“Spam Risk” may have shown up on your phone more times than you can count this year. And you’re probably tired of receiving emails from regal-sounding senders asking for your help recovering massive amounts of cash from overseas banks. Fraudsters are just as often going straight to financial institutions with increasingly sophisticated attacks.
Whether you’ve seen headlines about the rise of fraud in 2020 or not, you probably could have reached that conclusion. For an idea of the magnitude, there were twice as many attacks in the first half of 2020 – 1.1 billion – compared to the second half of 2019.
From stealing stimulus checks to opening bank accounts using synthetic identities that combine real and fake data, fraudsters are robbing millions of dollars from businesses and consumers every year. According to the Federal Trade Commission, Americans have already lost more than $200 million to COVID-19-related fraud.
Financial services companies of all sizes, with the help FinTechs, can fight back. Prevention has a much greater chance of being successful than recovery once the damage is done.
One of the most overlooked fraud mitigation strategies is utilizing financial product servicing channels for detection and prevention. Today’s technology can analyze large amounts of data in real-time to identify fraud, report it and automatically establish countermeasures to prevent it.
Here are three steps that can save banks, credit unions, credit card and payment companies, and their customers a fortune:
1. Add customer behavior tracking to all self-service channel applications
Fraudsters are relentless, and they’ve found that there is opportunity to launch their attacks discretely via customer service channels. However, financial institutions that focus on fraud can begin to identify suspicious activity by first collecting customer behavior data from their servicing applications. The behavior of users should be monitored in all channels – voice (including the IVR), web, mobile and text.
2. Aggregate and analyze customer self-service behavior across all channels for fraud detection
Fraudsters often perform their account number and card number probes (the modern-day equivalent of “casing the joint”) using one channel, then move to another channel to “break in,” that is, perform the fraud. Financial institutions that aggregate behavior data across servicing channels can begin to detect anomalies and patterns that, at a minimum, indicate “pre-fraud” activities. Even better is a single, omnichannel reporting system that can consume data across all channels.
3. Add automatic fraud detection and prevention functions to all servicing applications
Lastly, implement a system that continually monitors all channel data for red flags and that automatically responds with fraud prevention actions. For example, steps one and two above should be able to collect the data that show IP address X and automatic number identification (ANI) Y have inquired about card number Z 15 times in the last 24 hours. Step three would then automatically identify this activity and block the IP address and ANI or alternatively route the user to a fraud page or fraud queue.
Fraud detection and prevention actions that are automatically generated 24 hours a day, 7 days a week enable organizations to quickly and economically make decisions about how to handle each suspected or confirmed fraudster based on detailed interaction records. A rules-based system allows protective actions to be triggered when user behavior within customer service channels raises a red flag (according to the system’s custom rules) in order to thwart attacks. Depending on the automatically assessed risk level:
- A user or caller could be required to provide additional identity verification
- High-risk functions such as funds transfers or PIN changes could be turned off within the channel
- The user could be routed to a fraud queue or page (a probable fraudster, for example, could be automatically routed to a bank’s risk management department if he tries to activate a card)
- A caller could be blocked at the firewall and/or the carrier
- The suspected fraudster could be sent to a “honeypot” that is designed to attract and collect information about how the bad guys operate
Fraud mitigation is far more cost-effective than abatement, thanks to the products offered by today’s FinTech companies. Regardless of size, financial services companies don’t have to be sitting ducks, just because they don’t have IT staff or a big budget for R&D and compliance. They can partner with FinTechs to leverage technology that gives them a strong defense in a war that never ends.