If someone’s looking to steal money, it makes sense to target the institutions that manage and safeguard it — banks. However, it’s becoming less and less common to rob a physical bank branch directly. These days, many thieves use tricks to try to scam banks (and their customers) out of money without them noticing. Doing so is a crime called bank fraud.
This guide will explain what bank fraud is, including some of the many different ways criminals attempt to commit banking fraud. It will also include strategies for detecting bank fraud to limit the amount of damage it does, as well as ways to prevent bank fraud from happening in the first place.
We’ll start with this question: what is fraud in banking, from both a general and a legal perspective?
Bank fraud is the use of deceptive (and often illegal) methods to steal money, property, or other assets owned by a financial institution. It can also refer to impersonating a financial institution (or a representative of one) to steal money, property, or other assets from its clients.
Bank Fraud: A Legal Definition
The legal definition of bank fraud in the US involves gaining money, funds, credits, assets, securities, or other property owned by a financial institution – or under its custody (i.e. belonging to its clients) – through false pretenses, presentations, or promises.
Under this definition, key elements of bank fraud are “schemes” or “artifices” — deceptive tricks meant to make it look like a fraudster isn’t doing anything wrong. This differentiates bank fraud from robbery or theft, where the perpetrator is directly stealing and usually isn’t trying to cover up the fact that what they’re doing is a crime.
Fraudsters are looking to do one thing — acquire money. Unfortunately for banks and financial institutions, they are a prime target, with fraudsters regularly devising new strategies to scam banks out of cash.
There are many different types of fraud in banking. Here are a few of the most notable examples.
Account Takeover Fraud
Account Takeover (ATO) fraud involves a fraudster gaining control of a bank customer’s account. They may use social or technical tricks to fool the customer into revealing their banking credentials, or sometimes buy these details from the black market. They may also use hacking techniques to try and guess a customer’s username and password combination, or get this information by exploiting a financial institution’s security vulnerabilities.
Once in control of a bank customer’s account, a fraudster can transfer their funds to another account, make fraudulent purchases, or open new accounts to spend money the victim doesn’t actually have.
New Account Fraud
New account fraud involves a fraudster opening a new bank account under a false identity. They may impersonate a legitimate customer, or create a synthetic identity from a combination of stolen and made-up ID credentials. They may also use technological tricks such as image editing software or deepfakes to bypass KYC processes. They may even spoof their internet configuration to appear as if they’re operating from a location that doesn’t arouse suspicion.
New account fraud is also a common tactic used in money laundering. A variant of this is money muling, where criminals will hire a person to set up a legitimate bank account for the sole purpose of laundering money. Either way, the goals for fraudsters are either to spend money they don’t actually have, or to move ill-gotten money through seemingly legitimate channels.
Wire Transfer Fraud
Wire fraud involves a criminal sending someone a legitimate-looking request to transfer money to their bank account. To create the ruse, the criminal will pretend to be a trusted party, such as a friend, family member, or parcel delivery service. They also tend to use language intended to frighten the target and get them to act urgently, instead of thinking things through.
These transactions are very difficult to reverse. To make matters worse, some fraudsters have started creating companies that falsely claim they can get victims’ money back. Instead, these companies simply defraud the victims of even more money.
There are many ways criminals can use automated telling machines (ATMs) to commit fraud. They may covertly install “skimmer” devices to copy legitimate customers’ bank card information. Or they may reprogram a machine to steal banking information or illegally redirect deposited funds. Sometimes they may simply claim to be depositing funds to an account, but insert an empty envelope into the machine instead.
Bill Discounting Fraud
This type of bank fraud is rare, as it usually requires a fraud ring to pull off. It involves a fraudster posing as a company that’s a legitimate client of a bank, and regularly billing its customers through the bank. Unfortunately, these customers are part of the fraud ring, and will pay these bills simply to make the fraudster look trustworthy.
Eventually, the fraudster will start asking the bank to pay it in advance before collecting bills from its clients. The fake clients will keep complying for a time to help the fraudster continue to build trust with the bank. Eventually, though, the fraudster will get a large enough amount of money in advance from the bank that they’ll disappear along with their fake client accomplices. This leaves nobody to pay back the money owed to the bank.
Debit and Credit Card Fraud
Payment cards, such as credit and debit cards, are also common instruments of bank fraud. Sometimes they will be directly stolen and used to make fraudulent purchases in the victim’s name, or to make unauthorized money withdrawals from the victim’s bank account.
Other times, criminals will memorize or copy payment card information. There are several ways they can do this, from looking over people’s shoulders to installing copying machines at points of transactions. Then they can transfer the information to counterfeit cards to use themselves — or sell it on the black market.
