Article

Fraud prevention in banks

Overview

This article looks at the practices and technologies used to prevent and combat bank fraud, including data encryption, transaction monitoring and verification, and positive pay techniques. It also examines the most common fraud risks facing banks and emerging anti-fraud technologies, such as predictive AI/ML solutions able to spot potential fraud before it happens.

What is bank fraud prevention?

Fraud prevention in banking involves implementing a strategic web of policies, practices, and technologies that mitigate the threats fraudulent transactions pose to banks and their clients—individuals and institutions alike. Banks and other major financial institutions handle massive sums of money daily, making them immensely attractive targets.

Although virtually all banks have private insurance to address fraud-related losses, as detailed in the Federal Reserve's Regulation E, this requirement only extends to consumer accounts. Something like a Carbanak malware infection—most famously responsible for $1 billion in theft from Russian banks throughout 2014 and still considered active in late 2021—could affect a small business's bank holdings, and the institution wouldn't be legally responsible. 

Bank fraud detection and prevention procedures are thus essential to ensure customer satisfaction. Establishing and maintaining effective frameworks for combating banking fraud helps protect not only the financial well-being of these organizations, but also their reputations as safe and reliable institutions.
 

Which technologies and methods support fraud prevention strategies in banks?

Numerous factors shape the creation of a bank's fraud prevention strategy. For example, a regional bank or credit union with locations in a handful of U.S. states won't need the same plan as an institution spanning multiple countries or continents.

That said, certain tools, technologies, and practices are almost universal in most banks' efforts to detect and prevent fraud. The most common include:

Data encryption

In theory, a banking customer's transaction data or personal information—both of which are valuable to fraudsters—can be captured by these malicious actors whether it's on the move or static. Encryption is capable of protecting sensitive financial data in transit as well as data at rest, making it a fraud prevention and security standard in a world where mobile and online banking are both common.

End-to-end encryption methods are used to protect everything from credit card and debit card expiration dates to checking account balances and bankers' Social Security numbers. Common encryptions among banks include Rivest-Shamir-Adleman (RSA) and digital signature algorithm (DSA). Despite dating back to 1979 and 1993, respectively, both have been updated to keep up with the times, though DSA may be the most up-to-date due to its Secure Shell 2 (SSH2) compatibility. DSA is also a U.S. government encryption standard.

Elliptic curve cryptography (ECC) has also emerged as an encryption—and, by extension, fraud protection—tool for banking institutions in recent years. ECC's small, symmetric key sizes mean less processing power is needed to encrypt and decrypt data transmissions. This makes it ideal for efficient transactions conducted via text message or smartphone apps, both of which help banks improve their customer experience.

Transaction monitoring and verification

As reliable as encryption is, it can't serve as the only tool for bank cybersecurity and fraud prevention. Therefore, it's essential for encrypted transactions—and other important data transmissions—to be monitored and verified in a variety of ways. Common examples include:

  • Multi-factor authentication. Two-step verification is this process's most common form. Users enter login credentials in one channel—like a mobile banking app—then receive a one-time passcode elsewhere—usually email or text—and confirm their identity using the passcode in the initial channel. Theoretically, this can have three or more steps; it all depends on how secure the transaction is and how much complexity users are willing to put up with regularly.
  • Device fingerprinting. Some banks verify that registered users are logging in to make legitimate transactions by collecting data on the device, browser, app, IP address, and other info associated with typical logins. Deviations from the norm are flagged and alerts sent to the user requesting verification of the login attempt. 
  • Location analysis. This technique can help mitigate card fraud by monitoring transactions based not only on the locations where they occur but also the distances and times between them. 

Positive pay

This technique is a relatively simple but essential method banks use to detect and prevent check fraud among business customers. Positive pay involves cross-referencing the check number, monetary amount, and account number of every check paid out by a company with details of previously issued checks. 

Upon detection of any discrepancies or signs of suspicious activity, the bank alerts the company and typically puts a hold on any dubious checks until the business verifies or denies their validity. The method not only helps companies identify fraudulent activity involving checks made to look like their own, but also insulates the bank from liability.

AI/ML

Given the massive amounts of data involved in banking transactions, artificial intelligence (AI) and machine learning (ML) are critical for anti-fraud teams. 

Positive pay is one of several fraud prevention practices that can be automated using AI/ML algorithms. In fact, it's on the simpler end of the spectrum of such techniques. Much more crucial are the complex algorithms used to detect credit card fraud and the intricate deep learning systems that detect high-level document forgery using natural language processing (NLP).
 

What are the biggest fraud risks banks face?

It's critical not only to look at the actual dangers banks and their customers face from fraudsters, but also the regulations that can be violated by failing to protect customers. We'll start with the former.

Major fraud hazards

First, consider the risks to customers:

  • Credit and debit card fraud. In 2021, U.S. consumers reported nearly 400,000 cases of card fraud. It's one of the easier types of fraud to mitigate when banks and card issuers have detection mechanisms in place—e.g., a customer receives a suspicious transaction alert, flags it, gets the card canceled and has new plastic in a few days. But this isn't always a default service. When customers must opt into it, there's no guarantee they will, which reduces the service's effectiveness.
  • Identity theft. Per the Federal Trade Commission (FTC), identity theft via imposter scam was the most common type of fraud Americans experienced in 2021. Advanced techniques like synthetic identity theft and account takeover mean this threat is only becoming more serious. Banks aren't responsible for customer mistakes that lead to identity theft but must rectify fraud losses resulting from breaches of their internal security.

Then there are hazards that endanger customers and pose institutional threats to banks:

  • A spear phishing attack can start with one bank employee—"whale phishing" if it's someone at the C level—and quickly spread through an institution. Such social-engineering hacks are by far the most common cyberattack vector, and they can be the foundation of massive fraud campaigns.
  • Distributed denial of service (DDoS) and other sophisticated ransomware or malware attacks may also serve as smoke screens for—or the instruments of—fraudulent transactions that harm multiple customers and damage banks' internal systems.

Dangers of noncompliance

Banks don't just endanger their customers and their reputation when they fail to safeguard sensitive data from fraudsters and similar malicious actors. They jeopardize their ability to do business. 

Laws ranging from Regulation E and the Gramm-Leach-Bliley Act (GLBA) to the General Data Protection Regulation (GDPR) put the onus on banks to implement comprehensive fraud prevention strategies. Failing to do so could lead to massive fines—$100,000 per GLBA violation, for example—or criminal liability in the case of Regulation E.
 

Embrace emerging technologies to spearhead anti-fraud efforts

Advanced AI/ML and deep learning systems are critical for the prevention and mitigation of fraud attacks on banks and financial institutions. Their predictive capabilities; ability to spot intricate, anomalous patterns within massive data sets; and prescriptive recommendations allow banks to learn from past fraud to combat future risks.

Denmark-based Danske Bank learned this while working with Teradata to implement these tools to improve fraud countermeasures. AI helped the Nordic-area institution reduce false positives by 60%, while deep learning improved its ability to detect real fraud by learning from real-time location and ATM transaction data. This helped to better protect customers across traditional and mobile banking channels.

The advanced analytics capabilities and data integration features of Teradata VantageCloud allow banks to learn from a wealth of existing data, from customer touchpoints to call center logs. Coupled with built-in, first-party data graphing from Celebrus, institutions using VantageCloud can identify likely fraud risks well before worst-case scenarios emerge.

Connect with us today to learn more about VantageCloud. For more details on Teradata's strengths in the fraud prevention arena, check out a case study on our collaboration with a top-five global bank.
 

Tags