Online fund transfer fraud is used by criminals to move money in near real-time, knowing the victim will be unable to block the transfer in-time.
Banks don’t have the ability nor resources to look over several transactions in order to figure out which are fraudulent and which ones are real. If the fraudulent transfer is approved, criminals can immediately access the money, and there is rarely anything that banks or customers can do to get the money back.
5 Online Transfer Fraud Schemes and How to Prevent Them
1. Authorized Push Payment Fraud
Authorized Push Payment (APP) fraud is when someone is tricked into transferring funds into a criminal account. APP fraud depends on the trust between the customer and the person the criminal is impersonating. The criminal could, for example, fake being a bank representative and could urge them to transfer their money into a criminal account.
Rules-based statistical AML models help financial institutions recognize anomalous behavior in order to block potentially fraudulent transfers in time.
2. Account Takeover Fraud
Account takeover (ATO) fraud is when a criminal uses stolen identification, such as email or phone numbers, to get access to someone else’s bank account. Criminals can also purchase stolen personal information off of the internet. Once a criminal has access to the account, they can transfer the funds out of the hacked account into their own. As of 2018, over $4 billion have been lost to ATO incidents.
By analyzing the customer’s normal bank activity, it makes it easier to identify and flag suspicious activity such as account changes or money transfers to unknown accounts. Risk and compliance tools can also increase the accuracy of ATO fraud detection, allowing you to keep user accounts secure.
3. CEO Fraud
CEO fraud is when a criminal somehow communicates, either through email, text, or phone, with an employee, impersonating their institution’s CEO or another executive with a request. This results in the employee trying to fulfill the request and in doing so, getting tricked by a criminal into committing fraud.
Rules-based systems can also help create an understanding of what is normal behavior for CEOs and employees, making it so if suspicious activity is detected, alerts will be triggered.
4. Payroll Scheme Fraud
Payroll fraud can happen in various different ways, including inside payroll scheme fraud, where an employee inflates their work hours to get paid more or redirects payments from a recently fired employee into their own account. There is also “ghost” payroll scheme fraud, where people who don’t actually work at the company still get paid, which happens if a company purposefully misclassifies full-time employees as independent contractors so as to avoid payroll taxes.
In order to stop this type of fraud, the institution can implement a rules-based system to detect if an employee is transferring abnormally large amounts of money, and doing so in a suspicious way, or by building normal behavior profiles that can detect suspicious activity using machine learning.
Phishing is when a criminal attempts to trick a person into giving away personal information through emails, calls, or by impersonating websites or businesses. They will often urge people to give away this information through urgent language.
Phishing attacks can target almost anyone and so by having a system that understands the behavior of these criminals, you will be able to identify them more easily. Also, similar to the other forms of transfer fraud, a rules-based system can help detect if a criminal is engaging with high-risk individuals or businesses, or is making more transfers than the allowed amount. To best protect against fraud, it's important to be aware of the emerging challenges you face.
Even online, you'll want to watch for more traditional methods of fraud as well, such as money muling and first-party fraud. Criminals will still attempt these types of fraud, just in different ways for Fintechs like neobanks and crypto exchanges.
If you are interested in learning more about how Unit21 can help protect your company from online transfer fraud, schedule a meeting today.