The banking industry faces many day-to-day business challenges, including competition with digitally native FinTechs and the ubiquitous social distancing restrictions brought on by the pandemic. Financial institutions (FIs) around the world are confronting these issues with numerous digital implementations, as 85 percent of banks are offering some form of digital account opening, for example. Banks’ use of such innovations is predicted to expand, too, with 60 percent of FIs saying they aim to gain customers and improve customer experiences using digital channels.
This increased digital presence also brings a greater risk of digital fraud, however. Some schemes that are impractical to wage in person are simpler to perpetrate online because of a decreased security presence, the anonymity of transactions and fraudsters’ abilities to stage hundreds of attacks simultaneously. Banks have reported myriad fraud threats over the past year, including various forms of identity fraud and bot activity, and are working overtime to develop countermeasures.
The following Deep Dive examines the threats facing digital-first banks deploying new technologies, as well as the methods and techniques FIs are using to minimize fraud and cybercrime.
The Fraud Threats Facing Digital-First Banks
Banks must confront numerous fraud threats when they operate digitally, and some of the most pervasive are forms of identity fraud. A recent study found that stolen identities were the top fraud source for FIs that experienced account-opening fraud over the past year, at 55 percent. Synthetic identity fraud, in which fraudsters cobble together pieces of legitimate details to create fictitious identities, came in second at 44 percent.
Fraudsters leverage these false identities to apply for loans, open bank accounts to launder money or launch other scams, but the specifics of the schemes differ considerably. Some cybercriminals steal other individuals’ identities, while others construct new ones for synthetic identity fraud. Banks targeted by the latter type of fraud have no identity theft victims to notify that fraudulent applications have been made in their names, making these FIs reliant on their own security systems to catch these schemes. The Federal Reserve determined that synthetic identity fraud costs FIs $6 billion annually, with each incident costing lenders between $10 and $15,000.
Bot activity is the third major threat banks faced in 2020. This type of fraud is often deployed in tandem with various forms of identity fraud, with bad actors typically tapping bot networks to test stolen credentials en masse. One study found that the use of malicious botnets to register false accounts increased by more than 70 percent in Q3 2019, for example.
Digital fraud’s scope is hard to overstate, yet banks are deploying emerging technologies to minimize its impact. Most of these tools provide greater scrutiny when customers create accounts, leveraging biometrics to stop cybercriminals armed with stolen or synthetic identities.
How Authentication Prevents Fraud
Lackluster customer onboarding authentication is one of the weakest points in most banks’ anti-fraud security systems. Password-based measures are especially problematic, as fraudsters can steal customers’ credentials from data breaches — including those that targeted different entities or businesses than those they wish to defraud. Customers often fail to practice proper hygiene when it comes to passwords: Only 40 percent of bank customers in the U.K. utilize unique passwords for each of their accounts, for example. This means fraudsters who manage to hijack just one of these customers’ accounts can access others with ease.
Bank customers are paying more attention to security best practices, but banks can also solve many of these issues by adopting biometric protocols that are almost impossible for fraudsters to fake. Customers are largely receptive to these security methods, as surveys find that 71 percent of bank customers are willing to provide this data to their FIs. Forty percent are willing to use fingerprint-based biometric solutions to authenticate themselves on banking apps, while one-quarter preferred facial recognition technology. Some methods analyze behavioral biometrics like typing patterns, and 70 percent of customers support such solutions.
Biometric-based methods’ effectiveness varies, but all provide better security than simple passwords. Banks that choose any number of these biometric techniques to protect their operations and customers’ identities are taking an important step toward safeguarding the digital-first banking innovations that will become industry-standard in the months and years ahead.