Financial fraud is an old business.
Did you know the first recorded fraud occurred in Ancient Greece when shifty sea merchants Xenothemis and Hegestratos tried to commit fraud by deliberately sinking their insured boat? (Hegestratos unsuccessfully drowned in the attempt).
However, today's Information Age fraud is much more sophisticated and less prone to water hazards...
But many fraud scams still employ the same strategies tested and perfected by scammers throughout the centuries.
The ability to detect and prevent instances of fraud has never been more critical for financial organizations of all kinds.
Fraudulent activity drains the financial accounts of millions each year. Last year's consumer fraud cost $5.8 billion in the U.S. alone, a staggering 70% increase from 2020.
How do you protect your company and your customers? With bad actors constantly adapting to new security measures and outwitting even the most well thought out internal controls, comprehensive fraud prevention can seem cost-prohibitive and ineffective.
Fortunately, this guide covers all of the essential topics required for your organization to make informed decisions about fraud detection and prevention for a future-proofed program.
Keep reading for a comprehensive rundown on how fraud impacts today’s financial organizations, the main types of fraud to look out for, and best practices for keeping customers safe from these financial attacks.
How Fraud Impacts Today's Financial Organizations
Fraud not only undermines all facets of society, from individual households to national security interests, but it is also exceptionally damaging to financial organizations. Instances of fraud can result in:
- Widespread financial loss
- Loss of trust and confidence in their services
- Government investigations and punitive actions
Loss of Revenue
Banking institutions worldwide lose an estimated 5% of revenue to fraud per year. Fraud costs are quickly outstripping spending on fraud monitoring and prevention solutions.
The true cost of fraud has accelerated, according to recent reports. Each dollar lost to fraud now costs financial companies $4.00, a 27% increase from 2019.
These costs include:
- The lost transaction values
- Fees and interest during processing
- Chargeback costs
- Investigation and recovery expenses
- Fines and other legal fees
This means if a customer is defrauded out of $800, the actual cost to their bank is now a substantial $3,200. Multiply that by thousands or even millions of customers, and even small-scale fraud schemes become a large-scale issue.
Loss of Reputation
Most people wouldn't feel safe with their life savings stuffed under their mattress or their money invested in a company that gets robbed easily. Banks are for protecting finances and assets. Loss of reputation leads directly to a decline in customer and investor confidence.
A financial organization's reputational risk management should include financial fraud prevention. A University of Oxford study in 2018 found reputational damage was just as costly as government fines, mainly when it affected stock prices.
If fraud investigations uncover systematic security lapses or corruption, a financial institution can also lose lucrative business relationships. This includes third-party vendors, suppliers, and contractors.
Loss of Customers
Consistent research has shown that customer retention has been crucial for revenue throughout the decades. Customer and bank relationships rely on a high degree of trust from both sides.
A bank can't gamble on too many customers losing their paychecks, mortgages, or life savings to fraud. Yet, according to FICO, over 1 in 4 Americans reported they would switch banks if they were unsatisfied with their current bank's fraud response.
This means banks lose doubly with fraud: either they reimburse the lost funds or lose over a quarter of their customer base.
Banks have the additional task of making fraud detection as frictionless as possible. Any business with too much disruption, including banks, neobanks, fintechs, and more, will ultimately fail as customers increasingly choose more convenient alternatives.
Loss of Stock Price and Shareholder Value
A company's stock is quick to dip and slow to rebound after systematic fraud is discovered. This is because shareholders don't want to invest their dollars in companies that will lose value through security lapses or internal corruption.
Wells Fargo's constant insider fraud scandals have caused its stock prices to roller coaster since 2016, with an overall dip of -9.26% through the past five years. Shareholders have also sued, claiming bank officials defrauded them.
Additionally, bank investments have yet to recover fully from their pre-financial crisis levels of 2007-2008. Investors remain wary over a decade later, with recent fraud upticks adding fuel to the risk fire. Financial institutions must prove they take fraud monitoring seriously.
Fines and Other Civil Penalties
Governments have increasingly lost patience with financial crime failures by financial institutions. As a result, AML fines reached record heights in 2020 at over $10 billion total, as financial organizations failed to prevent fraudsters from taking advantage of the pandemic.
