Fraud Prevention for Neobanks: 4 Best Practices to Follow

August 5, 2022
By 

Subscribe to our Blog!

Please fill out the form below:

If you work in the rapidly growing, $67-billion-dollar neobanking industry, you’re probably no stranger to the concept of fraud.

In 2020 alone, nearly 3000 fraud-related complaints were made against two of the top neobanks. And rates of fraud in neobanking are almost double that of credit card companies—averaging a fraud rate of 0.30% versus the historical average of 0.15%.

With neobank statistics like that, one could argue the future of neobanking lies not in achieving growth but in conquering fraud.

To better understand why neobanks need to focus on fraud prevention, we’ll dive into the current state of online fraud and its effect on the neobanking industry:

Before we cover the best strategies for fighting neobank fraud, let’s discuss the reasons why neobanks need to prioritize fraud prevention.

Download ACH Fraud eBook

Neobanks Aren’t Immune to Regulatory Scrutiny

The push for neobanks to combat fraud isn’t just out of self-preservation.

 

More and more scrutiny is being paid to the compliance measures challenger banks take to ensure criminal enterprises aren’t their primary customers—and facing hefty fines when their practices fail to meet the minimum regulatory requirements.

Neobanks should, ideally, solve the financial wellness problems of an increasingly gig-based, remote economy—not become a lawless playground for financial crime. Pressure was applied to that end in early 2022 when PayPal was forced to disclose that it had 4.5 million fake accounts on its network.

This comes after they lost $6 million to fraud in 2020 alone.

Combine that with the revelation that other challenger banks in Europe are facing fines up to €4.5 million or being dropped by prominent vendors for not doing enough to prevent fraud, and the incentive to better protect against suspicious activity is definitely there.

How Fraud is Changing with Challenger Banks

The state of fraud is ever-changing, especially in the Fintech industry. Many of the prevention measures used by traditional banks are outdated - at least within the digital landscape. Fraud specialists can’t keep challenger banks safe using traditional methods and instead must prioritize measures that apply to the current digital climate.

As a starting point, here are some of the ways that fraud is changing as challenger banks continue to grow:

  • Heightened fraud attacks are the new normal with data breaches and identity theft on the rise.
  • Bad actors target challenger banks as a seemingly fast and anonymous way to commit fraud.
  • Fraudsters have repopularized check fraud, using the quick transaction processing found with challenger banks.
  • Challenger banks with high rates of fraud and false positives saw losses to their revenue, reputation, and customer base.
  • Balancing business growth with security measures is now the main priority for challenger banks.
  • Challenger banks are legally required to meet new and updated KYC and AML regulations.
  • Innovative prevention measures are needed to help meet regulations, including those that use automation.
  • Data-driven decisions are now a crucial part of fraud mitigation as a way to detect fraud and reduce false-positive rates.
  • Customized, personalized user experiences can help neobanks track fraud using the customer’s profile and transaction history.

Common Types of Fraud Affecting Neobanks

Any fraud prevention measures you implement will only work if you know what to look for.

To ensure your neobank and customers are protected, fraud prevention specialists need to be aware of the threats targeting neobanks and what they look like. Fraud is much harder to prevent if your risk and compliance team doesn’t know what types of fraud they’re trying to detect.

Below are some common types of fraud that put neobanks at risk:

Type of fraud

What it is

Identity Theft

A form of fraud that occurs when criminals use stolen information to access banking services. Virtual onboarding makes neobanks a more appealing target of fraud, as users don’t have to open accounts in person.

New Account Fraud or Account Opening Fraud

Occurs when a fraudster successfully opens a bank account with the intention of committing fraud and/or taking advantage of the FI (eg. abusing a signup bonus promotion). Neobanks are susceptible to this since accounts can be opened from any device, rather than in person.

Account Takeover (ATO) Fraud

A form of identity theft where stolen information is used to gain access to an existing bank account. Neobanks are easy targets of account takeover fraud due to the perceived anonymity of using their platforms.

Social Engineering or Authorized Push Payment (APP) scam

The act of using aggressive and deceptive actions to make someone “willingly” hand their money or financial information to a criminal. This is another instance where neobanks are targeted due to the anonymity of using these digital services. 

Phishing Scams

A form of social engineering where a fraudster pretends to be a reputable company or person to trick victims into revealing financial information. This information can then be used to access the victim’s neobanking account (ATO fraud) or open a new account with their information (new account fraud).

Chargeback Fraud

Occurs when a bad actor makes an illicit attempt to dispute a transaction and receive a refund. As digital credit providers, neobanks are likely to face these transaction risks.

Fraud Rings

An organized circle of criminals that work together to defraud people and FIs. Fraud rings might use neobanks to access and transfer funds while remaining undetected.