Fraud involving identity theft happens when a criminal steals facets of a person’s identifying information in order to impersonate that individual. They may sometimes also combine bits of stolen and made-up identification information to create a synthetic identity. Then they use this fake persona to make purchases and other fraudulent transactions, while the one footing the bill is an unsuspecting victim or a person who doesn’t actually exist.
This is often accomplished through “phishing”: impersonation or other deceptive practices meant to trick people into divulging their identity information. Fraudsters can use fake emails, websites, text messages, and even voicemail messages for phishing. Their goal is to either psychologically manipulate or pressure victims into giving up their identity information, or to steal this information by using malicious programs.
Bank Draft and Check Fraud
Bank drafts and checks can be additional avenues for bank fraud. Criminals may attempt to alter checks by changing their value or the payee’s name, or create counterfeit checks by forging signatures of legitimate customers. Bank insiders can help with these processes, or even create fake demand drafts that they then authorize and cash out at different banks or branches.
Another form of check fraud is check kiting — writing a check greater than the amount of funds in a bank account, depositing the check in another account, and then withdrawing the balance as cash to pay for the check before the bank discovers the check was invalid. Checks can also be used in advance fee fraud, where a fraudster uses a fake check to overpay for a product or service, then gets the victim to pay back the difference before the check is discovered to be fake.
Accounting fraud involves a person or company creating or manipulating bookkeeping records that intentionally misrepresent their assets or income for financial gain. An example is a business applying for a loan, but falsely claiming it’s more profitable than it really is so the bank will trust it. Or a company could publicly inflate its net worth in an effort to attract more investors.
A variation of this is rogue trading. This is where financial institution employees use their company’s money to conduct unauthorized trades. Then, they often manipulate bookkeeping records to make their activities look more profitable for their company than they may actually be.
Some rogue traders do this to enrich themselves at their company’s expense. Others are trying to unilaterally make up for past bad trades in order to salvage their reputation within their company.
With so many types of bank fraud available to criminals, there are a lot of angles to cover when it comes to fraud detection in banking. Fortunately for risk professionals, fraud generally targets two things — assets, or the credentials required to access them.
Knowing this, a financial institution can monitor points where these two things are exchanged to catch fraud. Here are some strategies for doing so.
Monitor Employees and Conduct Internal Audits
A high percentage of bank fraud is perpetrated either by employees inside financial institutions, or outside actors who have the help of bank insiders. So it’s important for FIs to check in on activities inside their operations to see if anything is out of place, or if certain employees are acting unusually.
Monitor Customer Transactions
Of course, it’s important for a financial institution to keep tabs on how its customers are using its services. Rule-based systems based on risk and compliance standards should be able to catch most types of fraud.
Use Predictive Behavioral Analytics
Financial institutions can tell what “business as usual” looks like for their customers based on their transaction records. So these records can be compared against a customer’s present financial activity to determine whether it’s suspicious or not.
Leverage Machine Learning for Advanced Fraud Detection Applications
Machine learning opens up powerful new bank fraud detection techniques. For example, black-box models are useful for picking up on unrecognized patterns and other unusual data points to detect new, sophisticated forms of fraud.
Meanwhile, white-box models are good for tweaking parameters to fit a financial institution’s historical data and use cases. This offers the possibility of applications such as Unit21’s Alert Scoring — weighing the outcomes of an FI’s fraud alerts to determine the likelihood that a future alert will be a true positive.
Investigate Suspicious Activity to Determine if it’s Fraud, Then Act
Not all unusual financial activity is necessarily fraud or some other crime. That’s why it’s sometimes necessary to manually review alerts in order to find out if they actually constitute fraud. This involves reviewing initial evidence to look at a transaction’s risk profile, including who’s involved in it, what’s impacted, and whether or not the alert is coming from a credible source.
While it’s good to be able to detect bank fraud and mitigate the damage it does, most financial institutions would rather avoid it happening in the first place. Below, we outline methods for how to prevent online banking fraud and other types of bank fraud.
Properly Onboard Customers and Employees
Financial institutions need to have adequate KYC and KYB controls in place when bringing on new clients, whether they’re individuals or businesses. KYE controls when hiring are necessary as well, as a significant percentage of bank fraud is facilitated — or even perpetrated — by corrupt FI employees.
That means verifying their identities (including a business’s beneficial owners), as well as checking sanctions lists and negative media coverage to develop risk profiles for them. This provides a level of fraud prevention and control in the banking system by allowing a financial institution to reject customers or employees who present too much risk.
Educate Customers and Employees on the Dangers of Fraud
Even if a financial institution weeds out prospective clients and employees who are likely to commit fraud, it can still be vulnerable if existing clients and employees get defrauded. That’s why it’s important to teach both customers and FI workers how to spot fraud attempts, and to secure their systems to block off potential avenues for fraud.