Since the financial crisis, the total cost of fines shows why investors and consumers remain wary. Fine aggregates for financial institutions include:
- Wells Fargo: nearly $12 billion
- Bank of America: over $76 billion
- Citigroup: $19 billion
- JPMorgan: over $43 billion
Historic one-time fines include Captial One's $80 million data breach fine and Western Union's $153 million refunds to scam victims.
Financial services have a vested interest in fraud detection solutions. Between all the losses in revenue, reputation, and stock value combined with possible millions-billions in fines, it's more lucrative for companies to prevent financial fraud than to let it lapse.
Most Common Types of Financial Fraud
As we’ve expressed here, financial fraud is a burgeoning issue. As eCommerce, online banking, and mobile payments increase among consumers, fraud opportunities increase along with it.
Common Hollywood media depictions of fraudsters are interesting but rarely accurate. Fraud isn't generally perpetrated by a disheveled genius hacker typing furiously on a keyboard to crack security algorithms.
Fraud schemes can come from an innocent-looking person on social media. Or it could be an elaborate cybercriminal network deploying social engineering on a mass scale. Fraud can even be committed by insiders- employees, contractors, or partners within your organization.
Effective financial fraud prevention relies on knowing the different types of fraud in business transactions. This information will help you build a more robust adaptive fraud management system.
Payments fraud is an umbrella term for any financial loss from unauthorized payments. This includes:
- Wire fraud
- ACH fraud
- Debit and credit card fraud
- Check fraud
Payments fraud can occur whenever someone's information is stolen or unknowingly given to scammers. This fraud can involve an elaborate romance scam between two people or a mass corporate data breach using malware.
According to the SAS Institute, payroll fraud will hit $48 billion by 2023. As a result, fraud detection technology will need dynamic and adaptive systems to find new and evolving forms of payment fraud.
Wire fraud is one of the most common and lucrative methodologies. Scammers rake in billions by using malware, phishing, and other online transfer methods to gain access to a victim's finances, in many cases with their unsuspecting consent.
What is Wire Fraud?
Wire fraud uses electronic communication and/or telecommunication (telecom) to defraud the victim(s). This includes:
- Internet websites
- Social media
- Video conferencing
Email fraud also falls under wire fraud. Mail fraud only applies to the USPS and other similar physical mail carriers like FedEx.
The DoJ stipulates four elements must be present to be considered wire fraud:
- The defendant (scammer) was a voluntary and intentional part of the fraud scheme
- The scammer intended to defraud
- It was reasonably obvious interstate wire communication would be used for the fraud
- Interstate wire communication was used to commit the fraud
Interstate is an essential stipulation for holding wire fraud accountable at the federal level. Wire fraud that remains within state lines can still be considered fraud but is prosecuted according to state definitions and laws.
Ultimately, understanding the threat you face is essential for preventing wire fraud from happening.
Examples of Wire Fraud
One of the most notorious wire fraud examples is the Nigerian Prince scam. It's based on the old Spanish Prisoner scam of the 1900s.
The scammer(s) pretend they're desperate victims of some turmoil:
- War or civil unrest
- Political upheaval
- Criminal networks
- Government or bank corruption
- Unexpected family death
After building rapport and trust, the "prince" tells the victim they have wealth that's difficult to access or transfer and need the victim's assistance.
The victims are lured into sending money or even bank account information on the promise of a big payout. Although many people are now wise to this particular scam, its foundational premise continues to make money and evolve with new technology.
Mortgage wire fraud is another method rising in popularity. This fraud intercepts mortgage buying transactions, like down payments and closing costs. Scammers pose as the legitimate receiver of the funds and then re-siphon the money elsewhere.
This is typically accomplished using spoof communication and/or fake emails posing as the lenders, attorneys, or other officials related to the sale. As home market values increase, scammers can net a few thousand to six figures per stolen transaction.
Automated Clearing House (ACH) transactions are a desirable target for fraud. The total ACH transaction value was over $61.9 trillion in 2020. This fraud type has steadily increased alongside ACH's transaction value and volume rise.
What is ACH Fraud?
This fraud occurs when money is stolen through unauthorized transactions on the ACH network, such as credit payments or debit withdrawals. ACH networks are used to send funds from one financial institution directly to another.