Romance Fraud

A form of first-party fraud where a fraudster tricks an individual into sending them money by convincing them that they’ve formed a genuine relationship. Neobanks might notice uncharacteristic withdrawals or transfers from the victim when this type of fraud is happening.

Funds Transfer Fraud (FTF) or Wire Transfer Fraud

Occurs when bad actors use malicious means (such as an emulator or social engineering) to transfer illicit funds undetected. The perceived anonymity and convenience attached to neobanks makes them an ideal target for these types of illicit transactions.

Loan application fraud

The act of applying for a financial loan using stolen or synthetic information. Fraudsters will apply for a loan with a neobank, in hopes of increasing their chances of approval, then disappear before paying it back.

5 Reasons Neobanks Struggle with Fraud Prevention

It’s no secret that neobanks have struggled with fraud prevention for as long as they’ve existed, but not everyone understands what the core challenges are. Understanding the main challenges facing neobanks is key to learning how your risk and compliance team can better protect your product.

This section will cover the main reasons why many neobanks have and continue to struggle with prevention fraud.

1. Increase in opportunities for online fraud

Digital financial institutions - like neobanks - offer criminals opportunities to test and act on new methods of fraud. This makes neobanks prime targets for fraud, and the data supports this; Fintech companies have a fraud rate double that of credit cards, and triple the amount of debit cards.

Clearly, criminals have set their sights on neobanks with no sign of slowing down. Without the right resources and tools, risk and compliance teams can find themselves unable to compete with the increase in attacks and be faced with successful fraud attempts slipping through the cracks.

2. Difficulty managing regulatory requirements

The increase in fraud in challenger banks has resulted in the implementation of many new regulatory requirements that neobanks must adhere to. Updates to KYC/KYB standards and SAR reporting guidelines are introduced regularly, which can be difficult for neobanks to track. This also makes it hard to ensure workflows are updated to reflect these changes in adequate time.

While compliance measures might seem tedious, these regulations were implemented as guidelines to improve security. Making an effort to stay on top of applicable regulations and incorporate the minimum standards as quickly as possible gives risk and compliance teams the assurance that they’ve done their best to combat fraud.

3. Cost cuts hurt risk and compliance teams

A big mistake that some neobanks have made is to prioritize their business growth over security efforts. This has resulted in more time and money spent on marketing efforts, leaving risk and compliance teams understaffed and underfunded.

Risk and compliance teams need to have a sufficient number of staff members and access to the right preventative tools and methods to properly implement fraud-prevention strategies and manage confirmed cases of fraud in due time. Failing to properly support these teams can result in many fraud attempts going undetected and unreported.

4. Desire to speed up customer onboarding

The neobanking market is incredibly competitive. As a result, neobanks have felt pressure to make their customer onboarding experience as quick and easy as possible to appease the millennial and Gen-Z markets. However, this is what has allowed many criminals to gain access to their services.

Vulnerabilities in the onboarding process have made way for increased instances of identity theft, among other types of fraud. This is due to the process not being face-to-face and offering quick access to services. Risk and compliance teams need to integrate strong security measures within the onboarding process. Otherwise, more criminals could pass themselves off as legitimate customers and remain undetected until it’s too late.

5. Loss of monetary resources due to fraud

Neobanks that want to increase their risk and compliance efforts might be unable to if fraud has already taken its toll on the company. According to a study by Juniper Research, it is predicted that merchants will lose over $206 billion between 2021 and 2025 to online payment fraud. Clearly, fraud is an urgent issue, which is why neobanks should build their fraud prevention departments and invest in risk and compliance tools from the start.

The financial loss felt by unsecured neobanks is much greater than what would be spent on risk and compliance measures early on. Neobanks that put time and money into recruiting a team of fraud prevention specialists and upgrading their preventative solutions will better protect their finances and maintain enough resources to continue fighting fraud.

How Neobanks Manage and Prevent Fraud: Best Practices to Follow

Some neobanks have learned the hard way that fraud won’t simply go away if you ignore it. Fraudsters are not slowing down, so your neobank needs to prepare itself to fight back by making the right investments and expanding your security measures.

These are some of the best practices for neobank fraud detection and prevention that risk and compliance teams should follow.

1. Invest in risk and compliance

In the early days of a new neobank, the company might believe their resources are better spent on business growth. It’s important to remember that expanding your risk and compliance team and supporting their work early on will provide your neobank with an incredible amount of value over time.

Fraud prevention isn’t just about stopping fraud from happening - it’s also about reducing the overarching cost of fraud, which can have a significant impact on your neobank. By equipping your risk and compliance team with the right fraud detection software, your neobank will be able to better prevent fraud and reduce false-positive rates, growing more revenue as a result.

