Many fraudsters take advantage of consumers as their victims, tricking individuals themselves. While this sometimes comes at the expense of the businesses, the fraudster is targeting an individual. Since fraudsters aren’t trying to deceive the financial institution (FI) or business itself, there are often signals that organizations can detect - that the victims themselves can’t.
But what do risk teams do when fraudsters trick the FIs directly? What do they look for? When it comes to funds transfer fraud, criminals are intentionally tricking the financial institution itself, sending fraudulent instructions or hacking a transfer in progress.
Below, we explore exactly what funds transfer is and how to detect and prevent it.
Funds transfer fraud is a form of payment fraud where a criminal initiates or redirects a money transfer from another user, so the fraudster receives the funds. The fraudster provides illegitimate instructions to a financial institution, posing as another individual or intercepting funds mid-transfer.
The real account holder is not involved with - or aware of - the request. The request can be initiated by the fraudster, or funds can be redirected during transfer, via hacking, social engineering, or other means.
These scammers often pose as legal representatives, bank executives, suppliers, or business partners to add credibility and authority to their requests, increasing the likelihood they succeed.
At a high level, fund transfer fraud involves a false request to send money (or redirect a pending transfer), a request the actual account holder is unaware of.
For this to work, fraudsters typically need to use a combination of identity theft and social engineering. They need to be able to both pose as another individual and will need to know private details about the user they are pretending to be, which is often garnered through phishing and other social engineering methods.
At a basic level, this is how funds transfer fraud works:
Ultimately, the FI that facilitates the transfer is liable for the funds to the customer, as the request was not conducted by the legitimate account holder. This can lead to substantial losses for organizations that are constantly falling victim to this type of fraud.
Since funds transfer fraud is such a specific type of fraud, there are limited ways of combating it. It’s important to consider how this type of fraud is conducted: what loopholes do these fraudsters exploit? At what point in the customer journey do they intercept or engage in fraud?
By understanding how fraudsters perform this fraud, teams can develop specific strategies to combat it. Let’s take a look at the most effective strategies:
Verifying customers are who they say they are is often the first step in fighting fraud. If possible, it’s best to keep bad actors off your platform altogether.
Use customer onboarding tools that adhere to all KYC requirements, performing adequate Customer Due Diligence checks and Enhanced Due Diligence (when needed). Ensuring that all users on your platform are legitimate users and that they are who they say they are is integral to preventing fraud from occurring.
Unfortunately, for funds transfer fraud, this isn’t the only solution. Fraudsters can still find loopholes to get around this, so you’ll want to use some of the other solutions below as well.
While it’s always good to control who has access to your platform, the next step is controlling purchases. User authentication tools allow you to verify the person requesting the transfer is the actual account holder.
With proper user authentication checks, fraudsters will struggle to submit illegitimate funds transfer requests to financial institutions, as they won’t be able to authorize the transfer. Beyond this, organizations can use this to check whether a purchase was authenticated; and potentially integrate more validation checks for cases where a user has not authenticated their identity.
Leverage multi-factor authentication, biometric verification, facial recognition, and other user authentication tools to ensure the payer is the account holder.
Again, there will still be criminals that can get around this. By nature, fund transfer fraud involves sending illegitimate instructions to the FI, and these types of fraudsters are skilled at deception. Since funds are sometimes hacked after the transfer has been initiated, authentication is not always foolproof for stopping funds transfer fraud.
Despite your best efforts at verifying users when they are onboarding and authenticating them at the time of purchase, some criminals will still find a way. It’s true that after these steps, the fraud has started; but it can still be detected and stopped.
The next place to look is at the transaction itself - and any user activity related to that transaction. This will definitely include analyzing the transaction, but other user activity as well - such as logins, account changes, and transaction modifications.
Transaction monitoring - or even better, event or activity monitoring - is one of the best ways to detect funds transfer fraud. By monitoring user behavior, teams can identify suspicious activity after, during, and even before it occurs. Teams can set up automated alerts that warn them when suspicious activity is occurring - giving teams the chance to stop it in its tracks.
With a system designed to look for suspicious patterns, risk teams can flag funds transfer fraud in the process. For example, teams can create a rule that looks for cases where (1) a transfer is initiated, (2) the user logs in from a different IP address, device, or geolocation, and (3) the user redirects the transfer. Any time the system detects this series of actions, it can pause the transaction and escalate the case for further investigation.
Many of these criminals get around ID verification and user authentication by hacking into an existing user’s account, sometimes even intercepting (and redirecting) a transfer in progress. To do this, fraudsters typically perform account takeover fraud, gaining access to other users' accounts and transactions.
Having strong protections against account takeover (ATO) fraud is essential to keep users' accounts and transactions safe from bad actors.
Funds transfer fraud is a very specific - and rather advanced - form of fraud, making it challenging to detect and prevent. Fortunately, because it’s so specific, it’s often carried out in much the same way. This gives risk management teams a leg up, as they have a more precise understanding of exactly what to look for.
With a clear understanding of what funds transfer fraud is, and how it’s carried out, teams can develop very specific rules that accurately detect this type of fraud - giving teams the power to prevent it in its tracks.
Schedule a demo today to learn how Unit21 can help you mitigate losses from funds transfer fraud - and provide comprehensive fraud protection.