- Mortgage payments
- Online bill payments
- Direct payroll deposits
- Insurance payments
- B2B payments
- Tax payments and refunds
- Social Security deposits
Scammers can commit ACH fraud once they have your bank credentials, including logins, checking accounts, and routing numbers.
Examples of ACH Fraud
This fraud is costly, and incidents are rising. However, the Federal Reserve reports that the ACH fraud rate is still relatively low compared to other forms of payments fraud.
ACH fraud is more difficult to pull off on a mass scale due to its inherently preventive measures through ACH network processing. But it still requires preventative measures from consumers and banks to guard against enterprising scammers who get around network protocols.
Successful ACH fraud examples include:
- ACH "check-kiting" scams
- Corporate data breaches containing consumer payment information
- Phishing emails that trick customers into giving them sensitive info
- Malware that logs keystrokes and login information
- Work-at-home or job website scams to gain bank account info
- Vendor or company spoofing to gain login and/or financial information
- Insider scams with internal credentials or account access
In most cases, ACH fraud relies on a degree of trust from the victims. Therefore, in response to rising fraud issues, NACHA implemented a new WEB Debit Account Validation Rule in March 2021. This rule requires account validation to be inherent in ACH fraud detection systems.
Credit Card and Debit Card Fraud
Card fraud losses worldwide reached over $28.5 billion in 2020. In addition, a corporate data breach can net cybercriminals millions of credit card records to sell on the dark web.
What is Card Fraud?
Debit and credit card fraud is relatively straightforward and familiar to most people. Any unauthorized use of a card to make purchases is card fraud.
With online payment systems, scammers no longer have to steal a physical copy of your card to use it. Although Card Verification Value (CVV) numbers are one layer of defense, scammers can also gain your CVV or find ways around it.
Prepaid debit card fraud is another form of card fraud. Prepaid debit cards are already risky because the funds aren't always insured.
Scammers can use prepaid information to make fraudulent purchases. They can also use your stolen credit card credentials to purchase prepaid cards loosely tied to your identity and engage in criminal activities like money laundering and drug trafficking.
Examples of Debit and Credit Card Fraud
Target currently holds the dubious distinction of having the most significant data breaches in history. Over 40 million credit and debit card records were stolen, flooding the black market for months.
The breach cost Target around $61 million (over $75 million in today's terms) in total fines, damages, and other expenses.
Along with data breaches, scammers can also use phishing and fake websites to gain your information. Malware with keystroke loggers can even steal your CVV and your payment information.
Check fraud is still an unexpectedly severe concern. Cybersecurity experts have noticed an uptick in check fraud, with an average of 1,325 checks for sale on the black market per week.
What is Check Fraud?
Check fraud is an older technique from before credit cards were standard. Nowadays, check fraud can use paper or digital checks to make unauthorized purchases with your funds. This method has many forms:
- Chemical alteration
Fraud detection in banking doesn't always catch counterfeit or forged checks. As a result, check fraud can go undetected for weeks or even months, with customers shouldering the loss.
Examples of Check Fraud
Scammers can forge your signature on checks, create fake checks in your name, or steal your checkbook and deposit it digitally in their own accounts.
There are several ways for scammers to get a hold of your check information:
- Physically stealing checkbooks from mail carriers
- Work-for-home scams that require check exchanges
- Fake lotteries and sweepstakes requiring a check to collect your "winnings"
- Payment requests from scammers pretending to be legitimate companies
Scammers can also acquire legitimate checks and use chemical alternations to steal the funds. For example, they may carefully cover up the payee information and add a new payee without it being obvious at first glance.
Employee fraud is a widespread and costly problem. It's especially damaging when employee fraud involves upper-level management and even CEOs. Current costs of employee fraud are around $50 billion per year just in the U.S. alone.
Employee fraud occurs when employees intentionally steal funds from their company and/or their company's customers. There are many methods for employees to commit fraud.
Asset misappropriation refers to the unauthorized use of company assets for personal gain. This can include stealing company finances or data. Embezzlement is a common form of asset misappropriation.
Vendor fraud occurs when a vendor(s) and/or an employee scam their company using vendor payments. This includes overcharges, duplicate payments, or even creating fake vendor services.
