Banks, like other financial institutions, need to do all they can to detect and prevent fraudulent activity to protect not only their customers but the organization as well. To do this effectively, banks need to have a clear system for addressing suspicious activity, with a dedicated staff of investigators.
Most importantly, fraud investigations are a major part of how banks effectively manage and mitigate fraudulent threats. It allows them not only to detect instances that have occurred but also allows them to understand what attacks they face, as well as adapt their fraud detection and prevention systems to better identify—and stop—these threats.
To help banks understand how to perfect fraud investigations for the best results, we cover the following:
Let’s start by looking at what a fraud investigation is in the context of banking, and then we’ll dive into how they work and the main steps of the investigation process.
A bank fraud investigation is an internal process conducted by the bank that is designed to determine if a fraudulent claim—or suspicious activity—is fraudulent or not. The purpose is to identify and understand the fraud threats the bank is facing, as well as determine strategies for prevention.
The bank uses this investigation to determine the next steps to address the instances of fraud. This means finding out whether fraud has, in fact, occurred, who committed the fraud, how the fraud was committed, and how to defend against further instances of this type of fraud in the future.
The bank is either alerted of potential fraud from a customer that has been victimized or from an alert on their fraud detection system. Typically, the bank has a team of investigators responsible for investigating suspicious activity that comes up.
At a high-level, it involves detecting instances of potential fraud and escalating these cases to investigators who can determine whether it was fraud and, ideally, what type of fraud has occurred and how. Finally, the bank will take action on the case, by reimbursing the client, charging the merchant, or pursuing the fraudster to recover losses.
Who Investigates Bank Fraud?
First and foremost, bank fraud investigations are the responsibility of the bank itself. The bank investigates fraud claims and suspicious activity and then determines if the suspicious activity amounts to fraud. From there, the bank will submit a Suspicious Activity Report (SAR), which will be escalated to the proper legal authority.
From there, the legal authority that further investigates fraud is based heavily on the relevant jurisdiction. In the US, jurisdiction is extremely important for reporting suspicious activity and bringing charges against the potential fraudster. This can involve state or federal law enforcement agencies, ranging from local police departments all the way up to the Federal Bureau of Investigation (FBI).
How Long Does a Bank Have to Investigate Fraud?
In the United States, banks have 10 business days to investigate fraud after a customer makes a claim. If the bank hasn’t made a determination by this point, they need to credit the customer while they continue to investigate temporarily.
If the bank detects the suspicious activity themselves, they aren’t held to this limitation. They do still need to meet SAR requirements—which dictates that reports need to be filed within 30 days of identifying the suspicious activity.
However, the longer an investigation takes, the more it costs the bank—and the longer they remain exposed to these fraudulent attacks. Long investigations drain resources and increase the total cost for the bank. Even worse, without identifying how the fraudster got away with this, they cannot implement detection and prevention strategies to stop these fraud attacks from recurring.
The faster banks can investigate cases, the lower their overall costs. They can free up investigators' time, allowing them to get to other cases. Teams can also use this information to inform their fraud detection and prevention strategies to better identify and stop the same attacks in the future.
How Long Does a Bank Fraud Investigation Take?
The length of fraud investigations can vary greatly based on the individual case—the type of fraud attack and the unique circumstances of the case itself drastically affect the time needed to investigate a fraud case effectively. Generally, the more complex the fraud, the more complex the investigation. Simple instances may be completed in a couple of days, whereas cases involving fraud rings could take months to investigate.
Limitations on how long financial institutions have to investigate cases and their desire to close cases quickly help keep investigation times short. As stated above, anything banks can do to optimize and speed up their investigation times will save them expenses and improve their ability to stop future instances of fraud, so it’s in their best interest to keep investigations as short as possible.
In the most basic sense, the bank fraud investigation process is relatively straightforward. The bank is alerted of suspicious activity through either the bank’s detection system or from fraud claims from customers. They then collect all the information they have before conducting a thorough investigation. They then review all the details and make a decision on the case before taking action.
Below, we cover the main steps of the bank fraud investigation process in detail.
Step 1: The Bank is Alerted of Potential Fraud
Technically, the investigation starts when potential fraud is identified. This is often done in one of two ways. Either the bank receives a claim of potential fraud from a customer that has been victimized, or the bank identifies suspicious activity through their fraud detection system.
From here, the case needs to be escalated to investigators and then prioritized based on the level of importance. Alert Scoring and Case Management systems can greatly help with streamlining this process. Alerts will be flagged for review, prioritized based on severity, and then streamlined into investigators’ workflows—shortening the time between alert and investigation. Fraud detection systems ensure that suspicious activity—even when customers don’t report it—doesn’t go missed. This will empower banks to minimize threats and manage them more effectively when they do pop up.
Step 2: The Bank Investigates the Activity to Determine if It’s Fraud or Not
Once cases are escalated to investigators, the actual investigations start. First, they need to determine if the suspicious activity amounts to fraud or not.
At this stage, the bank will analyze any relevant transactions and (if possible) behavior. They will collect the basic information at their disposal, such as the transaction value, where the transaction took place, who was involved, and which account was used. They may request additional information from the person that submitted the fraud claim—if that’s how the suspicious activity was identified.
But they may use additional information to understand user behavior and identify how fraud occurred, including analyzing IP address information, details about where the transaction was conducted, and more. Any additional information they can gather about the user behavior—or any behavior related to the transaction—can provide information that may help them identify and understand the suspicious activity.
