Amid a rapidly evolving digital landscape, cybercrime continues to be a persistent and growing threat for financial institutions, which need to remain vigilant and proactive in safeguarding their systems and customer data.
In a recent PaymentsJournal podcast, Patti Reid, Vice President of Card Risk Solutions at Fiserv, and John Buzzard, former Lead Analyst for Fraud and Security at Javelin Strategy & Research, delved into how financial institutions can contend with fraud threats by closing vulnerabilities, detecting multichannel fraud, and mitigating consumer friction.
Technological advancements have contributed to the heightened sophistication of fraudster attacks—and fraudulent tactics have become so complex that they’re increasingly difficult to detect and prevent. Businesses must contend with phishing emails, fake websites and social media profiles, and identity theft, to name just a few.
“One of the things that we’re seeing an increase around is identity fraud,” Reid said. “Identity fraud is becoming more common for criminals because they have access to the information that we’ve traditionally used around authenticating.
“Victims are being preyed upon by criminals pretending to be the financial institutions. Additionally, data breaches have increased significantly around this and all of the traditional means of authenticating—either by being victims being scammed by criminals or the criminals going to the dark web and acquiring those means.”
Automation is also being used for nefarious purposes. Whether by sending thousands of phishing email messages at once or launching bots to detect vulnerabilities, automation is a powerful form of attack that occurs so swiftly that organizations have no time to react before damage is done.
“Criminals are very organized, but they’re also leveraging automation sometimes before legitimate financial service providers are, as is the case with things like bot attacks and scraping websites and trying to just assimilate information and put a dollar value on it,” Buzzard said. “And then they’re just obviously selling it back and forth to one another.
“The consumer is turned into this unwitting, involuntary mule of information and sometimes even money that’s moving back and forth. And it’s not their fault.”
Combatting Financial Fraud Threats
To confront fraud head-on, a one-size-fits-all solution might not work.
“You must have a layered approach—multiple solutions that address the type of fraud you’re seeing, and it’s not limited to a single channel,” Reid said. “You have to look at the holistic view of consumer behavior, and you have to connect data within real time and use that data-driven decisioning to make the best choice around authenticating and authorizing these interactions.”
Another vital component to successfully mitigating fraud is for businesses to adopt a more proactive approach to 3DS security—short for 3 Domain Server, a protocol intended to prevent fraud involving online card transactions. It not only helps develop a safer environment for businesses but also ensures the safety of their customers.
“Every single financial institution out there should be figuring out what their 3DS situation is,” Buzzard said. “Do they have someone who’s helping them understand it and manage it between the bevy and increase of e-commerce? That’s a point that’s very difficult to control if you’re watching from the sidelines rather than really actively figuring it out.”
Because many sophisticated fraudsters have cracked the code and learned to bypass security measures, financial institutions must adopt a more layered approach to combating fraud.
Fraudsters have become adept at committing unscrupulous attacks against consumers, especially with account takeovers, which involve gaining unauthorized access to a customer’s account. This is an opportunity for financial institutions to form deeper relationships with their accountholders by reaching out via alerts when any nonmonetary changes occur, such as a change in an authorized user or even marital status.
“We’re in a world where we’re already reaching out with fraud anomaly, SMS, and e-mail alerts,” Buzzard said. “What we have to do—and what we recommended in this year’s identity fraud report—is really just blow up that model and say, you know what, you’ve got to reach out and start exploring and sending account-based nonmonetary change alerts if possible.”
Balancing Consumer Friction and Fraud Prevention
In ensuring consumers don’t get caught up in the messiness involved in combating cyber fraud, partnership and communication between consumers and their financial institutions trumps any solution on the market.
Educating consumers is another effective strategy. Financial institutions must inform their customers what the current scams and phishing attempts look like and how they can protect their accounts.
“Deputize them with capabilities to let you as a financial institution know that what they see is not them (the customer). That information is invaluable in terms of any kind of models that are detecting,” Reid said.
Financial institutions should also be more proactive in letting their customers know what a normal interaction with their bank should look like, especially as fraudsters increasingly try to intercede by posing as the customer’s bank.
Reid recommends that financial institutions evaluate and determine any points of vulnerability in their fraud prevention tactics. FIs should examine their existing systems to look into fraud detection as well as the overall customer experience. Authentication factors should also be continually evaluated and changed.
The Cost of Not Fighting Fraud
As much as any organization would rather focus on generating more revenue and simply see fraud as a cost of doing business, this mindset could lead to untold damage.
By implementing the best tools and strategies to actively combat fraud, financial institutions can have more peace of mind, knowing that they can avoid fraud losses, avoid reputational damage, and enhance the consumer experience by instilling trust and confidence in their brand and organization.