In financial services, you can’t fight the bad guys until you know what weapons they’re bringing to the battle.
And how they’re mounting their attacks.
Easier said than done, where financial institutions (FIs) are grappling with the waves of bots, account compromises and synthetic IDs. The attacks target automated clearing house (ACH) and check payments — digital transactions too.
The first line of defense might lie with having a uniform framework across the industry to identify fraud and classify it — and thus figure out the best ways to deploy resources in the never-ending battle.
Two years ago, the Federal Reserve debuted its FraudClassifier model, which is geared toward addressing inconsistencies in how FIs classify fraud, with the aim of simplifying those classifications. At a high level, the model, as the Fed has stated, gives a holistic view of fraud because it helps classify fraud regardless of payment type or channel — and it can be deployed across the entire organization. In addition, there exists the benefit of creating a “common language” of fraud shared across banks.
It’s the first effort to give banks a common framework for identifying and classifying fraud — and joint research between PYMNTS and Featurespace indicates that it’s sorely needed. A full two-thirds of institutions are grappling with a rise in financial crime, both in terms of volume and transaction cost.
The Scale and the Scope
As to the scale and scope of it all, as detailed in “The State of Fraud and Financial Crime in the U.S.”: The institutions we queried said they’d endured losses of more than $100 million through the past year alone. As seen in the chart below, the FraudClassifier Model offers a series of “paths” in determining fraud typologies — and takes into account whether transactions were initiated by authorized or unauthorized parties.
And drilling down a bit, we found that authorized party fraud is tied to roughly half of fraud volumes. Within that category, as aligned with the FraudClassifier, the transactions where authorized parties were manipulated translate into roughly a quarter of those volumes and 19% of dollar amounts tied to fraudulent transactions.
As the chart below details, the “trust” scams (i.e., where fraudsters pose as family or friends or coworkers or potential romantic prospects) have accounted for about 12% of fraudulent transactions. On the other side of the equation, digital payments represent 20% of unauthorized party fraud, and specifically through misused account information — indicating that the criminals are seeing some attraction in leveraging stolen credentials.
Earlier this year in an interview with Karen Webster, Featurespace Founder David Excell said payments-as-a-service (PaaS) providers, banks and security firms must join forces to beat back the fraudsters. And collaboration between banks and between FIs and various service providers is key. How, when and where data are shared is important, said Excell. Consistency is the overarching goal and needs to be in place if enterprises want authentication and authorization to happen in real time.
“The last thing we want to do is create more silos where a decision gets made within a bank that would be a different decision that’s made with the payments-as-a-service provider,” he said.