2. Strengthen your KYC/KYB process

Many bad actors have targeted neobanks for fraud due to perceived weaknesses during the virtual onboarding process. As a digital service provider, your neobank has a responsibility to ensure you truly Know Your Customers (KYC) and Know Your Business (KYB) when they apply to open a bank account. By strengthening the KYC/KYB process, your risk and compliance team can be sure that more good users are accessing your services.

In order to create a more secure onboarding experience, you need to establish workflows that utilize advanced identity verification methods. There are several tools available that support this type of automation, such as ID document verification and data source integrations. Adopting these additional levels of security at the start of the user journey will help your risk and compliance team improve verification and keep accounts secure.

3. Create an automated infrastructure with data

While improving security during the onboarding process is very important, it’s also crucial for risk and compliance teams to leverage solutions that monitor for fraud at all levels of the customer experience. Specifically, your team needs to be able to properly detect and analyze potential instances of fraud within transactions.

Your neobank’s entire infrastructure should incorporate fraud detection in the most scalable way possible. Fortunately, this is where automation and advanced technology can be used to help your team make data-driven decisions. By using data rules that detect when transactions match examples of fraud, your risk and compliance team will be alerted to potential fraud attempts and can use accessible data sources to determine if fraud is actually occurring, reducing false-positive rates.

4. Commit to meeting regulatory requirements

FinCEN and other governing bodies have implemented new and ever-expanding regulations as a way of protecting customers, which includes prevention measures and SAR guidelines. While your neobank is legally required to meet the minimum standards, they also create the opportunity for your risk and compliance team to secure your neobank’s digital framework.

It’s important for your team to stay on top of newly introduced and updated regulations that apply to your neobank and assess your workflows for gaps in risk management. Your team should also regularly test your workflows to confirm you’re meeting minimum standards, and determine where adjustments can be made to better meet requirements for strengthening fraud prevention and detection within your digital framework.

Real-Life Examples of Neobank Fraud (+ The Solutions)

While implementing preventative measures is all about looking towards the future, fraud prevention specialists can look to the past to understand where some of the biggest vulnerabilities lie.

Despite their age, neobanks and other fintech companies have already been hit with plenty of fraud attempts, some of which resulted in major financial losses. To help your team determine the best ways to strengthen your fraud detection system, here are three example scenarios of neobank fraud and the steps to take to prevent them from happening to you.

1. Fake Paypal Signups for Bonuses

To boost account openings, Paypal gave a small signup bonus to those who opened new accounts. Fraudsters took this as an opportunity to make a large number of fake accounts in order to pool those small signup bonuses together and cash out a large amount from the payment provider. This resulted in multiple accounts from the same IP address and geographic location.

How to solve the problem:

With an onboarding orchestration solution, you can create a rule that looks for unusually high account openings in any city or account openings where the country associated with the IP address doesn’t match the country associated with the account. The unusual volume of openings in inconsistent locations would have triggered these rulesets and could have assisted in catching these 4.5 million fraudulent accounts.

 

 

2. Zelle for Social Engineering

Zelle had an issue with fraudsters using social engineering to trick innocent victims into sending them money. To avoid detection, these bad actors were spoofing Zelle accounts and faking ownership of emails and phone numbers.

How to solve the problem:

Create rules that look for money being sent from new devices compared to the typical devices. Let’s say we usually expect customers to use no more than 3-4 devices for transactions. It would be odd if all of a sudden a user was associated with a larger number of devices than we would expect.

 

 

3. Romance Fraud

A type of fraud in which people are duped into sending money to criminals who convince them they are in a genuine relationship. We touch on this in-depth in our romance fraud blog. Platforms such as Monzo and Revolut are no stranger to these bad actors.

How to solve the problem:

By implementing transaction monitoring, users can create a rule that looks for money moving between entities that typically don’t do transactions together. Look for entities with a spike of incoming transactions compared to the amount we expect them to get in a one-month period to identify criminals.

Download Transaction Monitoring Product Guide

Fraud Prevention for Neobanks: Final Thoughts

Now that you understand why neobank fraud happens, how fraud is evolving, and some best practices for fraud prevention, your team can start to implement strategies to effectively, efficiently, and affordably reduce fraud losses for your company. Unit21 can help scale your efforts with our risk management and transaction monitoring solutions.

Schedule a demo with us today, and we’ll be happy to chat about how we can improve your fraud detection processes. Until then, see how we helped Lili reduce fraud loss by 50% for a real-life example of our work.

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations
SUBSCRIBE

Subscribe to our Blog!

Please fill out the form below: