amounts of data with every interaction. This data can assist with fraud management by building models to identify customers. Records showing the number of times a person interacts with a brand, the number and amount of transactions, and other data enables algorithms to detect behavior that deviates from an individual’s usual behavior, which can be an indicator of fraud.
Increased On-Demand eCommerce
Consumers are turning more and more to eCommerce businesses that can provide goods and services on very short notice. “Gig economy” businesses like Uber, Airbnb, and PostMates have helped drive this trend. Online retailers like Amazon have also emphasized quick turnaround on certain orders. The COVID-19 pandemic has also driven increases in consumer demands, as many people shied away from retail and restaurant spaces even as they reopened.
This creates stress for the financial service firms that process payments for these transactions. Much like consumers’ demand for real-time payments, users of on-demand eCommerce services expect near-instantaneous transfers of money. This leaves very little time for fraud management systems to do their work.
More Automation, Less Manual Customer Service
Financial service firms have seen an increase in automation of many functions. In some ways, this helps with fraud management. AI and machine learning, for example, can help risk management workflow by identifying patterns of behavior. They can also aid fraud management workflow efforts by streamlining various processes, freeing team members to work more effectively and efficiently.
At the same time, more automation can create problems for other aspects of risk and fraud management if they are not handled correctly. Automation often replaces many forms of person-to-person customer service. This can frustrate consumers, and it could create opportunities for fraudsters to work around automated customer service algorithms. Automated systems still need humans to supervise and manage them.
Types of Fraud Facing Financial Institutions
Financial service firms still face the same general categories of fraud that they have faced for decades, but the details have changed as technology has evolved. Various forms of identity theft, synthetic identities, and other sophisticated forms of fraud are increasing at alarming rates, creating challenges for fraud management workflow.
Account fraud can occur when fraudsters create a new account or take over an existing account with fraudulent intent.
- New account fraud: This type of fraud typically occurs within the first ninety days after the account is opened. A fraudster might use a stolen Social Security Number (SSN) and date of birth. If they open a bank account, they might deposit stolen or forged checks, and then quickly attempt to withdraw cash. They might run up the balance on a new credit card, then disappear without paying.
- Sleeper fraud: A fraudster uses stolen or falsified information to open a new credit card account. They make the minimum payment for some amount of time, making it appear to be a legitimate account. Eventually, they run the balance up to the credit limit, and are never heard from again.
- Account takeover: This occurs when a fraudster gains access to someone else’s account, then changes information associated with the account, such as the login name and password, to prevent the account’s rightful owner from accessing it. The fraudster then has complete control of the account, and can use it to make whatever transactions they want. This can occur through email hacking or other data breaches. If a fraudster can gain access to a person’s computer or mobile device, they might be able to take over multiple accounts at once.
Fraudsters can use parts of existing personal information to create a completely new and fraudulent identity. This synthetic identity might have valid information from multiple people, such as one person’s SSN and another person‘s state ID number. It can have a combination of real and fabricated information, or it can be entirely made-up. The Federal Reserve reported in July 2019 that synthetic identity fraud is the fastest-growing form of fraud in the U.S.
Business Email Compromise
The FBI calls business email compromise (BEC) “one of the most financially damaging online crimes.” This type of fraud often involves spoofing an email account, or using other means to make it look as though an email is coming from someone the recipient trusts. This could be an executive or other person with authority in the company, or it could be a customer or vendor that the recipient knows well.
BEC schemes often target specific employees who are likely to have access to sensitive or useful information. Fraudsters use social engineering techniques to manipulate the recipients into providing information, transferring money, or performing other actions with the belief that the requests are legitimate.
Transaction and payment fraud often involve stolen credit or other payment cards, as well as fraudulent disputes of legitimate transactions.
- Identity theft: Rather than create an entirely new account or identity, as with account fraud, identity theft usually involves stolen payment information, such as a credit or debit card, or other fraudulent access to another person’s financial account. Fraud management tools that use features like geolocation can help identify fraudulent transactions.
