A Proactive Fraud Prevention Program Helps Slam the Door on Fraudsters

Global Trade Magazine Op-Ed

By Ajay Guru

Against a backdrop of rapidly shifting consumer behavior, traditional financial institutions and fintech organizations - and their customers - must recognize that their current static defenses are no match for the ever-changing modern fraudster.

Willie Sutton, the notorious bank robber who terrorized U.S. financial institutions over his forty-year career, was once famously asked why he chose banks as his target. His reply was elegant and obvious - “Because that’s where the money is.”

Today, money is rarely found in a centrally located vault, but Sutton’s statement illuminates the general approach for criminals and fraudsters - go where the money is.

Yet while fraudsters are adept at evolving their tactics to breach the modern-day equivalent of the bank vault, financial institutions and fintechs are not adapting their defenses at the same rate. These organizations believe what worked well in the past will continue to be effective, giving them a false sense of security. A recent survey showed that nearly 80% of respondents, composed of leaders of financial institutions, are confident in their ability to assess and prioritize key fraud risks, though they recognize the challenges in doing so, citing in particular “ineffective technology, a lack of cybersecurity infrastructure and insufficient resources.”

The reality these organizations face is that fraud is a constantly evolving threat, and they must acknowledge that their policies, programs and technology, even if done at great cost in the past, must continually be enhanced.


An Environment Ripe for Fraud

The biggest current challenge for companies, and in turn the biggest opportunity for fraudsters, lies with the changing relationship consumers have with financial institutions and fintech platforms. As consumers have embraced countless digital products and services – online shopping, online bill payment, credit building, personal wealth management and crypto trading apps, just to name a few - fraudsters have adapted their approaches to take advantage of these new environments and potential set of vulnerabilities.

Rather than working to compromise a financial institution’s security, a potentially costly and time-consuming endeavor, bad actors instead have a far greater incentive to simply go after the weakest line of defense - the consumer. By taking over customer accounts and replicating users’ online behavior, fraudsters are able to hide behind the online consumer growth rate that banks and fintech platforms are already expecting, with the global digital banking market forecasted to reach more than $30 billion by 2026.

This approach is incredibly easy for fraudsters to implement and scale. After all, they are using stolen credentials or stolen identities to do so. Even more discouraging is how fraudsters continue to adapt and evolve their tactics to gain crucial personal data. For example, consumers are providing far too much information on their social media accounts, often including seemingly innocuous details that are in fact answers to security questions - your mother’s maiden name or high school anyone?

Moreover, new, innovative and in some cases ingenuous attacks are being introduced every day. For instance, we are seeing a significant uptick in cases that use a consumer’s voice to breach into their account. If you’ve ever picked up a spam call and simply said hello, a fraudster now has your voice and could potentially use this to bypass voice recognition checks. If you have engaged in a conversation, they would have even far more ammunition.

And while fraudsters have adapted to the modern environment, unfortunately companies are far behind, responding too slowly and depending on defenses that may have at one time been effective but are no longer viable. For example, while in recent years a standard supervised machine learning approach alone was effective in fighting fraud, it is unfortunately no longer adequate. Fraud typologies have become increasingly complex and can no longer be accurately predicted without aggregating additional data, training for new features or in some cases trying new technologies. Organizations must continue adapting to create more cohesive and sustainable strategies.


How Financial Institutions Can Go On The Offensive

So what can financial institutions and fintechs do to not only defend against this new wave of fraud, adapt to new attack methods and even go on the offensive? While it is never possible to stop 100% of fraud the following protocols might be able to help sustain low levels of fraud:

Companies must ensure that they are continually monitoring for fraud in several ways. First, they must monitor for known fraud schemes, such as account takeovers through phishing and SMS intercepts. However, what is often ignored is monitoring for anomalies, which can serve as an indication of an unknown attack. For example, if we see a higher than usual number of challenges on an account - such as requests for token verification through texts - then we can safely assume something is amiss, or at the very least recognize the need for further investigation.

Second, companies should conduct regular automated vulnerability assessments to understand the potential ways fraudsters may exploit an organization’s initiative or offering. As several fintech platforms have introduced new incentives for customer usage, fraudsters have taken advantage by opening a significant number of fake new accounts while bypassing pre-existing defenses. An automated vulnerability assessment using fraud simulations will help identify these potential issues and thereby allow the company to implement the appropriate defensive measures before suffering financial and reputational losses.

Finally, organizations should consider implementing a “fraud technology orchestration strategy”, whereby they can strategically position customized anti-fraud technology against specific potential weaknesses across their entire organizational processes. Companies often neglect taking this complete view of their vulnerabilities, especially those in fast-moving spaces like crypto, as they predominantly focus on solutions that enable them to meet key regulatory requirements, such as utilizing Know Your Customer due diligence technologies. However, as these organizations grow, they often do not consider and protect themselves against varied levels of fraud scenarios since they may not understand all fraud typologies and the overall impact of fraud. In such cases, there is often an opportunity to create a comprehensive fraud technology orchestration strategy that not only raises awareness but allows these crypto companies to implement a more complete suite of anti-fraud technology, thereby better protecting both themselves and their customers from a wide variety of attacks.

These three elements - active monitoring, automated assessments and fraud technology orchestration - work in tandem. Along with knowledgeable and trusted experts in the field, they can be vital in providing financial organizations with advisory services and a suite of recommended solutions that can facilitate a holistic, feasible long-term strategy that leads to continued fraud prevention success. While fraud and its perpetrators can quickly adapt to any situation, the integrated implementation of monitoring, automated vulnerability assessments and technology orchestration is how fintechs and financial institutions can stay one step ahead.

Read the Op-Ed on the December 2022 Issue on Global Trade Magazine.

Ajay Guru, Partner

Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.