Employees use accounting fraud to misrepresent company assets and liabilities. Fraudulently increasing assets and decreasing liabilities can manipulate company stock prices or cover up asset misappropriation. Enron is a famous example of accounting fraud.
Employees can use payroll fraud to gain extra pay they didn't earn. This can include faking work hours, inflating their pay rate, or collecting pay advances without repayment. They can even use a "ghost payroll" to collect pay for workers who don't exist.
Corruption and Bribery
Corruption and bribery can devastate an entire company, even if it's limited to just one high-level manager. The resulting ripple effects of fines, legal costs, and tanked stock can affect everyone within the company. For example, the corruption payout for Airbus was over $3.9 billion in total.
Other Types of Fraud
Payments fraud and employee fraud are already costly problems for companies. Romance fraud, identity theft, and account takeover fraud are additional issues that require fraud detection solutions.
Romance fraud reached surprisingly record highs in 2021, with no signs of slowing down yet. Social isolation from the pandemic, the increasing popularity of dating apps, and ubiquitous electronic banking processes have created a perfect storm of romantic scam opportunities.
The FTC reports that romance fraud has cost victims $1.3 billion between 2017 and 2021. In addition, losses increased by almost 80% between 2020 and 2021 alone.
What is Romance Fraud?
Romance fraud occurs when someone deceives a victim or multiple victims with promises of a romantic relationship to gain access to their funds or financial information.
This can include:
- Dating app scams
- "Mail order" or distressed bride scams
- Catfishing (fake dating personas)
- Military soldier impersonations
- Pretending to be a tourist or international worker
This type of fraud has been around for centuries. Before the internet, savvy criminals used letters and personal ads to lure unsuspecting victims into fake relationship/marriage promises and fraudulent money loans.
Romance scammers are savvy and gain the victim's implicit trust before attempting fraud. They also prey on people who are empathetic and honest. Scammers use multiple scenarios to tug on their victim's heartstrings and convince them to send money, with promises of a payback that never comes.
Examples of Romance Fraud
Romance fraud has found new opportunities in dating apps and electronic money transfers. For example, the "Tinder Swindler" Simon Leviev stole an estimated $10 million from his victims worldwide, with only slight legal repercussions.
Scammers have also used the real identity of Army Colonel Daniel Blackmon to defraud hundreds of victims since 2014. They use his photos and likeness to create fake soldier personas. The scammers then pretend they can't access their bank accounts because they're deployed overseas and ask for emergency money from the victim.
Romance scams generally rely on wire transfers or Authorized Push Payment (APP) fraud. APP transactions are faster and usually irreversible. Unfortunately, they are also much more difficult for victims and financial organizations to recoup.
Identity theft's reported total cost was a hefty $43 billion worldwide in 2020. Additionally, 38% of identity theft victims left their financial institution after it failed to adequately resolve the fraud that occurred there.
What is Identity Theft?
Identity theft occurs when your personally identifiable information (PII) is stolen and used for fraud.
PII includes sensitive information such as:
- Full name
- Date of Birth
- Social Security Number (SSN)
- Tax information
- Driver's license numbers
- Credit/debit card numbers
- Passport information
- Financial records
- Medical records
Once scammers have enough of your PII, they can mimic your identity in several ways. They can even use your partial information to create a new fake identity, which is referred to as synthetic identity theft.
Examples of Identity Theft
Scammers can open fraudulent loans, accounts, or credit lines in your name. Unfortunately, some identity theft crimes go undetected for years, especially if scammers use financial services with spotty KYC procedures.
One of the most recent examples of identity theft is Turhan Armstrong, who was sentenced to 21 years in federal prison in 2020. Armstrong raked in $3.5 million with his identify theft schemes, primarily by using Social Security numbers stolen from minors.
Children are vulnerable to identity theft because they have no actual financial activity, and parents have little incentive to check their child's credit report continuously. Armstrong's strategy allowed him to go undetected by law enforcement for over a decade.
Account Takeover Fraud
According to the FBI's latest estimates, ATO fraud has cost businesses at least $12.5 billion worldwide. This includes over 41,000 victims in the U.S. alone.
What is Account Takeover Fraud?