If the bank finds suspicious activity to be fraudulent, the more information they have, the more they can do to identify cases in the future and develop strategies for prevention. Data monitoring solutions allow teams to analyze user behavior—such as logins, account changes, and more—so banks can predict potential fraud before it occurs.
Step 3: Make a Determination on the Case and Liability
After fully investigating the case and all its circumstances, the bank should be ready to make a determination on liability—and will determine how they’ll handle the case.
A major part of this is determining where liability lies—Was this a merchant error? Was this third-party fraud? Did the fraud detection system falsely flag legitimate activity? Did the customer file a false report?
Essentially, the bank needs to determine who is responsible and where liability lies to take the appropriate action moving forward—including who assumes the cost, who they report on, and who they charge for the fraud.
Step 4: Take Action on the Case
Once the bank has determined whether or not the activity was fraudulent and decided who is liable, they are typically ready to take action on the case. This could involve stopping the transaction (if possible), banning the fraudster, or reimbursing the customer for their losses.
There are a few different things that the bank can do. In some cases, more than one of these will apply. For example, the bank could reimburse the customer and still attempt to recover the losses from the merchant or fraudster.
In general, the bank can do any of the following:
1. Reimburse the customer
If the customer lost funds from the fraud (and the bank has determined they aren’t responsible or involved), the bank will likely reimburse the customer. Typically, this would involve the bank absorbing the costs themselves or pursuing legal action against the fraudster to recoup their losses.
According to the Fair Credit Billing Act, the cardholder can only be held liable for $50 in the event of fraud on their account—assuming they aren’t involved or they didn’t enable the fraud with poor account security. But in many cases, the bank will absorb this cost themselves rather than force their customers to pay. This is entirely at the bank's discretion, but most banks will cover these costs to maintain a high quality of customer service and user experience.
2. Not reimburse the customer
In rare cases, the bank may choose not to reimburse the customer. This typically only occurs if the bank has concluded—or strongly suspects—that the customer was somehow involved in the suspicious activity or is somehow at fault for it occurring. This could have happened if the customer filed a false report, participated in the alleged fraud, or somehow compromised their account’s security.
At this point, the customer would have to pursue the fraudster legally themselves to recoup their losses.
3. Absorb the costs
Banks absorb the costs for a number of reasons. Typically, it boils down to keeping customers happy and maintaining—or earning—their loyalty. It could be that the incident is not worth escalating or investigating, as the costs will be too high compared to the cost of the fraud. This should only be the case for one-off cases, as many types of fraud can be repeated and would want to be addressed.
4. Charge the merchant
If the bank determines the merchant is liable, the bank will credit the customer and seek to recover the losses directly from the merchant. This may involve charging them a chargeback fee or even requesting a larger portion of the lost amount.
5. Pursue legal action against the fraudster
Rather than absorb the costs of the fraud, the bank may choose to pursue legal action against the fraudster to recover these losses. This often requires some legal action on behalf of the bank, which can be costly. Whether this is worth pursuing will depend on the legal costs of pursuing the fraudster.
This is another reason why improving future fraud detection and prevention strategies is so important, it’s a much more effective and costly way of mitigating future fraud losses.
Step 5: Update Fraud Detection and Prevention Systems
Now that you’ve detected the fraud and determined what type of fraud attack it was, how the fraudster carried it out, and the impact it had on your business, you want to make sure to use this information to prevent further cases from happening.
Banks must integrate this knowledge into their fraud detection and prevention strategy and change their systems to accommodate this new information. This will allow you to close loopholes that expose your bank to fraud, allowing you to identify more fraud cases and prevent them from happening in the future.
Step 6: Submit a Suspicious Activity Report
In an effort to curb money laundering, terrorism financing, and other financial crimes, financial institutions are required to submit Suspicious Activity Reports (SARs) to report suspicious activity to the authorities. This ensures these criminals are investigated and held accountable for their actions, as law enforcement will pursue these incidents accordingly.
These are required to be submitted within 30 days of when the suspicious activity was discovered, although extensions can sometimes be granted for specific circumstances. Having a solution that helps with SAR reporting ensures that these reports are completed properly and filed in a timely manner. They can even streamline the SAR filing process, saving teams valuable time and resources—which can be invested in other, more important tasks.
Optimize Banking Fraud Investigations with Unit21
Bank fraud investigations are a constant trade-off between the potential fraud losses that are saved and the time and resources invested in the investigation. It’s important to remember that even low-value fraud can add up if it’s repeated, so investigating cases and investing resources into strategies and systems for detecting and preventing these attempts in the future can be a great allocation of resources. Without stopping fraud, it will persist.
Case Management software is ideal for helping teams manage investigations, including prioritizing and managing workloads. With the right tool, teams can optimize and streamline their process by having cases escalated to the right investigator. Alert scoring systems are also great for prioritizing the cases that truly matter most to the bank, allowing the biggest threats to be investigated first.
Tools like Transaction Monitoring can actually help mitigate the need for investigations altogether. With proper transaction and data monitoring signals at their disposal, risk and compliance teams can actually monitor for indicators of potential fraud before it occurs, allowing them to stop it before it happens—and avoid fraud investigations altogether.
Schedule a demo today to learn more about how Unit21 can help improve your fraud investigation times and optimize performance.