Banking fraud costs banks billions every year—$15 billion to be exact, according to the 2016 Identity Fraud Study by research firm Javelin. The report found 13.1 million individual instances of fraud in 2015, which has become merely the cost of doing business. Banks and credit-card companies have steadily put in place new processes and technologies to minimize this threat—some with great successes, while others with struggles.
Security is always a moving bar. As new technologies are introduced, fraudsters will identify new ways to gain access to information and ultimately customers’ bank accounts. Therefore, advancements in fraud prevention need to take an equally bold approach to innovation. Whether it is through biometrics, artificial intelligence (AI) or even blockchain, banks have an opportunity to increase transparency, deepen their insights and enhance security to minimize fraudulent activity.
The past two years have marked a significant shift across card- and digital-payments technologies. The US Payments Forum found that 29 percent of US merchants have enabled EMV (Europay, MasterCard® and Visa®) chip-card technology, and almost 75 percent of consumers have at least one EMV card. However, the migration to EMV in the US drove a 113-percent increase in new account fraud, which represents 20 percent of all fraud, according to Javelin.
Banks need to think about the vulnerable entry points in their existing products and services at which they are at high risk of fraud, and focus on remediating those high-risk areas. They should look to uncover the most high-risk geographies, products and even third-party vendors in order to update processes and technologies accordingly.
For example, in the United Kingdom, EMV fraud is not as large a problem because the chip and PIN (personal identification number) model requires proximity of the EMV chip as well as a personal authentication PIN. In the United States, a cardholder can issue the payment with just the chip—no additional authentication needed. If US banks simply focused on adding an additional layer of authentication such as a password or digital fingerprint on the EMV chip, they could cut down on instances of fraud.
For mobile payments, the bar is even higher whereby biometric hardware is built into the latest mobile devices, and the open sourcing of the Secure Enclave Crypto API in iOS 9 has opened the door for new banking apps to use biometrics instead of passwords, not just to access the phone but applications.
A recent report from Aite Group showed that biometrics are advancing to the point at which after user sign-on with physical biometric authentication (your fingerprint), companies can use behavioral biometric authentication during session activity (e.g., analyze typing as a unique authenticator) and prompt for additional biometric authentication for high-risk activity. This is the rising bar for innovation and security, while many banks and credit-card companies are still transitioning their customers over to EMV.
The new buzz for banks is blockchain, and rightly so. Blockchain has the possibility to be a transformative computing architecture for financial services because of its ability to take a fragmented network and through a decentralized ledger create a single view of the same transaction. This aspect of the blockchain is referred to as distributed ledger technology (DLT). What does that mean for fraud? A lot.
To take trade finance as an example, today a supplier can bring a letter of credit to several banks in order to receive credit, but because the network is so fragmented, that same supplier can go to several banks with the same letter of credit. This is the double-spend issue. Blockchain can eliminate fraud for 100 percent of the transactions that occur on the chain by providing complete transaction to all members of the chain. This is just one instance in which fragmented and manual processes leave banks open to fraudulent activity.
Another example is when fraudulent accounts are set up, often as a front to other illicit activity such as money laundering. This could be more easily identified with blockchain, which has the potential to replace utilities for better “know your customer” (KYC) data. Additionally, blockchain could be used to increase transparency across the general ledger, minimizing the need for reconciliation and enhancing overall accounting to better identify potential fraud.
Perhaps an even greater challenge for banks is fraud intertwined with money laundering. According to the United Nations Office on Drugs and Crime, the estimated amount of money laundered globally is somewhere between $800 billion to $2 trillion. These aren’t direct losses for banks and customers, but this flow of dirty money across banks globally places banks and their customers at high risk.
To address this challenge, banks are already using data science, a branch of artificial intelligence that uses algorithms to analyze vast amounts of historical data, on spending patterns to identify R anomalous activity that could be indicative of money laundering and fraud. Many banks have been doing this type of analysis for several years now, with vast amounts of historical transaction data combined with KYC data, which has provided powerful intelligence. However, these banks have increasingly realized they need to find the right balance between customer protection and customer experience—so that the customer is always protected but never inconvenienced.
When traveling overseas, credit-card customers may remember to put a travel notice on their accounts, but they also may not. As mobile technology continues to advance, the geolocation feature provides new opportunities for banks to verify the location of an individual and employ biometric authentication to help credit-card companies minimize instances of fraud.
Recently, Stripe announced a new tool that aims to give smaller e-commerce sites the power to use advanced data-sifting similar to that of Amazon and Walmart for enhanced analysis and business intelligence related to customer data. Banks will need to be aware of these new tools coming in from fintechs and think about how they impact their security and fraud prevention.
Using technology innovation in the fight against fraud
In each of the challenges that banks are facing today, it will be a race against fraudsters to understand vulnerabilities and develop innovative technology solutions that address each challenge without adversely impacting customer experience. The key word here is innovation. Think about how sophisticated technology such as biometrics, AI and blockchain can be used as powerful weapons and review operations to decide if they are also realistic solutions for the business where it is today—in order to stay one step ahead of the fraudsters.