What are the top fraud threats to financial institutions? How are they fighting back? New results from our Faces of Fraud Survey provides some answers—and a few surprises.
The survey, conducted by ISMG and sponsored by FICO, polled hundreds of financial institutions, primarily banks but also credit unions and payment processors. Questions were designed to gauge the scope of the fraud threat in the US, measure industry preparedness, and identify anti-fraud strategies and technologies that institutions are employing and investing in. Here’s what we saw:
Top fraud threats. Topping the list of fraud problems were payment card fraud, check fraud and phishing/vishing. Specifically, 82% of respondents experienced credit/debit card fraud in 2010, 63% check fraud, 40% phishing/vishing, 37% ACH/wire (account takeover) and 32% third-party POS skimming.
When is fraud detected? It’s telling that more than 75% first learn of fraud incidents from their customers. That means institutions are spending a lot of time cleaning up fraud problems after the fact.
Level of preparedness. Institutions feel prepared to prevent card fraud, as well as "classic" forms of fraud like check fraud and money laundering—no surprise, since most of their anti-fraud investments are going into card fraud (where losses are heavy) and money laundering (where regulations are heavy). Clearly, more needs to be done to deal with the escalation of malware attacks which target transactions that in the past had lower fraud risk.
Cross-channel fraud. When asked what percent cross-channel fraud is of total fraud incidents, 39% of respondents claim under 10%, and 16% don't know. Perhaps because of this, only 26% have a team assigned to detect cross-channel fraud. One reason cross-channel fraud hasn’t become top-of-mind is that most institutions categorize fraud and assign it to a bucket, rather than track the modus operandi of the crime. We need a fraud management paradigm shift from managing fraud by payment channel to managing fraud at the customer level, in order to identify frauds targeting one channel for compromise and perpetrating the fraud on another.
Lack of resources. Not surprisingly, a large number of respondents are challenged with inadequate tools and resources to manage fraud. 66% have between 1-5 people assigned to fraud prevention, and 44% don’t plan to make changes to budget or personnel.
Areas of investment. Our survey showed that investments and advanced tools are heavily weighted on the card fraud side, where banks are seeing clear ROI and can more easily outsource fraud management to third parties. The problem, of course, is that other channels are suffering from manual processes and low-tech fraud detection systems based on rules, ratios and past fraud situations. Here's a good example of why that's a problem. I recall a fraud manager at a mid-size bank who instituted a policy to manually review all ATM deposits over $1,000 to deal with their empty envelope problem. Almost immediately, the dollar amount of their ATM deposit frauds shifted to around $990. Obviously, better solutions are needed to identify the criminal behavior, rather than pushing criminals around thresholds.
Increased focus on ACH/wire fraud. The latest fraud soft spot appears to be ACH/wire fraud, where we've seen increased activity by criminals. What makes this so dangerous is that loss from one ACH transaction is much higher than from several card frauds. Most financial institutions are responding to the threat, including by increasing customer awareness. 53% have increased internal monitoring; however this is likely a resource vacuum due to the volume of activity and the time spent reviewing it. Interestingly, 20% of respondents say they haven’t been impacted by ACH fraud.
The true high cost of fraud. In addition to direct fraud losses, 45% of institutions also suffer from loss of productivity, 37% from loss of customer confidence and 18% from attrition. Loss of productivity, as institutions fix vulnerabilities and deal with impacted customers, puts additional strain on many at a time when resources are already scarce. We’ve also seen churn levels of 1 out of 5 customers impacted by fraud, reinforcing why banks should make customer retention a focus of their post-fraud process. Of course, managing customer perception is especially tricky with the increase of phishing events, where customers may think their institution has been breached even though that's not the case.
I encourage you to check out the full survey results, and as always, post questions/comments here on the blog.