Important things to teach customers and employees how to do include:
- Update computer security software
- Identify a secure web page to input personal information on
- Create strong account passwords
- Recognize official communication from a business
- Avoid giving out personal information over certain communication channels
- Securely dispose of unneeded sensitive documents
- Regularly review credit reports
- Report suspicious activity or lost/stolen credential documents immediately
Deploy User Authentication Systems
Just because a financial institution’s customer or employee is onboarded with no problems doesn’t mean someone else couldn’t simply pretend to be them in order to commit fraud. So authentication tools are necessary to ensure a person or entity involved in a transaction is the same one who signed on initially.
Many different types of authentication can be used beyond simple username and password combinations. These include knowledge-based authentication, one-time passcodes, biometric authentication, ID documentation, or any combination of these as multi-factor authentication.
Use Payment Authentication Systems to Catch Non-Identity-Related Fraud
Even when everyone involved in a transaction is who they say they are, there are still tricks people can pull to commit fraud. They can spend money they don’t have, spend the same money in multiple places at once, or complete the transaction and then dispute it to get their money back (chargeback fraud). That’s why payment authentication systems such as the Address Verification Service or Card Purchase Authorization are helpful to have.
Monitor Activities and Events, Not Just Transactions
Studying the tactics, techniques, and procedures of bank fraudsters can provide a way to pre-empt them. This is because many forms of fraud follow certain patterns of activity, including preparatory research on things like a company’s security vulnerabilities and key personnel to target.
That’s why Unit21 offers a Data Monitoring platform that doesn’t just evaluate transactions for fraud at the point at which they happen. It also considers contextual activities that may indicate a transaction is more or less likely to be fraudulent. This aids banking fraud prevention by not only reducing false positives but also stopping patterns of activity that lead to fraud before a fraudulent transaction ever takes place.
Even small cases of bank fraud can turn into major financial scandals if proper controls are not put in place or used. To illustrate, here are several modern cases of bank fraud that involved large companies and resulted in huge losses.
The Enron scandal in the late 1990s and early 2000s is probably one of the most famous recent bank fraud cases in the US. It involved the Houston, Texas, energy company’s senior management using shady accounting techniques to attract investors by making the company appear much more profitable than it was. These included manipulating how the company’s prices were calculated and creating offshore shell corporations to hide the company’s debts.
The company went bankrupt in 2001, and many of its executives — as well as those from Arthur Andersen, its accounting firm — were arrested. The fraud is estimated to have caused around $74 billion US in losses. In response to the scandal, the US government passed the Sarbanes-Oxley Act in mid-2002 to introduce tighter controls and greater transparency in corporate accounting and auditing.
Another of the most famous bank fraud cases in the US is that of Bernie Madoff. He began in the 1960s with a legitimate investment firm, but somewhere along the way, he turned to fraud. He began using money from new investors to pay previous ones, creating the illusion that his company’s hedge funds provided steady returns with low risk.
This is known as a Ponzi scheme, and Madoff’s company became the biggest one in history by the time it collapsed in 2009. Over 13,000 investors — many of them wealthy fund managers — lost a combined total of around $65 billion US. For his part, Madoff was arrested, convicted of 11 federal felonies, and sentenced to 150 years in prison. He died in prison in 2021.
1Malaysia Development Berhad
1MDB was a state-owned investment fund created by former Malaysian Prime Minister Najib Razak in 2009. Its original purpose was to invest in ESG initiatives and other projects to boost Malaysia’s economy. In 2015, however, it was revealed that the company’s funds were being laundered through shell companies and offshore bank accounts to fund lavish lifestyles for certain individuals — including Razak and his family members. The amount of embezzled money is currently estimated to be about $4.5 billion US.
The scandal involved corrupt government officials, financial employees, businesspeople, and others from several different countries. Notable US financial institutions and entities in countries such as Saudi Arabia, the United Arab Emirates, Singapore, and Switzerland were heavily implicated in the fraud. As of this writing, investigations into the scandal — and attempts to recover money from it — are still ongoing.
Make Unit21 Your Bank Fraud Prevention Software of Choice
Dealing with bank fraud requires having the right systems to prevent as much of it from happening as possible, as well as the right tools to respond quickly and limit damage if it does happen.
Unit21 provides both with our Onboarding Orchestration and Transaction Monitoring solutions. Our no-code risk & compliance infrastructure makes it easy for fraud teams to screen clients, employees, and their activities to proactively identify and act on any potential fraud risks before they become a problem.
Book a demo with us to learn more about how we can help you stop bank fraud.