Wipfli fraud specialists were recently called on to advise a financial institution that had wired — at its customer’s request — $250,000 to an account in China. An employee of the customer had been tricked into authorizing the payment. But once the mistake was uncovered, the customer felt their financial institution should have had extra layers of protection in place to prevent such a transaction.
This incident is just one example of the kinds of fraud financial institutions are up against:
- Fraud in which the financial institution is the victim
- Fraud in which the customer is the victim but believes the financial institution bears some responsibility for not having caught or prevented it
It probably won’t come as a surprise that fraud is trending upward. What may surprise you, however, is just how much it’s jumped since the start of the COVID-19 pandemic. Worse yet, fraud attempts are getting more successful.
Here we breakdown some key findings from the annual LexisNexis Risk Solutions 2020 True Cost of Fraud: Financial Services and Lending study. We look at what those trends mean for banks and credit unions — and the actions you can take today.
Successful fraud attacks increase
The average volume of monthly fraud attacks increased 15% for U.S. financial institutions year over year, while the average number of successful monthly fraud attempts increased 43%.
Fraudsters are getting smarter, and their tricks are becoming increasingly difficult to detect and prevent. We continue to see cases in which legitimate customer accounts are being taken over and then used to perpetrate fraud. In these situations, it’s a challenge for financial institutions to recognize they’re not working with a legitimate customer.
The COVID-19 effect
Small U.S. financial firms had, on average, 38% more fraud attempts per month than those surveyed before COVID-19 shutdowns in March 2020. Mid-to-large U.S. financial services firms had on average 20% more fraud attempts per month.
The pandemic has accelerated a shift to different solutions (e.g., digital versus retail transactions, etc.). You’ve probably changed the way you do business to adapt to the COVID world. Now it’s time to make sure your controls have evolved, too.
How are you verifying customer identities in a mobile environment? How can you be sure your customer actually signed that document? Controls designed for an in-person business model are going to have potential gaps in a digital environment that should be identified, and you should modify controls as necessary.
Cost of fraud prevention is up
LexisNexis calculations suggest that costs related to fraud (e.g., increase in internal labor and external support to detect, investigate and recover losses) have gone up as well in 2020, at least partially due to the pandemic. Financial services and lending companies now pay an average of $3.78 for every dollar lost to fraud, up from $3.35 in 2019.
Identity fraud remains a top driver of fraud losses. Account-based fraud was the leading kind of identity fraud activity, with an increase in fraudulent new accounts. This could be due to an increase in cell phone account fraud, which can involve hacking the customer’s mobile account or stealing/porting their phone number to open accounts, apply for credit cards and access bank accounts.
Synthetic identity fraud is also on the rise; it represents 20% of losses this year for mid- to large-sized firms. Synthetic identity fraud is when the criminal combines real and fake information to create a new identity. Fraudsters, for example, will steal social security numbers but combine that with false names, addresses and date of birth.
Fraudsters may even open accounts and use them responsibly for a period of time in order to build up a good credit history. When they start to default on their account, they appear to be a real person experiencing financial problems — not a criminal who immediately racks up fraudulent charges.
Balancing fraud prevention and customer friction
Financial services firms are challenged to distinguish legitimate customers from malicious fraudsters — without putting in so many controls that customers get frustrated. There’s always this balance to monitor between tightening controls and the customer experience.
As a financial firm, however, your customers expect you will be taking extra steps to identify fraudulent transactions. Your customers may have a higher tolerance for controls than you realize.
Ongoing customer education can be key to building that tolerance. Increasingly, customers understand the importance of security and are willing to adopt security measures.
On the flip side, communication can also help customers understand the limits of your fraud detection efforts. Your customers may have erroneous beliefs about what your controls are and what you are able to detect. For example, maybe they assume that because they don’t regularly request international wire transfers, your institution would question that. Banks and credit unions should be talking to their end-user customers about what controls are available, as well as which controls are currently in place and which aren’t.
How Wipfli can help
Wipfli offers internal audit and fraud and forensic services. Find out if your control environment is operating the way you think it is. If you have gaps, our internal audit team can help you set up the right procedures and controls so you can minimize your organization’s risk.
And if fraud does occur, we have fraud and forensic professionals who can help you understand what happened — so you can pursue the fraudsters, potentially recover funds and/or update practices to reduce the chance it will happen again.
Scams financial institutions should watch for during COVID-19
Managing the new normal of cyber resiliency for financial institutions
Preventing scams in financial institutions