Account takeover (ATO) fraud occurs when scammers use a victim's login information to gain control of their account and their finances.
ATO fraud is lucrative for criminals for several reasons:
- It's relatively easy to commit
- It's difficult to detect
- It can be fast and irreversible
- It can be automated
- It can be used to gain control over other accounts
- It's typically very lucrative for scammers
Once your credentials are comprised, scammers have a wealth of opportunities. Account takeover fraud is a form of identity theft. Many cases include spammers using PII to commit ATO fraud or conversely gaining PII through ATO fraud.
Examples of Account Takeover Fraud
ATO fraud scams are numerous, and many are easy to carry out. These include:
- Credential stuffing
- Malware keyword loggers
- Wi-Fi interception
- Fake websites
- SIM swaps
- Data breaches
In many cases, ATO fraud has a snowball effect. Scammers use the credentials stolen from one account to access other accounts.
This can occur using credential stuffing, which automates login requests across the web until it finds a match. Or they can take the data from one account and use it to change the login information on your other accounts.
3 Best Practices for Reducing Fraud
Unfortunately, fraud is an issue that won’t disappear on its own. Your organization needs to remain vigilant in the fight. This means auditing your current processes, creating a strategy for fraud detection and prevention, and investing in the necessary software to execute the fraud prevention plan.
1. Assess Risk Across the Organization and Customer Journey
Conducting a risk assessment is one of the first steps in reducing your organization’s fraud risk. A thorough assessment will help to uncover any areas of weakness that could be exploited by bad actors.
You’ll need to look at your safety measures and protocols as well as at the training you have in place. Along with updating any outdated computers and software, you should also be sure your employees have access to training on fraud prevention.
Aside from making sure your internal systems are optimized to reduce instances of fraud, you should also implement a system for identifying risk within your customer base. Before a transaction ever even occurs, the risk level associated with a particular customer should be known. Using proper customer due diligence procedures to assess an individual’s potential for committing fraud is a critical part of managing risk across the customer lifecycle.
Fraud prevention leaders must create a process that includes assessing customer behavior, monitoring account creation or login, and giving risk scores to each action in order to create a full view of the potential for fraud to occur for each and every customer. Ensure your fraud and AML efforts are working together for best results.
2. Work to Reduce the Overarching Cost of Fraud
At the end of the day, the primary aim of the fraud prevention strategy should be to minimize the total cost of fraud, not just the rate at which it occurs.
In order to build a successful fraud detection plan, organizations must understand how much fraud is costing their business.
This will help set the baseline for creating informed decisions about how much should be invested in detecting and preventing fraud, and how to best align the fraud prevention strategy to the overarching goals of the organization.
3. Invest in Fraud Detection Software
Fraud detection software is the core of any fraud management strategy. The best way to prevent fraud losses is to use a modern technology system to establish risk and trust across the customer journey.
Nowadays, there are many modern players in the space, some of which have more user-friendly interfaces than older incumbents.
However, not all of these solutions are flexible enough to codify the company's logic, which requires reliance on vendors or engineering teams for any support or updates.
Some tools offer black-box products with rules and AML models that leverage ML and AI. While ML-based systems can be useful and drive automation, they take away control from risk and compliance teams to iterate on their own rules and models.
A good fraud detection solution will be dynamic and easily customizable to suit the changing needs of your organization.
How to Keep Your Organization Safe From Fraud: Final Thoughts
While preventing fraud is a constant battle for financial organizations, it is very containable with proper measures and controls. Having the right tools and partners to help your organization fight against fraud is crucial.
Unit21 was created to put fraud detection operations directly in the hands of risk and compliance teams. The platform gives teams the control no other vendor provides — with the perfect balance of automation to effectively meet changing risk and compliance objectives at scale.
Unit21 empowers teams to detect and investigate suspicious activity on a highly visible platform in a setting where engineering traditionally is the gatekeeper of risk and compliance technology.
Use Unit21’s platform to manage risk compliance throughout the entire customer journey, from onboarding — to ongoing customer due diligence with three products that are seamlessly integrated: Onboarding Orchestration, Transaction Monitoring, and Case Management.
To learn more about how Unit21 can help your organization avoid falling victim to fraud and other financial crimes, get in touch to schedule a demo today.