Top strategies for combatting financial services fraud

Fundamentally, customers need continual education about good password hygiene. In addition to requiring strong passwords and multifactor authentication, encourage them to use a password manager on financial sites. And send them regular tips on how to avoid phishing scams.

Internally, be fastidious about controls to prevent malicious access to customer data. Emphasize repeatedly that agents should never take data privacy shortcuts while trying to be helpful to customers.

Beyond that, financial services firms should employ continuous monitoring that uses machine learning to understand the behaviors of customers when they’re interacting with mobile and online banking. Layering this into your cybersecurity strategy allows for constant risk assessment so you can make real-time decisions when anomalies are detected. It also decreases the need for excessive user authentication, so customers experience less friction. One survey found the lowest incidence of fraud among financial institutions that had adopted artificial intelligence and machine learning.

Head off mobile banking fraud by strengthening authentication requirements with biometric authentication or key fobs—small, programmable devices similar to what you would use for keyless car entry—in addition to passwords or PINs. Consider using mobile app shielding to thwart attempts to reverse-engineer your app for malicious purposes.

Create a culture of integrity and transparency. Strive to keep morale high with a supportive workplace and equitable hiring and promotion processes.

Provide mandatory fraud awareness training, making sure employees and contractors know the signs and consequences of fraud.

Scrupulously use proper internal controls, such as dual controls, computer access controls, and regular audits.

Be alert to suspicious behavior, such as an employee never taking vacations, never accepting help with work, and showing up for work when others aren’t there. It’s best to have some visibility into all employees’ work practices.

Invest in technology that can alert you to potential problems through behavioral analytics and real-time transaction analysis.

Remind customers repeatedly to be suspicious of text, calls, or emails claiming to be from a financial institution that seeks their passwords or other personal information. Keep your messaging fresh so customers don’t begin to tune it out.

Require employees to go through regular social engineering detection training, as well, and check their knowledge with fake social engineering attempts. Insist that they always follow required customer identification procedures and question anything that doesn’t seem right.

If you detect a scam, alert all your staff, and update your training regularly with information about new methods that scammers are using. If customers are defrauded, get as many details as you can about the incident to help you deter future attempts.

Consider investing in technologies based on behavioral biometrics that can detect suspicious patterns like aimless mouse movements, segmented keystrokes, and hesitation—behaviors that may indicate a fraudulent actor.