Fraud is on the rise, and it’s getting harder to fight.
Last year, 59% of financial institutions said they saw rising fraud. Smaller institutions got hit even harder—71% reported increases in fraud. And most (58%) believe fraudsters are becoming more sophisticated. That means financial institutions have to fight harder and smarter than ever.
In our last blog, we talked about three common types of financial services fraud: identity theft and account takeover, social engineering attacks, and insider threats. This week, we’ll discuss how to defend yourself against those threats.
Identity theft is on the rise
of financial institutions say fraudsters are becoming more sophisticated
identity fraud costs totaled $52 Billion in 2021
increase in fraud costs from pre-pandemic levels
Fraud Strategy #1: Head off identity theft and account takeover
Close to 42 million U.S consumers were victims of identity fraud in 2021, at a cost of $52 billion in losses. Preventing that from happening to your customers requires equal parts customer education and internal monitoring.
- Fundamentally, customers need continual education about good password hygiene. In addition to requiring strong passwords and multifactor authentication, encourage them to use a password manager on financial sites. And send them regular tips on how to avoid phishing scams.
- Internally, be fastidious about controls to prevent malicious access to customer data. Emphasize repeatedly that agents should never take data privacy shortcuts while trying to be helpful to customers.
- Beyond that, financial services firms should employ continuous monitoring that uses machine learning to understand the behaviors of customers when they’re interacting with mobile and online banking. Layering this into your cybersecurity strategy allows for constant risk assessment so you can make real-time decisions when anomalies are detected. It also decreases the need for excessive user authentication, so customers experience less friction. One survey found the lowest incidence of fraud among financial institutions that had adopted artificial intelligence and machine learning.
- Head off mobile banking fraud by strengthening authentication requirements with biometric authentication or key fobs—small, programmable devices similar to what you would use for keyless car entry—in addition to passwords or PINs. Consider using mobile app shielding to thwart attempts to reverse-engineer your app for malicious purposes.
Fraud Strategy #2: Guard against insider fraud and accidental internal threats
Insider threat incidents increased 44% over the past two years, with 26% of those considered intentional, malicious attacks.
Working in the financial industry inevitably creates temptation for some employees, but taking these steps can help reduce the risk of insider fraud:
- Create a culture of integrity and transparency. Strive to keep morale high with a supportive workplace and equitable hiring and promotion processes.
- Provide mandatory fraud awareness training, making sure employees and contractors know the signs and consequences of fraud.
- Scrupulously use proper internal controls, such as dual controls, computer access controls, and regular audits.
- Be alert to suspicious behavior, such as an employee never taking vacations, never accepting help with work, and showing up for work when others aren’t there. It’s best to have some visibility into all employees’ work practices.
- Invest in technology that can alert you to potential problems through behavioral analytics and real-time transaction analysis.
Most internal threats are not malicious but a result of careless behavior. No matter the cause, fraud is costly. Guard against these threats with robust, ongoing security training and testing.
Fraud Strategy #3: Stay on top of social engineering attacks
Social engineering, which includes methods like phishing and vishing, is the leading cyberattack method. Education is critical, for your customers and your staff.
- Remind customers repeatedly to be suspicious of text, calls, or emails claiming to be from a financial institution that seeks their passwords or other personal information. Keep your messaging fresh so customers don’t begin to tune it out.
- Require employees to go through regular social engineering detection training, as well, and check their knowledge with fake social engineering attempts. Insist that they always follow required customer identification procedures and question anything that doesn’t seem right.
- If you detect a scam, alert all your staff, and update your training regularly with information about new methods that scammers are using. If customers are defrauded, get as many details as you can about the incident to help you deter future attempts.
- Consider investing in technologies based on behavioral biometrics that can detect suspicious patterns like aimless mouse movements, segmented keystrokes, and hesitation—behaviors that may indicate a fraudulent actor.
Ubiquity is your partner for fraud prevention
A business outsourcing expert can be one of your most powerful sources of customer protection. At Ubiquity, we help financial service teams stay resilient.
We analyze customer interactions and feed the learnings not just into CX training, but also into security best practices. This helps us build a detailed, up-to-the-minute picture of what nonthreatening customer behavior looks like and makes the threat indicators far easier to identify.
We also keep open lines of communication with our partners, so we can constantly alert each other to threats and emerging trends. If you need expert, dedicated teams to deliver excellent CX while helping protect you from fraud and compliance risks, please reach out. For information on how to handle rising tax refund fraud and dispute volume, tune in to our webinar on demand.