- Chargeback fraud: This occurs when a customer falsely disputes a charge. For example, a customer could claim that a package that they received was never delivered in order to obtain a refund. Delivery tracking systems can help resolve disputes with consumers and identify likely instances of chargeback fraud.
- Friendly fraud: This would be chargeback fraud, except it occurs without intent to defraud. A customer might not recognize a name on a credit card bill, or they might not remember making a charge. They might dispute a charge without realizing that a family member used their card for something.
A key concern in this area is distinguishing between legitimate consumer disputes and fraudulent disputes. Federal statutes like the Fair Debt Collection Practices Act regulate the use of collection agencies to handle consumer disputes over credit card charges. Third-party debt collectors add another layer of vendor management workflow for financial firms.
What Should Financial Institutions Do Differently to Get Ahead?
The challenge facing financial service firms is how to apply a consistent fraud management strategy in the face of ever-changing schemes by fraudsters. Automation can assist firms in streamlining investigations and decision-making processes. Training and education of staff are also essential, along with communication channels to share data both internally and with other involved parties.
Educate and Train Staff
Staying on top of the latest developments in fintech and fraud management is not just the job of executives and managers. A financial service firm’s staff needs training in the latest tools and techniques for preventing and fighting fraud. Employees in key areas like call centers are the top priority, but the problems facing the industry now require as much of an all-hands-on-deck approach as possible.
Almost any employee has the potential to be a fraud detector for the firm. Staff should know where a firm is vulnerable, and what activities could be indicators of fraud. In the past, this often involved individuals acting strangely while trying to open an account, apply for a loan, or deposit a check in person. This still happens, but as financial services move increasingly into the virtual world, the definition of “suspicious” has changed. Employees need to know how to identify what might be suspicious.
Training will vary from one firm to another, depending on the type of services they provide. A company that processes online payments might have different concerns than one that services loans. Employees need specific instruction on what fraud might look like for their firm. Each firm’s fraud management team needs to identify how best to communicate this to the staff.
Many firms put some employees in charge of customer service and others in charge of fraud investigations, with little to no communication between the two. Cross-training can make it easier for employees to contribute to a firm’s fraud management workflow.
Financial firms need clear internal procedures for reporting suspected fraud and managing fraud investigations. They also need to train their employees on how to use these procedures. There should be standard procedures for making reports, followed by guidelines for how to conduct investigations. The role of the reporting employee should be clearly outlined, so everyone involved in the process knows what is expected.
Education and training need to be ongoing processes. Automated financial fraud management systems can be very complex, and they require input from employees who understand how they work. A firm should conduct regular follow-up training, both to educate employees about new information and any changes to existing procedures and to monitor how consistently employees are following those procedures.
In an increasingly-digital world, data is the key to staying ahead of fraud. Every transaction and interaction with customers provides financial service firms with information that can help them provide better service and deal with fraud — either by preventing it altogether or streamlining the fraud management process. Financial firms should allow everyone with an interest in relevant data access to that data.
One way financial firms can do this is by facilitating communication between the departments or divisions that handle customer complaints or disputes, and the ones that investigate and manage fraud. This can be a difficult process, since firms want to provide good service to customers who have a complaint. As mentioned above, cross-training can help both parts of the firm, and information sharing can enable staff members to gain a greater understanding of customer behavior, including possible fraud.
The value of data sharing can extend beyond a financial firm’s own staff. An all-hands-on-deck approach could include vendors, customers, and other third parties in some cases. Customers want their transactions to be secure, and they can play a part in doing so. The same can be said for other parties that work with financial firms.
Learn More About NeuAnalytics' Fraud Management Solutions
A robust, holistic fraud management system can allow your firm to manage fraud reports and investigations efficiently and effectively. NeuAnalytics offers solutions for fraud management that help automate fraud case investigations, allowing you to get to resolutions faster. Contact NeuAnalytics today for more information about how an Integrated Support Platform can help your firm. You can also request a demo of our services.