By John Manning, International Banker
The global banking system is coming under increasingly sophisticated fraud attacks, such that this long-running menace continues to siphon off billions of dollars from lenders every year. According to a report from the Association of Certified Fraud Examiners (ACFE), organisations are losing around 5 percent of their annual revenues to fraudulent activity. Given that banking-industry revenues amount to trillions when combined, the sheer extent of funds being seized by criminal activity cannot be underestimated.
KPMG Global’s Global Banking Fraud Survey was conducted between November 2018 and February 2019 to obtain a global perspective on how banks tackle internal and external fraud threats. It surveyed 43 retail banks, of which 13 are in the Asia-Pacific region, 5 are in the Americas, and 25 are in Europe, the Middle East and Africa. Eighteen of the banks also had more than $10 billion in revenues at the time the survey was conducted, while 31 employed at least 10,000 people globally. Perhaps the most alarming finding is just how quickly fraud incidents are draining banks’ finances. “Our survey has identified that fraud costs are increasing at a faster rate than fraud risk management spend. A radical rethink is urgently required,” David Hicks, KPMG’s global forensic leader, concluded.
Over half of the survey respondents globally experienced rising external fraud in terms of both total value and volume, with the most pronounced increases in fraud typologies globally from 2015 to 2018 coming from identity theft and account takeover, cyber-attacks, card-not-present fraud and authorised push-payments scams. What’s more, more than half of respondents recovered less than 25 percent of fraud losses, further underlining the importance of early fraud detection and prevention.
One might have assumed that advancements in technology and digital banking would help in the fight against fraud. But what’s even more evident is just how useful such technology is proving to be to criminals in their searches to commit ever more sophisticated types of fraud. The sheer volume of digital-banking transactions today means cybercriminals can use a variety of advanced techniques to scam banking customers and ultimately acquire their assets. And to compound matters even further, the digital landscape that is now home to millions of daily transactions is also well suited for such criminals to hide their fraudulent activities. Indeed, the KPMG survey found that banks in every region consider the most significant challenge in fraud risk to be cyber-attacks.
The ACFE, meanwhile, has produced an in-depth “Report to the Nations” approximately every two years starting in 1996, which studies the costs and effects of occupational fraud. The latest edition, published in 2020, found that the industry most commonly reported as a victim of fraud was banking and financial services with 364 cases, nearly double the next most vulnerable industry—government and public administration with 189 reported cases—and then manufacturing with 177 cases. Of the bank-fraud cases, moreover, corruption was the most frequent type of reported fraud and represented 40 percent of all reported cases. The study defined corruption as a scheme in which an employee misuses his or her influence in a business transaction in a way that violates his/her duty to the employer in order to gain a direct or indirect benefit (e.g., schemes involving bribery or conflicts of interest). Following corruption on the list were cash-on-hand cases (18 percent), defined as schemes in which the perpetrator misappropriates cash kept on hand at the victim organization’s premises (e.g., an employee steals cash from a company vault).
Some believe that too many lenders are failing to address the systematic origins of fraud properly, which, in turn, leads to more cases emerging that ultimately result in significant losses. Of course, banks are only too aware of the magnitude of the problem and that it is set to be a consistently growing issue rather than a diminishing one. And yet, there is considerable speculation over whether they are actually doing enough to address this persistent drain on their bottom lines. The KPMG survey did acknowledge that banks are investing in new technologies for fraud prevention. But according to Amount, a fintech company that helps financial institutions rapidly digitise their financial infrastructures, some banks are still operating the same way they did 20 years ago “in a very manual and analog environment”, which leaves even the highest-asset banks susceptible to high-level fraud attacks.
As Christian Villumsen, senior advisor at enterprise AI (artificial intelligence) company 2021.AI, acknowledged in December, many banks use traditional, namely static or rule-based, approaches to identify and flag fraudulent transactions for further manual investigation. “With traditional methods, identifying real fraudulent transactions becomes a manual task performed by the forensic units within financial institutions, which is costly and has a low success rate,” Villumsen wrote for New York-based in-memory technology company GigaSpaces. “These methods are not precise enough, and flag too many false positives to be reliable. A high number of false positives then has a negative impact on customer satisfaction, ultimately leading to customer churn.”
But while Villumsen recommends AI and machine-learning techniques as methods for banks to leverage data in order to predict and prevent future fraud instances, institutions continue to show scepticism when deciding whether to deploy such technology. “Less than 3 in 10 companies strongly agree that they’ve been able to implement and upgrade technology due to cost, limited resources, and lack of systems. Only 25 percent of institutions are using AI, and 40 percent of them struggle to find value.”
That’s not to say banks are not working hard to protect their customers and institutions from fraud. Criminals are still being caught, and stolen funds are being recovered. And banks are showing clear evidence of utilising at least some of the latest technology to combat scams. HSBC UK, for instance, reported that its use of VoiceID security prevented almost $550 million in fraud in 2019. VoiceID uses technology from conversational artificial-intelligence specialist Nuance Communications, and according to the firm’s vice president and general manager of security and biometrics, Brett Beranek, there has been a significant decline in fraud activity involving call centres. “The banks that were using voice (biometrics) managed to virtually eliminate fraud through that channel,” Beranek told US News & World Report in January.
According to a report from UK Finance, the trade association for the UK banking and financial services sector, the financial-services industry in the United Kingdom prevented £1.6 billion of unauthorised fraud losses in 2020, equivalent to £6.73 of every £10 of attempted fraud being stopped. The report also highlighted the work being done by The Banking Protocol, which was launched in 2016 as a rapid scam-response scheme, which trains branch staff to detect early warning signs of a scam being executed and make an emergency call to the police. The Protocol stopped £45.3 million of scams last year and is now being expanded to cover potential online and telephone banking scams. The Dedicated Card and Payment Crime Unit (DCPCU), which is a unique joint Metropolitan/City of London police team that’s funded by the banking industry, arrested more than 100 fraudsters during the year and prevented almost $20 million in fraud.
But all signs are pointing to conditions for fighting fraud only becoming tougher for lenders. Directives such as Open Banking will open up financial institutions to third parties that will access various customer data, which will only heighten their vulnerability to fraudulent activity if not adequately monitored and secured. And it would also seem that as the banking sector converges and collaborates with other industries, lenders must adapt their control measures to ensure they can withstand new risks. For instance, with tech companies and financial-services companies increasingly joining forces, risk-management capabilities need to be strengthened to address the rapidly evolving ways in which fraud risks can arise through new forms of digital banking. As such, banks must continue to utilise the new technologies on hand to remain ahead of their criminal adversaries—a task that is sure to be easier said than done.