By Roy Urrico
Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
Some 36% of all financial institutions experienced card fraud in 2022, a 26% increase over 2021; and U.S. lenders report 75% of all fraud losses related to consumer phishing, with other financial service sectors reporting those types of cases at 66%. Those are among the findings in SEON’s latest Global Banking Fraud Index 2023.
From the pervasive banking fraud trends of today to the specific methods, locations, and actors that get employed – as well as the overall impact that fraud has on the face of the banking sector – financial crime prevention firm SEON compiled a comprehensive index of today’s fraud pain points and solutions. The report also breaks down the cost of fraud to financial institutions around the world down and the biggest banking fraud trends affecting the banking industry over the past 12 months.
“It’s been an interesting year for the banking sector, but despite a few bumps in the road there’s clear evidence the industry is moving in the right direction,” said Tamas Kadar, CEO and co-founder of SEON. “However, to ensure this momentum can be sustained, those working within traditional banks, as well as neobanks, must be highly vigilant around the growing risks associated with fraud.”
Added Kadar, “Institutions risk monetary and reputational damage because of fraud. This is an ever-present threat, with 71% of financial institutions reporting a security breach from business email compromise last year alone.”
Separately, the report also touched on the value of the global neobank market, which reached nearly $20 billion in 2022, and is “ pulling the whole industry towards accessibility and financial inclusion.” But, neobanks are also under attack from fraudsters.
Digitization and Fraud
The index revealed as the banking world turns increasingly towards fully-digitized experiences, “Fraudsters are not wasting time hanging around the legacy brick-and-mortars with scams and hope. Rather, they have adopted digital lockpicks to crack all the new electronic locks. These locks appear when accessing, buying, and exchanging money online, and criminals are always developing new ways to go about circumventing them.”
In the past fiscal year, “Digitization also means more bad actors are finding digital ways to get included – 71% of financial institutions, for example, reported a security breach from business email compromise (BEC) last year,” the Global Banking Fraud Index specified. “This is driving a need for financial services providers to implement market-leading fraud detection software not just as a security measure and a means of complying with regulatory and legislative requirements, but also to reassure customers that their data – and their finances – are safe.”
The SEON report indicated the number of monthly fraud attacks on financial institutions earning more than $10 million in annual revenue has shown a consistent increase year-on-year. Likewise, the study highlighted that 84% of companies with revenues of $1 billion or more have had more than 100 payment accounts targeted by fraud in the past year. Despite this, only 65% of companies experienced fraud in 2023, which is the lowest rate since 2014.
In addition, the SEON index revealed threats these criminals pose to the larger payment ecosystem mean that regulators are monitoring the whole banking system with a fine-toothed digital comb, regardless of whether the financial institution in question has updated its business channels to digital. The study referred to research undertaken by LexisNexis that shows fintechs and financial institutions falling under regulatory purview often spending more on compliance than they are losing to the fraud itself. The average financial institution spends over 50% of its compliance budget on customer due diligence (CDD) checks through lookup costs and labor.
Today’s Fraud Threats
The report suggests pervasive banking fraud threats that did quantifiable damage to bottom lines can be thought of in two ways: the low-tech and the high-tech. “Successful scams often involve a mixture of the two.”
“Notably, 2023 sees the medium-tech fraud exploits that plagued fintechs in previous years becoming more approachable for fraud teams. These attacks, which execute credential stuffing or rapid transactions, are becoming easier to detect as fraud technology becomes more advanced.” The statistics suggest that companies are also finally getting around to implementing solutions, with 45% of all U.S. financial services reporting they had fully integrated digital fraud prevention solutions in 2022, up from 28% in 2020.
When it comes to low-tech fraud, the report suggested fraudsters are looking for new channels with fewer safeguards. Low-tech schemes – those that rely on con artistry, scams, and phishing techniques – are on the rise, and the resulting BEC and authorized push payment (APP) fraud can be damaging beyond simple revenue flow.
The report said:
· BEC can come in many mediums, but the result is work-related login credentials exposed and exploited. The worst-case scenarios could involve sensitive data leaks, misappropriation of funds, and snowballing phishing with high-level email addresses.
· APP fraud comprises financial institutions and money services contending with push payments made from a customer accounts. From the institution’s perspective, these are authorized since they contain the correct security details. In general, APP fraud is harder to catch, as the fraudster will have the correct username and password combination.
Meanwhile when it comes to high-tech fraud 2023, the Global Banking Fraud Index noted while some fraudsters take to the ground level to scam away their illicit money, others choose to fly over the technology. The index reported more fintechs and financial institutions doing a better job of not only implementing but also investing resources into better fraud detection software.
“SEON’s own data found that scaled fraudsters hit a ceiling when attempting to circumvent modern fraud prevention tools,” the Global Banking Fraud Index noted. “At a certain point, it is no longer cost- or time-effective for a fraudster to invest the time and energy needed to beat solutions like SEON that employ device fingerprinting and password hash scrutiny, at least at scale.”
Other Important Findings
The Global Banking Fraud Index 2023 also covered:
· Fraud-as-a-Service (FaaS). Integrated fraud “solutions” available for purchase online that include snippets of code that execute credential stuffing and other bot-driven attacks, whole executable fraud packages, end-to-end phishing ploys that spoof website portals, and internal programs that organize stolen login credentials.
· Buy now, pay later (BNPL) fraud. As of July 2022, more than two-thirds of U.S. financial institutions and credit lenders either accepted BNPL transactions or planned to within the next 18 months. Partnering banks of SEON report common methods of fraud prevention are harder to implement, as BNPLs provide less transactional data with which to assess risk. Compliance strictness may also fall short, exposing both the financial institution’s own compliance issues and damaging the ability to assess risk when the lenders loosen risk thresholds to cut down on false positives.
· The costs. In 2022, all U.S. retail services, including financial institutions, saw a 4.2% uptick in the overall cost of fraud per dollar. Fraud losses across bank payments totalled nearly $1.6 billion during that time. Every $1 of fraud costs the U.S. financial services $4.23, Canadian $3.78.
Data found in the index were sourced from Prime Time for Real Time report (ACI Worldwide), Cutting the Costs of AML Compliance (LexisNexis), Neobanks: The Bumpy Road to Profitability (Aite-Novarica), and the 2023 AFP Payments Fraud and Control Survey Report JP Morgan and the Association for Financial Professionals). Additional statistics came from The World Economic Forum, Retail Banker International, and Oxford Economics. Data was compiled by SEON, informed by its own fraud analysis.